[ { "path": ".docker/Dockerfile-alpine", "content": "FROM alpine:3.20.0\n\n# Because this image supports SQLite, we create /home/ory and /home/ory/sqlite which is owned by the ory user\n# and declare /home/ory/sqlite a volume.\n#\n# To get SQLite and Docker Volumes working with this image, mount the volume where SQLite should be written to at:\n#\n# /home/ory/sqlite/some-file.\n\nRUN addgroup -S ory; \\\n adduser -S ory -G ory -D -u 10000 -h /home/ory -s /bin/nologin; \\\n chown -R ory:ory /home/ory\nRUN apk --update upgrade && apk --no-cache --update-cache --upgrade --latest add ca-certificates\n\nWORKDIR /home/ory\n\nCOPY kratos /usr/bin/kratos\n\n# By creating the sqlite folder as the ory user, the mounted volume will be owned by ory:ory, which\n# is required for read/write of SQLite.\nRUN mkdir -p /var/lib/sqlite\nRUN chown ory:ory /var/lib/sqlite\nVOLUME /var/lib/sqlite\n\n# Exposing the ory home directory to simplify passing in Kratos configuration (e.g. if the file $HOME/.kratos.yaml\n# exists, it will be automatically used as the configuration file).\nVOLUME /home/ory\n\n# Declare the standard ports used by Kratos (4433 for public service endpoint, 4434 for admin service endpoint)\nEXPOSE 4433 4434\n\nUSER 10000\n\nENTRYPOINT [\"kratos\"]\nCMD [\"serve\"]\n" }, { "path": ".docker/Dockerfile-build", "content": "FROM golang:1.26-trixie AS builder\n\nRUN apt-get update && apt-get upgrade -y &&\\\n mkdir -p /var/lib/sqlite\n\nWORKDIR /go/src/github.com/ory/kratos\n\nCOPY oryx/go.mod oryx/go.mod\nCOPY oryx/go.sum oryx/go.sum\n \n\nCOPY go.mod go.mod\nCOPY go.sum go.sum\nCOPY pkg/client-go/go.* pkg/client-go/\n\nENV CGO_ENABLED 1\nENV CGO_CPPFLAGS -DSQLITE_DEFAULT_FILE_PERMISSIONS=0600\n\nRUN go mod download\n\nCOPY . .\n\nARG VERSION\nARG COMMIT\nARG BUILD_DATE\n\nRUN --mount=type=cache,target=/root/.cache/go-build go build -tags sqlite \\\n -ldflags=\"-X 'github.com/ory/kratos/driver/config.Version=${VERSION}' -X 'github.com/ory/kratos/driver/config.Date=${BUILD_DATE}' -X 'github.com/ory/kratos/driver/config.Commit=${COMMIT}'\" \\\n -o /usr/bin/kratos\n\n#########################\nFROM gcr.io/distroless/base-nossl-debian12:nonroot AS runner\n\nCOPY --from=builder --chown=nonroot:nonroot /var/lib/sqlite /var/lib/sqlite\nCOPY --from=builder --chown=nonroot:nonroot /usr/bin/kratos /usr/bin/kratos\n\nVOLUME /var/lib/sqlite\n\n# Declare the standard ports used by Kratos (4433 for public service endpoint, 4434 for admin service endpoint)\nEXPOSE 4433 4434\n\nENTRYPOINT [\"kratos\"]\nCMD [\"serve\"]\n" }, { "path": ".docker/Dockerfile-debug", "content": "FROM golang:1.26-trixie\nENV CGO_ENABLED 1\n\nRUN apt-get update && apt-get install -y --no-install-recommends inotify-tools psmisc\nRUN go install github.com/go-delve/delve/cmd/dlv@latest\n\nCOPY script/debug-entrypoint.sh /entrypoint.sh\n\nVOLUME /dockerdev\n\nWORKDIR /dockerdev\n\nENV DELVE_PORT 40000\nENV SERVICE_NAME service\n\nEXPOSE 8000 $DELVE_PORT\n\nENTRYPOINT [\"/entrypoint.sh\"]\n" }, { "path": ".docker/Dockerfile-distroless-static", "content": "FROM gcr.io/distroless/static-debian12:nonroot\n\nCOPY kratos /usr/bin/kratos\nEXPOSE 4433 4434\n\nENTRYPOINT [\"kratos\"]\nCMD [\"serve\"]\n" }, { "path": ".docker/docker-compose.template.dbg", "content": "version: '3.7'\n\nservices:\n ${SERVICE_NAME}:\n build:\n dockerfile: ./.docker/Dockerfile-debug\n ports:\n - ${REMOTE_DEBUGGING_PORT}:40000\n security_opt:\n - apparmor=unconfined\n cap_add:\n - SYS_PTRACE\n volumes:\n - type: bind\n source: ${SERVICE_ROOT}\n target: /dockerdev\n read_only: false\n" }, { "path": ".dockerignore", "content": "docs\n.releaser\n.github\n.circleci\ntmp\nscripts\n.idea\n.git/\ndatabase.yaml\ncontrib/quickstart\nnode_modules/\n./quickstart.yml\n./quickstart-*.yml\n.bin/\ntest/\npgked.go\n" }, { "path": ".editorconfig", "content": "[*]\ncharset = utf-8\nend_of_line = lf\nindent_size = 2\nindent_style = space\ninsert_final_newline = true\ntrim_trailing_whitespace = true\n\n[*.go]\nindent_size = 4\nindent_style = tab\n" }, { "path": ".github/CODEOWNERS", "content": "* @aeneasr @ory/product-development\n" }, { "path": ".github/FUNDING.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/FUNDING.yml\n\n# These are supported funding model platforms\n\n# github:\npatreon: _ory\nopen_collective: ory\n" }, { "path": ".github/ISSUE_TEMPLATE/BUG-REPORT.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/BUG-REPORT.yml\n\ndescription: \"Create a bug report\"\nlabels:\n - bug\nname: \"Bug Report\"\nbody:\n - attributes:\n value: \"Thank you for taking the time to fill out this bug report!\\n\"\n type: markdown\n - attributes:\n label: \"Preflight checklist\"\n options:\n - label:\n \"I could not find a solution in the existing issues, docs, nor\n discussions.\"\n required: true\n - label:\n \"I agree to follow this project's [Code of\n Conduct](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md).\"\n required: true\n - label:\n \"I have read and am following this repository's [Contribution\n Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md).\"\n required: true\n - label:\n \"I have joined the [Ory Community Slack](https://slack.ory.com).\"\n - label:\n \"I am signed up to the [Ory Security Patch\n Newsletter](https://www.ory.com/l/sign-up-newsletter).\"\n id: checklist\n type: checkboxes\n - attributes:\n description:\n \"Enter the slug or API URL of the affected Ory Network project. Leave\n empty when you are self-hosting.\"\n label: \"Ory Network Project\"\n placeholder: \"https://.projects.oryapis.com\"\n id: ory-network-project\n type: input\n - attributes:\n description: \"A clear and concise description of what the bug is.\"\n label: \"Describe the bug\"\n placeholder: \"Tell us what you see!\"\n id: describe-bug\n type: textarea\n validations:\n required: true\n - attributes:\n description: |\n Clear, formatted, and easy to follow steps to reproduce the behavior:\n placeholder: |\n Steps to reproduce the behavior:\n\n 1. Run `docker run ....`\n 2. Make API Request to with `curl ...`\n 3. Request fails with response: `{\"some\": \"error\"}`\n label: \"Reproducing the bug\"\n id: reproduce-bug\n type: textarea\n validations:\n required: true\n - attributes:\n description:\n \"Please copy and paste any relevant log output. This will be\n automatically formatted into code, so no need for backticks. Please\n redact any sensitive information\"\n label: \"Relevant log output\"\n render: shell\n placeholder: |\n log=error ....\n id: logs\n type: textarea\n - attributes:\n description:\n \"Please copy and paste any relevant configuration. This will be\n automatically formatted into code, so no need for backticks. Please\n redact any sensitive information!\"\n label: \"Relevant configuration\"\n render: yml\n placeholder: |\n server:\n admin:\n port: 1234\n id: config\n type: textarea\n - attributes:\n description: \"What version of our software are you running?\"\n label: Version\n id: version\n type: input\n validations:\n required: true\n - attributes:\n label: \"On which operating system are you observing this issue?\"\n options:\n - Ory Network\n - macOS\n - Linux\n - Windows\n - FreeBSD\n - Other\n id: operating-system\n type: dropdown\n - attributes:\n label: \"In which environment are you deploying?\"\n options:\n - Ory Network\n - Docker\n - \"Docker Compose\"\n - \"Kubernetes with Helm\"\n - Kubernetes\n - Binary\n - Other\n id: deployment\n type: dropdown\n - attributes:\n description: \"Add any other context about the problem here.\"\n label: Additional Context\n id: additional\n type: textarea\n" }, { "path": ".github/ISSUE_TEMPLATE/DESIGN-DOC.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml\n\ndescription:\n \"A design document is needed for non-trivial changes to the code base.\"\nlabels:\n - rfc\nname: \"Design Document\"\nbody:\n - attributes:\n value: |\n Thank you for writing this design document. \n\n One of the key elements of Ory's software engineering culture is the use of defining software designs through design docs. These are relatively informal documents that the primary author or authors of a software system or application create before they embark on the coding project. The design doc documents the high level implementation strategy and key design decisions with emphasis on the trade-offs that were considered during those decisions.\n\n Ory is leaning heavily on [Google's design docs process](https://www.industrialempathy.com/posts/design-docs-at-google/)\n and [Golang Proposals](https://github.com/golang/proposal).\n\n Writing a design doc before contributing your change ensures that your ideas are checked with\n the community and maintainers. It will save you a lot of time developing things that might need to be changed\n after code reviews, and your pull requests will be merged faster.\n type: markdown\n - attributes:\n label: \"Preflight checklist\"\n options:\n - label:\n \"I could not find a solution in the existing issues, docs, nor\n discussions.\"\n required: true\n - label:\n \"I agree to follow this project's [Code of\n Conduct](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md).\"\n required: true\n - label:\n \"I have read and am following this repository's [Contribution\n Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md).\"\n required: true\n - label:\n \"I have joined the [Ory Community Slack](https://slack.ory.com).\"\n - label:\n \"I am signed up to the [Ory Security Patch\n Newsletter](https://www.ory.com/l/sign-up-newsletter).\"\n id: checklist\n type: checkboxes\n - attributes:\n description:\n \"Enter the slug or API URL of the affected Ory Network project. Leave\n empty when you are self-hosting.\"\n label: \"Ory Network Project\"\n placeholder: \"https://.projects.oryapis.com\"\n id: ory-network-project\n type: input\n - attributes:\n description: |\n This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts.\n label: \"Context and scope\"\n id: scope\n type: textarea\n validations:\n required: true\n\n - attributes:\n description: |\n A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals.\n label: \"Goals and non-goals\"\n id: goals\n type: textarea\n validations:\n required: true\n\n - attributes:\n description: |\n This section should start with an overview and then go into details.\n The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals.\n\n The point of writing a document over a more formal medium is to provide the flexibility to express the problem at hand in an appropriate manner. Because of this, there is no explicit guidance on how to actually describe the design.\n label: \"The design\"\n id: design\n type: textarea\n validations:\n required: true\n\n - attributes:\n description: |\n If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead, focus on the parts that are relevant to the design and its trade-offs.\n label: \"APIs\"\n id: apis\n type: textarea\n\n - attributes:\n description: |\n Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead, focus on the parts that are relevant to the design and its trade-offs.\n label: \"Data storage\"\n id: persistence\n type: textarea\n\n - attributes:\n description: |\n Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the feasibility of the design.\n label: \"Code and pseudo-code\"\n id: pseudocode\n type: textarea\n\n - attributes:\n description: |\n One of the primary factors that would influence the shape of a software design and hence the design doc, is the degree of constraint of the solution space.\n\n On one end of the extreme is the “greenfield software project”, where all we know are the goals, and the solution can be whatever makes the most sense. Such a document may be wide-ranging, but it also needs to quickly define a set of rules that allow zooming in on a manageable set of solutions.\n\n On the other end are systems where the possible solutions are very well defined, but it isn't at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn't designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language.\n\n In this situation, you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are great, and hence such a document should focus on selecting the best way given all identified trade-offs.\n label: \"Degree of constraint\"\n id: constrait\n type: textarea\n\n - attributes:\n description: |\n This section lists alternative designs that would have reasonably achieved similar outcomes. The focus should be on the trade-offs that each respective design makes and how those trade-offs led to the decision to select the design that is the primary topic of the document.\n\n While it is fine to be succinct about a solution that ended up not being selected, this section is one of the most important ones as it shows very explicitly why the selected solution is the best given the project goals and how other solutions, that the reader may be wondering about, introduce trade-offs that are less desirable given the goals.\n\n label: Alternatives considered\n id: alternatives\n type: textarea\n" }, { "path": ".github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml\n\ndescription:\n \"Suggest an idea for this project without a plan for implementation\"\nlabels:\n - feat\nname: \"Feature Request\"\nbody:\n - attributes:\n value: |\n Thank you for suggesting an idea for this project!\n\n If you already have a plan to implement a feature or a change, please create a [design document](https://github.com/aeneasr/gh-template-test/issues/new?assignees=&labels=rfc&template=DESIGN-DOC.yml) instead if the change is non-trivial!\n type: markdown\n - attributes:\n label: \"Preflight checklist\"\n options:\n - label:\n \"I could not find a solution in the existing issues, docs, nor\n discussions.\"\n required: true\n - label:\n \"I agree to follow this project's [Code of\n Conduct](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md).\"\n required: true\n - label:\n \"I have read and am following this repository's [Contribution\n Guidelines](https://github.com/ory/kratos/blob/master/CONTRIBUTING.md).\"\n required: true\n - label:\n \"I have joined the [Ory Community Slack](https://slack.ory.com).\"\n - label:\n \"I am signed up to the [Ory Security Patch\n Newsletter](https://www.ory.com/l/sign-up-newsletter).\"\n id: checklist\n type: checkboxes\n - attributes:\n description:\n \"Enter the slug or API URL of the affected Ory Network project. Leave\n empty when you are self-hosting.\"\n label: \"Ory Network Project\"\n placeholder: \"https://.projects.oryapis.com\"\n id: ory-network-project\n type: input\n - attributes:\n description:\n \"Is your feature request related to a problem? Please describe.\"\n label: \"Describe your problem\"\n placeholder:\n \"A clear and concise description of what the problem is. Ex. I'm always\n frustrated when [...]\"\n id: problem\n type: textarea\n validations:\n required: true\n - attributes:\n description: |\n Describe the solution you'd like\n placeholder: |\n A clear and concise description of what you want to happen.\n label: \"Describe your ideal solution\"\n id: solution\n type: textarea\n validations:\n required: true\n - attributes:\n description: \"Describe alternatives you've considered\"\n label: \"Workarounds or alternatives\"\n id: alternatives\n type: textarea\n validations:\n required: true\n - attributes:\n description: \"What version of our software are you running?\"\n label: Version\n id: version\n type: input\n validations:\n required: true\n - attributes:\n description:\n \"Add any other context or screenshots about the feature request here.\"\n label: Additional Context\n id: additional\n type: textarea\n" }, { "path": ".github/ISSUE_TEMPLATE/config.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/config.yml\n\nblank_issues_enabled: false\ncontact_links:\n - name: Ory Kratos Forum\n url: https://github.com/ory/kratos/discussions\n about:\n Please ask and answer questions here, show your implementations and\n discuss ideas.\n - name: Ory Chat\n url: https://www.ory.com/chat\n about:\n Hang out with other Ory community members to ask and answer questions.\n" }, { "path": ".github/auto_assign.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/auto_assign.yml\n\n# Set to true to add reviewers to pull requests\naddReviewers: true\n\n# Set to true to add assignees to pull requests\naddAssignees: true\n\n# A list of reviewers to be added to pull requests (GitHub user name)\nassignees:\n - ory/maintainers\n\n# A number of reviewers added to the pull request\n# Set 0 to add all the reviewers (default: 0)\nnumberOfReviewers: 0\n" }, { "path": ".github/codeql/codeql-config.yml", "content": "name: \"CodeQL config\"\n\nqueries:\n - uses: security-and-quality\n\npaths-ignore:\n - \"/test/\"\n - \"/pkg/testhelpers\"\n" }, { "path": ".github/config.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/config.yml\n\ntodo:\n keyword: \"@todo\"\n label: todo\n" }, { "path": ".github/conventional_commits.json", "content": "{\n \"$schema\": \"https://raw.githubusercontent.com/ory/ci/master/conventional_commit_config/dist/config.schema.json\",\n \"addTypes\": [\"improvement\", \"perf\"],\n \"addScopes\": [\"cli\", \"sql\"]\n}\n" }, { "path": ".github/labels.json", "content": "[\n {\n \"name\": \"package/2fa\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:2fa\"]\n },\n {\n \"name\": \"package/cli\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:cli\"]\n },\n {\n \"name\": \"package/courier\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:courier\"]\n },\n {\n \"name\": \"package/courier\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:docs\"]\n },\n {\n \"name\": \"package/selfservice/errorx\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:errorx\"]\n },\n {\n \"name\": \"package/identity\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:identity\"]\n },\n {\n \"name\": \"package/persistence/sql\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:migrations\"]\n },\n {\n \"name\": \"package/selfservice\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:selfservice\"]\n },\n {\n \"name\": \"package/selfservice/oidc\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:ss/oidc\"]\n },\n {\n \"name\": \"package/selfservice/password\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:ss/password\"]\n },\n {\n \"name\": \"package/selfservice/verification\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:verification\"]\n },\n {\n \"name\": \"package/selfservice/recovery\",\n \"color\": \"0A28FD\",\n \"aliases\": []\n },\n {\n \"name\": \"package/session\",\n \"color\": \"0A28FD\",\n \"aliases\": [\"module:session\"]\n }\n]\n" }, { "path": ".github/pull_request_template.md", "content": "\n\n## Related issue(s)\n\n\n\n## Checklist\n\n\n\n- [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md).\n- [ ] I have referenced an issue containing the design document if my change\n introduces a new feature.\n- [ ] I am following the\n [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code).\n- [ ] I have read the [security policy](../security/policy).\n- [ ] I confirm that this pull request does not address a security\n vulnerability. If this pull request addresses a security vulnerability, I\n confirm that I got the approval (please contact\n [security@ory.com](mailto:security@ory.com)) from the maintainers to push\n the changes.\n- [ ] I have added tests that prove my fix is effective or that my feature\n works.\n- [ ] I have added or changed [the documentation](https://github.com/ory/docs).\n\n## Further Comments\n\n\n" }, { "path": ".github/workflows/ci.yaml", "content": "name: CI\non:\n push:\n branches:\n - master\n tags:\n - \"*\"\n pull_request:\n\n# Cancel in-progress runs in current workflow.\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\njobs:\n test:\n name: Run tests and lints\n runs-on: ubuntu-latest\n services:\n postgres:\n image: postgres:18\n env:\n POSTGRES_DB: postgres\n POSTGRES_PASSWORD: test\n POSTGRES_USER: test\n ports:\n - 5432:5432\n mysql:\n image: mysql:9.6\n env:\n MYSQL_ROOT_PASSWORD: test\n ports:\n - 3306:3306\n env:\n TEST_DATABASE_POSTGRESQL: \"postgres://test:test@localhost:5432/postgres?sslmode=disable\"\n TEST_DATABASE_MYSQL: \"mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true\"\n TEST_DATABASE_COCKROACHDB: \"cockroach://root@localhost:26257/defaultdb?sslmode=disable\"\n steps:\n - run: |\n docker create --name cockroach -p 26257:26257 \\\n cockroachdb/cockroach:latest-v25.4 start-single-node --insecure \\\n || true\n docker start cockroach\n name: Start CockroachDB\n - run: docker pull oryd/hydra:v2.2.0\n name: Pull Hydra\n - uses: ory/ci/checkout@master\n with:\n fetch-depth: 2\n - uses: actions/setup-go@v6\n with:\n check-latest: true\n go-version-file: go.mod\n - run: go list -json > go.list\n - name: Run nancy\n uses: sonatype-nexus-community/nancy-github-action@v1.0.3\n with:\n nancyVersion: v1.0.42\n - run: |\n sudo apt-get update\n name: apt-get update\n - run: npm install\n name: Install node deps\n - name: Run golangci-lint\n if: ${{ github.ref_type != 'tag' }}\n uses: golangci/golangci-lint-action@v9\n env:\n GOGC: 100\n with:\n args: --timeout 10m0s\n version: latest\n only-new-issues: \"true\"\n - name: Build Kratos\n run: make install\n - name: Run go tests\n run: make test-coverage\n - name: Submit to Codecov\n run: |\n bash <(curl -s https://codecov.io/bash)\n env:\n CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}\n\n test-e2e:\n name: Run end-to-end tests\n runs-on: ubuntu-latest\n services:\n postgres:\n image: postgres:18\n env:\n POSTGRES_DB: postgres\n POSTGRES_PASSWORD: test\n POSTGRES_USER: test\n ports:\n - 5432:5432\n mysql:\n image: mysql:9.6\n env:\n MYSQL_ROOT_PASSWORD: test\n ports:\n - 3306:3306\n mailslurper:\n image: oryd/mailslurper:latest-smtps\n ports:\n - 4436:4436\n - 4437:4437\n - 1025:1025\n env:\n TEST_DATABASE_POSTGRESQL: \"postgres://test:test@localhost:5432/postgres?sslmode=disable\"\n TEST_DATABASE_MYSQL: \"mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true\"\n TEST_DATABASE_COCKROACHDB: \"cockroach://root@localhost:26257/defaultdb?sslmode=disable\"\n strategy:\n fail-fast: false\n matrix:\n database: [\"postgres\", \"sqlite\"]\n # \"cockroach\", \"mysql\" TODO: fix tests and uncomment\n steps:\n - uses: actions/setup-node@v6\n with:\n node-version: \"24\"\n - run: |\n docker create --name cockroach -p 26257:26257 \\\n cockroachdb/cockroach:latest-v25.4 start-single-node --insecure\n docker start cockroach\n name: Start CockroachDB\n - uses: browser-actions/setup-chrome@latest\n name: Install Chrome\n # - uses: browser-actions/setup-firefox@latest\n # name: Install Firefox\n # - uses: browser-actions/setup-geckodriver@latest\n # name: Install Geckodriver\n # with:\n # geckodriver-version: 0.32.0\n - uses: ory/ci/checkout@master\n with:\n fetch-depth: 2\n - run: |\n sudo apt-get update\n name: apt-get update\n - run: |\n npm ci\n cd test/e2e; npm ci\n npm i -g expo-cli\n name: Install node deps\n - run: |\n sudo apt-get install -y moreutils gettext\n name: Install tools\n - name: Setup Go\n uses: actions/setup-go@v6\n with:\n check-latest: true\n go-version-file: go.mod\n - name: Install selfservice-ui-react-native\n uses: actions/checkout@v6\n with:\n repository: ory/kratos-selfservice-ui-react-native\n path: react-native-ui\n - run: |\n cd react-native-ui\n npm install\n\n - name: Install selfservice-ui-node\n uses: actions/checkout@v6\n with:\n repository: ory/kratos-selfservice-ui-node\n path: node-ui\n - run: |\n cd node-ui\n npm install --legacy-peer-deps\n\n - name: Install selfservice-ui-react-nextjs\n uses: actions/checkout@v6\n with:\n repository: ory/kratos-selfservice-ui-react-nextjs\n path: react-ui\n - run: |\n cd react-ui\n npm ci\n\n - run: |\n echo 'RN_UI_PATH='\"$(realpath react-native-ui)\" >> \"$GITHUB_ENV\"\n echo 'NODE_UI_PATH='\"$(realpath node-ui)\" >> \"$GITHUB_ENV\"\n echo 'REACT_UI_PATH='\"$(realpath react-ui)\" >> \"$GITHUB_ENV\"\n - name: \"Run Cypress tests\"\n run: ./test/e2e/run.sh ${{ matrix.database }}\n env:\n RN_UI_PATH: react-native-ui\n NODE_UI_PATH: node-ui\n REACT_UI_PATH: react-ui\n CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}\n - if: failure()\n uses: actions/upload-artifact@v7\n with:\n name: cypress-${{ matrix.database }}-logs\n path: test/e2e/*.e2e.log\n\n test-e2e-playwright:\n name: Run Playwright end-to-end tests\n runs-on: ubuntu-latest\n services:\n postgres:\n image: postgres:18\n env:\n POSTGRES_DB: postgres\n POSTGRES_PASSWORD: test\n POSTGRES_USER: test\n ports:\n - 5432:5432\n mysql:\n image: mysql:9.6\n env:\n MYSQL_ROOT_PASSWORD: test\n ports:\n - 3306:3306\n mailslurper:\n image: oryd/mailslurper:latest-smtps\n ports:\n - 4436:4436\n - 4437:4437\n - 1025:1025\n env:\n TEST_DATABASE_POSTGRESQL: \"postgres://test:test@localhost:5432/postgres?sslmode=disable\"\n TEST_DATABASE_MYSQL: \"mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true\"\n TEST_DATABASE_COCKROACHDB: \"cockroach://root@localhost:26257/defaultdb?sslmode=disable\"\n strategy:\n fail-fast: false\n matrix:\n database: [\"postgres\", \"cockroach\", \"sqlite\", \"mysql\"]\n steps:\n - uses: actions/setup-node@v6\n with:\n node-version: \"24\"\n - run: |\n docker create --name cockroach -p 26257:26257 \\\n cockroachdb/cockroach:latest-v25.4 start-single-node --insecure\n docker start cockroach\n name: Start CockroachDB\n - uses: ory/ci/checkout@master\n with:\n fetch-depth: 2\n - run: |\n sudo apt-get update\n name: apt-get update\n - run: |\n npm ci\n cd test/e2e; npm ci\n npx playwright install --with-deps\n npm i -g expo-cli\n name: Install node deps\n - run: |\n sudo apt-get install -y moreutils gettext\n name: Install tools\n - name: Setup Go\n uses: actions/setup-go@v6\n with:\n check-latest: true\n go-version-file: go.mod\n - run: go build -tags sqlite,json1 .\n\n - name: Install selfservice-ui-react-native\n uses: actions/checkout@v6\n with:\n repository: ory/kratos-selfservice-ui-react-native\n path: react-native-ui\n - run: |\n cd react-native-ui\n npm install\n\n - name: Install selfservice-ui-node\n uses: actions/checkout@v6\n with:\n repository: ory/kratos-selfservice-ui-node\n path: node-ui\n - run: |\n cd node-ui\n npm install --legacy-peer-deps\n\n - name: Install selfservice-ui-react-nextjs\n uses: actions/checkout@v6\n with:\n repository: ory/kratos-selfservice-ui-react-nextjs\n path: react-ui\n - run: |\n cd react-ui\n npm ci\n\n - run: |\n echo 'RN_UI_PATH='\"$(realpath react-native-ui)\" >> \"$GITHUB_ENV\"\n echo 'NODE_UI_PATH='\"$(realpath node-ui)\" >> \"$GITHUB_ENV\"\n echo 'REACT_UI_PATH='\"$(realpath react-ui)\" >> \"$GITHUB_ENV\"\n\n - name: \"Set up environment\"\n run: test/e2e/run.sh --only-setup\n - name: \"Run Playwright tests\"\n run: |\n cd test/e2e\n npm run playwright\n env:\n DB: ${{ matrix.database }}\n RN_UI_PATH: react-native-ui\n NODE_UI_PATH: node-ui\n REACT_UI_PATH: react-ui\n - if: failure()\n uses: actions/upload-artifact@v7\n with:\n name: playwright-${{ matrix.database }}-logs\n path: test/e2e/*.e2e.log\n - if: failure()\n uses: actions/upload-artifact@v7\n with:\n name: playwright-test-results-${{ matrix.database }}-${{ github.sha }}\n path: |\n test/e2e/test-results/\n test/e2e/playwright-report/\n\n docs-cli:\n runs-on: ubuntu-latest\n name: Build CLI docs\n needs:\n - test\n steps:\n - uses: ory/ci/docs/cli-next@master\n with:\n token: ${{ secrets.ORY_BOT_PAT }}\n arg: \".\"\n output-dir: docs/kratos\n\n release:\n name: Generate release\n runs-on: ubuntu-latest\n if: ${{ github.ref_type == 'tag' }}\n needs:\n - test\n - test-e2e\n steps:\n - uses: ory/ci/releaser@master\n with:\n token: ${{ secrets.ORY_BOT_PAT }}\n goreleaser_key: ${{ secrets.GORELEASER_KEY }}\n cosign_pwd: ${{ secrets.COSIGN_PWD }}\n docker_username: ${{ secrets.DOCKERHUB_USERNAME }}\n docker_password: ${{ secrets.DOCKERHUB_PASSWORD }}\n\n newsletter-draft:\n name: Draft newsletter\n runs-on: ubuntu-latest\n if: ${{ github.ref_type == 'tag' }}\n needs:\n - release\n steps:\n - uses: ory/ci/newsletter@master\n with:\n mailchimp_list_id: f605a41b53\n mailchmip_segment_id: 6479477\n mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }}\n draft: \"true\"\n ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }}\n\n slack-approval-notification:\n name: Pending approval Slack notification\n runs-on: ubuntu-latest\n if: ${{ github.ref_type == 'tag' }}\n needs:\n - newsletter-draft\n steps:\n - uses: ory/ci/newsletter/slack-notify@master\n with:\n slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}\n\n newsletter-send:\n name: Send newsletter\n runs-on: ubuntu-latest\n needs:\n - newsletter-draft\n if: ${{ github.ref_type == 'tag' }}\n environment: production\n steps:\n - uses: ory/ci/newsletter@master\n with:\n mailchimp_list_id: f605a41b53\n mailchmip_segment_id: 6479477\n mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }}\n draft: \"false\"\n ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }}\n" }, { "path": ".github/workflows/closed_references.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/closed_references.yml\n\nname: Closed Reference Notifier\n\non:\n schedule:\n - cron: \"0 0 * * *\"\n workflow_dispatch:\n inputs:\n issueLimit:\n description: Max. number of issues to create\n required: true\n default: \"5\"\n\njobs:\n find_closed_references:\n if: github.repository_owner == 'ory'\n runs-on: ubuntu-latest\n name: Find closed references\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v6\n with:\n node-version: \"24\"\n - uses: ory/closed-reference-notifier@v1\n with:\n token: ${{ secrets.GITHUB_TOKEN }}\n issueLabels: upstream,good first issue,help wanted\n issueLimit: ${{ github.event.inputs.issueLimit || '5' }}\n" }, { "path": ".github/workflows/codeql-analysis.yml", "content": "# For most projects, this workflow file will not need changing; you simply need\n# to commit it to your repository.\n#\n# You may wish to alter this file to override the set of languages analyzed,\n# or to provide custom queries or build logic.\n#\n# ******** NOTE ********\n# We have attempted to detect the languages in your repository. Please check\n# the `language` matrix defined below to confirm you have the correct set of\n# supported CodeQL languages.\n#\nname: \"CodeQL\"\n\non:\n push:\n branches: [master]\n pull_request:\n # The branches below must be a subset of the branches above\n branches: [master]\n schedule:\n - cron: \"26 21 * * 3\"\n\njobs:\n analyze:\n name: Analyze\n runs-on: ubuntu-latest\n\n strategy:\n fail-fast: false\n matrix:\n language: [\"go\", \"javascript\"]\n # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]\n # Learn more:\n # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v6\n\n # Initializes the CodeQL tools for scanning.\n - name: Initialize CodeQL\n uses: github/codeql-action/init@v4\n with:\n languages: ${{ matrix.language }}\n config-file: ./.github/codeql/codeql-config.yml\n # If you wish to specify custom queries, you can do so here or in a config file.\n # By default, queries listed here will override any specified in a config file.\n # Prefix the list here with \"+\" to use these queries and those in the config file.\n # queries: ./path/to/local/query, your-org/your-repo/queries@main\n\n # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).\n # If this step fails, then you should remove it and run the build manually (see below)\n - name: Autobuild\n uses: github/codeql-action/autobuild@v4\n\n # ℹ️ Command-line programs to run using the OS shell.\n # 📚 https://git.io/JvXDl\n\n # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines\n # and modify them (or add more) to build your code if your project\n # uses a compiled language\n\n #- run: |\n # make bootstrap\n # make release\n\n - name: Perform CodeQL Analysis\n uses: github/codeql-action/analyze@v4\n" }, { "path": ".github/workflows/conventional_commits.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/conventional_commits.yml\n\nname: Conventional commits\n\n# This GitHub CI Action enforces that pull request titles follow conventional commits.\n# More info at https://www.conventionalcommits.org.\n#\n# The Ory-wide defaults for commit titles and scopes are below.\n# Your repository can add/replace elements via a configuration file at the path below.\n# More info at https://github.com/ory/ci/blob/master/conventional_commit_config/README.md\n\non:\n pull_request_target:\n types:\n - edited\n - opened\n - ready_for_review\n - reopened\n # pull_request: # for debugging, uses config in local branch but supports only Pull Requests from this repo\n\njobs:\n main:\n name: Validate PR title\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - id: config\n uses: ory/ci/conventional_commit_config@master\n with:\n config_path: .github/conventional_commits.json\n default_types: |\n feat\n fix\n revert\n docs\n style\n refactor\n test\n build\n autogen\n security\n ci\n chore\n default_scopes: |\n deps\n docs\n default_require_scope: false\n - uses: amannn/action-semantic-pull-request@v6\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n with:\n types: ${{ steps.config.outputs.types }}\n scopes: ${{ steps.config.outputs.scopes }}\n requireScope: ${{ steps.config.outputs.requireScope }}\n subjectPattern: ^(?![A-Z]).+$\n subjectPatternError: |\n The subject should start with a lowercase letter, yours is uppercase:\n \"{subject}\"\n" }, { "path": ".github/workflows/cve-scan.yaml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/server/.github/workflows/cve-scan.yaml\n\nname: Docker Image Scanners\non:\n workflow_dispatch:\n push:\n branches:\n - \"master\"\n tags:\n - \"v*.*.*\"\n pull_request:\n branches:\n - \"master\"\n\npermissions:\n contents: read\n security-events: write\n\njobs:\n scanners:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Setup Env\n id: vars\n shell: bash\n run: |\n # Store values in local variables\n SHA_SHORT=$(git rev-parse --short HEAD)\n REPO_NAME=${{ github.event.repository.name }}\n\n IMAGE_NAME=\"oryd/${REPO_NAME}:${SHA_SHORT}\"\n\n # Output values for debugging\n echo \"Values to be set:\"\n echo \"SHA_SHORT: ${SHA_SHORT}\"\n echo \"REPO_NAME: ${REPO_NAME}\"\n echo \"IMAGE_NAME: ${IMAGE_NAME}\"\n\n # Set GitHub Environment variables\n echo \"SHA_SHORT=${SHA_SHORT}\" >> \"${GITHUB_ENV}\"\n echo \"IMAGE_NAME=${IMAGE_NAME}\" >> \"${GITHUB_ENV}\"\n - name: Set up QEMU\n uses: docker/setup-qemu-action@v4\n - name: Set up Docker Buildx\n uses: docker/setup-buildx-action@v4\n with:\n driver: docker\n - name: Build images\n shell: bash\n run: |\n IMAGE_TAG=\"${{ env.SHA_SHORT }}\" make docker\n\n - name: Login to GitHub Container Registry\n uses: docker/login-action@v4\n with:\n registry: ghcr.io\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n\n - name: Configure Trivy\n run: |\n mkdir -p \"$HOME/.cache/trivy\"\n echo \"TRIVY_USERNAME=${{ github.actor }}\" >> \"$GITHUB_ENV\"\n echo \"TRIVY_PASSWORD=${{ secrets.GITHUB_TOKEN }}\" >> \"$GITHUB_ENV\"\n\n - name: Anchore Scanner\n uses: anchore/scan-action@v7\n id: grype-scan\n with:\n image: ${{ env.IMAGE_NAME }}\n fail-build: true\n severity-cutoff: high\n add-cpes-if-none: true\n - name: Inspect action SARIF report\n shell: bash\n if: ${{ always() }}\n run: |\n echo \"::group::Anchore Scan Details\"\n jq '.runs[0].results' ${{ steps.grype-scan.outputs.sarif }}\n echo \"::endgroup::\"\n - name: Anchore upload scan SARIF report\n if: always()\n uses: github/codeql-action/upload-sarif@v4\n with:\n sarif_file: ${{ steps.grype-scan.outputs.sarif }}\n - name: Kubescape scanner\n uses: kubescape/github-action@main\n id: kubescape\n with:\n image: ${{ env.IMAGE_NAME }}\n verbose: true\n format: pretty-printer\n # can't whitelist CVE yet: https://github.com/kubescape/kubescape/pull/1568\n severityThreshold: critical\n - name: Trivy Scanner\n uses: aquasecurity/trivy-action@master\n if: ${{ always() }}\n with:\n image-ref: ${{ env.IMAGE_NAME }}\n format: \"table\"\n exit-code: \"42\"\n ignore-unfixed: true\n vuln-type: \"os,library\"\n severity: \"CRITICAL,HIGH\"\n scanners: \"vuln,secret,misconfig\"\n env:\n TRIVY_SKIP_JAVA_DB_UPDATE: \"true\"\n TRIVY_DISABLE_VEX_NOTICE: \"true\"\n TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db\n\n - name: Dockle Linter\n uses: erzz/dockle-action@v1\n if: ${{ always() }}\n with:\n image: ${{ env.IMAGE_NAME }}\n exit-code: 42\n failure-threshold: high\n - name: Hadolint\n uses: hadolint/hadolint-action@v3.3.0\n id: hadolint\n if: ${{ always() }}\n with:\n dockerfile: .docker/Dockerfile-build\n verbose: true\n format: \"json\"\n failure-threshold: \"error\"\n - name: View Hadolint results\n if: ${{ always() }}\n shell: bash\n run: |\n echo \"::group::Hadolint Scan Details\"\n echo \"${HADOLINT_RESULTS}\" | jq '.'\n echo \"::endgroup::\"\n" }, { "path": ".github/workflows/format.yml", "content": "name: Format\n\non:\n pull_request:\n merge_group:\n\njobs:\n format:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-go@v6\n with:\n check-latest: true\n go-version-file: go.mod\n - run: make format\n - name: Indicate formatting issues\n run: git diff HEAD --exit-code --color\n" }, { "path": ".github/workflows/labels.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/labels.yml\n\nname: Synchronize Issue Labels\n\non:\n workflow_dispatch:\n push:\n branches:\n - master\n\njobs:\n milestone:\n if: github.repository_owner == 'ory'\n name: Synchronize Issue Labels\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Synchronize Issue Labels\n uses: ory/label-sync-action@v0\n with:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n dry: false\n forced: true\n" }, { "path": ".github/workflows/milestone.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/server/.github/workflows/milestone.yml\n\nname: Generate and Publish Milestone Document\n\non:\n workflow_dispatch:\n schedule:\n - cron: \"0 0 * * *\"\n\njobs:\n milestone:\n if: github.repository_owner == 'ory'\n name: Generate and Publish Milestone Document\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n token: ${{ secrets.TOKEN_PRIVILEGED }}\n - name: Milestone Documentation Generator\n uses: ory/milestone-action@v0\n with:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n outputFile: docs/docs/milestones.md\n - name: Commit Milestone Documentation\n uses: EndBug/add-and-commit@v9.1.4\n with:\n message: \"autogen(docs): update milestone document\"\n author_name: aeneasr\n author_email: \"3372410+aeneasr@users.noreply.github.com\"\n env:\n GITHUB_TOKEN: ${{ secrets.TOKEN_PRIVILEGED }}\n" }, { "path": ".github/workflows/pm.yml", "content": "name: Synchronize with product board\n\non:\n issues:\n types:\n - opened\n pull_request:\n types:\n - opened\n - ready_for_review\n\njobs:\n automate:\n if: github.event.pull_request.head.repo.fork == false\n name: Add issue to project\n runs-on: ubuntu-latest\n timeout-minutes: 5\n steps:\n - uses: ory-corp/planning-automation-action@v0.2\n with:\n project: 5\n organization: ory-corp\n token: ${{ secrets.ORY_BOT_PAT }}\n todoLabel: \"Needs Triage\"\n statusName: Status\n prStatusValue: \"Needs Triage\"\n issueStatusValue: \"Needs Triage\"\n includeEffort: \"false\"\n monthlyMilestoneName: Roadmap Monthly\n quarterlyMilestoneName: Roadmap\n" }, { "path": ".github/workflows/stale.yml", "content": "# AUTO-GENERATED, DO NOT EDIT!\n# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/stale.yml\n\nname: \"Close Stale Issues\"\non:\n workflow_dispatch:\n schedule:\n - cron: \"0 0 * * *\"\n\njobs:\n stale:\n if: github.repository_owner == 'ory'\n runs-on: ubuntu-latest\n steps:\n - uses: actions/stale@v10\n with:\n repo-token: ${{ secrets.GITHUB_TOKEN }}\n stale-issue-message: |\n Hello contributors!\n\n I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue\n\n - open a PR referencing and resolving the issue;\n - leave a comment on it and discuss ideas on how you could contribute towards resolving it;\n - leave a comment and describe in detail why this issue is critical for your use case;\n - open a new issue with updated details and a plan for resolving the issue.\n\n Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.\n\n Unfortunately, [burnout](https://www.jeffgeerling.com/blog/2016/why-i-close-prs-oss-project-maintainer-notes) has become a [topic](https://opensource.guide/best-practices/#its-okay-to-hit-pause) of [concern](https://docs.brew.sh/Maintainers-Avoiding-Burnout) amongst open-source projects.\n\n It can lead to severe personal and health issues as well as [opening](https://haacked.com/archive/2019/05/28/maintainer-burnout/) catastrophic [attack vectors](https://www.gradiant.org/en/blog/open-source-maintainer-burnout-as-an-attack-surface/).\n\n The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.\n\n If this issue was marked as stale erroneously you can exempt it by adding the `backlog` label, assigning someone, or setting a milestone for it.\n\n Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!\n\n Thank you 🙏✌️\n stale-issue-label: \"stale\"\n exempt-issue-labels: \"bug,blocking,docs,backlog\"\n days-before-stale: 365\n days-before-close: 30\n exempt-milestones: true\n exempt-assignees: true\n only-pr-labels: \"stale\"\n" }, { "path": ".gitignore", "content": "cover.out\n.idea/\ntmp/\nddl/\n.DS_Store\n/kratos\npackrd/\n*-packr.go\ndist/\nnode_modules\n.bin/\ntest/e2e/cypress/videos\ntest/e2e/cypress/screenshots\ntest/e2e/.bin\npkged.go\ncoverage.*\nschema.sql\n*.sqlite\nheap_profiler/\ngoroutine_dump/\ninflight_trace_dump/\n\ncontrib/quickstart/kratos/oidc\n\ne2e/*.log\ne2e/kratos.*.yml\ne2e/proxy.json\ne2e/cypress/downloads\n\n# Compiled Object files, Static and Dynamic libs (Shared Objects)\ninternal/httpclient/*.o\ninternal/httpclient/*.a\ninternal/httpclient/*.so\n\n# Folders\ninternal/httpclient/_obj\ninternal/httpclient/_test\n\n# Architecture specific extensions/prefixes\ninternal/httpclient/*.[568vq]\ninternal/httpclient/[568vq].out\n\ninternal/httpclient/*.cgo1.go\ninternal/httpclient/*.cgo2.c\ninternal/httpclient/_cgo_defun.c\ninternal/httpclient/_cgo_gotypes.go\ninternal/httpclient/_cgo_export.*\n\ninternal/httpclient/_testmain.go\n\ninternal/httpclient/*.exe\ninternal/httpclient/*.test\ninternal/httpclient/*.prof\n\ntest/e2e/hydra-login-consent/hydra-login-consent\n\npersistence/sql/migrations/sql/schema.sql\n\ntest/e2e/hydra-kratos-login-consent/hydra-kratos-login-consent\n\n*.log\ntest/e2e/proxy.json\ntest/e2e/kratos.*.yml\n\n# VSCode debug artifact\n__debug_bin\n.debug.sqlite.db\n.last-run.json" }, { "path": ".golangci.yml", "content": "version: \"2\"\n\nlinters:\n enable:\n - gosec\n - govet\n - errcheck\n - ineffassign\n - staticcheck\n - unused\n disable:\n - bodyclose # too many false negatives\n\n settings:\n gosec:\n excludes:\n - G101\n - G117\n - G306\n - G704\n - G705\n exclusions:\n rules:\n - linters:\n - staticcheck\n text: \"SA1019\" # we do use deprecated APIs on purpose sometimes\n" }, { "path": ".goreleaser.yml", "content": "version: 2\n\nincludes:\n - from_url:\n url: https://raw.githubusercontent.com/ory/xgoreleaser/master/build.tmpl.yml\n\nvariables:\n brew_name: kratos\n brew_description: \"The Ory Identity Platform (Ory Kratos)\"\n buildinfo_hash: \"github.com/ory/kratos/driver/config.Commit\"\n buildinfo_tag: \"github.com/ory/kratos/driver/config.Version\"\n buildinfo_date: \"github.com/ory/kratos/driver/config.Date\"\n dockerfile_alpine: \".docker/Dockerfile-alpine\"\n dockerfile_static: \".docker/Dockerfile-distroless-static\"\n\nproject_name: kratos\n\nafter:\n hooks:\n - cmd: \"bash <(curl -s https://raw.githubusercontent.com/ory/xgoreleaser/master/docs.sh)\"\n env:\n - \"TAG_VERSION={{ .Tag }}\"\n - \"DOCS_VERSION={{ .Major }}.{{ .Minor }}\"\n" }, { "path": ".grype.yaml", "content": "#only-fixed: true\nignore:\n - vulnerability: GHSA-c5pj-mqfh-rvc3 # https://github.com/advisories/GHSA-c5pj-mqfh-rvc3\n - vulnerability: CVE-2015-5237\n - vulnerability: CVE-2022-30065\n - vulnerability: CVE-2023-2650\n - vulnerability: CVE-2023-4813\n - vulnerability: CVE-2023-4806\n - vulnerability: CVE-2025-0395 # no fix available\n" }, { "path": ".mailmap", "content": "Aeneas Rekkas \nAeneas Rekkas <3372410+aeneasr@users.noreply.github.com>\nAeneas Rekkas \nAeneas Rekkas \nAjay Kelkar \nAlano Terblanche <18033717+Benehiko@users.noreply.github.com>\nAlano Terblanche \nJonas Hungershausen \nMatt Bonnell <64976795+mbonnell-wish@users.noreply.github.com>\nNick Ufer \nNick Ufer \nPatrik Neu \nPatrik Neu \n" }, { "path": ".nancy-ignore", "content": "# HashiCorp Consul related CVEs\n# Consul is not used but instead an indirect dependency to the pf13/viper config backend which is not actively used.\nCVE-2020-7219\nCVE-2019-12291\nCVE-2020-7955\nCVE-2020-12797\nCVE-2020-13250\nCVE-2020-13170\n# End HashiCorp Consul\n\n# etcd issues - can be ignored because etcd is not used.\nCVE-2020-15114\nCVE-2020-15136\nCVE-2020-15115\n# end\n" }, { "path": ".nvmrc", "content": "v16.19.0\n" }, { "path": ".orycli.yml", "content": "project: kratos\n\npre_release_hooks:\n - make sdk\n - ./script/render-schemas.sh\n - git config --unset user.email\n - git config --unset user.name\n" }, { "path": ".prettierignore", "content": ".schema/\n.github/ISSUE_TEMPLATE\noryx" }, { "path": ".reference-ignore", "content": "**/node_modules\ndocs\nCHANGELOG.md\n" }, { "path": ".reports/dep-licenses.csv", "content": "\"module name\",\"licenses\"\n\n\"github.com/arbovm/levenshtein\",\"BSD-3-Clause\"\n\"github.com/ory/x\",\"Apache-2.0\"\n\"github.com/stretchr/testify\",\"MIT\"\n\"go.opentelemetry.io/otel/sdk\",\"Apache-2.0\"\n\"golang.org/x/text\",\"BSD-3-Clause\"\n\n" }, { "path": ".schema/api.openapi.json", "content": "{\n \"components\": {\n \"responses\": {\n \"emptyResponse\": {\n \"description\": \"Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is\\ntypically 201.\"\n },\n \"errorContainer\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/errorContainer\"\n }\n }\n },\n \"description\": \"User-facing error response\"\n },\n \"identityList\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"items\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"type\": \"array\"\n }\n }\n },\n \"description\": \"A list of identities.\"\n },\n \"identityResponse\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/Identity\"\n }\n }\n },\n \"description\": \"A single identity.\"\n }\n },\n \"schemas\": {\n \"CompleteSelfServiceBrowserSettingsProfileStrategyFlow\": {\n \"description\": \"nolint:deadcode,unused\",\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"The Anti-CSRF Token\\n\\nThis token is only required when performing browser flows.\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"description\": \"Traits contains all of the identity's traits.\",\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"CompleteSelfServiceLoginFlowWithPasswordMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"Sending the anti-csrf token is only required for browser login flows.\",\n \"type\": \"string\"\n },\n \"identifier\": {\n \"description\": \"Identifier is the email or username of the user trying to log in.\",\n \"type\": \"string\"\n },\n \"password\": {\n \"description\": \"The user's password.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"CompleteSelfServiceSettingsFlowWithPasswordMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"CSRFToken is the anti-CSRF token\\n\\ntype: string\",\n \"type\": \"string\"\n },\n \"password\": {\n \"description\": \"Password is the updated password\\n\\ntype: string\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"password\"\n ],\n \"type\": \"object\"\n },\n \"CreateIdentity\": {\n \"properties\": {\n \"schema_id\": {\n \"description\": \"SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"description\": \"Traits represent an identity's traits. The identity is able to create, modify, and delete traits\\nin a self-service manner. The input will always be validated against the JSON Schema defined\\nin `schema_url`.\",\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"schema_id\",\n \"traits\"\n ],\n \"type\": \"object\"\n },\n \"CreateRecoveryLink\": {\n \"properties\": {\n \"expires_in\": {\n \"description\": \"Link Expires In\\n\\nThe recovery link will expire at that point in time. Defaults to the configuration value of\\n`selfservice.flows.recovery.request_lifespan`.\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"type\": \"string\"\n },\n \"identity_id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n }\n },\n \"required\": [\n \"identity_id\"\n ],\n \"type\": \"object\"\n },\n \"CredentialsType\": {\n \"description\": \"and so on.\",\n \"title\": \"CredentialsType represents several different credential types, like password credentials, passwordless credentials,\",\n \"type\": \"string\"\n },\n \"ID\": {\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"Identity\": {\n \"properties\": {\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"recovery_addresses\": {\n \"description\": \"RecoveryAddresses contains all the addresses that can be used to recover an identity.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/RecoveryAddress\"\n },\n \"type\": \"array\",\n \"x-omitempty\": true\n },\n \"schema_id\": {\n \"description\": \"SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.\",\n \"type\": \"string\"\n },\n \"schema_url\": {\n \"description\": \"SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.\\n\\nformat: url\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"$ref\": \"#/components/schemas/Traits\"\n },\n \"verifiable_addresses\": {\n \"description\": \"VerifiableAddresses contains all the addresses that can be verified by the user.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/VerifiableAddress\"\n },\n \"type\": \"array\",\n \"x-omitempty\": true\n }\n },\n \"required\": [\n \"id\",\n \"schema_id\",\n \"schema_url\",\n \"traits\"\n ],\n \"type\": \"object\"\n },\n \"NullTime\": {\n \"format\": \"date-time\",\n \"title\": \"NullTime implements sql.NullTime functionality.\",\n \"type\": \"string\"\n },\n \"RecoveryAddress\": {\n \"properties\": {\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"value\": {\n \"type\": \"string\"\n },\n \"via\": {\n \"$ref\": \"#/components/schemas/RecoveryAddressType\"\n }\n },\n \"required\": [\n \"id\",\n \"value\",\n \"via\"\n ],\n \"type\": \"object\"\n },\n \"RecoveryAddressType\": {\n \"type\": \"string\"\n },\n \"State\": {\n \"type\": \"string\"\n },\n \"Traits\": {\n \"type\": \"object\"\n },\n \"Type\": {\n \"description\": \"The flow type can either be `api` or `browser`.\",\n \"title\": \"Type is the flow type.\",\n \"type\": \"string\"\n },\n \"UUID\": {\n \"format\": \"uuid4\",\n \"type\": \"string\"\n },\n \"UpdateIdentity\": {\n \"properties\": {\n \"schema_id\": {\n \"description\": \"SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\\nwill update the Identity's SchemaID.\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"description\": \"Traits represent an identity's traits. The identity is able to create, modify, and delete traits\\nin a self-service manner. The input will always be validated against the JSON Schema defined\\nin `schema_id`.\",\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"traits\"\n ],\n \"type\": \"object\"\n },\n \"VerifiableAddress\": {\n \"properties\": {\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"status\": {\n \"$ref\": \"#/components/schemas/VerifiableAddressStatus\"\n },\n \"value\": {\n \"type\": \"string\"\n },\n \"verified\": {\n \"type\": \"boolean\"\n },\n \"verified_at\": {\n \"$ref\": \"#/components/schemas/NullTime\"\n },\n \"via\": {\n \"$ref\": \"#/components/schemas/VerifiableAddressType\"\n }\n },\n \"required\": [\n \"id\",\n \"value\",\n \"verified\",\n \"via\",\n \"status\"\n ],\n \"type\": \"object\"\n },\n \"VerifiableAddressStatus\": {\n \"type\": \"string\"\n },\n \"VerifiableAddressType\": {\n \"type\": \"string\"\n },\n \"completeSelfServiceBrowserSettingsOIDCFlowPayload\": {\n \"properties\": {\n \"flow\": {\n \"description\": \"Flow ID is the flow's ID.\\n\\nin: query\",\n \"type\": \"string\"\n },\n \"link\": {\n \"description\": \"Link this provider\\n\\nEither this or `unlink` must be set.\\n\\ntype: string\\nin: body\",\n \"type\": \"string\"\n },\n \"unlink\": {\n \"description\": \"Unlink this provider\\n\\nEither this or `link` must be set.\\n\\ntype: string\\nin: body\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"completeSelfServiceRecoveryFlowWithLinkMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"Sending the anti-csrf token is only required for browser login flows.\",\n \"type\": \"string\"\n },\n \"email\": {\n \"description\": \"Email to Recover\\n\\nNeeds to be set when initiating the flow. If the email is a registered\\nrecovery email, a recovery link will be sent. If the email is not known,\\na email with details on what happened will be sent instead.\\n\\nformat: email\\nin: body\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"completeSelfServiceVerificationFlowWithLinkMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"Sending the anti-csrf token is only required for browser login flows.\",\n \"type\": \"string\"\n },\n \"email\": {\n \"description\": \"Email to Verify\\n\\nNeeds to be set when initiating the flow. If the email is a registered\\nverification email, a verification link will be sent. If the email is not known,\\na email with details on what happened will be sent instead.\\n\\nformat: email\\nin: body\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"errorContainer\": {\n \"properties\": {\n \"errors\": {\n \"description\": \"Errors in the container\",\n \"items\": {\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n }\n },\n \"required\": [\n \"id\",\n \"errors\"\n ],\n \"type\": \"object\"\n },\n \"genericError\": {\n \"description\": \"Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.\",\n \"properties\": {\n \"error\": {\n \"$ref\": \"#/components/schemas/genericErrorPayload\"\n }\n },\n \"title\": \"Error response\",\n \"type\": \"object\"\n },\n \"genericErrorPayload\": {\n \"properties\": {\n \"code\": {\n \"description\": \"Code represents the error status code (404, 403, 401, ...).\",\n \"example\": 404,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"debug\": {\n \"description\": \"Debug contains debug information. This is usually not available and has to be enabled.\",\n \"example\": \"The database adapter was unable to find the element\",\n \"type\": \"string\"\n },\n \"details\": {\n \"additionalProperties\": true,\n \"type\": \"object\"\n },\n \"message\": {\n \"type\": \"string\"\n },\n \"reason\": {\n \"type\": \"string\"\n },\n \"request\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"healthNotReadyStatus\": {\n \"properties\": {\n \"errors\": {\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"description\": \"Errors contains a list of errors that caused the not ready status.\",\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"healthStatus\": {\n \"properties\": {\n \"status\": {\n \"description\": \"Status always contains \\\"ok\\\".\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"jsonSchema\": {\n \"description\": \"Raw JSON Schema\",\n \"type\": \"object\"\n },\n \"loginFlow\": {\n \"description\": \"This object represents a login flow. A login flow is initiated at the \\\"Initiate Login API / Browser Flow\\\"\\nendpoint by a client.\\n\\nOnce a login flow is completed successfully, a session cookie or session token will be issued.\",\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/CredentialsType\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\\na new flow has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"forced\": {\n \"description\": \"Forced stores whether this login flow should enforce re-authentication.\",\n \"type\": \"boolean\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the flow started.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n },\n \"ui\": {\n \"$ref\": \"#/components/schemas/uiContainer\"\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"ui\"\n ],\n \"title\": \"Login Flow\",\n \"type\": \"object\"\n },\n \"loginViaApiResponse\": {\n \"description\": \"The Response for Login Flows via API\",\n \"properties\": {\n \"session\": {\n \"$ref\": \"#/components/schemas/session\"\n },\n \"session_token\": {\n \"description\": \"The Session Token\\n\\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\\nHeader:\\n\\nAuthorization: bearer ${session-token}\\n\\nThe session token is only issued for API flows, not for Browser flows!\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"session_token\",\n \"session\"\n ],\n \"type\": \"object\"\n },\n \"recoveryFlow\": {\n \"description\": \"This request is used when an identity wants to recover their account.\\n\\nWe recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)\",\n \"properties\": {\n \"active\": {\n \"description\": \"Active, if set, contains the registration method that is being used. It is initially\\nnot set.\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting,\\na new request has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the request occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/recoveryFlowMethod\"\n },\n \"description\": \"Methods contains context for all account recovery methods. If a registration request has been\\nprocessed, but for example the password is incorrect, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"state\": {\n \"$ref\": \"#/components/schemas/State\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"methods\",\n \"state\"\n ],\n \"title\": \"A Recovery Flow\",\n \"type\": \"object\"\n },\n \"recoveryFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/recoveryFlowMethodConfig\"\n },\n \"method\": {\n \"description\": \"Method contains the request credentials type.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"recoveryFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"recoveryFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"recoveryLink\": {\n \"properties\": {\n \"expires_at\": {\n \"description\": \"Recovery Link Expires At\\n\\nThe timestamp when the recovery link expires.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"recovery_link\": {\n \"description\": \"Recovery Link\\n\\nThis link can be used to recover the account.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"recovery_link\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlow\": {\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/CredentialsType\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\\na new flow has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the flow occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/registrationFlowMethod\"\n },\n \"description\": \"Methods contains context for all enabled registration methods. If a registration flow has been\\nprocessed, but for example the password is incorrect, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"methods\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/registrationFlowMethodConfig\"\n },\n \"method\": {\n \"$ref\": \"#/components/schemas/CredentialsType\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"providers\": {\n \"description\": \"Providers is set for the \\\"oidc\\\" registration method.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"providers\": {\n \"description\": \"Providers is set for the \\\"oidc\\\" registration method.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"registrationViaApiResponse\": {\n \"description\": \"The Response for Registration Flows via API\",\n \"properties\": {\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"session\": {\n \"$ref\": \"#/components/schemas/session\"\n },\n \"session_token\": {\n \"description\": \"The Session Token\\n\\nThis field is only set when the session hook is configured as a post-registration hook.\\n\\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\\nHeader:\\n\\nAuthorization: bearer ${session-token}\\n\\nThe session token is only issued for API flows, not for Browser flows!\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"session_token\",\n \"identity\"\n ],\n \"type\": \"object\"\n },\n \"revokeSession\": {\n \"properties\": {\n \"session_token\": {\n \"description\": \"The Session Token\\n\\nInvalidate this session token.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"session_token\"\n ],\n \"type\": \"object\"\n },\n \"session\": {\n \"properties\": {\n \"active\": {\n \"type\": \"boolean\"\n },\n \"authenticated_at\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"issued_at\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"authenticated_at\",\n \"issued_at\",\n \"identity\"\n ],\n \"type\": \"object\"\n },\n \"settingsFlow\": {\n \"description\": \"This flow is used when an identity wants to update settings\\n(e.g. profile data, passwords, ...) in a selfservice manner.\\n\\nWe recommend reading the [User Settings Documentation](../self-service/flows/user-settings)\",\n \"properties\": {\n \"active\": {\n \"description\": \"Active, if set, contains the registration method that is being used. It is initially\\nnot set.\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting,\\na new flow has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the flow occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/settingsFlowMethod\"\n },\n \"description\": \"Methods contains context for all enabled registration methods. If a settings flow has been\\nprocessed, but for example the first name is empty, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"state\": {\n \"$ref\": \"#/components/schemas/State\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"methods\",\n \"identity\",\n \"state\"\n ],\n \"title\": \"Flow represents a Settings Flow\",\n \"type\": \"object\"\n },\n \"settingsFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/settingsFlowMethodConfig\"\n },\n \"method\": {\n \"description\": \"Method is the name of this flow method.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"settingsFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"settingsFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"settingsProfileFormConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"settingsViaApiResponse\": {\n \"description\": \"The Response for Settings Flows via API\",\n \"properties\": {\n \"flow\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n },\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n }\n },\n \"required\": [\n \"flow\",\n \"identity\"\n ],\n \"type\": \"object\"\n },\n \"uiContainer\": {\n \"description\": \"Container represents a HTML Form. The container can work with both HTTP Form and JSON requests\",\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"uiNode\": {\n \"description\": \"Nodes are represented as HTML elements or their native UI equivalents. For example,\\na node can be an `\\u003cimg\\u003e` tag, or an `\\u003cinput element\\u003e` but also `some plain text`.\",\n \"properties\": {\n \"attributes\": {\n \"$ref\": \"#/components/schemas/uiNodeAttributes\"\n },\n \"group\": {\n \"$ref\": \"#/components/schemas/uiNodeGroup\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/uiNodeType\"\n }\n },\n \"required\": [\n \"type\",\n \"group\",\n \"attributes\",\n \"messages\"\n ],\n \"title\": \"Node represents a flow's nodes\",\n \"type\": \"object\"\n },\n \"uiNodeAnchorAttributes\": {\n \"properties\": {\n \"href\": {\n \"description\": \"The link's href (destination) URL.\\n\\nformat: uri\",\n \"type\": \"string\"\n },\n \"title\": {\n \"$ref\": \"#/components/schemas/uiText\"\n }\n },\n \"required\": [\n \"href\",\n \"title\"\n ],\n \"title\": \"AnchorAttributes represents the attributes of an anchor node.\",\n \"type\": \"object\"\n },\n \"uiNodeAttributes\": {\n \"oneOf\": [\n {\n \"$ref\": \"#/components/schemas/uiNodeInputAttributes\"\n },\n {\n \"$ref\": \"#/components/schemas/uiNodeTextAttributes\"\n },\n {\n \"$ref\": \"#/components/schemas/uiNodeImageAttributes\"\n },\n {\n \"$ref\": \"#/components/schemas/uiNodeAnchorAttributes\"\n }\n ],\n \"title\": \"Attributes represents a list of attributes (e.g. `href=\\\"foo\\\"` for links).\"\n },\n \"uiNodeGroup\": {\n \"type\": \"string\"\n },\n \"uiNodeImageAttributes\": {\n \"properties\": {\n \"src\": {\n \"description\": \"The image's source URL.\\n\\nformat: uri\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"src\"\n ],\n \"title\": \"ImageAttributes represents the attributes of an image node.\",\n \"type\": \"object\"\n },\n \"uiNodeInputAttributeType\": {\n \"type\": \"string\"\n },\n \"uiNodeInputAttributes\": {\n \"description\": \"InputAttributes represents the attributes of an input node\",\n \"properties\": {\n \"disabled\": {\n \"description\": \"Sets the input's disabled field to true or false.\",\n \"type\": \"boolean\"\n },\n \"label\": {\n \"$ref\": \"#/components/schemas/uiText\"\n },\n \"name\": {\n \"description\": \"The input's element name.\",\n \"type\": \"string\"\n },\n \"pattern\": {\n \"description\": \"The input's pattern.\",\n \"type\": \"string\"\n },\n \"required\": {\n \"description\": \"Mark this input field as required.\",\n \"type\": \"boolean\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/uiNodeInputAttributeType\"\n },\n \"value\": {\n \"$ref\": \"#/components/schemas/uiNodeInputAttributesValue\",\n \"description\": \"The input's value.\",\n \"nullable\": true\n }\n },\n \"required\": [\n \"name\",\n \"type\",\n \"disabled\"\n ],\n \"type\": \"object\"\n },\n \"uiNodeInputAttributesValue\": {\n \"oneOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"type\": \"number\"\n },\n {\n \"type\": \"boolean\"\n }\n ]\n },\n \"uiNodeTextAttributes\": {\n \"properties\": {\n \"text\": {\n \"$ref\": \"#/components/schemas/uiText\"\n }\n },\n \"required\": [\n \"text\"\n ],\n \"title\": \"TextAttributes represents the attributes of a text node.\",\n \"type\": \"object\"\n },\n \"uiNodeType\": {\n \"type\": \"string\"\n },\n \"uiNodes\": {\n \"items\": {\n \"$ref\": \"#/components/schemas/uiNode\"\n },\n \"type\": \"array\"\n },\n \"uiText\": {\n \"properties\": {\n \"context\": {\n \"description\": \"The message's context. Useful when customizing messages.\",\n \"type\": \"object\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/ID\"\n },\n \"text\": {\n \"description\": \"The message text. Written in american english.\",\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/uiTextType\"\n }\n },\n \"required\": [\n \"id\",\n \"text\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n \"uiTextType\": {\n \"type\": \"string\"\n },\n \"uiTexts\": {\n \"items\": {\n \"$ref\": \"#/components/schemas/uiText\"\n },\n \"type\": \"array\"\n },\n \"verificationFlow\": {\n \"description\": \"Used to verify an out-of-band communication\\nchannel such as an email address or a phone number.\\n\\nFor more information head over to: https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation\",\n \"properties\": {\n \"active\": {\n \"description\": \"Active, if set, contains the registration method that is being used. It is initially\\nnot set.\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address,\\na new request has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the request occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/verificationFlowMethod\"\n },\n \"description\": \"Methods contains context for all account verification methods. If a registration request has been\\nprocessed, but for example the password is incorrect, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"state\": {\n \"$ref\": \"#/components/schemas/State\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"methods\",\n \"state\"\n ],\n \"title\": \"A Verification Flow\",\n \"type\": \"object\"\n },\n \"verificationFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/verificationFlowMethodConfig\"\n },\n \"method\": {\n \"description\": \"Method contains the request credentials type.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"verificationFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"verificationFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"version\": {\n \"properties\": {\n \"version\": {\n \"description\": \"Version is the service's version.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"securitySchemes\": {\n \"sessionCookie\": {\n \"in\": \"cookie\",\n \"name\": \"ory_kratos_session\",\n \"type\": \"apiKey\"\n },\n \"sessionToken\": {\n \"in\": \"header\",\n \"name\": \"X-Session-Token\",\n \"type\": \"apiKey\"\n }\n }\n },\n \"info\": {\n \"contact\": {\n \"email\": \"hi@ory.sh\"\n },\n \"description\": \"Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs\\nare exposed on different ports. Public APIs can face the public internet without any protection\\nwhile administrative APIs should never be exposed without prior authorization. To protect\\nthe administative API port you should use something like Nginx, Ory Oathkeeper, or any other\\ntechnology capable of authorizing incoming requests.\\n\",\n \"license\": {\n \"name\": \"Apache 2.0\"\n },\n \"title\": \"Ory Kratos API\",\n \"version\": \"\"\n },\n \"openapi\": \"3.0.3\",\n \"paths\": {\n \"/health/alive\": {\n \"get\": {\n \"description\": \"This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming\\nHTTP requests. This status does currently not include checks whether the database connection is working.\\n\\nIf the service supports TLS Edge Termination, this endpoint does not require the\\n`X-Forwarded-Proto` header to be set.\\n\\nBe aware that if you are running multiple nodes of this service, the health status will never\\nrefer to the cluster state, only to a single instance.\",\n \"operationId\": \"isAlive\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"properties\": {\n \"status\": {\n \"description\": \"Always \\\"ok\\\".\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"status\"\n ],\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"Ory Kratos is ready to accept connections.\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Check HTTP Server Status\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/health/ready\": {\n \"get\": {\n \"description\": \"This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.\\nthe database) are responsive as well.\\n\\nIf the service supports TLS Edge Termination, this endpoint does not require the\\n`X-Forwarded-Proto` header to be set.\\n\\nBe aware that if you are running multiple nodes of Ory Kratos, the health status will never\\nrefer to the cluster state, only to a single instance.\",\n \"operationId\": \"isReady\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"properties\": {\n \"status\": {\n \"description\": \"Always \\\"ok\\\".\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"status\"\n ],\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"Ory Kratos is ready to accept requests.\"\n },\n \"503\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"properties\": {\n \"errors\": {\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"description\": \"Errors contains a list of errors that caused the not ready status.\",\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"errors\"\n ],\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"Ory Kratos is not yet ready to accept requests.\"\n }\n },\n \"summary\": \"Check HTTP Server and Database Status\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/identities\": {\n \"get\": {\n \"description\": \"Lists all identities. Does not support search at the moment.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"listIdentities\",\n \"parameters\": [\n {\n \"description\": \"Items per Page\\n\\nThis is the number of items per page.\",\n \"in\": \"query\",\n \"name\": \"per_page\",\n \"schema\": {\n \"default\": 100,\n \"format\": \"int64\",\n \"maximum\": 500,\n \"minimum\": 1,\n \"type\": \"integer\"\n }\n },\n {\n \"description\": \"Pagination Page\",\n \"in\": \"query\",\n \"name\": \"page\",\n \"schema\": {\n \"default\": 0,\n \"format\": \"int64\",\n \"minimum\": 0,\n \"type\": \"integer\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/identityList\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"List Identities\",\n \"tags\": [\n \"admin\"\n ]\n },\n \"post\": {\n \"description\": \"This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...)\\nusing this method! A way to achieve that will be introduced in the future.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"createIdentity\",\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CreateIdentity\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"201\": {\n \"$ref\": \"#/components/responses/identityResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"409\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Create an Identity\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/identities/{id}\": {\n \"delete\": {\n \"description\": \"Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.\\nThis endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is\\nassumed that is has been deleted already.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"deleteIdentity\",\n \"parameters\": [\n {\n \"description\": \"ID is the identity's ID.\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"204\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Delete an Identity\",\n \"tags\": [\n \"admin\"\n ]\n },\n \"get\": {\n \"description\": \"Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"getIdentity\",\n \"parameters\": [\n {\n \"description\": \"ID must be set to the ID of identity you want to get\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/identityResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get an Identity\",\n \"tags\": [\n \"admin\"\n ]\n },\n \"put\": {\n \"description\": \"This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...)\\nusing this method! A way to achieve that will be introduced in the future.\\n\\nThe full identity payload (except credentials) is expected. This endpoint does not support patching.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"updateIdentity\",\n \"parameters\": [\n {\n \"description\": \"ID must be set to the ID of identity you want to update\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/UpdateIdentity\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/identityResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Update an Identity\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/metrics/prometheus\": {\n \"get\": {\n \"description\": \"```\\nmetadata:\\nannotations:\\nprometheus.io/port: \\\"4434\\\"\\nprometheus.io/path: \\\"/metrics/prometheus\\\"\\n```\",\n \"operationId\": \"prometheus\",\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n }\n },\n \"summary\": \"Get snapshot metrics from the Kratos service. If you're using k8s, you can then add annotations to\\nyour deployment like so:\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/recovery/link\": {\n \"post\": {\n \"description\": \"This endpoint creates a recovery link which should be given to the user in order for them to recover\\n(or activate) their account.\",\n \"operationId\": \"createRecoveryLink\",\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CreateRecoveryLink\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryLink\"\n }\n }\n },\n \"description\": \"recoveryLink\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Create a Recovery Link\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/schemas/{id}\": {\n \"get\": {\n \"description\": \"Get a Traits Schema Definition\",\n \"operationId\": \"getSchema\",\n \"parameters\": [\n {\n \"description\": \"ID must be set to the ID of schema you want to get\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/jsonSchema\"\n }\n }\n },\n \"description\": \"jsonSchema\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/browser/flows/logout\": {\n \"get\": {\n \"description\": \"This endpoint initializes a logout flow.\\n\\n\\u003e This endpoint is NOT INTENDED for API clients and only works\\nwith browsers (Chrome, Firefox, ...).\\n\\nOn successful logout, the browser will be redirected (HTTP 302 Found) to the `return_to` parameter of the initial request\\nor fall back to `urls.default_return_to`.\\n\\nMore information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).\",\n \"operationId\": \"initializeSelfServiceBrowserLogoutFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Browser-Based Logout User Flow\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/browser/flows/registration/strategies/oidc/settings/connections\": {\n \"post\": {\n \"description\": \"This endpoint completes a browser-based settings flow. This is usually achieved by POSTing data to this\\nendpoint.\\n\\n\\u003e This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"completeSelfServiceBrowserSettingsOIDCSettingsFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete the Browser-Based Settings Flow for the OpenID Connect Strategy\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/errors\": {\n \"get\": {\n \"description\": \"This endpoint returns the error associated with a user-facing self service errors.\\n\\nThis endpoint supports stub values to help you implement the error UI:\\n\\n`?error=stub:500` - returns a stub 500 (Internal Server Error) error.\\n\\nMore information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).\",\n \"operationId\": \"getSelfServiceError\",\n \"parameters\": [\n {\n \"description\": \"Error is the container's ID\",\n \"in\": \"query\",\n \"name\": \"error\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/errorContainer\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get User-Facing Self-Service Errors\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/login/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a login flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\\nwill be returned unless the URL query parameter `?refresh=true` is set.\\n\\nTo fetch an existing login flow call `/self-service/login/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks, including CSRF login attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceLoginViaAPIFlow\",\n \"parameters\": [\n {\n \"description\": \"Refresh a login session\\n\\nIf set to true, this will refresh an existing login session by\\nasking the user to sign in again. This will reset the\\nauthenticated_at time of the session.\",\n \"in\": \"query\",\n \"name\": \"refresh\",\n \"schema\": {\n \"type\": \"boolean\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginFlow\"\n }\n }\n },\n \"description\": \"loginFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Login Flow for API clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/login/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based user login flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\\n`?refresh=true` was set.\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceLoginViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Login Flow for browsers\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/login/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a login flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"getSelfServiceLoginFlow\",\n \"parameters\": [\n {\n \"description\": \"The Login Flow ID\\n\\nThe value for this parameter comes from `flow` URL Query parameter sent to your\\napplication (e.g. `/login?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginFlow\"\n }\n }\n },\n \"description\": \"loginFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get Login Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/login/methods/password\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a login flow by sending an identity's identifier and password. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI flows expect `application/json` to be sent in the body and responds with\\nHTTP 200 and a application/json body with the session token on success;\\nHTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded;\\na HTTP 302 redirect to the login UI URL with the flow ID containing the validation errors otherwise.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"completeSelfServiceLoginFlowWithPasswordMethod\",\n \"parameters\": [\n {\n \"description\": \"The Flow ID\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceLoginFlowWithPasswordMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceLoginFlowWithPasswordMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginViaApiResponse\"\n }\n }\n },\n \"description\": \"loginViaApiResponse\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginFlow\"\n }\n }\n },\n \"description\": \"loginFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Login Flow with Username/Email Password Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/recovery/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\\n\\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"initializeSelfServiceRecoveryViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryFlow\"\n }\n }\n },\n \"description\": \"recoveryFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Recovery Flow for API Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/recovery/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\\nexists, the browser is returned to the configured return URL.\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"initializeSelfServiceRecoveryViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Recovery Flow for Browser Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/recovery/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a recovery flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"getSelfServiceRecoveryFlow\",\n \"parameters\": [\n {\n \"description\": \"The Flow ID\\n\\nThe value for this parameter comes from `request` URL Query parameter sent to your\\napplication (e.g. `/recovery?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryFlow\"\n }\n }\n },\n \"description\": \"recoveryFlow\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get information about a recovery flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/recovery/methods/link\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a recovery flow using the link method. This endpoint\\nbehaves differently for API and browser flows and has several states:\\n\\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\\nand works with API- and Browser-initiated flows.\\nFor API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid\\nand a HTTP 302 Found redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired).\\nFor Browser clients it returns a HTTP 302 Found redirect to the Recovery UI URL with the Recovery Flow ID appended.\\n`sent_email` is the success state after `choose_method` and allows the user to request another recovery email. It\\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\\\"sending a recovery link\\\")\\ndoes not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL\\n(if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with\\na new Recovery Flow ID which contains an error message that the recovery link was invalid.\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"completeSelfServiceRecoveryFlowWithLinkMethod\",\n \"parameters\": [\n {\n \"description\": \"Recovery Token\\n\\nThe recovery token which completes the recovery request. If the token\\nis invalid (e.g. expired) an error will be shown to the end-user.\",\n \"in\": \"query\",\n \"name\": \"token\",\n \"schema\": {\n \"type\": \"string\"\n }\n },\n {\n \"description\": \"The Flow ID\\n\\nformat: uuid\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceRecoveryFlowWithLinkMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceRecoveryFlowWithLinkMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryFlow\"\n }\n }\n },\n \"description\": \"recoveryFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Recovery Flow with Link Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/registration/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\\nwill be returned unless the URL query parameter `?refresh=true` is set.\\n\\nTo fetch an existing registration flow call `/self-service/registration/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceRegistrationViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationFlow\"\n }\n }\n },\n \"description\": \"registrationFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Registration Flow for API clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/registration/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based user registration flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\\n`?refresh=true` was set.\\n\\n:::note\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceRegistrationViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Registration Flow for browsers\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/registration/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a registration flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"getSelfServiceRegistrationFlow\",\n \"parameters\": [\n {\n \"description\": \"The Registration Flow ID\\n\\nThe value for this parameter comes from `flow` URL Query parameter sent to your\\napplication (e.g. `/registration?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationFlow\"\n }\n }\n },\n \"description\": \"registrationFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get Registration Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/registration/methods/password\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI flows expect `application/json` to be sent in the body and respond with\\nHTTP 200 and a application/json body with the created identity success - if the session hook is configured the\\n`session` and `session_token` will also be included;\\nHTTP 302 redirect to a fresh registration flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after registration URL or the `return_to` value if it was set and if the registration succeeded;\\na HTTP 302 redirect to the registration UI URL with the flow ID containing the validation errors otherwise.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"completeSelfServiceRegistrationFlowWithPasswordMethod\",\n \"parameters\": [\n {\n \"description\": \"Flow is flow ID.\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"type\": \"object\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"type\": \"object\"\n }\n }\n },\n \"x-originalParamName\": \"Payload\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationViaApiResponse\"\n }\n }\n },\n \"description\": \"registrationViaApiResponse\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationFlow\"\n }\n }\n },\n \"description\": \"registrationFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Registration Flow with Username/Email Password Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.\\nYou must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.\\n\\nTo fetch an existing settings flow call `/self-service/settings/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"initializeSelfServiceSettingsViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Initialize Settings Flow for API Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid\\nOry Kratos Session Cookie is included in the request, a login flow will be initialized.\\n\\n:::note\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"initializeSelfServiceSettingsViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Initialize Settings Flow for Browsers\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/flows\": {\n \"get\": {\n \"description\": \"When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie\\nor the Ory Kratos Session Token are set. The public endpoint does not return 404 status codes\\nbut instead 403 or 500 to improve data privacy.\\n\\nYou can access this endpoint without credentials when using Ory Kratos' Admin API.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"getSelfServiceSettingsFlow\",\n \"parameters\": [\n {\n \"description\": \"ID is the Settings Flow ID\\n\\nThe value for this parameter comes from `flow` URL Query parameter sent to your\\napplication (e.g. `/settings?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Get Settings Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/settings/methods/password\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI-initiated flows expect `application/json` to be sent in the body and respond with\\nHTTP 200 and an application/json body with the session token on success;\\nHTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\nHTTP 401 when the endpoint is called without a valid session token.\\nHTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached.\\nImplies that the user needs to re-authenticate.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded;\\na HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise.\\na HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"completeSelfServiceSettingsFlowWithPasswordMethod\",\n \"parameters\": [\n {\n \"description\": \"Flow is flow ID.\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceSettingsFlowWithPasswordMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceSettingsFlowWithPasswordMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsViaApiResponse\"\n }\n }\n },\n \"description\": \"settingsViaApiResponse\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"401\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Complete Settings Flow with Username/Email Password Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/methods/profile\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a settings flow by sending an identity's updated traits. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI-initiated flows expect `application/json` to be sent in the body and respond with\\nHTTP 200 and an application/json body with the session token on success;\\nHTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\nHTTP 401 when the endpoint is called without a valid session token.\\nHTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached and a sensitive field was\\nupdated (e.g. recovery email). Implies that the user needs to re-authenticate.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded;\\na HTTP 302 redirect to the settings UI URL with the flow ID containing the validation errors otherwise.\\na HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"completeSelfServiceSettingsFlowWithProfileMethod\",\n \"parameters\": [\n {\n \"description\": \"Flow is flow ID.\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"type\": \"object\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"type\": \"object\"\n }\n }\n },\n \"x-originalParamName\": \"Payload\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"401\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Complete Settings Flow with Profile Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/verification/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"initializeSelfServiceVerificationViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/verificationFlow\"\n }\n }\n },\n \"description\": \"verificationFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Verification Flow for API Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/verification/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"initializeSelfServiceVerificationViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Verification Flow for Browser Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/verification/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a verification flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"getSelfServiceVerificationFlow\",\n \"parameters\": [\n {\n \"description\": \"The Flow ID\\n\\nThe value for this parameter comes from `request` URL Query parameter sent to your\\napplication (e.g. `/verification?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/verificationFlow\"\n }\n }\n },\n \"description\": \"verificationFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get Verification Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/verification/methods/link\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a verification flow using the link method. This endpoint\\nbehaves differently for API and browser flows and has several states:\\n\\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\\nand works with API- and Browser-initiated flows.\\nFor API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid\\nand a HTTP 302 Found redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired).\\nFor Browser clients it returns a HTTP 302 Found redirect to the Verification UI URL with the Verification Flow ID appended.\\n`sent_email` is the success state after `choose_method` and allows the user to request another verification email. It\\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\\\"sending a verification link\\\")\\ndoes not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL\\n(if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with\\na new Verification Flow ID which contains an error message that the verification link was invalid.\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"completeSelfServiceVerificationFlowWithLinkMethod\",\n \"parameters\": [\n {\n \"description\": \"Verification Token\\n\\nThe verification token which completes the verification request. If the token\\nis invalid (e.g. expired) an error will be shown to the end-user.\",\n \"in\": \"query\",\n \"name\": \"token\",\n \"schema\": {\n \"type\": \"string\"\n }\n },\n {\n \"description\": \"The Flow ID\\n\\nformat: uuid\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceVerificationFlowWithLinkMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceVerificationFlowWithLinkMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/verificationFlow\"\n }\n }\n },\n \"description\": \"verificationFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Verification Flow with Link Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/sessions\": {\n \"delete\": {\n \"description\": \"Use this endpoint to revoke a session using its token. This endpoint is particularly useful for API clients\\nsuch as mobile apps to log the user out of the system and invalidate the session.\\n\\nThis endpoint does not remove any HTTP Cookies - use the Self-Service Logout Flow instead.\",\n \"operationId\": \"revokeSession\",\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/revokeSession\"\n }\n }\n },\n \"required\": true,\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"204\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Revoke and Invalidate a Session\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/sessions/whoami\": {\n \"get\": {\n \"description\": \"Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.\\n\\nThis endpoint is useful for reverse proxies and API Gateways.\",\n \"operationId\": \"whoami\",\n \"parameters\": [\n {\n \"in\": \"header\",\n \"name\": \"Cookie\",\n \"schema\": {\n \"type\": \"string\"\n }\n },\n {\n \"description\": \"in: authorization\",\n \"in\": \"query\",\n \"name\": \"Authorization\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/session\"\n }\n }\n },\n \"description\": \"session\"\n },\n \"401\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Check Who the Current HTTP Session Belongs To\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/version\": {\n \"get\": {\n \"description\": \"This endpoint returns the version of Ory Kratos.\\n\\nIf the service supports TLS Edge Termination, this endpoint does not require the\\n`X-Forwarded-Proto` header to be set.\\n\\nBe aware that if you are running multiple nodes of this service, the version will never\\nrefer to the cluster state, only to a single instance.\",\n \"operationId\": \"getVersion\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"properties\": {\n \"version\": {\n \"description\": \"The version of Ory Kratos.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"version\"\n ],\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"Returns the Ory Kratos version.\"\n }\n },\n \"summary\": \"Return Running Software Version.\",\n \"tags\": [\n \"admin\"\n ]\n }\n }\n },\n \"servers\": [\n {\n \"url\": \"https://{tenant}.tenants.oryapis.com/api/kratos/{api}\",\n \"variables\": {\n \"api\": {\n \"default\": \"public\",\n \"description\": \"Target the public or administrative API.\",\n \"enum\": [\n \"public\",\n \"admin\"\n ]\n },\n \"tenant\": {\n \"default\": \"demo\",\n \"description\": \"Tenant ID as provided by Ory Cloud.\"\n }\n }\n }\n ],\n \"tags\": [\n {\n \"description\": \"All administrative API endpoints exposed at the admin API port.\",\n \"externalDocs\": {\n \"url\": \"https://www.ory.sh/kratos/docs/reference/api\"\n },\n \"name\": \"admin\"\n },\n {\n \"description\": \"All public API endpoints exposed at the public API port.\",\n \"externalDocs\": {\n \"url\": \"https://www.ory.sh/kratos/docs/reference/api\"\n },\n \"name\": \"public\"\n }\n ],\n \"x-forwarded-proto\": \"string\",\n \"x-request-id\": \"string\"\n}\n" }, { "path": ".schema/openapi/gen.go.yml", "content": "disallowAdditionalPropertiesIfNotPresent: false\npackageName: client\ngenerateInterfaces: true\nstructPrefix: true\nenumClassPrefix: true\nuseOneOfDiscriminatorLookup: true\nisGoSubmodule: false\n" }, { "path": ".schema/openapi/gen.typescript.yml", "content": "npmName: \"@ory/kratos-client\"\nnpmVersion: 0.0.0\n# typescriptThreePlus: true\n#npmRepository: https://github.com/ory/sdk.git\nsupportsES6: true\nensureUniqueParams: true\nmodelPropertyNaming: original\ndisallowAdditionalPropertiesIfNotPresent: false\nwithInterfaces: false\nuseSingleRequestParameter: true\nenumUnknownDefaultCase: true\n" }, { "path": ".schema/openapi/patches/common.yaml", "content": "[]\n" }, { "path": ".schema/openapi/patches/courier.yaml", "content": "# Makes courierMessageStatus a string enum\n- op: remove\n path: /components/schemas/courierMessageStatus/format\n- op: replace\n path: /components/schemas/courierMessageStatus/type\n value: string\n- op: add\n path: /components/schemas/courierMessageStatus/enum\n value:\n - queued\n - sent\n - processing\n - abandoned\n# Makes courierMessageType a string enum\n- op: remove\n path: /components/schemas/courierMessageType/format\n- op: replace\n path: /components/schemas/courierMessageType/type\n value: string\n- op: add\n path: /components/schemas/courierMessageType/enum\n value:\n - email\n - phone\n# Fix courierMessageStatus query parameter in listMessages endpoint\n- op: replace\n path: /paths/~1admin~1courier~1messages/get/parameters/2/schema\n value:\n $ref: \"#/components/schemas/courierMessageStatus\"\n" }, { "path": ".schema/openapi/patches/generic_error.yaml", "content": "- op: add\n path: /paths/~1sessions~1whoami/get/parameters/0/example\n value: MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj\n- op: add\n path: /paths/~1sessions~1whoami/get/parameters/1/example\n value: ory_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==\n" }, { "path": ".schema/openapi/patches/identity.yaml", "content": "- op: remove\n path: /components/schemas/updateIdentityBody/properties/metadata_admin/type\n- op: remove\n path: /components/schemas/updateIdentityBody/properties/metadata_public/type\n- op: remove\n path: /components/schemas/createIdentityBody/properties/metadata_admin/type\n- op: remove\n path: /components/schemas/createIdentityBody/properties/metadata_public/type\n- op: remove\n path: /components/schemas/nullJsonRawMessage/type\n- op: add\n path: /components/schemas/nullJsonRawMessage/nullable\n value: true\n" }, { "path": ".schema/openapi/patches/meta.yaml", "content": "- op: replace\n path: /info\n value:\n title: Ory Identities API\n description: |\n This is the API specification for Ory Identities with features such as registration, login, recovery, account verification, profile settings, password reset, identity management, session management, email and sms delivery, and more.\n version: >-\n {{ getenv \"CIRCLE_TAG\" }}\n license:\n name: Apache 2.0\n contact:\n email: \"office@ory.sh\"\n- op: replace\n path: /tags\n value:\n - name: identity\n description: APIs for managing identities.\n - name: frontend\n description: Endpoints used by frontend applications (e.g. Single-Page-App, Native Apps, Server Apps, ...) to manage a user's own profile.\n - name: courier\n description: APIs for managing email and SMS message delivery.\n - name: metadata\n description: Server Metadata provides relevant information about the running server. Only available when self-hosting this service.\n" }, { "path": ".schema/openapi/patches/nulls.yaml", "content": "- op: replace\n path: \"#/components/schemas/NullUUID\"\n value:\n type: string\n format: uuid4\n nullable: true\n- op: replace\n path: \"#/components/schemas/NullTime\"\n value:\n format: date-time\n type: string\n nullable: true\n- op: replace\n path: \"#/components/schemas/Time\"\n value:\n format: date-time\n type: string\n- op: replace\n path: \"#/components/schemas/NullString\"\n value:\n type: string\n nullable: true\n- op: replace\n path: \"#/components/schemas/NullBool\"\n value:\n type: boolean\n nullable: true\n- op: replace\n path: \"#/components/schemas/NullInt\"\n value:\n type: integer\n nullable: true\n- op: replace\n path: \"#/components/schemas/nullInt64\"\n value:\n type: integer\n nullable: true\n- op: replace\n path: \"#/components/schemas/nullDuration\"\n value:\n type: string\n nullable: true\n pattern: ^[0-9]+(ns|us|ms|s|m|h)$\n" }, { "path": ".schema/openapi/patches/schema.yaml", "content": "# Makes uiNodeAttributes polymorph\n- op: remove\n path: /components/schemas/uiNodeAttributes/type\n- op: add\n path: /components/schemas/uiNodeAttributes/discriminator\n value:\n propertyName: node_type\n mapping:\n input: \"#/components/schemas/uiNodeInputAttributes\"\n text: \"#/components/schemas/uiNodeTextAttributes\"\n img: \"#/components/schemas/uiNodeImageAttributes\"\n a: \"#/components/schemas/uiNodeAnchorAttributes\"\n script: \"#/components/schemas/uiNodeScriptAttributes\"\n div: \"#/components/schemas/uiNodeDivisionAttributes\"\n- op: add\n path: /components/schemas/uiNodeAttributes/oneOf\n value:\n - \"$ref\": \"#/components/schemas/uiNodeInputAttributes\"\n - \"$ref\": \"#/components/schemas/uiNodeTextAttributes\"\n - \"$ref\": \"#/components/schemas/uiNodeImageAttributes\"\n - \"$ref\": \"#/components/schemas/uiNodeAnchorAttributes\"\n - \"$ref\": \"#/components/schemas/uiNodeScriptAttributes\"\n - \"$ref\": \"#/components/schemas/uiNodeDivisionAttributes\"\n\n- op: replace\n path: /components/schemas/uiNodeDivisionAttributes/properties/node_type/enum\n value:\n - div\n\n- op: replace\n path: /components/schemas/uiNodeInputAttributes/properties/node_type/enum\n value:\n - input\n\n- op: replace\n path: /components/schemas/uiNodeTextAttributes/properties/node_type/enum\n value:\n - text\n\n- op: replace\n path: /components/schemas/uiNodeImageAttributes/properties/node_type/enum\n value:\n - img\n\n- op: replace\n path: /components/schemas/uiNodeAnchorAttributes/properties/node_type/enum\n value:\n - a\n\n- op: replace\n path: /components/schemas/uiNodeScriptAttributes/properties/node_type/enum\n value:\n - script\n\n# Makes the uiNodeInputAttributes value attribute polymorph\n- op: add\n path: /components/schemas/uiNodeInputAttributes/properties/value/nullable\n value: true\n\n- op: replace\n path: /components/schemas/flowError/properties/error\n value:\n type: object\n\n- op: remove\n path: \"#/components/schemas/identityTraits/type\"\n\n- op: add\n path: /components/schemas/continueWith/discriminator\n value:\n propertyName: action\n mapping:\n show_verification_ui: \"#/components/schemas/continueWithVerificationUi\"\n set_ory_session_token: \"#/components/schemas/continueWithSetOrySessionToken\"\n show_settings_ui: \"#/components/schemas/continueWithSettingsUi\"\n show_recovery_ui: \"#/components/schemas/continueWithRecoveryUi\"\n redirect_browser_to: \"#/components/schemas/continueWithRedirectBrowserTo\"\n\n- op: add\n path: /components/schemas/continueWith/oneOf\n value:\n - \"$ref\": \"#/components/schemas/continueWithVerificationUi\"\n - \"$ref\": \"#/components/schemas/continueWithSetOrySessionToken\"\n - \"$ref\": \"#/components/schemas/continueWithSettingsUi\"\n - \"$ref\": \"#/components/schemas/continueWithRecoveryUi\"\n - \"$ref\": \"#/components/schemas/continueWithRedirectBrowserTo\"\n" }, { "path": ".schema/openapi/patches/security.yaml", "content": "- op: replace\n path: /components/schemas/genericError/properties/details/additionalProperties\n value: false\n" }, { "path": ".schema/openapi/patches/selfservice.yaml", "content": "# Makes updateLoginFlowPayload polymorph\n#- op: remove\n# path: /components/schemas/updateLoginFlowBody/type\n#- op: add\n# path: /components/schemas/updateLoginFlowBody/oneOf\n# value:\n# - \"$ref\": \"#/components/schemas/updateLoginFlowWithPasswordMethod\"\n\n# Makes updateRegistrationFlowPayload polymorph\n\n# All modifications for the registration flow\n- op: remove\n path: /components/schemas/updateRegistrationFlowBody/type\n- op: add\n path: /components/schemas/updateRegistrationFlowBody/oneOf\n value:\n - \"$ref\": \"#/components/schemas/updateRegistrationFlowWithPasswordMethod\"\n - \"$ref\": \"#/components/schemas/updateRegistrationFlowWithOidcMethod\"\n - \"$ref\": \"#/components/schemas/updateRegistrationFlowWithSamlMethod\"\n - \"$ref\": \"#/components/schemas/updateRegistrationFlowWithWebAuthnMethod\"\n - \"$ref\": \"#/components/schemas/updateRegistrationFlowWithCodeMethod\"\n - \"$ref\": \"#/components/schemas/updateRegistrationFlowWithPasskeyMethod\"\n - \"$ref\": \"#/components/schemas/updateRegistrationFlowWithProfileMethod\"\n- op: add\n path: /components/schemas/updateRegistrationFlowBody/discriminator\n value:\n propertyName: method\n mapping:\n password: \"#/components/schemas/updateRegistrationFlowWithPasswordMethod\"\n oidc: \"#/components/schemas/updateRegistrationFlowWithOidcMethod\"\n saml: \"#/components/schemas/updateRegistrationFlowWithSamlMethod\"\n webauthn: \"#/components/schemas/updateRegistrationFlowWithWebAuthnMethod\"\n code: \"#/components/schemas/updateRegistrationFlowWithCodeMethod\"\n passkey: \"#/components/schemas/updateRegistrationFlowWithPasskeyMethod\"\n profile: \"#/components/schemas/updateRegistrationFlowWithProfileMethod\"\n- op: add\n path: /components/schemas/registrationFlowState\n value:\n title: Registration flow state (experimental)\n description: The experimental state represents the state of a registration flow. This field is EXPERIMENTAL and subject to change!\n type: string\n enum:\n - choose_method\n - sent_email\n - passed_challenge\n# end\n\n# All modifications for the login flow\n- op: remove\n path: /components/schemas/updateLoginFlowBody/type\n- op: add\n path: /components/schemas/updateLoginFlowBody/oneOf\n value:\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithPasswordMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithOidcMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithSamlMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithTotpMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithWebAuthnMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithLookupSecretMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithCodeMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithPasskeyMethod\"\n - \"$ref\": \"#/components/schemas/updateLoginFlowWithIdentifierFirstMethod\"\n- op: add\n path: /components/schemas/updateLoginFlowBody/discriminator\n value:\n propertyName: method\n mapping:\n password: \"#/components/schemas/updateLoginFlowWithPasswordMethod\"\n oidc: \"#/components/schemas/updateLoginFlowWithOidcMethod\"\n saml: \"#/components/schemas/updateLoginFlowWithSamlMethod\"\n totp: \"#/components/schemas/updateLoginFlowWithTotpMethod\"\n webauthn: \"#/components/schemas/updateLoginFlowWithWebAuthnMethod\"\n lookup_secret: \"#/components/schemas/updateLoginFlowWithLookupSecretMethod\"\n code: \"#/components/schemas/updateLoginFlowWithCodeMethod\"\n passkey: \"#/components/schemas/updateLoginFlowWithPasskeyMethod\"\n identifier_first: \"#/components/schemas/updateLoginFlowWithIdentifierFirstMethod\"\n- op: add\n path: /components/schemas/loginFlowState\n value:\n title: Login flow state (experimental)\n description: The experimental state represents the state of a login flow. This field is EXPERIMENTAL and subject to change!\n type: string\n enum:\n - choose_method\n - sent_email\n - passed_challenge\n# end\n\n# All modifications for the recovery flow\n- op: remove\n path: /components/schemas/updateRecoveryFlowBody/type\n- op: add\n path: /components/schemas/updateRecoveryFlowBody/oneOf\n value:\n - \"$ref\": \"#/components/schemas/updateRecoveryFlowWithLinkMethod\"\n - \"$ref\": \"#/components/schemas/updateRecoveryFlowWithCodeMethod\"\n- op: add\n path: /components/schemas/updateRecoveryFlowBody/discriminator\n value:\n propertyName: method\n mapping:\n link: \"#/components/schemas/updateRecoveryFlowWithLinkMethod\"\n code: \"#/components/schemas/updateRecoveryFlowWithCodeMethod\"\n- op: add\n path: /components/schemas/recoveryFlowState\n type: string\n value:\n title: Recovery flow state (experimental)\n description: The experimental state represents the state of a recovery flow. This field is EXPERIMENTAL and subject to change!\n enum:\n - choose_method\n - sent_email\n - passed_challenge\n# End\n\n# All modifications for the verification flow\n- op: remove\n path: /components/schemas/updateVerificationFlowBody/type\n- op: add\n path: /components/schemas/updateVerificationFlowBody/oneOf\n value:\n - \"$ref\": \"#/components/schemas/updateVerificationFlowWithLinkMethod\"\n - \"$ref\": \"#/components/schemas/updateVerificationFlowWithCodeMethod\"\n- op: add\n path: /components/schemas/updateVerificationFlowBody/discriminator\n value:\n propertyName: method\n mapping:\n link: \"#/components/schemas/updateVerificationFlowWithLinkMethod\"\n code: \"#/components/schemas/updateVerificationFlowWithCodeMethod\"\n- op: add\n path: /components/schemas/verificationFlowState\n type: string\n value:\n title: Verification flow state (experimental)\n description: The experimental state represents the state of a verification flow. This field is EXPERIMENTAL and subject to change!\n enum:\n - choose_method\n - sent_email\n - passed_challenge\n# End\n\n# All modifications for the settings flow\n- op: remove\n path: /components/schemas/updateSettingsFlowBody/type\n- op: add\n path: /components/schemas/updateSettingsFlowBody/oneOf\n value:\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithPasswordMethod\"\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithProfileMethod\"\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithOidcMethod\"\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithSamlMethod\"\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithTotpMethod\"\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithWebAuthnMethod\"\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithLookupMethod\"\n - \"$ref\": \"#/components/schemas/updateSettingsFlowWithPasskeyMethod\"\n- op: add\n path: /components/schemas/updateSettingsFlowBody/discriminator\n value:\n propertyName: method\n mapping:\n password: \"#/components/schemas/updateSettingsFlowWithPasswordMethod\"\n profile: \"#/components/schemas/updateSettingsFlowWithProfileMethod\"\n oidc: \"#/components/schemas/updateSettingsFlowWithOidcMethod\"\n saml: \"#/components/schemas/updateSettingsFlowWithSamlMethod\"\n totp: \"#/components/schemas/updateSettingsFlowWithTotpMethod\"\n webauthn: \"#/components/schemas/updateSettingsFlowWithWebAuthnMethod\"\n passkey: \"#/components/schemas/updateSettingsFlowWithPasskeyMethod\"\n lookup_secret: \"#/components/schemas/updateSettingsFlowWithLookupMethod\"\n- op: add\n path: /components/schemas/settingsFlowState\n value:\n title: Settings flow state (experimental)\n description: The experimental state represents the state of a settings flow. This field is EXPERIMENTAL and subject to change!\n type: string\n enum:\n - show_form\n - success\n# end\n\n# Some issues with AdditionalProperties\n- op: remove\n path: \"#/components/schemas/OAuth2LoginRequest/properties/AdditionalProperties\"\n- op: remove\n path: \"#/components/schemas/OAuth2ConsentRequestOpenIDConnectContext/properties/AdditionalProperties\"\n- op: remove\n path: \"#/components/schemas/OAuth2Client/properties/AdditionalProperties\"\n" }, { "path": ".schema/openapi/patches/session.yaml", "content": "- op: add\n path: /paths/~1sessions~1whoami/get/parameters/0/example\n value: MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj\n- op: add\n path: /paths/~1sessions~1whoami/get/parameters/1/example\n value: ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==\n- op: add\n path: /components/schemas/authenticatorAssuranceLevel/enum\n value:\n - aal0\n - aal1\n - aal2\n - aal3\n" }, { "path": ".schema/openapi.json", "content": "{\n \"components\": {\n \"responses\": {\n \"emptyResponse\": {\n \"description\": \"Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is\\ntypically 201.\"\n },\n \"errorContainer\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/errorContainer\"\n }\n }\n },\n \"description\": \"User-facing error response\"\n },\n \"identityList\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"items\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"type\": \"array\"\n }\n }\n },\n \"description\": \"A list of identities.\"\n },\n \"identityResponse\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/Identity\"\n }\n }\n },\n \"description\": \"A single identity.\"\n },\n \"schemaResponse\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"The raw identity traits schema\"\n }\n },\n \"schemas\": {\n \"CompleteSelfServiceBrowserSettingsProfileStrategyFlow\": {\n \"description\": \"nolint:deadcode,unused\",\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"The Anti-CSRF Token\\n\\nThis token is only required when performing browser flows.\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"description\": \"Traits contains all of the identity's traits.\",\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"CompleteSelfServiceLoginFlowWithPasswordMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"Sending the anti-csrf token is only required for browser login flows.\",\n \"type\": \"string\"\n },\n \"identifier\": {\n \"description\": \"Identifier is the email or username of the user trying to log in.\",\n \"type\": \"string\"\n },\n \"password\": {\n \"description\": \"The user's password.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"CompleteSelfServiceSettingsFlowWithPasswordMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"CSRFToken is the anti-CSRF token\\n\\ntype: string\",\n \"type\": \"string\"\n },\n \"password\": {\n \"description\": \"Password is the updated password\\n\\ntype: string\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"password\"\n ],\n \"type\": \"object\"\n },\n \"CreateIdentity\": {\n \"properties\": {\n \"schema_id\": {\n \"description\": \"SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"description\": \"Traits represent an identity's traits. The identity is able to create, modify, and delete traits\\nin a self-service manner. The input will always be validated against the JSON Schema defined\\nin `schema_url`.\",\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"schema_id\",\n \"traits\"\n ],\n \"type\": \"object\"\n },\n \"CreateRecoveryLink\": {\n \"properties\": {\n \"expires_in\": {\n \"description\": \"Link Expires In\\n\\nThe recovery link will expire at that point in time. Defaults to the configuration value of\\n`selfservice.flows.recovery.request_lifespan`.\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"type\": \"string\"\n },\n \"identity_id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n }\n },\n \"required\": [\n \"identity_id\"\n ],\n \"type\": \"object\"\n },\n \"CredentialsType\": {\n \"description\": \"and so on.\",\n \"title\": \"CredentialsType represents several different credential types, like password credentials, passwordless credentials,\",\n \"type\": \"string\"\n },\n \"ID\": {\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"Identity\": {\n \"properties\": {\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"recovery_addresses\": {\n \"description\": \"RecoveryAddresses contains all the addresses that can be used to recover an identity.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/RecoveryAddress\"\n },\n \"type\": \"array\",\n \"x-omitempty\": true\n },\n \"schema_id\": {\n \"description\": \"SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.\",\n \"type\": \"string\"\n },\n \"schema_url\": {\n \"description\": \"SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.\\n\\nformat: url\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"$ref\": \"#/components/schemas/Traits\"\n },\n \"verifiable_addresses\": {\n \"description\": \"VerifiableAddresses contains all the addresses that can be verified by the user.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/VerifiableAddress\"\n },\n \"type\": \"array\",\n \"x-omitempty\": true\n }\n },\n \"required\": [\n \"id\",\n \"schema_id\",\n \"schema_url\",\n \"traits\"\n ],\n \"type\": \"object\"\n },\n \"NullTime\": {\n \"format\": \"date-time\",\n \"title\": \"NullTime implements sql.NullTime functionality.\",\n \"type\": \"string\"\n },\n \"RecoveryAddress\": {\n \"properties\": {\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"value\": {\n \"type\": \"string\"\n },\n \"via\": {\n \"$ref\": \"#/components/schemas/RecoveryAddressType\"\n }\n },\n \"required\": [\n \"id\",\n \"value\",\n \"via\"\n ],\n \"type\": \"object\"\n },\n \"RecoveryAddressType\": {\n \"type\": \"string\"\n },\n \"State\": {\n \"type\": \"string\"\n },\n \"Traits\": {\n \"type\": \"object\"\n },\n \"Type\": {\n \"description\": \"The flow type can either be `api` or `browser`.\",\n \"title\": \"Type is the flow type.\",\n \"type\": \"string\"\n },\n \"UUID\": {\n \"format\": \"uuid4\",\n \"type\": \"string\"\n },\n \"UpdateIdentity\": {\n \"properties\": {\n \"schema_id\": {\n \"description\": \"SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\\nwill update the Identity's SchemaID.\",\n \"type\": \"string\"\n },\n \"traits\": {\n \"description\": \"Traits represent an identity's traits. The identity is able to create, modify, and delete traits\\nin a self-service manner. The input will always be validated against the JSON Schema defined\\nin `schema_id`.\",\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"traits\"\n ],\n \"type\": \"object\"\n },\n \"VerifiableAddress\": {\n \"properties\": {\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"status\": {\n \"$ref\": \"#/components/schemas/VerifiableAddressStatus\"\n },\n \"value\": {\n \"type\": \"string\"\n },\n \"verified\": {\n \"type\": \"boolean\"\n },\n \"verified_at\": {\n \"$ref\": \"#/components/schemas/NullTime\"\n },\n \"via\": {\n \"$ref\": \"#/components/schemas/VerifiableAddressType\"\n }\n },\n \"required\": [\n \"id\",\n \"value\",\n \"verified\",\n \"via\",\n \"status\"\n ],\n \"type\": \"object\"\n },\n \"VerifiableAddressStatus\": {\n \"type\": \"string\"\n },\n \"VerifiableAddressType\": {\n \"type\": \"string\"\n },\n \"completeSelfServiceBrowserSettingsOIDCFlowPayload\": {\n \"properties\": {\n \"flow\": {\n \"description\": \"Flow ID is the flow's ID.\\n\\nin: query\",\n \"type\": \"string\"\n },\n \"link\": {\n \"description\": \"Link this provider\\n\\nEither this or `unlink` must be set.\\n\\ntype: string\\nin: body\",\n \"type\": \"string\"\n },\n \"unlink\": {\n \"description\": \"Unlink this provider\\n\\nEither this or `link` must be set.\\n\\ntype: string\\nin: body\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"completeSelfServiceRecoveryFlowWithLinkMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"Sending the anti-csrf token is only required for browser login flows.\",\n \"type\": \"string\"\n },\n \"email\": {\n \"description\": \"Email to Recover\\n\\nNeeds to be set when initiating the flow. If the email is a registered\\nrecovery email, a recovery link will be sent. If the email is not known,\\na email with details on what happened will be sent instead.\\n\\nformat: email\\nin: body\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"completeSelfServiceVerificationFlowWithLinkMethod\": {\n \"properties\": {\n \"csrf_token\": {\n \"description\": \"Sending the anti-csrf token is only required for browser login flows.\",\n \"type\": \"string\"\n },\n \"email\": {\n \"description\": \"Email to Verify\\n\\nNeeds to be set when initiating the flow. If the email is a registered\\nverification email, a verification link will be sent. If the email is not known,\\na email with details on what happened will be sent instead.\\n\\nformat: email\\nin: body\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"errorContainer\": {\n \"properties\": {\n \"errors\": {\n \"description\": \"Errors in the container\",\n \"type\": \"object\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n }\n },\n \"required\": [\n \"id\",\n \"errors\"\n ],\n \"type\": \"object\"\n },\n \"form\": {\n \"description\": \"HTMLForm represents a HTML Form. The container can work with both HTTP Form and JSON requests\",\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"genericError\": {\n \"description\": \"Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.\",\n \"properties\": {\n \"error\": {\n \"$ref\": \"#/components/schemas/genericErrorPayload\"\n }\n },\n \"title\": \"Error response\",\n \"type\": \"object\"\n },\n \"genericErrorPayload\": {\n \"properties\": {\n \"code\": {\n \"description\": \"Code represents the error status code (404, 403, 401, ...).\",\n \"example\": 404,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"debug\": {\n \"description\": \"Debug contains debug information. This is usually not available and has to be enabled.\",\n \"example\": \"The database adapter was unable to find the element\",\n \"type\": \"string\"\n },\n \"details\": {\n \"additionalProperties\": true,\n \"type\": \"object\"\n },\n \"message\": {\n \"type\": \"string\"\n },\n \"reason\": {\n \"type\": \"string\"\n },\n \"request\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"healthNotReadyStatus\": {\n \"properties\": {\n \"errors\": {\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"description\": \"Errors contains a list of errors that caused the not ready status.\",\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"healthStatus\": {\n \"properties\": {\n \"status\": {\n \"description\": \"Status always contains \\\"ok\\\".\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"loginFlow\": {\n \"description\": \"This object represents a login flow. A login flow is initiated at the \\\"Initiate Login API / Browser Flow\\\"\\nendpoint by a client.\\n\\nOnce a login flow is completed successfully, a session cookie or session token will be issued.\",\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/CredentialsType\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\\na new flow has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"forced\": {\n \"description\": \"Forced stores whether this login flow should enforce re-authentication.\",\n \"type\": \"boolean\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the flow started.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/loginFlowMethod\"\n },\n \"description\": \"List of login methods\\n\\nThis is the list of available login methods with their required form fields, such as `identifier` and `password`\\nfor the password login method. This will also contain error messages such as \\\"password can not be empty\\\".\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"methods\"\n ],\n \"title\": \"Login Flow\",\n \"type\": \"object\"\n },\n \"loginFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/loginFlowMethodConfig\"\n },\n \"method\": {\n \"$ref\": \"#/components/schemas/CredentialsType\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"loginFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"providers\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"loginFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"providers\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"loginViaApiResponse\": {\n \"description\": \"The Response for Login Flows via API\",\n \"properties\": {\n \"session\": {\n \"$ref\": \"#/components/schemas/session\"\n },\n \"session_token\": {\n \"description\": \"The Session Token\\n\\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\\nHeader:\\n\\nAuthorization: bearer ${session-token}\\n\\nThe session token is only issued for API flows, not for Browser flows!\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"session_token\",\n \"session\"\n ],\n \"type\": \"object\"\n },\n \"recoveryFlow\": {\n \"description\": \"This request is used when an identity wants to recover their account.\\n\\nWe recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)\",\n \"properties\": {\n \"active\": {\n \"description\": \"Active, if set, contains the registration method that is being used. It is initially\\nnot set.\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting,\\na new request has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the request occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/recoveryFlowMethod\"\n },\n \"description\": \"Methods contains context for all account recovery methods. If a registration request has been\\nprocessed, but for example the password is incorrect, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"state\": {\n \"$ref\": \"#/components/schemas/State\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"methods\",\n \"state\"\n ],\n \"title\": \"A Recovery Flow\",\n \"type\": \"object\"\n },\n \"recoveryFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/recoveryFlowMethodConfig\"\n },\n \"method\": {\n \"description\": \"Method contains the request credentials type.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"recoveryFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"recoveryFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"recoveryLink\": {\n \"properties\": {\n \"expires_at\": {\n \"description\": \"Recovery Link Expires At\\n\\nThe timestamp when the recovery link expires.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"recovery_link\": {\n \"description\": \"Recovery Link\\n\\nThis link can be used to recover the account.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"recovery_link\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlow\": {\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/CredentialsType\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\\na new flow has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the flow occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/registrationFlowMethod\"\n },\n \"description\": \"Methods contains context for all enabled registration methods. If a registration flow has been\\nprocessed, but for example the password is incorrect, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"methods\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/registrationFlowMethodConfig\"\n },\n \"method\": {\n \"$ref\": \"#/components/schemas/CredentialsType\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"providers\": {\n \"description\": \"Providers is set for the \\\"oidc\\\" registration method.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"registrationFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"providers\": {\n \"description\": \"Providers is set for the \\\"oidc\\\" registration method.\",\n \"items\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"registrationViaApiResponse\": {\n \"description\": \"The Response for Registration Flows via API\",\n \"properties\": {\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"session\": {\n \"$ref\": \"#/components/schemas/session\"\n },\n \"session_token\": {\n \"description\": \"The Session Token\\n\\nThis field is only set when the session hook is configured as a post-registration hook.\\n\\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\\nHeader:\\n\\nAuthorization: bearer ${session-token}\\n\\nThe session token is only issued for API flows, not for Browser flows!\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"session_token\",\n \"identity\"\n ],\n \"type\": \"object\"\n },\n \"revokeSession\": {\n \"properties\": {\n \"session_token\": {\n \"description\": \"The Session Token\\n\\nInvalidate this session token.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"session_token\"\n ],\n \"type\": \"object\"\n },\n \"session\": {\n \"properties\": {\n \"active\": {\n \"type\": \"boolean\"\n },\n \"authenticated_at\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"issued_at\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"authenticated_at\",\n \"issued_at\",\n \"identity\"\n ],\n \"type\": \"object\"\n },\n \"settingsFlow\": {\n \"description\": \"This flow is used when an identity wants to update settings\\n(e.g. profile data, passwords, ...) in a selfservice manner.\\n\\nWe recommend reading the [User Settings Documentation](../self-service/flows/user-settings)\",\n \"properties\": {\n \"active\": {\n \"description\": \"Active, if set, contains the registration method that is being used. It is initially\\nnot set.\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting,\\na new flow has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the flow occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/settingsFlowMethod\"\n },\n \"description\": \"Methods contains context for all enabled registration methods. If a settings flow has been\\nprocessed, but for example the first name is empty, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"state\": {\n \"$ref\": \"#/components/schemas/State\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"id\",\n \"expires_at\",\n \"issued_at\",\n \"request_url\",\n \"methods\",\n \"identity\",\n \"state\"\n ],\n \"title\": \"Flow represents a Settings Flow\",\n \"type\": \"object\"\n },\n \"settingsFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/settingsFlowMethodConfig\"\n },\n \"method\": {\n \"description\": \"Method is the name of this flow method.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"settingsFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"settingsFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"settingsProfileFormConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"settingsViaApiResponse\": {\n \"description\": \"The Response for Settings Flows via API\",\n \"properties\": {\n \"flow\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n },\n \"identity\": {\n \"$ref\": \"#/components/schemas/Identity\"\n }\n },\n \"required\": [\n \"flow\",\n \"identity\"\n ],\n \"type\": \"object\"\n },\n \"uiNode\": {\n \"description\": \"Nodes are represented as HTML elements or their native UI equivalents. For example,\\na node can be an `\\u003cimg\\u003e` tag, or an `\\u003cinput element\\u003e` but also `some plain text`.\",\n \"properties\": {\n \"attributes\": {\n \"$ref\": \"#/components/schemas/uiNodeAttributes\"\n },\n \"group\": {\n \"$ref\": \"#/components/schemas/uiNodeGroup\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/uiNodeType\"\n }\n },\n \"required\": [\n \"type\",\n \"attributes\"\n ],\n \"title\": \"Node represents a flow's nodes\",\n \"type\": \"object\"\n },\n \"uiNodeAnchorAttributes\": {\n \"properties\": {\n \"href\": {\n \"description\": \"The link's href (destination) URL.\\n\\nformat: uri\",\n \"type\": \"string\"\n },\n \"title\": {\n \"$ref\": \"#/components/schemas/uiText\"\n }\n },\n \"required\": [\n \"href\",\n \"title\"\n ],\n \"title\": \"AnchorAttributes represents the attributes of an anchor node.\",\n \"type\": \"object\"\n },\n \"uiNodeAttributes\": {\n \"oneOf\": [\n {\n \"$ref\": \"#/components/schemas/uiNodeInputAttributes\"\n },\n {\n \"$ref\": \"#/components/schemas/uiNodeTextAttributes\"\n },\n {\n \"$ref\": \"#/components/schemas/uiNodeImageAttributes\"\n },\n {\n \"$ref\": \"#/components/schemas/uiNodeAnchorAttributes\"\n }\n ],\n \"title\": \"Attributes represents a list of attributes (e.g. `href=\\\"foo\\\"` for links).\"\n },\n \"uiNodeGroup\": {\n \"type\": \"string\"\n },\n \"uiNodeImageAttributes\": {\n \"properties\": {\n \"src\": {\n \"description\": \"The image's source URL.\\n\\nformat: uri\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"src\"\n ],\n \"title\": \"ImageAttributes represents the attributes of an image node.\",\n \"type\": \"object\"\n },\n \"uiNodeInputAttributeType\": {\n \"type\": \"string\"\n },\n \"uiNodeInputAttributes\": {\n \"description\": \"InputAttributes represents the attributes of an input node\",\n \"properties\": {\n \"disabled\": {\n \"description\": \"Sets the input's disabled field to true or false.\",\n \"type\": \"boolean\"\n },\n \"label\": {\n \"$ref\": \"#/components/schemas/uiText\"\n },\n \"name\": {\n \"description\": \"The input's element name.\",\n \"type\": \"string\"\n },\n \"pattern\": {\n \"description\": \"The input's pattern.\",\n \"type\": \"string\"\n },\n \"required\": {\n \"description\": \"Mark this input field as required.\",\n \"type\": \"boolean\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/uiNodeInputAttributeType\"\n },\n \"value\": {\n \"description\": \"The input's value.\",\n \"nullable\": true,\n \"oneOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"type\": \"number\"\n },\n {\n \"type\": \"boolean\"\n }\n ]\n }\n },\n \"required\": [\n \"name\",\n \"type\",\n \"disabled\"\n ],\n \"type\": \"object\"\n },\n \"uiNodeTextAttributes\": {\n \"properties\": {\n \"text\": {\n \"$ref\": \"#/components/schemas/uiText\"\n }\n },\n \"required\": [\n \"text\"\n ],\n \"title\": \"TextAttributes represents the attributes of a text node.\",\n \"type\": \"object\"\n },\n \"uiNodeType\": {\n \"type\": \"string\"\n },\n \"uiNodes\": {\n \"items\": {\n \"$ref\": \"#/components/schemas/uiNode\"\n },\n \"type\": \"array\"\n },\n \"uiText\": {\n \"properties\": {\n \"context\": {\n \"description\": \"The message's context. Useful when customizing messages.\",\n \"type\": \"object\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/ID\"\n },\n \"text\": {\n \"description\": \"The message text. Written in american english.\",\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/uiTextType\"\n }\n },\n \"required\": [\n \"id\",\n \"text\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n \"uiTextType\": {\n \"type\": \"string\"\n },\n \"uiTexts\": {\n \"items\": {\n \"$ref\": \"#/components/schemas/uiText\"\n },\n \"type\": \"array\"\n },\n \"verificationFlow\": {\n \"description\": \"Used to verify an out-of-band communication\\nchannel such as an email address or a phone number.\\n\\nFor more information head over to: https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation\",\n \"properties\": {\n \"active\": {\n \"description\": \"Active, if set, contains the registration method that is being used. It is initially\\nnot set.\",\n \"type\": \"string\"\n },\n \"expires_at\": {\n \"description\": \"ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address,\\na new request has to be initiated.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"id\": {\n \"$ref\": \"#/components/schemas/UUID\"\n },\n \"issued_at\": {\n \"description\": \"IssuedAt is the time (UTC) when the request occurred.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"methods\": {\n \"additionalProperties\": {\n \"$ref\": \"#/components/schemas/verificationFlowMethod\"\n },\n \"description\": \"Methods contains context for all account verification methods. If a registration request has been\\nprocessed, but for example the password is incorrect, this will contain error messages.\",\n \"type\": \"object\"\n },\n \"request_url\": {\n \"description\": \"RequestURL is the initial URL that was requested from Ory Kratos. It can be used\\nto forward information contained in the URL's path or query for example.\",\n \"type\": \"string\"\n },\n \"state\": {\n \"$ref\": \"#/components/schemas/State\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/Type\"\n }\n },\n \"required\": [\n \"methods\",\n \"state\"\n ],\n \"title\": \"A Verification Flow\",\n \"type\": \"object\"\n },\n \"verificationFlowMethod\": {\n \"properties\": {\n \"config\": {\n \"$ref\": \"#/components/schemas/verificationFlowMethodConfig\"\n },\n \"method\": {\n \"description\": \"Method contains the request credentials type.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"method\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"verificationFlowMethodConfig\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"verificationFlowMethodConfigPayload\": {\n \"properties\": {\n \"action\": {\n \"description\": \"Action should be used as the form action URL `\\u003cform action=\\\"{{ .Action }}\\\" method=\\\"post\\\"\\u003e`.\",\n \"type\": \"string\"\n },\n \"messages\": {\n \"$ref\": \"#/components/schemas/uiTexts\"\n },\n \"method\": {\n \"description\": \"Method is the form method (e.g. POST)\",\n \"type\": \"string\"\n },\n \"nodes\": {\n \"$ref\": \"#/components/schemas/uiNodes\"\n }\n },\n \"required\": [\n \"action\",\n \"method\",\n \"nodes\"\n ],\n \"type\": \"object\"\n },\n \"version\": {\n \"properties\": {\n \"version\": {\n \"description\": \"Version is the service's version.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"securitySchemes\": {\n \"sessionCookie\": {\n \"in\": \"cookie\",\n \"name\": \"ory_kratos_session\",\n \"type\": \"apiKey\"\n },\n \"sessionToken\": {\n \"in\": \"header\",\n \"name\": \"X-Session-Token\",\n \"type\": \"apiKey\"\n }\n }\n },\n \"info\": {\n \"contact\": {\n \"email\": \"hi@ory.sh\"\n },\n \"description\": \"Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs\\nare exposed on different ports. Public APIs can face the public internet without any protection\\nwhile administrative APIs should never be exposed without prior authorization. To protect\\nthe administative API port you should use something like Nginx, Ory Oathkeeper, or any other\\ntechnology capable of authorizing incoming requests.\\n\",\n \"license\": {\n \"name\": \"Apache 2.0\"\n },\n \"title\": \"Ory Kratos API\",\n \"version\": \"\"\n },\n \"openapi\": \"3.0.3\",\n \"paths\": {\n \"/health/alive\": {\n \"get\": {\n \"description\": \"This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming\\nHTTP requests. This status does currently not include checks whether the database connection is working.\\n\\nIf the service supports TLS Edge Termination, this endpoint does not require the\\n`X-Forwarded-Proto` header to be set.\\n\\nBe aware that if you are running multiple nodes of this service, the health status will never\\nrefer to the cluster state, only to a single instance.\",\n \"operationId\": \"isAlive\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/healthStatus\"\n }\n }\n },\n \"description\": \"Ory Kratos is ready to accept connections.\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Check HTTP Server Status\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/health/ready\": {\n \"get\": {\n \"description\": \"This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.\\nthe database) are responsive as well.\\n\\nIf the service supports TLS Edge Termination, this endpoint does not require the\\n`X-Forwarded-Proto` header to be set.\\n\\nBe aware that if you are running multiple nodes of Ory Kratos, the health status will never\\nrefer to the cluster state, only to a single instance.\",\n \"operationId\": \"isReady\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"properties\": {\n \"status\": {\n \"description\": \"Always \\\"ok\\\".\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"Ory Kratos is ready to accept requests.\"\n },\n \"503\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"properties\": {\n \"errors\": {\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"description\": \"Errors contains a list of errors that caused the not ready status.\",\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"Ory Kratos is not yet ready to accept requests.\"\n }\n },\n \"summary\": \"Check HTTP Server and Database Status\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/identities\": {\n \"get\": {\n \"description\": \"Lists all identities. Does not support search at the moment.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"listIdentities\",\n \"parameters\": [\n {\n \"description\": \"Items per Page\\n\\nThis is the number of items per page.\",\n \"in\": \"query\",\n \"name\": \"per_page\",\n \"schema\": {\n \"default\": 100,\n \"format\": \"int64\",\n \"maximum\": 500,\n \"minimum\": 1,\n \"type\": \"integer\"\n }\n },\n {\n \"description\": \"Pagination Page\",\n \"in\": \"query\",\n \"name\": \"page\",\n \"schema\": {\n \"default\": 0,\n \"format\": \"int64\",\n \"minimum\": 0,\n \"type\": \"integer\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/identityList\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"List Identities\",\n \"tags\": [\n \"admin\"\n ]\n },\n \"post\": {\n \"description\": \"This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...)\\nusing this method! A way to achieve that will be introduced in the future.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"createIdentity\",\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CreateIdentity\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"201\": {\n \"$ref\": \"#/components/responses/identityResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"409\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Create an Identity\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/identities/{id}\": {\n \"delete\": {\n \"description\": \"Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.\\nThis endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is\\nassumed that is has been deleted already.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"deleteIdentity\",\n \"parameters\": [\n {\n \"description\": \"ID is the identity's ID.\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"204\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Delete an Identity\",\n \"tags\": [\n \"admin\"\n ]\n },\n \"get\": {\n \"description\": \"Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"getIdentity\",\n \"parameters\": [\n {\n \"description\": \"ID must be set to the ID of identity you want to get\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/identityResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get an Identity\",\n \"tags\": [\n \"admin\"\n ]\n },\n \"put\": {\n \"description\": \"This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...)\\nusing this method! A way to achieve that will be introduced in the future.\\n\\nThe full identity payload (except credentials) is expected. This endpoint does not support patching.\\n\\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).\",\n \"operationId\": \"updateIdentity\",\n \"parameters\": [\n {\n \"description\": \"ID must be set to the ID of identity you want to update\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/UpdateIdentity\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/identityResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Update an Identity\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/metrics/prometheus\": {\n \"get\": {\n \"description\": \"```\\nmetadata:\\nannotations:\\nprometheus.io/port: \\\"4434\\\"\\nprometheus.io/path: \\\"/metrics/prometheus\\\"\\n```\",\n \"operationId\": \"prometheus\",\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n }\n },\n \"summary\": \"Get snapshot metrics from the Kratos service. If you're using k8s, you can then add annotations to\\nyour deployment like so:\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/recovery/link\": {\n \"post\": {\n \"description\": \"This endpoint creates a recovery link which should be given to the user in order for them to recover\\n(or activate) their account.\",\n \"operationId\": \"createRecoveryLink\",\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CreateRecoveryLink\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryLink\"\n }\n }\n },\n \"description\": \"recoveryLink\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Create a Recovery Link\",\n \"tags\": [\n \"admin\"\n ]\n }\n },\n \"/schemas/{id}\": {\n \"get\": {\n \"description\": \"Get a Traits Schema Definition\",\n \"operationId\": \"getSchema\",\n \"parameters\": [\n {\n \"description\": \"ID must be set to the ID of schema you want to get\",\n \"in\": \"path\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/schemaResponse\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/browser/flows/logout\": {\n \"get\": {\n \"description\": \"This endpoint initializes a logout flow.\\n\\n\\u003e This endpoint is NOT INTENDED for API clients and only works\\nwith browsers (Chrome, Firefox, ...).\\n\\nOn successful logout, the browser will be redirected (HTTP 302 Found) to the `return_to` parameter of the initial request\\nor fall back to `urls.default_return_to`.\\n\\nMore information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).\",\n \"operationId\": \"initializeSelfServiceBrowserLogoutFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Browser-Based Logout User Flow\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/browser/flows/registration/strategies/oidc/settings/connections\": {\n \"post\": {\n \"description\": \"This endpoint completes a browser-based settings flow. This is usually achieved by POSTing data to this\\nendpoint.\\n\\n\\u003e This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"completeSelfServiceBrowserSettingsOIDCSettingsFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete the Browser-Based Settings Flow for the OpenID Connect Strategy\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/errors\": {\n \"get\": {\n \"description\": \"This endpoint returns the error associated with a user-facing self service errors.\\n\\nThis endpoint supports stub values to help you implement the error UI:\\n\\n`?error=stub:500` - returns a stub 500 (Internal Server Error) error.\\n\\nMore information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).\",\n \"operationId\": \"getSelfServiceError\",\n \"parameters\": [\n {\n \"description\": \"Error is the container's ID\",\n \"in\": \"query\",\n \"name\": \"error\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"$ref\": \"#/components/responses/errorContainer\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get User-Facing Self-Service Errors\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/login/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a login flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\\nwill be returned unless the URL query parameter `?refresh=true` is set.\\n\\nTo fetch an existing login flow call `/self-service/login/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks, including CSRF login attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceLoginViaAPIFlow\",\n \"parameters\": [\n {\n \"description\": \"Refresh a login session\\n\\nIf set to true, this will refresh an existing login session by\\nasking the user to sign in again. This will reset the\\nauthenticated_at time of the session.\",\n \"in\": \"query\",\n \"name\": \"refresh\",\n \"schema\": {\n \"type\": \"boolean\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginFlow\"\n }\n }\n },\n \"description\": \"loginFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Login Flow for API clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/login/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based user login flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\\n`?refresh=true` was set.\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceLoginViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Login Flow for browsers\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/login/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a login flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"getSelfServiceLoginFlow\",\n \"parameters\": [\n {\n \"description\": \"The Login Flow ID\\n\\nThe value for this parameter comes from `flow` URL Query parameter sent to your\\napplication (e.g. `/login?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginFlow\"\n }\n }\n },\n \"description\": \"loginFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get Login Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/login/methods/password\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a login flow by sending an identity's identifier and password. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI flows expect `application/json` to be sent in the body and responds with\\nHTTP 200 and a application/json body with the session token on success;\\nHTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded;\\na HTTP 302 redirect to the login UI URL with the flow ID containing the validation errors otherwise.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"completeSelfServiceLoginFlowWithPasswordMethod\",\n \"parameters\": [\n {\n \"description\": \"The Flow ID\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceLoginFlowWithPasswordMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceLoginFlowWithPasswordMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginViaApiResponse\"\n }\n }\n },\n \"description\": \"loginViaApiResponse\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/loginFlow\"\n }\n }\n },\n \"description\": \"loginFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Login Flow with Username/Email Password Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/recovery/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\\n\\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"initializeSelfServiceRecoveryViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryFlow\"\n }\n }\n },\n \"description\": \"recoveryFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Recovery Flow for API Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/recovery/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\\nexists, the browser is returned to the configured return URL.\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"initializeSelfServiceRecoveryViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Recovery Flow for Browser Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/recovery/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a recovery flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"getSelfServiceRecoveryFlow\",\n \"parameters\": [\n {\n \"description\": \"The Flow ID\\n\\nThe value for this parameter comes from `request` URL Query parameter sent to your\\napplication (e.g. `/recovery?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryFlow\"\n }\n }\n },\n \"description\": \"recoveryFlow\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get information about a recovery flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/recovery/methods/link\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a recovery flow using the link method. This endpoint\\nbehaves differently for API and browser flows and has several states:\\n\\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\\nand works with API- and Browser-initiated flows.\\nFor API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid\\nand a HTTP 302 Found redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired).\\nFor Browser clients it returns a HTTP 302 Found redirect to the Recovery UI URL with the Recovery Flow ID appended.\\n`sent_email` is the success state after `choose_method` and allows the user to request another recovery email. It\\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\\\"sending a recovery link\\\")\\ndoes not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL\\n(if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with\\na new Recovery Flow ID which contains an error message that the recovery link was invalid.\\n\\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).\",\n \"operationId\": \"completeSelfServiceRecoveryFlowWithLinkMethod\",\n \"parameters\": [\n {\n \"description\": \"Recovery Token\\n\\nThe recovery token which completes the recovery request. If the token\\nis invalid (e.g. expired) an error will be shown to the end-user.\",\n \"in\": \"query\",\n \"name\": \"token\",\n \"schema\": {\n \"type\": \"string\"\n }\n },\n {\n \"description\": \"The Flow ID\\n\\nformat: uuid\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceRecoveryFlowWithLinkMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceRecoveryFlowWithLinkMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/recoveryFlow\"\n }\n }\n },\n \"description\": \"recoveryFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Recovery Flow with Link Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/registration/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\\nwill be returned unless the URL query parameter `?refresh=true` is set.\\n\\nTo fetch an existing registration flow call `/self-service/registration/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceRegistrationViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationFlow\"\n }\n }\n },\n \"description\": \"registrationFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Registration Flow for API clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/registration/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based user registration flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\\n`?refresh=true` was set.\\n\\n:::note\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"initializeSelfServiceRegistrationViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Registration Flow for browsers\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/registration/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a registration flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"getSelfServiceRegistrationFlow\",\n \"parameters\": [\n {\n \"description\": \"The Registration Flow ID\\n\\nThe value for this parameter comes from `flow` URL Query parameter sent to your\\napplication (e.g. `/registration?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationFlow\"\n }\n }\n },\n \"description\": \"registrationFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get Registration Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/registration/methods/password\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI flows expect `application/json` to be sent in the body and respond with\\nHTTP 200 and a application/json body with the created identity success - if the session hook is configured the\\n`session` and `session_token` will also be included;\\nHTTP 302 redirect to a fresh registration flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after registration URL or the `return_to` value if it was set and if the registration succeeded;\\na HTTP 302 redirect to the registration UI URL with the flow ID containing the validation errors otherwise.\\n\\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).\",\n \"operationId\": \"completeSelfServiceRegistrationFlowWithPasswordMethod\",\n \"parameters\": [\n {\n \"description\": \"Flow is flow ID.\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"type\": \"object\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"type\": \"object\"\n }\n }\n },\n \"x-originalParamName\": \"Payload\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationViaApiResponse\"\n }\n }\n },\n \"description\": \"registrationViaApiResponse\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/registrationFlow\"\n }\n }\n },\n \"description\": \"registrationFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Registration Flow with Username/Email Password Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.\\nYou must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.\\n\\nTo fetch an existing settings flow call `/self-service/settings/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"initializeSelfServiceSettingsViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Initialize Settings Flow for API Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid\\nOry Kratos Session Cookie is included in the request, a login flow will be initialized.\\n\\n:::note\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"initializeSelfServiceSettingsViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Initialize Settings Flow for Browsers\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/flows\": {\n \"get\": {\n \"description\": \"When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie\\nor the Ory Kratos Session Token are set. The public endpoint does not return 404 status codes\\nbut instead 403 or 500 to improve data privacy.\\n\\nYou can access this endpoint without credentials when using Ory Kratos' Admin API.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"getSelfServiceSettingsFlow\",\n \"parameters\": [\n {\n \"description\": \"ID is the Settings Flow ID\\n\\nThe value for this parameter comes from `flow` URL Query parameter sent to your\\napplication (e.g. `/settings?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"410\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Get Settings Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/settings/methods/password\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI-initiated flows expect `application/json` to be sent in the body and respond with\\nHTTP 200 and an application/json body with the session token on success;\\nHTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\nHTTP 401 when the endpoint is called without a valid session token.\\nHTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached.\\nImplies that the user needs to re-authenticate.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded;\\na HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise.\\na HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"completeSelfServiceSettingsFlowWithPasswordMethod\",\n \"parameters\": [\n {\n \"description\": \"Flow is flow ID.\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceSettingsFlowWithPasswordMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/CompleteSelfServiceSettingsFlowWithPasswordMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsViaApiResponse\"\n }\n }\n },\n \"description\": \"settingsViaApiResponse\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"401\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Complete Settings Flow with Username/Email Password Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/settings/methods/profile\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a settings flow by sending an identity's updated traits. This endpoint\\nbehaves differently for API and browser flows.\\n\\nAPI-initiated flows expect `application/json` to be sent in the body and respond with\\nHTTP 200 and an application/json body with the session token on success;\\nHTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set;\\nHTTP 400 on form validation errors.\\nHTTP 401 when the endpoint is called without a valid session token.\\nHTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached and a sensitive field was\\nupdated (e.g. recovery email). Implies that the user needs to re-authenticate.\\n\\nBrowser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with\\na HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded;\\na HTTP 302 redirect to the settings UI URL with the flow ID containing the validation errors otherwise.\\na HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached.\\n\\nMore information can be found at [Ory Kratos User Settings \\u0026 Profile Management Documentation](../self-service/flows/user-settings).\",\n \"operationId\": \"completeSelfServiceSettingsFlowWithProfileMethod\",\n \"parameters\": [\n {\n \"description\": \"Flow is flow ID.\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"type\": \"object\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"type\": \"object\"\n }\n }\n },\n \"x-originalParamName\": \"Payload\"\n },\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/settingsFlow\"\n }\n }\n },\n \"description\": \"settingsFlow\"\n },\n \"401\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Complete Settings Flow with Profile Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/verification/api\": {\n \"get\": {\n \"description\": \"This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\\n\\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\\u003cflow_id\\u003e`.\\n\\n:::warning\\n\\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\\nyou vulnerable to a variety of CSRF attacks.\\n\\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\\n\\n:::\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"initializeSelfServiceVerificationViaAPIFlow\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/verificationFlow\"\n }\n }\n },\n \"description\": \"verificationFlow\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Verification Flow for API Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/verification/browser\": {\n \"get\": {\n \"description\": \"This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to\\n`selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.\\n\\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"initializeSelfServiceVerificationViaBrowserFlow\",\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Initialize Verification Flow for Browser Clients\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/self-service/verification/flows\": {\n \"get\": {\n \"description\": \"This endpoint returns a verification flow's context with, for example, error details and other information.\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"getSelfServiceVerificationFlow\",\n \"parameters\": [\n {\n \"description\": \"The Flow ID\\n\\nThe value for this parameter comes from `request` URL Query parameter sent to your\\napplication (e.g. `/verification?flow=abcde`).\",\n \"in\": \"query\",\n \"name\": \"id\",\n \"required\": true,\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/verificationFlow\"\n }\n }\n },\n \"description\": \"verificationFlow\"\n },\n \"403\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"404\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Get Verification Flow\",\n \"tags\": [\n \"public\",\n \"admin\"\n ]\n }\n },\n \"/self-service/verification/methods/link\": {\n \"post\": {\n \"description\": \"Use this endpoint to complete a verification flow using the link method. This endpoint\\nbehaves differently for API and browser flows and has several states:\\n\\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\\nand works with API- and Browser-initiated flows.\\nFor API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid\\nand a HTTP 302 Found redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired).\\nFor Browser clients it returns a HTTP 302 Found redirect to the Verification UI URL with the Verification Flow ID appended.\\n`sent_email` is the success state after `choose_method` and allows the user to request another verification email. It\\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\\\"sending a verification link\\\")\\ndoes not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL\\n(if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with\\na new Verification Flow ID which contains an error message that the verification link was invalid.\\n\\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\",\n \"operationId\": \"completeSelfServiceVerificationFlowWithLinkMethod\",\n \"parameters\": [\n {\n \"description\": \"Verification Token\\n\\nThe verification token which completes the verification request. If the token\\nis invalid (e.g. expired) an error will be shown to the end-user.\",\n \"in\": \"query\",\n \"name\": \"token\",\n \"schema\": {\n \"type\": \"string\"\n }\n },\n {\n \"description\": \"The Flow ID\\n\\nformat: uuid\",\n \"in\": \"query\",\n \"name\": \"flow\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceVerificationFlowWithLinkMethod\"\n }\n },\n \"application/x-www-form-urlencoded\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/completeSelfServiceVerificationFlowWithLinkMethod\"\n }\n }\n },\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"302\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/verificationFlow\"\n }\n }\n },\n \"description\": \"verificationFlow\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Complete Verification Flow with Link Method\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/sessions\": {\n \"delete\": {\n \"description\": \"Use this endpoint to revoke a session using its token. This endpoint is particularly useful for API clients\\nsuch as mobile apps to log the user out of the system and invalidate the session.\\n\\nThis endpoint does not remove any HTTP Cookies - use the Self-Service Logout Flow instead.\",\n \"operationId\": \"revokeSession\",\n \"requestBody\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/revokeSession\"\n }\n }\n },\n \"required\": true,\n \"x-originalParamName\": \"Body\"\n },\n \"responses\": {\n \"204\": {\n \"$ref\": \"#/components/responses/emptyResponse\"\n },\n \"400\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"summary\": \"Revoke and Invalidate a Session\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/sessions/whoami\": {\n \"get\": {\n \"description\": \"Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.\\n\\nThis endpoint is useful for reverse proxies and API Gateways.\",\n \"operationId\": \"whoami\",\n \"parameters\": [\n {\n \"in\": \"header\",\n \"name\": \"Cookie\",\n \"schema\": {\n \"type\": \"string\"\n }\n },\n {\n \"description\": \"in: authorization\",\n \"in\": \"query\",\n \"name\": \"Authorization\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/session\"\n }\n }\n },\n \"description\": \"session\"\n },\n \"401\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n },\n \"500\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"$ref\": \"#/components/schemas/genericError\"\n }\n }\n },\n \"description\": \"genericError\"\n }\n },\n \"security\": [\n {\n \"sessionToken\": []\n }\n ],\n \"summary\": \"Check Who the Current HTTP Session Belongs To\",\n \"tags\": [\n \"public\"\n ]\n }\n },\n \"/version\": {\n \"get\": {\n \"description\": \"This endpoint returns the version of Ory Kratos.\\n\\nIf the service supports TLS Edge Termination, this endpoint does not require the\\n`X-Forwarded-Proto` header to be set.\\n\\nBe aware that if you are running multiple nodes of this service, the version will never\\nrefer to the cluster state, only to a single instance.\",\n \"operationId\": \"getVersion\",\n \"responses\": {\n \"200\": {\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"properties\": {\n \"version\": {\n \"description\": \"The version of Ory Kratos.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"Returns the Ory Kratos version.\"\n }\n },\n \"summary\": \"Return Running Software Version.\",\n \"tags\": [\n \"admin\"\n ]\n }\n }\n },\n \"servers\": [\n {\n \"url\": \"https://{tenant}.tenants.oryapis.com/api/kratos/{api}\",\n \"variables\": {\n \"api\": {\n \"default\": \"public\",\n \"description\": \"Target the public or administrative API.\",\n \"enum\": [\n \"public\",\n \"admin\"\n ]\n },\n \"tenant\": {\n \"default\": \"demo\",\n \"description\": \"Tenant ID as provided by Ory Cloud.\"\n }\n }\n }\n ],\n \"tags\": [\n {\n \"description\": \"All administrative API endpoints exposed at the admin API port.\",\n \"externalDocs\": {\n \"url\": \"https://www.ory.sh/kratos/docs/reference/api\"\n },\n \"name\": \"admin\"\n },\n {\n \"description\": \"All public API endpoints exposed at the public API port.\",\n \"externalDocs\": {\n \"url\": \"https://www.ory.sh/kratos/docs/reference/api\"\n },\n \"name\": \"public\"\n }\n ],\n \"x-forwarded-proto\": \"string\",\n \"x-request-id\": \"string\"\n}\n" }, { "path": ".schema/version.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/kratos/.schema/versions.config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"oneOf\": [\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v1.3.0\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v1.3.0/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v1.2.0\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v1.2.0/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v1.1.0\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v1.1.0/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v1.0.0\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v1.0.0/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.13.0\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.13.0/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.11.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.11.1/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.11.0\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.11.0/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.10.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.10.1/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.10.0\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.10.0/.schemastore/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.9.0-alpha.3\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.9.0-alpha.3/embedx/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.9.0-alpha.2\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.9.0-alpha.2/embedx/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.4.6-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.4.6-alpha.1/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.5.0-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.5.0-alpha.1/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.5.1-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.5.1-alpha.1/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.5.2-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.5.2-alpha.1/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.5.3-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.5.3-alpha.1/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.5.4-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.5.4-alpha.1/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.5.5-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.5.5-alpha.1/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.6.0-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.6.0-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.6.0-alpha.2\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.6.0-alpha.2/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.6.1-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.6.1-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.6.2-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.6.2-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.6.3-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.6.3-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.7.0-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.7.0-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.7.1-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.7.1-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.7.3-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.7.3-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.7.4-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.7.4-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.7.5-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.7.5-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.7.6-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.7.6-alpha.1/driver/config/.schema/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.8.0-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.8.0-alpha.1/embedx/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.8.0-alpha.2\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.8.0-alpha.2/embedx/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.8.0-alpha.3\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.8.0-alpha.3/embedx/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"properties\": {\n \"version\": {\n \"const\": \"v0.8.2-alpha.1\"\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/v0.8.2-alpha.1/embedx/config.schema.json\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"oneOf\": [\n {\n \"properties\": {\n \"version\": {\n \"type\": \"string\",\n \"maxLength\": 0\n }\n },\n \"required\": [\n \"version\"\n ]\n },\n {\n \"not\": {\n \"properties\": {\n \"version\": {}\n },\n \"required\": [\n \"version\"\n ]\n }\n }\n ]\n },\n {\n \"$ref\": \"#/oneOf/0/allOf/1\"\n }\n ]\n }\n ],\n \"title\": \"All Versions for Ory Kratos Configuration\",\n \"type\": \"object\"\n}" }, { "path": ".schemastore/README.md", "content": "The config schema is generated from the internal one at\n`embedx/config.schema.json`, so in case of changes to the config schema,\nplease edit that internal schema instead.\n" }, { "path": ".schemastore/config.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/kratos/embedx/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Ory Kratos Configuration\",\n \"type\": \"object\",\n \"definitions\": {\n \"baseUrl\": {\n \"title\": \"Base URL\",\n \"description\": \"The URL where the endpoint is exposed at. This domain is used to generate redirects, form URLs, and more.\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\n \"https://my-app.com/\",\n \"https://my-app.com/.ory/kratos/public\"\n ]\n },\n \"socket\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Sets the permissions of the unix socket\",\n \"properties\": {\n \"owner\": {\n \"type\": \"string\",\n \"description\": \"Owner of unix socket. If empty, the owner will be the user running Kratos.\",\n \"default\": \"\"\n },\n \"group\": {\n \"type\": \"string\",\n \"description\": \"Group of unix socket. If empty, the group will be the primary group of the user running Kratos.\",\n \"default\": \"\"\n },\n \"mode\": {\n \"type\": \"integer\",\n \"description\": \"Mode of unix socket in numeric form\",\n \"default\": 493,\n \"minimum\": 0,\n \"maximum\": 511\n }\n }\n },\n \"defaultReturnTo\": {\n \"title\": \"Redirect browsers to set URL per default\",\n \"description\": \"Ory Kratos redirects to this URL per default on completion of self-service flows and other browser interaction. Read this [article for more information on browser redirects](https://www.ory.sh/kratos/docs/concepts/browser-redirect-flow-completion).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/dashboard\", \"/dashboard\"]\n },\n \"selfServiceSessionRevokerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"revoke_active_sessions\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceSessionIssuerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"session\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceRequireVerifiedAddressHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"require_verified_address\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceVerificationHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"verification\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceShowVerificationUIHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"show_verification_ui\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"b2bSSOHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"enum\": [\"b2b_sso\", \"organization\"]\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\", \"config\"]\n },\n \"webHookAuthBasicAuthProperties\": {\n \"properties\": {\n \"type\": {\n \"const\": \"basic_auth\"\n },\n \"config\": {\n \"type\": \"object\",\n \"properties\": {\n \"user\": {\n \"type\": \"string\",\n \"description\": \"user name for basic auth\"\n },\n \"password\": {\n \"type\": \"string\",\n \"description\": \"password for basic auth\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"user\", \"password\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"type\", \"config\"]\n },\n \"httpRequestConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"title\": \"HTTP address of API endpoint\",\n \"description\": \"This URL will be used to send the emails to.\",\n \"examples\": [\"https://example.com/api/v1/email\"],\n \"type\": \"string\",\n \"pattern\": \"^https?://\"\n },\n \"method\": {\n \"type\": \"string\",\n \"description\": \"The HTTP method to use (GET, POST, etc). Defaults to POST.\",\n \"default\": \"POST\"\n },\n \"headers\": {\n \"type\": \"object\",\n \"description\": \"The HTTP headers that must be applied to request\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"body\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"pattern\": \"^(http|https|file|base64)://\",\n \"description\": \"URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods which support HTTP body payloads\",\n \"default\": \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgcmVjaXBpZW50OiBjdHgucmVjaXBpZW50LAogIHRlbXBsYXRlX3R5cGU6IGN0eC50ZW1wbGF0ZV90eXBlLAogIHRvOiBpZiAidGVtcGxhdGVfZGF0YSIgaW4gY3R4ICYmICJ0byIgaW4gY3R4LnRlbXBsYXRlX2RhdGEgdGhlbiBjdHgudGVtcGxhdGVfZGF0YS50byBlbHNlIG51bGwsCiAgcmVjb3ZlcnlfY29kZTogaWYgInRlbXBsYXRlX2RhdGEiIGluIGN0eCAmJiAicmVjb3ZlcnlfY29kZSIgaW4gY3R4LnRlbXBsYXRlX2RhdGEgdGhlbiBjdHgudGVtcGxhdGVfZGF0YS5yZWNvdmVyeV9jb2RlIGVsc2UgbnVsbCwKICByZWNvdmVyeV91cmw6IGlmICJ0ZW1wbGF0ZV9kYXRhIiBpbiBjdHggJiYgInJlY292ZXJ5X3VybCIgaW4gY3R4LnRlbXBsYXRlX2RhdGEgdGhlbiBjdHgudGVtcGxhdGVfZGF0YS5yZWNvdmVyeV91cmwgZWxzZSBudWxsLAogIHZlcmlmaWNhdGlvbl91cmw6IGlmICJ0ZW1wbGF0ZV9kYXRhIiBpbiBjdHggJiYgInZlcmlmaWNhdGlvbl91cmwiIGluIGN0eC50ZW1wbGF0ZV9kYXRhIHRoZW4gY3R4LnRlbXBsYXRlX2RhdGEudmVyaWZpY2F0aW9uX3VybCBlbHNlIG51bGwsCiAgdmVyaWZpY2F0aW9uX2NvZGU6IGlmICJ0ZW1wbGF0ZV9kYXRhIiBpbiBjdHggJiYgInZlcmlmaWNhdGlvbl9jb2RlIiBpbiBjdHgudGVtcGxhdGVfZGF0YSB0aGVuIGN0eC50ZW1wbGF0ZV9kYXRhLnZlcmlmaWNhdGlvbl9jb2RlIGVsc2UgbnVsbCwKICBzdWJqZWN0OiBjdHguc3ViamVjdCwKICBib2R5OiBjdHguYm9keQp9Cg==\",\n \"examples\": [\n \"file:///path/to/body.jsonnet\",\n \"file://./body.jsonnet\",\n \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=\",\n \"https://oryapis.com/default_body.jsonnet\"\n ]\n },\n \"auth\": {\n \"type\": \"object\",\n \"title\": \"Auth mechanisms\",\n \"description\": \"Define which auth mechanism to use for auth with the HTTP email provider\",\n \"oneOf\": [\n {\n \"$ref\": \"#/definitions/webHookAuthApiKeyProperties\"\n },\n {\n \"$ref\": \"#/definitions/webHookAuthBasicAuthProperties\"\n }\n ]\n },\n \"additionalProperties\": false\n },\n \"additionalProperties\": false\n },\n \"webHookAuthApiKeyProperties\": {\n \"properties\": {\n \"type\": {\n \"const\": \"api_key\"\n },\n \"config\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"string\",\n \"description\": \"The name of the api key\"\n },\n \"value\": {\n \"type\": \"string\",\n \"description\": \"The value of the api key\"\n },\n \"in\": {\n \"type\": \"string\",\n \"description\": \"How the api key should be transferred\",\n \"enum\": [\"header\", \"cookie\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"name\", \"value\", \"in\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"type\", \"config\"]\n },\n \"selfServiceWebHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"web_hook\"\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Web-Hook Configuration\",\n \"description\": \"Define what the hook should do\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"description\": \"The ID of the hook. Used to identify the hook in logs and errors. For debugging purposes only.\"\n },\n \"response\": {\n \"title\": \"Response Handling\",\n \"description\": \"How the web hook should handle the response\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ignore\": {\n \"type\": \"boolean\",\n \"description\": \"Ignore the response from the web hook. If enabled the request will be made asynchronously which can be useful if you only wish to notify another system but do not parse the response.\",\n \"default\": false\n },\n \"parse\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"If enabled parses the response before saving the flow result. Set this value to true if you would like to modify the identity, for example identity metadata, before saving it during registration. When enabled, you may also abort the registration, verification, login or settings flow due to, for example, a validation flow. Head over to the [web hook documentation](https://www.ory.sh/docs/kratos/hooks/configure-hooks) for more information.\"\n }\n },\n \"not\": {\n \"properties\": {\n \"ignore\": {\n \"const\": true\n },\n \"parse\": {\n \"const\": true\n }\n },\n \"required\": [\"ignore\", \"parse\"]\n }\n },\n \"url\": {\n \"type\": \"string\",\n \"description\": \"The URL the Web-Hook should call\",\n \"format\": \"uri\"\n },\n \"method\": {\n \"type\": \"string\",\n \"description\": \"The HTTP method to use (GET, POST, etc).\"\n },\n \"headers\": {\n \"type\": \"object\",\n \"description\": \"The HTTP headers that must be applied to the Web-Hook\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"body\": {\n \"type\": \"string\",\n \"oneOf\": [\n {\n \"format\": \"uri\",\n \"pattern\": \"^(http|https|file|base64)://\",\n \"description\": \"URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods, which support HTTP body payloads\",\n \"examples\": [\n \"file:///path/to/body.jsonnet\",\n \"file://./body.jsonnet\",\n \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=\",\n \"https://oryapis.com/default_body.jsonnet\"\n ]\n },\n {\n \"description\": \"DEPRECATED: please use a URI instead (i.e. prefix your filepath with 'file://')\",\n \"not\": {\n \"pattern\": \"^(http|https|file|base64)://\"\n }\n }\n ]\n },\n \"can_interrupt\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"Deprecated, please use `response.parse` instead. If enabled allows the web hook to interrupt / abort the self-service flow. It only applies to certain flows (registration/verification/login/settings) and requires a valid response format.\"\n },\n \"emit_analytics_event\": {\n \"type\": \"boolean\",\n \"default\": true,\n \"description\": \"Emit tracing events for this webhook on delivery or error\"\n },\n \"auth\": {\n \"type\": \"object\",\n \"title\": \"Auth mechanisms\",\n \"description\": \"Define which auth mechanism the Web-Hook should use\",\n \"oneOf\": [\n {\n \"$ref\": \"#/definitions/webHookAuthApiKeyProperties\"\n },\n {\n \"$ref\": \"#/definitions/webHookAuthBasicAuthProperties\"\n }\n ]\n },\n \"additionalProperties\": false\n },\n \"anyOf\": [\n {\n \"not\": {\n \"properties\": {\n \"response\": {\n \"properties\": {\n \"ignore\": {\n \"const\": true\n }\n },\n \"required\": [\"ignore\"]\n }\n },\n \"required\": [\"response\"]\n }\n },\n {\n \"properties\": {\n \"can_interrupt\": {\n \"const\": false\n }\n },\n \"require\": [\"can_interrupt\"]\n }\n ],\n \"additionalProperties\": false,\n \"required\": [\"url\", \"method\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\", \"config\"]\n },\n \"OIDCClaims\": {\n \"title\": \"OpenID Connect claims\",\n \"description\": \"The OpenID Connect claims and optionally their properties which should be included in the id_token or returned from the UserInfo Endpoint.\",\n \"type\": \"object\",\n \"examples\": [\n {\n \"id_token\": {\n \"email\": null,\n \"email_verified\": null\n }\n },\n {\n \"userinfo\": {\n \"given_name\": {\n \"essential\": true\n },\n \"nickname\": null,\n \"email\": {\n \"essential\": true\n },\n \"email_verified\": {\n \"essential\": true\n },\n \"picture\": null,\n \"http://example.info/claims/groups\": null\n },\n \"id_token\": {\n \"auth_time\": {\n \"essential\": true\n },\n \"acr\": {\n \"values\": [\"urn:mace:incommon:iap:silver\"]\n }\n }\n }\n ],\n \"patternProperties\": {\n \"^userinfo$|^id_token$\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"patternProperties\": {\n \".*\": {\n \"oneOf\": [\n {\n \"const\": null,\n \"description\": \"Indicates that this Claim is being requested in the default manner.\"\n },\n {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"essential\": {\n \"description\": \"Indicates whether the Claim being requested is an Essential Claim.\",\n \"type\": \"boolean\"\n },\n \"value\": {\n \"description\": \"Requests that the Claim be returned with a particular value.\",\n \"$comment\": \"There seem to be no constrains on value\"\n },\n \"values\": {\n \"description\": \"Requests that the Claim be returned with one of a set of values, with the values appearing in order of preference.\",\n \"type\": \"array\",\n \"items\": {\n \"$comment\": \"There seem to be no constrains on individual items\"\n }\n }\n }\n }\n ]\n }\n }\n }\n }\n },\n \"selfServiceOIDCProvider\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"examples\": [\"google\"]\n },\n \"provider\": {\n \"title\": \"Provider\",\n \"description\": \"Can be one of github, github-app, gitlab, generic, google, microsoft, discord, salesforce, slack, facebook, auth0, vk, yandex, apple, spotify, netid, dingtalk, patreon, amazon.\",\n \"type\": \"string\",\n \"enum\": [\n \"github\",\n \"github-app\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\",\n \"salesforce\",\n \"slack\",\n \"facebook\",\n \"auth0\",\n \"vk\",\n \"yandex\",\n \"apple\",\n \"spotify\",\n \"netid\",\n \"dingtalk\",\n \"patreon\",\n \"line\",\n \"linkedin\",\n \"linkedin_v2\",\n \"lark\",\n \"x\",\n \"fedcm-test\",\n \"amazon\",\n \"uaepass\"\n ],\n \"examples\": [\"google\"]\n },\n \"label\": {\n \"title\": \"Optional string which will be used when generating labels for UI buttons.\",\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"client_secret\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com/o/oauth2/v2/auth\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://www.googleapis.com/oauth2/v4/token\"]\n },\n \"mapper_url\": {\n \"title\": \"Jsonnet Mapper URL\",\n \"description\": \"The URL where the jsonnet source is located for mapping the provider's data to Ory Kratos data.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ]\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"offline_access\", \"profile\"]\n }\n },\n \"microsoft_tenant\": {\n \"title\": \"Azure AD Tenant\",\n \"description\": \"The Azure AD Tenant to use for authentication.\",\n \"type\": \"string\",\n \"examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ]\n },\n \"subject_source\": {\n \"title\": \"Microsoft subject source\",\n \"description\": \"Controls which source the subject identifier is taken from by microsoft provider. If set to `userinfo` (the default) then the identifier is taken from the `sub` field of OIDC ID token or data received from `/userinfo` standard OIDC endpoint. If set to `me` then the `id` field of data structure received from `https://graph.microsoft.com/v1.0/me` is taken as an identifier. If the value is `oid` then the the oid (Object ID) is taken to identify users across different services.\",\n \"type\": \"string\",\n \"enum\": [\"userinfo\", \"me\", \"oid\"],\n \"default\": \"userinfo\",\n \"examples\": [\"userinfo\"]\n },\n \"apple_team_id\": {\n \"title\": \"Apple Developer Team ID\",\n \"description\": \"Apple Developer Team ID needed for generating a JWT token for client secret\",\n \"type\": \"string\",\n \"examples\": [\"KP76DQS54M\"]\n },\n \"apple_private_key_id\": {\n \"title\": \"Apple Private Key Identifier\",\n \"description\": \"Sign In with Apple Private Key Identifier needed for generating a JWT token for client secret\",\n \"type\": \"string\",\n \"examples\": [\"UX56C66723\"]\n },\n \"apple_private_key\": {\n \"title\": \"Apple Private Key\",\n \"description\": \"Sign In with Apple Private Key needed for generating a JWT token for client secret\",\n \"type\": \"string\",\n \"examples\": [\n \"-----BEGIN PRIVATE KEY-----\\n........\\n-----END PRIVATE KEY-----\"\n ]\n },\n \"requested_claims\": {\n \"$ref\": \"#/definitions/OIDCClaims\"\n },\n \"organization_id\": {\n \"title\": \"Organization ID\",\n \"description\": \"The ID of the organization that this provider belongs to. Only effective in the Ory Network.\",\n \"type\": \"string\",\n \"examples\": [\"12345678-1234-1234-1234-123456789012\"]\n },\n \"additional_id_token_audiences\": {\n \"title\": \"Additional client ids allowed when using ID token submission\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"12345678-1234-1234-1234-123456789012\"]\n }\n },\n \"claims_source\": {\n \"title\": \"Claims source\",\n \"description\": \"Can be either `userinfo` (calls the userinfo endpoint to get the claims) or `id_token` (takes the claims from the id token). It defaults to `id_token`\",\n \"type\": \"string\",\n \"enum\": [\"id_token\", \"userinfo\"],\n \"default\": \"id_token\",\n \"examples\": [\"id_token\", \"userinfo\"]\n },\n \"pkce\": {\n \"title\": \"Proof Key for Code Exchange\",\n \"description\": \"PKCE controls if the OpenID Connect OAuth2 flow should use PKCE (Proof Key for Code Exchange). IMPORTANT: If you set this to `force`, you must whitelist a different return URL for your OAuth2 client in the provider's configuration. Instead of /self-service/methods/oidc/callback/, you must use /self-service/methods/oidc/callback\",\n \"type\": \"string\",\n \"enum\": [\"auto\", \"never\", \"force\"],\n \"default\": \"auto\"\n },\n \"fedcm_config_url\": {\n \"title\": \"Federation Configuration URL\",\n \"description\": \"The URL where the FedCM IdP configuration is located for the provider. This is only effective in the Ory Network.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://example.com/config.json\"]\n },\n \"net_id_token_origin_header\": {\n \"title\": \"NetID Token Origin Header\",\n \"description\": \"Contains the orgin header to be used when exchanging a NetID FedCM token for an ID token\",\n \"type\": \"string\",\n \"examples\": [\"https://example.com\"]\n },\n \"account_linking_mode\": {\n \"title\": \"Account linking mode\",\n \"description\": \"Controls how account conflicts are resolved for this provider. `confirm_with_existing_credential` (default) requires the user to verify their identity with an existing credential. `automatic` silently links accounts if the provider verifies email ownership. This is only effective in the Ory Network.\",\n \"type\": \"string\",\n \"enum\": [\"confirm_with_existing_credential\", \"automatic\"],\n \"default\": \"confirm_with_existing_credential\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"id\", \"provider\", \"client_id\", \"mapper_url\"],\n \"allOf\": [\n {\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"microsoft\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"required\": [\"microsoft_tenant\"]\n },\n \"else\": {\n \"not\": {\n \"properties\": {\n \"microsoft_tenant\": {}\n },\n \"required\": [\"microsoft_tenant\"]\n }\n }\n },\n {\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"apple\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"not\": {\n \"properties\": {\n \"client_secret\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"client_secret\"]\n },\n \"required\": [\n \"apple_private_key_id\",\n \"apple_private_key\",\n \"apple_team_id\"\n ]\n },\n \"else\": {\n \"required\": [\"client_secret\"],\n \"allOf\": [\n {\n \"not\": {\n \"properties\": {\n \"apple_team_id\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"apple_team_id\"]\n }\n },\n {\n \"not\": {\n \"properties\": {\n \"apple_private_key_id\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"apple_private_key_id\"]\n }\n },\n {\n \"not\": {\n \"properties\": {\n \"apple_private_key\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"apple_private_key\"]\n }\n }\n ]\n }\n }\n ]\n },\n \"selfServiceHooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n },\n \"selfServiceAfterRecoveryHooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n },\n \"selfServiceAfterSettingsProfileMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceShowVerificationUIHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterSettingsAuthMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterDefaultLoginMethodHooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceRequireVerifiedAddressHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceVerificationHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceShowVerificationUIHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n },\n \"selfServiceAfterDefaultLoginMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethodHooks\"\n }\n }\n },\n \"selfServiceAfterOIDCLoginMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceRequireVerifiedAddressHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterRegistrationMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionIssuerHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceShowVerificationUIHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"featureRequiredAal\": {\n \"title\": \"Required Authenticator Assurance Level\",\n \"description\": \"Sets what Authenticator Assurance Level (used for 2FA) is required to access this feature. If set to `highest_available` then this endpoint requires the highest AAL the identity has set up. If set to `aal1` then the identity can access this feature without 2FA.\",\n \"type\": \"string\",\n \"enum\": [\"aal1\", \"highest_available\"],\n \"default\": \"highest_available\"\n },\n \"selfServiceAfterSettings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"totp\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"webauthn\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"passkey\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"lookup_secret\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"profile\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsProfileMethod\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeLogin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterLogin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"webauthn\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"passkey\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterOIDCLoginMethod\"\n },\n \"code\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"totp\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"lookup_secret\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethodHooks\"\n }\n }\n },\n \"selfServiceBeforeRegistration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeSettings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeRecovery\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeVerification\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterRegistration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"webauthn\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"passkey\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"code\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterVerification\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterRecovery\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceAfterRecoveryHooks\"\n }\n },\n \"additionalProperties\": false\n },\n \"tlsxSource\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"path\": {\n \"title\": \"Path to PEM-encoded Fle\",\n \"type\": \"string\",\n \"examples\": [\"path/to/file.pem\"]\n },\n \"base64\": {\n \"title\": \"Base64 Encoded Inline\",\n \"description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"type\": \"string\",\n \"examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ]\n }\n }\n },\n \"tlsx\": {\n \"title\": \"HTTPS\",\n \"description\": \"Configure HTTP over TLS (HTTPS). All options can also be set using environment variables by replacing dots (`.`) with underscores (`_`) and uppercasing the key. For example, `some.prefix.tls.key.path` becomes `export SOME_PREFIX_TLS_KEY_PATH`. If all keys are left undefined, TLS will be disabled.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"key\": {\n \"title\": \"Private Key (PEM)\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/tlsxSource\"\n }\n ]\n },\n \"cert\": {\n \"title\": \"TLS Certificate (PEM)\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/tlsxSource\"\n }\n ]\n }\n }\n },\n \"courierTemplates\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"invalid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n },\n \"valid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n },\n \"sms\": {\n \"$ref\": \"#/definitions/smsCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n }\n }\n },\n \"smsCourierTemplate\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"body\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"plaintext\": {\n \"type\": \"string\",\n \"description\": \"A template send to the SMS provider.\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/body.plaintext.gotmpl\",\n \"https://foo.bar.com/path/to/body.plaintext.gotmpl\"\n ]\n }\n }\n }\n }\n },\n \"emailCourierTemplate\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"body\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"plaintext\": {\n \"type\": \"string\",\n \"description\": \"The fallback template for email clients that do not support html.\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/body.plaintext.gotmpl\",\n \"https://foo.bar.com/path/to/body.plaintext.gotmpl\",\n \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQp7eyAuUmVjb3ZlcnlVUkwgfX0K\"\n ]\n },\n \"html\": {\n \"type\": \"string\",\n \"description\": \"The default template used for sending out emails. The template can contain HTML \",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/body.html.gotmpl\",\n \"https://foo.bar.com/path/to/body.html.gotmpl\",\n \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4\"\n ]\n }\n }\n },\n \"subject\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/subject.gotmpl\",\n \"https://foo.bar.com/path/to/subject.gotmpl\",\n \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4\"\n ]\n }\n }\n }\n },\n \"properties\": {\n \"selfservice\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"default_browser_return_url\"],\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"allowed_return_urls\": {\n \"title\": \"Allowed Return To URLs\",\n \"description\": \"List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri-reference\"\n },\n \"examples\": [\n [\n \"https://app.my-app.com/dashboard\",\n \"/dashboard\",\n \"https://www.my-app.com/\",\n \"https://*.my-app.com/\"\n ]\n ]\n },\n \"flows\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"settings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"URL of the Settings page.\",\n \"description\": \"URL where the Settings UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/user/settings\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/settings\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"privileged_session_max_age\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"required_aal\": {\n \"$ref\": \"#/definitions/featureRequiredAal\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettings\"\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeSettings\"\n }\n }\n },\n \"logout\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"after\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n }\n }\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable User Registration\",\n \"description\": \"If set to true will enable [User Registration](https://www.ory.sh/kratos/docs/self-service/flows/user-registration/).\",\n \"default\": true\n },\n \"login_hints\": {\n \"type\": \"boolean\",\n \"title\": \"Provide Login Hints on Failed Registration\",\n \"description\": \"When registration fails because an account with the given credentials or addresses previously signed up, provide login hints about available methods to sign in to the user.\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Registration UI URL\",\n \"description\": \"URL where the Registration UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/signup\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/registration\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeRegistration\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistration\"\n },\n \"enable_legacy_one_step\": {\n \"type\": \"boolean\",\n \"title\": \"Disable two-step registration\",\n \"description\": \"Deprecated, please use `style` instead.\",\n \"deprecationMessage\": \"Deprecated, please use `style` instead.\",\n \"default\": false\n },\n \"style\": {\n \"title\": \"Registration Flow Style\",\n \"description\": \"The style of the registration flow. If set to `unified` the login flow will be a one-step process. If set to `profile_first` the registration flow will first ask for the profile information first, and then the credentials.\",\n \"type\": \"string\",\n \"enum\": [\"unified\", \"profile_first\"],\n \"default\": \"profile_first\"\n }\n }\n },\n \"login\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Login UI URL\",\n \"description\": \"URL where the Login UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/login\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/login\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"style\": {\n \"title\": \"Login Flow Style\",\n \"description\": \"The style of the login flow. If set to `unified` the login flow will be a one-step process. If set to `identifier_first` (experimental!) the login flow will first ask for the identifier and then the credentials.\",\n \"type\": \"string\",\n \"enum\": [\"unified\", \"identifier_first\"],\n \"default\": \"unified\"\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeLogin\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterLogin\"\n }\n }\n },\n \"verification\": {\n \"title\": \"Email and Phone Verification and Account Activation Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Email/Phone Verification\",\n \"description\": \"If set to true will enable [Email and Phone Verification and Account Activation](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Verify UI URL\",\n \"description\": \"URL where the Ory Verify UI is hosted. This is the page where users activate and / or verify their email or telephone number. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/verification\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterVerification\"\n },\n \"lifespan\": {\n \"title\": \"Self-Service Verification Request Lifespan\",\n \"description\": \"Sets how long the verification request (for the UI interaction) is valid.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeVerification\"\n },\n \"use\": {\n \"title\": \"Verification Strategy\",\n \"description\": \"The strategy to use for verification requests\",\n \"type\": \"string\",\n \"enum\": [\"link\", \"code\"],\n \"default\": \"code\"\n },\n \"notify_unknown_recipients\": {\n \"title\": \"Notify unknown recipients\",\n \"description\": \"Whether to notify recipients, if verification was requested for their address.\",\n \"type\": \"boolean\",\n \"default\": false\n }\n }\n },\n \"recovery\": {\n \"title\": \"Account Recovery Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Account Recovery\",\n \"description\": \"If set to true will enable [Account Recovery](https://www.ory.sh/kratos/docs/self-service/flows/password-reset-account-recovery/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Recovery UI URL\",\n \"description\": \"URL where the Ory Recovery UI is hosted. This is the page where users request and complete account recovery. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/recovery\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterRecovery\"\n },\n \"lifespan\": {\n \"title\": \"Self-Service Recovery Request Lifespan\",\n \"description\": \"Sets how long the recovery request is valid. If expired, the user has to redo the flow.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeRecovery\"\n },\n \"use\": {\n \"title\": \"Recovery Strategy\",\n \"description\": \"The strategy to use for recovery requests\",\n \"type\": \"string\",\n \"enum\": [\"link\", \"code\"],\n \"default\": \"code\"\n },\n \"notify_unknown_recipients\": {\n \"title\": \"Notify unknown recipients\",\n \"description\": \"Whether to notify recipients, if recovery was requested for their account.\",\n \"type\": \"boolean\",\n \"default\": false\n }\n }\n },\n \"error\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Ory Kratos Error UI URL\",\n \"description\": \"URL where the Ory Kratos Error UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/kratos-error\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/error\"\n }\n }\n }\n }\n },\n \"methods\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"b2b\": {\n \"title\": \"Single Sign-On for B2B\",\n \"description\": \"Single Sign-On for B2B allows your customers to bring their own (workforce) identity server (e.g. OneLogin). This feature is not available in the open source licensed code.\",\n \"type\": \"object\",\n \"properties\": {\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"organizations\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"description\": \"The ID of the organization.\",\n \"format\": \"uuid\",\n \"examples\": [\"00000000-0000-0000-0000-000000000000\"]\n },\n \"label\": {\n \"type\": \"string\",\n \"description\": \"The label of the organization.\",\n \"examples\": [\"ACME SSO\"]\n },\n \"domains\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"hostname\",\n \"examples\": [\"my-app.com\"],\n \"description\": \"If this domain matches the email's domain, this provider is shown.\"\n }\n }\n }\n }\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"profile\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Profile Management Method\",\n \"default\": true\n }\n }\n },\n \"link\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Link Method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Link Configuration\",\n \"description\": \"Additional configuration for the link strategy.\",\n \"properties\": {\n \"base_url\": {\n \"title\": \"Override the base URL which should be used as the base for recovery and verification links.\",\n \"type\": \"string\",\n \"deprecationMessage\": \"This option has no effect, because the request URL is now used as the base URL.\",\n \"examples\": [\"https://my-app.com\"]\n },\n \"lifespan\": {\n \"title\": \"How long a link is valid for\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n }\n }\n },\n \"code\": {\n \"type\": \"object\",\n \"additionalProperties\": true,\n \"anyOf\": [\n {\n \"properties\": {\n \"passwordless_enabled\": {\n \"const\": true\n },\n \"mfa_enabled\": {\n \"const\": false\n }\n }\n },\n {\n \"properties\": {\n \"mfa_enabled\": {\n \"const\": true\n },\n \"passwordless_enabled\": {\n \"const\": false\n }\n }\n },\n {\n \"properties\": {\n \"mfa_enabled\": {\n \"const\": false\n },\n \"passwordless_enabled\": {\n \"const\": false\n }\n }\n }\n ],\n \"properties\": {\n \"passwordless_enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables login and registration with the code method.\",\n \"description\": \"If set to true, code.enabled will be set to true as well.\",\n \"default\": false\n },\n \"mfa_enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables login flows code method to fulfil MFA requests\",\n \"default\": false\n },\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Code Method\",\n \"default\": true\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Code Configuration\",\n \"description\": \"Additional configuration for the code strategy.\",\n \"properties\": {\n \"lifespan\": {\n \"title\": \"How long a code is valid for\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"max_submissions\": {\n \"type\": \"integer\",\n \"title\": \"Maximum number of times the code can be submitted before a flow is invalidated\",\n \"minimum\": 1,\n \"maximum\": 255,\n \"default\": 5\n },\n \"missing_credential_fallback_enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Code OTP as a Fallback\",\n \"description\": \"Enabling this allows users to sign in with the code method, even if their identity schema or their credentials are not set up to use the code method. If enabled, a verified address (such as an email) will be used to send the code to the user. Use with caution and only if actually needed.\",\n \"default\": false\n }\n }\n }\n }\n },\n \"password\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Username/Email and Password Method\",\n \"default\": true\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Password Configuration\",\n \"description\": \"Define how passwords are validated.\",\n \"properties\": {\n \"haveibeenpwned_host\": {\n \"title\": \"Custom haveibeenpwned host\",\n \"description\": \"Allows changing the default HIBP host to a self hosted version.\",\n \"type\": \"string\",\n \"default\": \"api.pwnedpasswords.com\"\n },\n \"haveibeenpwned_enabled\": {\n \"title\": \"Enable the HaveIBeenPwned API\",\n \"description\": \"If set to false the password validation does not utilize the Have I Been Pwnd API.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"max_breaches\": {\n \"title\": \"Allow Password Breaches\",\n \"description\": \"Defines how often a password may have been breached before it is rejected.\",\n \"type\": \"integer\",\n \"minimum\": 0,\n \"maximum\": 100,\n \"default\": 0\n },\n \"ignore_network_errors\": {\n \"title\": \"Ignore Lookup Network Errors\",\n \"description\": \"If set to false the password validation fails when the network or the Have I Been Pwnd API is down.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"min_password_length\": {\n \"title\": \"Minimum Password Length\",\n \"description\": \"Defines the minimum length of the password.\",\n \"type\": \"integer\",\n \"default\": 8,\n \"minimum\": 6\n },\n \"identifier_similarity_check_enabled\": {\n \"title\": \"Enable password-identifier similarity check\",\n \"description\": \"If set to false the password validation does not check for similarity between the password and the user identifier.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"migrate_hook\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Password Migration\",\n \"description\": \"If set to true will enable password migration.\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"url\": {\n \"type\": \"string\",\n \"description\": \"The URL the password migration hook should call\",\n \"format\": \"uri\"\n },\n \"method\": {\n \"type\": \"string\",\n \"description\": \"The HTTP method to use (GET, POST, etc).\",\n \"const\": \"POST\",\n \"default\": \"POST\"\n },\n \"headers\": {\n \"type\": \"object\",\n \"description\": \"The HTTP headers that must be applied to the password migration hook.\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"emit_analytics_event\": {\n \"type\": \"boolean\",\n \"default\": true,\n \"description\": \"Emit tracing events for this hook on delivery or error\"\n },\n \"auth\": {\n \"type\": \"object\",\n \"title\": \"Auth mechanisms\",\n \"description\": \"Define which auth mechanism the Web-Hook should use\",\n \"oneOf\": [\n {\n \"$ref\": \"#/definitions/webHookAuthApiKeyProperties\"\n },\n {\n \"$ref\": \"#/definitions/webHookAuthBasicAuthProperties\"\n }\n ]\n },\n \"body\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"pattern\": \"^(http|https|file|base64)://\",\n \"description\": \"URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods, which support HTTP body payloads\",\n \"examples\": [\n \"file:///path/to/body.jsonnet\",\n \"file://./body.jsonnet\",\n \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=\",\n \"https://oryapis.com/default_body.jsonnet\"\n ]\n },\n \"additionalProperties\": false\n }\n }\n }\n }\n },\n \"additionalProperties\": false\n }\n }\n },\n \"totp\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the TOTP method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"TOTP Configuration\",\n \"properties\": {\n \"issuer\": {\n \"title\": \"TOTP Issuer\",\n \"description\": \"The issuer (e.g. a domain name) will be shown in the TOTP app (e.g. Google Authenticator). It helps the user differentiate between different codes.\",\n \"type\": \"string\"\n }\n },\n \"additionalProperties\": false\n }\n }\n },\n \"lookup_secret\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the lookup secret method\",\n \"default\": false\n }\n }\n },\n \"webauthn\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the WebAuthn method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"WebAuthn Configuration\",\n \"properties\": {\n \"passwordless\": {\n \"type\": \"boolean\",\n \"title\": \"Use For Passwordless Flows\",\n \"description\": \"If enabled will have the effect that WebAuthn is used for passwordless flows (as a first factor) and not for multi-factor set ups. With this set to true, users will see an option to sign up with WebAuthn on the registration screen.\"\n },\n \"rp\": {\n \"title\": \"Relying Party (RP) Config\",\n \"properties\": {\n \"display_name\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Display Name\",\n \"description\": \"An name to help the user identify this RP.\",\n \"examples\": [\"Ory Foundation\"]\n },\n \"id\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Identifier\",\n \"description\": \"The id must be a subset of the domain currently in the browser.\",\n \"examples\": [\"ory.sh\"]\n },\n \"origin\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Origin\",\n \"description\": \"An explicit RP origin. If left empty, this defaults to `id`, prepended with the current protocol schema (HTTP or HTTPS).\",\n \"format\": \"uri\",\n \"deprecationMessage\": \"This field is deprecated. Use `origins` instead.\",\n \"examples\": [\"https://www.ory.sh\"]\n },\n \"origins\": {\n \"type\": \"array\",\n \"title\": \"Relying Party Origins\",\n \"description\": \"A list of explicit RP origins. If left empty, this defaults to either `origin` or `id`, prepended with the current protocol schema (HTTP or HTTPS).\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"https://www.ory.sh\",\n \"https://auth.ory.sh\"\n ]\n }\n },\n \"icon\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Icon\",\n \"description\": \"An icon to help the user identify this RP.\",\n \"format\": \"uri\",\n \"deprecationMessage\": \"This field is deprecated and ignored due to security considerations.\",\n \"examples\": [\"https://www.ory.sh/an-icon.png\"]\n }\n },\n \"type\": \"object\",\n \"oneOf\": [\n {\n \"required\": [\"id\", \"display_name\"],\n \"properties\": {\n \"origin\": {\n \"not\": {}\n },\n \"origins\": {\n \"not\": {}\n }\n }\n },\n {\n \"required\": [\"id\", \"display_name\", \"origin\"],\n \"properties\": {\n \"origin\": {\n \"type\": \"string\"\n },\n \"origins\": {\n \"not\": {}\n }\n }\n },\n {\n \"required\": [\"id\", \"display_name\", \"origins\"],\n \"properties\": {\n \"origin\": {\n \"not\": {}\n },\n \"origins\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n }\n ]\n }\n },\n \"additionalProperties\": false\n }\n },\n \"if\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n },\n \"then\": {\n \"required\": [\"config\"]\n }\n },\n \"passkey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the Passkey method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Passkey Configuration\",\n \"properties\": {\n \"rp\": {\n \"title\": \"Relying Party (RP) Config\",\n \"properties\": {\n \"display_name\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Display Name\",\n \"description\": \"A name to help the user identify this RP.\",\n \"examples\": [\"Ory Foundation\"]\n },\n \"id\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Identifier\",\n \"description\": \"The id must be a subset of the domain currently in the browser.\",\n \"examples\": [\"ory.sh\"]\n },\n \"origins\": {\n \"type\": \"array\",\n \"title\": \"Relying Party Origins\",\n \"description\": \"A list of explicit RP origins. If left empty, this defaults to either `origin` or `id`, prepended with the current protocol schema (HTTP or HTTPS).\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\n \"https://www.ory.sh\",\n \"https://auth.ory.sh\"\n ]\n }\n }\n },\n \"type\": \"object\",\n \"required\": [\"display_name\", \"id\"]\n }\n },\n \"additionalProperties\": false\n }\n },\n \"if\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n },\n \"then\": {\n \"required\": [\"config\"]\n }\n },\n \"oidc\": {\n \"type\": \"object\",\n \"title\": \"Specify OpenID Connect and OAuth2 Configuration\",\n \"showEnvVarBlockForObject\": true,\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables OpenID Connect Method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"base_redirect_uri\": {\n \"type\": \"string\",\n \"title\": \"Base URL for OAuth2 Redirect URIs\",\n \"description\": \"Can be used to modify the base URL for OAuth2 Redirect URLs. If unset, the Public Base URL will be used.\",\n \"format\": \"uri\",\n \"examples\": [\"https://auth.myexample.org/\"]\n },\n \"providers\": {\n \"title\": \"OpenID Connect and OAuth2 Providers\",\n \"description\": \"A list and configuration of OAuth2 and OpenID Connect providers Ory Kratos should integrate with.\",\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/selfServiceOIDCProvider\"\n }\n }\n }\n }\n }\n }\n }\n }\n }\n },\n \"database\": {\n \"type\": \"object\",\n \"title\": \"Database related configuration\",\n \"description\": \"Miscellaneous settings used in database related tasks (cleanup, etc.)\",\n \"properties\": {\n \"cleanup\": {\n \"type\": \"object\",\n \"title\": \"Database cleanup settings\",\n \"description\": \"Settings that controls how the database cleanup process is configured (delays, batch size, etc.)\",\n \"properties\": {\n \"batch_size\": {\n \"type\": \"integer\",\n \"title\": \"Number of records to clean in one iteration\",\n \"description\": \"Controls how many records should be purged from one table during database cleanup task\",\n \"minimum\": 1,\n \"default\": 100\n },\n \"sleep\": {\n \"type\": \"object\",\n \"title\": \"Delays between various database cleanup phases\",\n \"description\": \"Configures delays between each step of the cleanup process. It is useful to tune the process so it will be efficient and performant.\",\n \"properties\": {\n \"tables\": {\n \"type\": \"string\",\n \"title\": \"Delay between each table cleanups\",\n \"description\": \"Controls the delay time between cleaning each table in one cleanup iteration\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1m\"\n }\n }\n },\n \"older_than\": {\n \"type\": \"string\",\n \"title\": \"Remove records older than\",\n \"description\": \"Controls how old records do we want to leave\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"0s\"\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"dsn\": {\n \"type\": \"string\",\n \"title\": \"Data Source Name\",\n \"description\": \"DSN is used to specify the database credentials as a connection URI.\",\n \"examples\": [\n \"postgres://user: password@postgresd:5432/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"mysql://user:secret@tcp(mysqld:3306)/database?max_conns=20&max_idle_conns=4\",\n \"cockroach://user@cockroachdb:26257/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc\"\n ]\n },\n \"courier\": {\n \"type\": \"object\",\n \"title\": \"Courier configuration\",\n \"description\": \"The courier is responsible for sending and delivering messages over email, sms, and other means.\",\n \"properties\": {\n \"templates\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"recovery\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"recovery_code\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"verification\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"verification_code\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"registration_code\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"valid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n },\n \"sms\": {\n \"$ref\": \"#/definitions/smsCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n }\n }\n },\n \"login_code\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"valid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n },\n \"sms\": {\n \"$ref\": \"#/definitions/smsCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n }\n }\n }\n }\n },\n \"template_override_path\": {\n \"type\": \"string\",\n \"title\": \"Override message templates\",\n \"description\": \"You can override certain or all message templates by pointing this key to the path where the templates are located.\",\n \"examples\": [\"/conf/courier-templates\"]\n },\n \"message_retries\": {\n \"description\": \"Defines the maximum number of times the sending of a message is retried after it failed before it is marked as abandoned\",\n \"type\": \"integer\",\n \"default\": 5,\n \"examples\": [10, 60]\n },\n \"worker\": {\n \"description\": \"Configures the dispatch worker.\",\n \"type\": \"object\",\n \"properties\": {\n \"pull_count\": {\n \"description\": \"Defines how many messages are pulled from the queue at once.\",\n \"type\": \"integer\",\n \"default\": 10\n },\n \"pull_wait\": {\n \"description\": \"Defines how long the worker waits before pulling messages from the queue again.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1s\"\n }\n }\n },\n \"delivery_strategy\": {\n \"title\": \"Delivery Strategy\",\n \"description\": \"Defines how emails will be sent, either through SMTP (default) or HTTP.\",\n \"type\": \"string\",\n \"enum\": [\"smtp\", \"http\"],\n \"default\": \"smtp\"\n },\n \"http\": {\n \"title\": \"HTTP Configuration\",\n \"description\": \"Configures outgoing emails using HTTP.\",\n \"type\": \"object\",\n \"properties\": {\n \"request_config\": {\n \"$ref\": \"#/definitions/httpRequestConfig\"\n }\n },\n \"additionalProperties\": false\n },\n \"smtp\": {\n \"title\": \"SMTP Configuration\",\n \"description\": \"Configures outgoing emails using the SMTP protocol.\",\n \"type\": \"object\",\n \"properties\": {\n \"connection_uri\": {\n \"title\": \"SMTP connection string\",\n \"description\": \"This URI will be used to connect to the SMTP server. Use the scheme smtps for implicit TLS sessions or smtp for explicit StartTLS/cleartext sessions. Please note that TLS is always enforced with certificate trust verification by default for security reasons on both schemes. With the smtp scheme you can use the query parameter (`?disable_starttls=true`) to allow cleartext sessions or (`?disable_starttls=false`) to enforce StartTLS (default behaviour). Additionally, use the query parameter to allow (`?skip_ssl_verify=true`) or disallow (`?skip_ssl_verify=false`) self-signed TLS certificates (default behaviour) on both implicit and explicit TLS sessions.\",\n \"examples\": [\n \"smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=false\",\n \"smtp://foo:bar@my-mailserver:1234/?disable_starttls=true (NOT RECOMMENDED: Cleartext smtp for devel and legacy infrastructure only)\",\n \"smtp://foo:bar@my-mailserver:1234/ (Explicit StartTLS with certificate trust verification)\",\n \"smtp://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Explicit StartTLS without certificate trust verification)\",\n \"smtps://foo:bar@my-mailserver:1234/ (Implicit TLS with certificate trust verification)\",\n \"smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Implicit TLS without certificate trust verification)\",\n \"smtps://subdomain.my-mailserver:1234/?server_name=my-mailserver (allows TLS to work if the server is hosted on a sudomain that uses a non-wildcard domain certificate)\"\n ],\n \"type\": \"string\",\n \"pattern\": \"^smtps?://.*\"\n },\n \"client_cert_path\": {\n \"title\": \"SMTP Client certificate path\",\n \"description\": \"Path of the client X.509 certificate, in case of certificate based client authentication to the SMTP server.\",\n \"type\": \"string\",\n \"default\": \"\"\n },\n \"client_key_path\": {\n \"title\": \"SMTP Client private key path\",\n \"description\": \"Path of the client certificate private key, in case of certificate based client authentication to the SMTP server\",\n \"type\": \"string\",\n \"default\": \"\"\n },\n \"from_address\": {\n \"title\": \"SMTP Sender Address\",\n \"description\": \"The recipient of an email will see this as the sender address.\",\n \"type\": \"string\",\n \"format\": \"email\",\n \"default\": \"no-reply@ory.kratos.sh\"\n },\n \"from_name\": {\n \"title\": \"SMTP Sender Name\",\n \"description\": \"The recipient of an email will see this as the sender name.\",\n \"type\": \"string\",\n \"examples\": [\"Bob\"]\n },\n \"headers\": {\n \"title\": \"SMTP Headers\",\n \"description\": \"These headers will be passed in the SMTP conversation -- e.g. when using the AWS SES SMTP interface for cross-account sending.\",\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"examples\": [\n {\n \"X-SES-SOURCE-ARN\": \"arn:aws:ses:us-west-2:123456789012:identity/example.com\",\n \"X-SES-FROM-ARN\": \"arn:aws:ses:us-west-2:123456789012:identity/example.com\",\n \"X-SES-RETURN-PATH-ARN\": \"arn:aws:ses:us-west-2:123456789012:identity/example.com\"\n }\n ]\n },\n \"local_name\": {\n \"title\": \"SMTP HELO/EHLO name\",\n \"description\": \"Identifier used in the SMTP HELO/EHLO command. Some SMTP relays require a unique identifier.\",\n \"type\": \"string\",\n \"default\": \"localhost\"\n }\n },\n \"additionalProperties\": false\n },\n \"channels\": {\n \"type\": \"array\",\n \"items\": {\n \"title\": \"Courier channel configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"title\": \"Channel id\",\n \"description\": \"The channel id. Corresponds to the .via property of the identity schema for recovery, verification, etc. Currently only sms is supported.\",\n \"maxLength\": 32,\n \"enum\": [\"sms\"]\n },\n \"type\": {\n \"type\": \"string\",\n \"title\": \"Channel type\",\n \"description\": \"The channel type. Currently only http is supported.\",\n \"enum\": [\"http\"]\n },\n \"request_config\": {\n \"$ref\": \"#/definitions/httpRequestConfig\"\n }\n },\n \"required\": [\"id\", \"request_config\"],\n \"additionalProperties\": false\n }\n }\n },\n \"additionalProperties\": false\n },\n \"oauth2_provider\": {\n \"title\": \"OAuth2 Provider Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"title\": \"OAuth 2.0 Provider URL.\",\n \"description\": \"If set, the login and registration flows will handle the Ory OAuth 2.0 & OpenID `login_challenge` query parameter to serve as an OpenID Connect Provider. This URL should point to Ory Hydra when you are not running on the Ory Network and be left untouched otherwise.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"https://some-slug.projects.oryapis.com\",\n \"https://domain-of-ory-hydra:4445\"\n ]\n },\n \"headers\": {\n \"title\": \"HTTP Request Headers\",\n \"description\": \"These headers will be passed in HTTP request to the OAuth2 Provider.\",\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"examples\": [\n {\n \"Authorization\": \"Bearer some-token\"\n }\n ]\n },\n \"override_return_to\": {\n \"title\": \"Persist OAuth2 request between flows\",\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"Override the return_to query parameter with the OAuth2 provider request URL when perfoming an OAuth2 login flow.\"\n }\n },\n \"additionalProperties\": false\n },\n \"preview\": {\n \"title\": \"Configure Preview Features\",\n \"type\": \"object\",\n \"properties\": {\n \"default_read_consistency_level\": {\n \"type\": \"string\",\n \"title\": \"Default Read Consistency Level\",\n \"description\": \"The default consistency level to use when reading from the database. Defaults to `strong` to not break existing API contracts. Only set this to `eventual` if you can accept that other read APIs will suddenly return eventually consistent results. It is only effective in Ory Network.\",\n \"enum\": [\"strong\", \"eventual\"],\n \"default\": \"strong\"\n }\n }\n },\n \"serve\": {\n \"type\": \"object\",\n \"properties\": {\n \"admin\": {\n \"type\": \"object\",\n \"properties\": {\n \"request_log\": {\n \"type\": \"object\",\n \"properties\": {\n \"disable_for_health\": {\n \"title\": \"Disable health endpoints request logging\",\n \"description\": \"Disable request logging for /health/alive and /health/ready endpoints\",\n \"type\": \"boolean\",\n \"default\": false\n }\n },\n \"additionalProperties\": false\n },\n \"base_url\": {\n \"title\": \"Admin Base URL\",\n \"description\": \"The URL where the admin endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://kratos.private-network:4434/\"]\n },\n \"host\": {\n \"title\": \"Admin Host\",\n \"description\": \"The host (interface) kratos' admin endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Admin Port\",\n \"description\": \"The port kratos' admin endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4434],\n \"default\": 4434\n },\n \"socket\": {\n \"$ref\": \"#/definitions/socket\"\n },\n \"tls\": {\n \"$ref\": \"#/definitions/tlsx\"\n }\n },\n \"additionalProperties\": false\n },\n \"public\": {\n \"type\": \"object\",\n \"properties\": {\n \"request_log\": {\n \"type\": \"object\",\n \"properties\": {\n \"disable_for_health\": {\n \"title\": \"Disable health endpoints request logging\",\n \"description\": \"Disable request logging for /health/alive and /health/ready endpoints\",\n \"type\": \"boolean\",\n \"default\": false\n }\n },\n \"additionalProperties\": false\n },\n \"cors\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures Cross Origin Resource Sharing for public endpoints.\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether CORS is enabled.\",\n \"default\": false\n },\n \"allowed_origins\": {\n \"type\": \"array\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \"not\": {\n \"type\": \"string\",\n \"description\": \"does match all strings that contain two or more (*)\",\n \"pattern\": \".*\\\\*.*\\\\*.*\"\n },\n \"anyOf\": [\n {\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n {\n \"const\": \"*\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"default\": [\"*\"],\n \"examples\": [\n [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"description\": \"A list of HTTP methods the user agent is allowed to use with cross-domain requests.\",\n \"default\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n }\n },\n \"allowed_headers\": {\n \"type\": \"array\",\n \"description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"default\": [\n \"Authorization\",\n \"Content-Type\",\n \"Max-Age\",\n \"X-Session-Token\",\n \"X-XSRF-TOKEN\",\n \"X-CSRF-TOKEN\"\n ],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"exposed_headers\": {\n \"type\": \"array\",\n \"description\": \"Sets which headers are safe to expose to the API of a CORS API specification.\",\n \"default\": [\"Content-Type\"],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"default\": true\n },\n \"options_passthrough\": {\n \"type\": \"boolean\",\n \"description\": \"TODO\",\n \"default\": false\n },\n \"max_age\": {\n \"type\": \"integer\",\n \"description\": \"Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.\",\n \"default\": 0,\n \"minimum\": 0\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"description\": \"Adds additional log output to debug server side CORS issues.\",\n \"default\": false\n }\n }\n },\n \"base_url\": {\n \"$ref\": \"#/definitions/baseUrl\"\n },\n \"host\": {\n \"title\": \"Public Host\",\n \"description\": \"The host (interface) kratos' public endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Public Port\",\n \"description\": \"The port kratos' public endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4433],\n \"default\": 4433\n },\n \"socket\": {\n \"$ref\": \"#/definitions/socket\"\n },\n \"tls\": {\n \"$ref\": \"#/definitions/tlsx\"\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"tracing\": {\n \"$ref\": \"https://raw.githubusercontent.com/ory/kratos/c651ecf2e/oryx/otelx/config.schema.json\"\n },\n \"log\": {\n \"title\": \"Log\",\n \"description\": \"Configure logging using the following options. Logging will always be sent to stdout and stderr.\",\n \"type\": \"object\",\n \"properties\": {\n \"level\": {\n \"description\": \"Debug enables stack traces on errors. Can also be set using environment variable LOG_LEVEL.\",\n \"type\": \"string\",\n \"default\": \"info\",\n \"enum\": [\n \"trace\",\n \"debug\",\n \"info\",\n \"warning\",\n \"error\",\n \"fatal\",\n \"panic\"\n ]\n },\n \"leak_sensitive_values\": {\n \"type\": \"boolean\",\n \"title\": \"Leak Sensitive Log Values\",\n \"description\": \"If set will leak sensitive values (e.g. emails) in the logs.\"\n },\n \"redaction_text\": {\n \"type\": \"string\",\n \"title\": \"Sensitive log value redaction text\",\n \"description\": \"Text to use, when redacting sensitive log value.\"\n },\n \"format\": {\n \"description\": \"The log format can either be text or JSON.\",\n \"type\": \"string\",\n \"enum\": [\"json\", \"text\"]\n }\n },\n \"additionalProperties\": false\n },\n \"identity\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_schema_id\": {\n \"title\": \"The default Identity Schema\",\n \"description\": \"This Identity Schema will be used as the default for self-service flows. Its ID needs to exist in the \\\"schemas\\\" list.\",\n \"type\": \"string\",\n \"default\": \"default\"\n },\n \"schemas\": {\n \"type\": \"array\",\n \"title\": \"All JSON Schemas for Identity Traits\",\n \"description\": \"Note that identities that used the \\\"default_schema_url\\\" field in older kratos versions will be corrupted unless you specify their schema url with the id \\\"default\\\" in this list.\",\n \"examples\": [\n [\n {\n \"id\": \"customer\",\n \"url\": \"base64://ewogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAicHJvcGVydGllcyI6IHsKICAgICJiYXIiOiB7CiAgICAgICJ0eXBlIjogInN0cmluZyIKICAgIH0KICB9LAogICJyZXF1aXJlZCI6IFsKICAgICJiYXIiCiAgXQp9\"\n },\n {\n \"id\": \"employee\",\n \"url\": \"https://foo.bar.com/path/to/employee.traits.schema.json\"\n },\n {\n \"id\": \"employee-v2\",\n \"url\": \"file://path/to/employee.v2.traits.schema.json\"\n }\n ]\n ],\n \"minItems\": 1,\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"title\": \"The schema's ID.\",\n \"type\": \"string\",\n \"examples\": [\"employee\"]\n },\n \"url\": {\n \"type\": \"string\",\n \"title\": \"JSON Schema URL for identity traits schema\",\n \"description\": \"URL for JSON Schema which describes a identity's traits. Can be a file path, a https URL, or a base64 encoded string.\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\",\n \"base64://ewogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAicHJvcGVydGllcyI6IHsKICAgICJiYXIiOiB7CiAgICAgICJ0eXBlIjogInN0cmluZyIKICAgIH0KICB9LAogICJyZXF1aXJlZCI6IFsKICAgICJiYXIiCiAgXQp9\"\n ]\n },\n \"selfservice_selectable\": {\n \"type\": \"boolean\",\n \"title\": \"Is the schema enabled in self-service flows\",\n \"description\": \"If set to true, this schema can be used explicity in self-service flows by setting `identity_schema` query parameter to the schema's ID.\",\n \"default\": false\n }\n },\n \"required\": [\"id\", \"url\"]\n }\n }\n },\n \"required\": [\"schemas\"],\n \"additionalProperties\": false\n },\n \"secrets\": {\n \"type\": \"object\",\n \"properties\": {\n \"default\": {\n \"type\": \"array\",\n \"title\": \"Default Encryption Signing Secrets\",\n \"description\": \"The first secret in the array is used for signing and encrypting things while all other keys are used to verify and decrypt older things that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n },\n \"cookie\": {\n \"type\": \"array\",\n \"title\": \"Signing Keys for Cookies\",\n \"description\": \"The first secret in the array is used for encrypting cookies while all other keys are used to decrypt older cookies that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n },\n \"pagination\": {\n \"type\": \"array\",\n \"title\": \"Secrets to encrypt the pagination token\",\n \"description\": \"To avoid clients reverse-engineering and relying on the implementation details of the pagination token, it is encrypted with these keys\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"minItems\": 1,\n \"examples\": [\n [\n \"secret used for encryption\",\n \"old secret kept for decryption\",\n \"another old secret kept for decryption\"\n ]\n ]\n },\n \"cipher\": {\n \"type\": \"array\",\n \"title\": \"Secrets to use for encryption by cipher\",\n \"description\": \"The first secret in the array is used for encryption data while all other keys are used to decrypt older data that were signed with.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 32,\n \"maxLength\": 32\n },\n \"minItems\": 1\n }\n },\n \"additionalProperties\": false\n },\n \"hashers\": {\n \"title\": \"Hashing Algorithm Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"algorithm\": {\n \"title\": \"Password hashing algorithm\",\n \"description\": \"One of the values: argon2, bcrypt.\\nAny other hashes will be migrated to the set algorithm once an identity authenticates using their password.\",\n \"type\": \"string\",\n \"default\": \"bcrypt\",\n \"enum\": [\"argon2\", \"bcrypt\"]\n },\n \"argon2\": {\n \"title\": \"Configuration for the Argon2id hasher.\",\n \"type\": \"object\",\n \"properties\": {\n \"memory\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(B|KB|MB|GB|TB|PB|EB)\",\n \"default\": \"128MB\"\n },\n \"iterations\": {\n \"type\": \"integer\",\n \"minimum\": 1,\n \"default\": 1\n },\n \"parallelism\": {\n \"type\": \"integer\",\n \"minimum\": 1,\n \"description\": \"Number of parallel workers, defaults to 2*runtime.NumCPU().\"\n },\n \"salt_length\": {\n \"type\": \"integer\",\n \"minimum\": 16,\n \"default\": 16\n },\n \"key_length\": {\n \"type\": \"integer\",\n \"minimum\": 16,\n \"default\": 32\n },\n \"expected_duration\": {\n \"description\": \"The time a hashing operation (~login latency) should take.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"500ms\"\n },\n \"expected_deviation\": {\n \"description\": \"The standard deviation expected for hashing operations. If this value is exceeded you will be warned in the logs to adjust the parameters.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"500ms\"\n },\n \"dedicated_memory\": {\n \"description\": \"The memory dedicated for Kratos. As password hashing is very resource intense, Kratos will monitor the memory consumption and warn about high values.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(B|KB|MB|GB|TB|PB|EB)\",\n \"default\": \"1GB\"\n }\n },\n \"additionalProperties\": false\n },\n \"bcrypt\": {\n \"title\": \"Configuration for the Bcrypt hasher. Minimum is 4 when --dev flag is used and 12 otherwise.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"cost\"],\n \"properties\": {\n \"cost\": {\n \"type\": \"integer\",\n \"minimum\": 4,\n \"maximum\": 31,\n \"default\": 12\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"ciphers\": {\n \"title\": \"Cipher Algorithm Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"algorithm\": {\n \"title\": \"ciphering algorithm\",\n \"description\": \"One of the values: noop, aes, xchacha20-poly1305\",\n \"type\": \"string\",\n \"default\": \"noop\",\n \"enum\": [\"noop\", \"aes\", \"xchacha20-poly1305\"]\n }\n }\n },\n \"cookies\": {\n \"type\": \"object\",\n \"title\": \"HTTP Cookie Configuration\",\n \"description\": \"Configure the HTTP Cookies. Applies to both CSRF and session cookies.\",\n \"properties\": {\n \"domain\": {\n \"title\": \"HTTP Cookie Domain\",\n \"description\": \"Sets the cookie domain for session and CSRF cookies. Useful when dealing with subdomains. Use with care!\",\n \"type\": \"string\"\n },\n \"path\": {\n \"title\": \"HTTP Cookie Path\",\n \"description\": \"Sets the session and CSRF cookie path. Use with care!\",\n \"type\": \"string\",\n \"default\": \"/\"\n },\n \"secure\": {\n \"title\": \"Session Cookie Secure Flag\",\n \"description\": \"Sets the session secure flag. If unset, defaults to !dev mode.\",\n \"type\": \"string\"\n },\n \"same_site\": {\n \"title\": \"HTTP Cookie Same Site Configuration\",\n \"description\": \"Sets the session and CSRF cookie SameSite.\",\n \"type\": \"string\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"],\n \"default\": \"Lax\"\n }\n },\n \"additionalProperties\": false\n },\n \"session\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"whoami\": {\n \"title\": \"WhoAmI / ToSession Settings\",\n \"description\": \"Control how the `/sessions/whoami` endpoint is behaving.\",\n \"type\": \"object\",\n \"properties\": {\n \"required_aal\": {\n \"$ref\": \"#/definitions/featureRequiredAal\"\n },\n \"tokenizer\": {\n \"title\": \"Tokenizer configuration\",\n \"description\": \"Configure the tokenizer, responsible for converting a session into a token format such as JWT.\",\n \"type\": \"object\",\n \"properties\": {\n \"templates\": {\n \"title\": \"Tokenizer templates\",\n \"description\": \"A list of different templates that govern how a session is converted to a token format.\",\n \"type\": \"object\",\n \"patternProperties\": {\n \"[a-zA-Z0-9-_.]+\": {\n \"type\": \"object\",\n \"required\": [\"jwks_url\"],\n \"properties\": {\n \"ttl\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1m\",\n \"title\": \"Token time to live\"\n },\n \"claims_mapper_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"title\": \"Jsonnet mapper URL\"\n },\n \"jwks_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"title\": \"JSON Web Key Set URL\"\n },\n \"subject_source\": {\n \"type\": \"string\",\n \"title\": \"Subject source\",\n \"description\": \"The source of the subject claim in the token. Can be one of: `id`, or `external_id`.\",\n \"enum\": [\"id\", \"external_id\"],\n \"default\": \"id\"\n }\n }\n }\n }\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Session Lifespan\",\n \"description\": \"Defines how long a session is active. Once that lifespan has been reached, the user needs to sign in again.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"24h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"cookie\": {\n \"type\": \"object\",\n \"properties\": {\n \"domain\": {\n \"title\": \"Session Cookie Domain\",\n \"description\": \"Sets the session cookie domain. Useful when dealing with subdomains. Use with care! Overrides `cookies.domain`.\",\n \"type\": \"string\"\n },\n \"name\": {\n \"title\": \"Session Cookie Name\",\n \"description\": \"Sets the session cookie name. Use with care!\",\n \"type\": \"string\",\n \"default\": \"ory_kratos_session\"\n },\n \"persistent\": {\n \"title\": \"Make Session Cookie Persistent\",\n \"description\": \"If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4). This option affects the Ory OAuth2 and OpenID Provider's remember feature as well.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"path\": {\n \"title\": \"Session Cookie Path\",\n \"description\": \"Sets the session cookie path. Use with care! Overrides `cookies.path`.\",\n \"type\": \"string\"\n },\n \"secure\": {\n \"title\": \"Session Cookie Secure Flag\",\n \"description\": \"Sets the session secure flag. If unset, defaults to !dev mode.\",\n \"type\": \"string\"\n },\n \"same_site\": {\n \"title\": \"Session Cookie SameSite Configuration\",\n \"description\": \"Sets the session cookie SameSite. Overrides `cookies.same_site`.\",\n \"type\": \"string\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"]\n }\n },\n \"additionalProperties\": false\n },\n \"earliest_possible_extend\": {\n \"title\": \"Earliest Possible Session Extension\",\n \"description\": \"Sets when a session can be extended. Settings this value to `24h` will prevent the session from being extended before until 24 hours before it expires. This setting prevents excessive writes to the database. We highly recommend setting this value.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"security\": {\n \"type\": \"object\",\n \"properties\": {\n \"account_enumeration\": {\n \"type\": \"object\",\n \"properties\": {\n \"mitigate\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"Mitigate account enumeration by making it harder to figure out if an identifier (email, phone number) exists or not. Enabling this setting degrades user experience. This setting does not mitigate all possible attack vectors yet.\"\n }\n }\n }\n }\n },\n \"version\": {\n \"title\": \"The kratos version this config is written for.\",\n \"description\": \"SemVer according to https://semver.org/ prefixed with `v` as in our releases.\",\n \"type\": \"string\",\n \"pattern\": \"^(v(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)(?:-((?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\\\.(?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\\+([0-9a-zA-Z-]+(?:\\\\.[0-9a-zA-Z-]+)*))?)|$\",\n \"examples\": [\"v0.5.0-alpha.1\"]\n },\n \"dev\": {\n \"type\": \"boolean\"\n },\n \"help\": {\n \"type\": \"boolean\"\n },\n \"sqa-opt-out\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"This is a CLI flag and environment variable and can not be set using the config file.\"\n },\n \"watch-courier\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"This is a CLI flag and environment variable and can not be set using the config file.\"\n },\n \"expose-metrics-port\": {\n \"title\": \"Metrics port\",\n \"description\": \"The port the courier's metrics endpoint listens on (0/disabled by default). This is a CLI flag and environment variable and can not be set using the config file.\",\n \"type\": \"integer\",\n \"minimum\": 0,\n \"maximum\": 65535,\n \"examples\": [4434],\n \"default\": 0\n },\n \"config\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"This is a CLI flag and environment variable and can not be set using the config file.\"\n },\n \"clients\": {\n \"title\": \"Global outgoing network settings\",\n \"description\": \"Configure how outgoing network calls behave.\",\n \"type\": \"object\",\n \"properties\": {\n \"http\": {\n \"title\": \"Global HTTP client configuration\",\n \"description\": \"Configure how outgoing HTTP calls behave.\",\n \"type\": \"object\",\n \"properties\": {\n \"disallow_private_ip_ranges\": {\n \"title\": \"Disallow private IP ranges\",\n \"description\": \"Disallow all outgoing HTTP calls to private IP ranges. This feature can help protect against SSRF attacks.\",\n \"type\": \"boolean\",\n \"default\": false\n },\n \"private_ip_exception_urls\": {\n \"title\": \"Add exempt URLs to private IP ranges\",\n \"description\": \"Allows the given URLs to be called despite them being in the private IP range. URLs need to have an exact and case-sensitive match to be excempt.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri-reference\"\n },\n \"default\": []\n }\n }\n },\n \"web_hook\": {\n \"title\": \"Global web_hook HTTP client configuration\",\n \"description\": \"Configure the global HTTP client of the web_hook action.\",\n \"type\": \"object\",\n \"properties\": {\n \"header_allowlist\": {\n \"title\": \"Allowed request headers\",\n \"description\": \"List of request headers that are forwarded to the web hook target in canonical form.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"default\": [\n \"Accept\",\n \"Accept-Encoding\",\n \"Accept-Language\",\n \"Content-Length\",\n \"Content-Type\",\n \"Origin\",\n \"Priority\",\n \"Referer\",\n \"Sec-Ch-Ua\",\n \"Sec-Ch-Ua-Mobile\",\n \"Sec-Ch-Ua-Platform\",\n \"Sec-Fetch-Dest\",\n \"Sec-Fetch-Mode\",\n \"Sec-Fetch-Site\",\n \"Sec-Fetch-User\",\n \"True-Client-Ip\",\n \"User-Agent\"\n ]\n }\n }\n }\n }\n },\n \"feature_flags\": {\n \"title\": \"Feature flags\",\n \"properties\": {\n \"cacheable_sessions\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Ory Sessions caching\",\n \"description\": \"If enabled allows Ory Sessions to be cached. Only effective in the Ory Network.\",\n \"default\": false\n },\n \"cacheable_sessions_max_age\": {\n \"title\": \"Set Ory Session Edge Caching maximum age\",\n \"description\": \"Set how long Ory Sessions are cached on the edge. If unset, the session expiry will be used. Only effective in the Ory Network.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\"\n },\n \"use_continue_with_transitions\": {\n \"type\": \"boolean\",\n \"title\": \"Enable new flow transitions using `continue_with` items\",\n \"description\": \"If enabled allows new flow transitions using `continue_with` items.\",\n \"default\": false\n },\n \"choose_recovery_address\": {\n \"type\": \"boolean\",\n \"title\": \"Enable new recovery screens to pick which address to send a recovery code/link to\",\n \"description\": \"If enabled, enable new recovery screens to pick which address to send a recovery code to, and can send a code via SMS. It is safe to toggle it back and forth, existing recovery flows will be handled with their respective logic. That is because it is decided at creation time whether a recovery flow is V1 or V2 and this cannot be changed afterwards. Thus, if a recovery flow is created with this flag enabled, it will be created as a recovery v2 flow. If this flag is disabled while this flow is still active, this flow will still be handled with the correct logic (v2).\",\n \"default\": false\n },\n \"legacy_continue_with_verification_ui\": {\n \"type\": \"boolean\",\n \"title\": \"Always include show_verification_ui in continue_with\",\n \"description\": \"If true, restores the legacy behavior of always including `show_verification_ui` in the registration flow's `continue_with` when verification is enabled. If set to false, `show_verification_ui` is only set in `continue_with` if the `show_verification_ui` hook is used. This flag will be removed in the future.\",\n \"deprecationMessage\": \"This behavior is deprecated and will be removed in the future. Use the `show_verification_hook` in the post-registration hook instead.\",\n \"default\": false\n },\n \"legacy_require_verified_login_error\": {\n \"type\": \"boolean\",\n \"title\": \"Return a form error if the login identifier is not verified\",\n \"description\": \"If true, the login flow will return a form error if the login identifier is not verified, which restores legacy behavior. If this value is false, the `continue_with` array will contain a `show_verification_ui` hook instead.\",\n \"deprecationMessage\": \"This behavior is deprecated and will be removed in the future. Please upgrade your SDKs.\",\n \"default\": false\n },\n \"faster_session_extend\": {\n \"type\": \"boolean\",\n \"title\": \"Enable faster session extension\",\n \"description\": \"If enabled allows faster session extension by skipping the session lookup. Disabling this feature will be deprecated in the future.\",\n \"default\": false\n },\n \"password_profile_registration_node_group\": {\n \"title\": \"Registration node group\",\n \"description\": \"The node group to use for registration flows. Previously, the node group for the password method's profile fields was `password`. Going forward, it will be `default`. This switch can toggle between those two for backwards compatibility.\",\n \"enum\": [\"password\", \"default\"],\n \"default\": \"default\"\n },\n \"legacy_oidc_registration_node_group\": {\n \"title\": \"Registration node group for OIDC\",\n \"description\": \"The node group to use for registration flows. Previously, the node group for the oidc method's profile fields was `oidc`. Going forward, it will be `default`. This switch can toggle between those two for backwards compatibility and will be removed in the future.\",\n \"default\": false,\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"organizations\": {\n \"title\": \"Organizations\",\n \"description\": \"Please use selfservice.methods.b2b instead. This key will be removed. Only effective in the Ory Network.\",\n \"type\": \"array\",\n \"default\": []\n },\n \"enterprise\": {\n \"title\": \"Enterprise features\",\n \"description\": \"Specifies enterprise features. Only effective in the Ory Network or with a valid license.\",\n \"type\": \"object\",\n \"properties\": {\n \"identity_schema_fallback_url_template\": {\n \"type\": \"string\",\n \"title\": \"Fallback URL template for identity schemas\",\n \"description\": \"A fallback URL template used when looking up identity schemas.\"\n }\n },\n \"additionalProperties\": false\n },\n \"revision\": {\n \"title\": \"Config revision\",\n \"description\": \"Set a recognizable revision. This could be the commit time or a random value. This value is exposed at the `/health/config` endpoint and allows you to ensure that the correct config is loaded.\",\n \"type\": \"string\"\n }\n },\n \"allOf\": [\n {\n \"if\": {\n \"properties\": {\n \"selfservice\": {\n \"properties\": {\n \"flows\": {\n \"oneOf\": [\n {\n \"properties\": {\n \"verification\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"verification\"]\n },\n {\n \"properties\": {\n \"recovery\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"recovery\"]\n }\n ]\n }\n },\n \"required\": [\"flows\"]\n }\n },\n \"required\": [\"selfservice\"]\n },\n \"then\": {\n \"required\": [\"courier\"]\n }\n },\n {\n \"if\": {\n \"properties\": {\n \"ciphers\": {\n \"properties\": {\n \"algorithm\": {\n \"oneOf\": [\n {\n \"const\": \"aes\"\n },\n {\n \"const\": \"xchacha20-poly1305\"\n }\n ]\n }\n },\n \"required\": [\"algorithm\"]\n }\n },\n \"required\": [\"ciphers\"]\n },\n \"then\": {\n \"required\": [\"secrets\"],\n \"properties\": {\n \"secrets\": {\n \"required\": [\"cipher\"]\n }\n }\n }\n }\n ],\n \"required\": [\"identity\", \"dsn\", \"selfservice\"],\n \"additionalProperties\": false\n}\n" }, { "path": ".trivyignore", "content": "CVE-2022-30065\nCVE-2024-2961\nCVE-2023-2650\n" }, { "path": ".vscode/launch.json", "content": "{\n // Launch configuration to build and launch Kratos\n // It uses a barebones\n \"version\": \"0.2.0\",\n \"configurations\": [\n {\n \"name\": \"Debug Kratos\",\n \"type\": \"go\",\n \"request\": \"launch\",\n \"mode\": \"debug\",\n \"program\": \"${workspaceFolder}/main.go\",\n \"buildFlags\": \"-tags sqlite\",\n \"preLaunchTask\": \"Kratos: setup\",\n \"postDebugTask\": \"close tasks\", // stops mailhog. Needed, because VSCode does not re-use existing isBackground tasks\n \"args\": [\n \"serve\",\n \"--dev\",\n \"--watch-courier\",\n \"-c=${workspaceFolder}/contrib/quickstart/kratos/email-password/kratos.yml\"\n ],\n \"internalConsoleOptions\": \"openOnSessionStart\",\n \"env\": {\n \"IDENTITY_SCHEMAS_0_URL\": \"file://${workspaceFolder}/contrib/quickstart/kratos/email-password/identity.schema.json\",\n \"DSN\": \"sqlite://${workspaceFolder}/.debug.sqlite.db?_fk=true\",\n \"COURIER_SMTP_CONNECTION_URI\": \"smtp://localhost:8026/?disable_starttls=true\",\n \"DEV_DISABLE_API_FLOW_ENFORCEMENT\": \"true\",\n \"SELFSERVICE_METHODS_PASSWORD_CONFIG_HAVEIBEENPWNED_ENABLED\": \"false\", // disable locally, as the integration hangs requests, if internet is slow\n \"TRACING_PROVIDER\": \"jaeger\",\n \"TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL\": \"http://127.0.0.1:5778/sampling\",\n \"TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS\": \"127.0.0.1:6831\"\n }\n }\n ]\n}\n" }, { "path": ".vscode/settings.json", "content": "{\n \"gopls\": {\n \"formatting.gofumpt\": true,\n \"formatting.local\": \"github.com/ory\"\n }\n}\n" }, { "path": ".vscode/tasks.json", "content": "{\n // See https://go.microsoft.com/fwlink/?LinkId=733558\n // for the documentation about the tasks.json format\n \"version\": \"2.0.0\",\n \"tasks\": [\n {\n \"label\": \"Kratos: build\",\n \"type\": \"shell\",\n \"command\": \"go\",\n \"args\": [\n \"build\",\n \"-tags\",\n \"sqlite\",\n \"-o\",\n \"${workspaceFolder}/kratos\",\n \"${workspaceFolder}/main.go\"\n ]\n },\n {\n \"label\": \"Kratos debug: setup sqlite\",\n \"type\": \"shell\",\n \"presentation\": {\n \"echo\": false,\n \"reveal\": \"always\"\n },\n \"dependsOn\": [\"Kratos: build\"],\n \"command\": \"rm -f ${workspaceFolder}/.debug.sqlite.db && ${workspaceFolder}/kratos migrate sql up -e --yes\",\n \"options\": {\n \"env\": {\n \"DSN\": \"sqlite://${workspaceFolder}/.debug.sqlite.db?_fk=true\"\n }\n }\n },\n {\n \"label\": \"Kratos: setup\",\n \"type\": \"shell\",\n \"presentation\": {\n \"reveal\": \"silent\"\n },\n \"dependsOn\": [\"Kratos debug: setup sqlite\"],\n \"problemMatcher\": []\n },\n {\n \"label\": \"close tasks\",\n \"command\": \"echo ${input:terminate}\",\n \"type\": \"shell\",\n \"problemMatcher\": []\n }\n ],\n \"inputs\": [\n {\n \"id\": \"terminate\",\n \"type\": \"command\",\n \"command\": \"workbench.action.tasks.terminate\",\n \"args\": \"terminateAll\"\n }\n ]\n}\n" }, { "path": "AUTHORS", "content": "# This is the official list of Kratos authors.\n# If you don't want to be on this list, please contact Ory.\n\nAdam Schepis \nAddison Snelling \nadrian5 \nAeneas Rekkas \naenoralanar <38026322+aenoralanar@users.noreply.github.com>\nAidan Holland \nAjay Kelkar \nAlano Terblanche \nAlexander Probst \nAlexandre Burgoni \nAlexandre Gagneux <46828169+alexGNX@users.noreply.github.com>\nAlexey Reshetnik \nAndreas \nAndreas Bucksteeg \nAndrew Banchich <13824577+andrewbanchich@users.noreply.github.com>\nAndrew Minkin \nAndrew Tan \nAndrey \nAndy Steele \nangryPopcorn \nAnirudh Oppiliappan \nAntoine Beyet \nAnuar Ustayev \nArne \nArne \naspeteRakete \nAtreya <44151328+atreya2011@users.noreply.github.com>\nAVA Monitoring <56961522+avamonitoring@users.noreply.github.com>\nAvinash Dwarapu \nb3j0f \nBengt Hagemeister <30391176+BengtHagemeister@users.noreply.github.com>\nBengt Hagemeister \nBenjamin Freeman \nBIKI DAS \nBill Monkman \nBipin Paul Bedi \nBrahm Lower \nBrahm Lower \nBrentChesny \nCaptainStandby <18215579+CaptainStandby@users.noreply.github.com>\nCarlos Chida \nchlasch <72044019+chlasch@users.noreply.github.com>\ncwei-wish \nCλctysman \nDaniel Hobbs \nDavid ALEXANDRE <9482408+david972@users.noreply.github.com>\nDavid Cheung \nDavid Laban \nDavid Laban \nDavid San \nDavid van der Sluijs \ndebrutal \nDejan Filipovic \nDejan Filipovic \nDenis Palnitsky \nDibyajyoti Behera \nDimitrij Drus \nDimitrij Drus \nEifoen <35534229+Eifoen@users.noreply.github.com>\nemrah \nemtammaru \nEric B \nernax78 <65963237+ernax78@users.noreply.github.com>\nErol Keskin \nErol Keskin \nFabian Meyer <3982806+meyfa@users.noreply.github.com>\nFelix Beuke \nFerdi \nFlorian Kramer \nFlorian Nagel \nFlorian Wiech \nfrederikhors <41120635+frederikhors@users.noreply.github.com>\nGajewski Dmitriy \nGeoff Lawler \nGiacomo Mazzamuto \nGibheer \ngoughjo02 \nGrant Zvolský \nHarsimran Singh Maan \nHenning Perl \nJacob Lehr \nJakob Høgenes <1014990+jakhog@users.noreply.github.com>\nJakob Sinclair \nJakub Błaszczyk \nJames D. Nurmi \nJames D. Nurmi \nJason Ertel \nJeffreyThijs \nJelle Besseling \nJhonatan Hulse \nJiggyDown <84430646+JiggyDown@users.noreply.github.com>\njingkai \njld3103 \nJoe Krill \nJohan Forssell \nJohn Binstead <67282336+Bin-fluence@users.noreply.github.com>\nJohn \nJonas Hungershausen \nJonathon Sheffield \nJordan \nJordan May \nJuri <1773075+2mol@users.noreply.github.com>\nKevin Goslar \nKim Neunert \nKlaus Herrmann <106238709+kmherrmann@users.noreply.github.com>\nkoenmtb1 \nKoen van Marrewijk \nkszafran \nKun Chong \nLandon Pattison <67596936+LandonPattison@users.noreply.github.com>\nLan Phan \nLi Ming \nLorenzo Baldassarri \nŁukasz Harasimowicz \nŁukasz Szcześniak \nMárk Bartos \nMart Aarma \nMartin Eigenbrodt \nMartin Eigenbrodt \nMartin \nMathias Polligkeit <13847569+woylie@users.noreply.github.com>\nMatt Bonnell \nMatthieu Jacquot \nMatúš Múčka \nMaurice Freitag \nMike Milano \nMike \nMikołaj Meller <52668809+mmeller-wikia@users.noreply.github.com>\nMiłosz <12242002+mszekiel@users.noreply.github.com>\nMiniDigger | Martin \nMitar \nMitsuo Heijo <25817501+johejo@users.noreply.github.com>\nNanik \nNatanael Oliva \nNeil Rutherford <374275+nrutherford@users.noreply.github.com>\nNichlas Lendal <62498670+pr1ze@users.noreply.github.com>\nNicholas Bush \nNick Campbell \nNick Malcev <41836660+nmlc@users.noreply.github.com>\nNick Ufer \nNikita Puzankov \nnipsufn <17983323+nipsufn@users.noreply.github.com>\nOle Petersen <56505957+peteole@users.noreply.github.com>\noliverpool <3864879+oliverpool@users.noreply.github.com>\nOmar A. Hachach \nPatrik Neu \nPaweł Hemperek \nPiotr Mścichowski \nPrzemysław Czaus \nQuentin Gliech \nqvamatel \nRadek Gruchalski \nRamiBerm <54766858+RamiBerm@users.noreply.github.com>\nRauno Viskus \nreshetnik-alexey \nRodrigo Queiro \nrvo \nsawadashota \nsawadashota \nSeb \nseremenko-wish <60801091+seremenko-wish@users.noreply.github.com>\nSergey Plaunov \nsherbang \nshivam <86538330+shivam-909@users.noreply.github.com>\nSimon Lipp \nSimon-Pierre Gingras <892367+spg@users.noreply.github.com>\nSteffen Heidel \nTannerGabriel <40315960+TannerGabriel@users.noreply.github.com>\nTheodor Brandt \ntheotherian \nThomas Aidan Curran <2030403+tacurran@users.noreply.github.com>\nThomas Guillet \nThomas Ruiz \nTomasz Tomalak <12939493+t-tomalak@users.noreply.github.com>\nTom Fenech \nToon van Strijp \nTsirkin Evgeny \nttimonen \nTyler Battle \nVeenaInd <104088519+VeenaInd@users.noreply.github.com>\nVictor Duarte \nVincent \nvinckr \nViz \nWeiQi <17816875364@163.com>\nwezzle \nYagiz Nizipli \nyon <38630464+yonbh@users.noreply.github.com>\nYorick Holkamp \nyou1996 <45292366+you1996@users.noreply.github.com>\nYuvraj <10830562+evalsocket@users.noreply.github.com>\nZageron \nZhiming Guo \nznerol \n好风 \n" }, { "path": "CHANGELOG.md", "content": "# Changelog\n\n\n\n\n**Table of Contents**\n\n- [ (2026-03-20)](#2026-03-20)\n- [26.2.0 (2026-03-20)](#2620-2026-03-20)\n - [Bug Fixes](#bug-fixes)\n - [Code Refactoring](#code-refactoring)\n - [Documentation](#documentation)\n - [Features](#features)\n - [Tests](#tests)\n - [Unclassified](#unclassified)\n- [25.4.0 (2025-11-07)](#2540-2025-11-07)\n - [Breaking Changes](#breaking-changes)\n - [Related issue(s)](#related-issues)\n - [Checklist](#checklist)\n - [Related issue(s)](#related-issues-1)\n - [Checklist](#checklist-1)\n - [Related issue(s)](#related-issues-2)\n - [Checklist](#checklist-2)\n - [Bug Fixes](#bug-fixes-1)\n - [Chores](#chores)\n - [Code Generation](#code-generation)\n - [Code Refactoring](#code-refactoring-1)\n - [Documentation](#documentation-1)\n - [Features](#features-1)\n - [Reverts](#reverts)\n - [Tests](#tests-1)\n - [Unclassified](#unclassified-1)\n- [1.3.0 (2024-09-26)](#130-2024-09-26)\n - [Breaking Changes](#breaking-changes-1)\n - [Bug Fixes](#bug-fixes-2)\n - [Code Generation](#code-generation-1)\n - [Documentation](#documentation-2)\n - [Features](#features-2)\n - [Tests](#tests-2)\n - [Unclassified](#unclassified-2)\n- [1.2.0 (2024-06-05)](#120-2024-06-05)\n - [Breaking Changes](#breaking-changes-2)\n - [Bug Fixes](#bug-fixes-3)\n - [Code Generation](#code-generation-2)\n - [Documentation](#documentation-3)\n - [Features](#features-3)\n - [Tests](#tests-3)\n - [Unclassified](#unclassified-3)\n- [1.1.0 (2024-02-20)](#110-2024-02-20)\n - [Breaking Changes](#breaking-changes-3)\n - [Bug Fixes](#bug-fixes-4)\n - [Code Generation](#code-generation-3)\n - [Documentation](#documentation-4)\n - [Features](#features-4)\n - [Reverts](#reverts-1)\n - [Tests](#tests-4)\n - [Unclassified](#unclassified-4)\n- [1.0.0 (2023-07-12)](#100-2023-07-12)\n - [Bug Fixes](#bug-fixes-5)\n - [Code Generation](#code-generation-4)\n - [Documentation](#documentation-5)\n - [Features](#features-5)\n - [Tests](#tests-5)\n - [Unclassified](#unclassified-5)\n- [0.13.0 (2023-04-18)](#0130-2023-04-18)\n - [Breaking Changes](#breaking-changes-4)\n - [Bug Fixes](#bug-fixes-6)\n - [Code Generation](#code-generation-5)\n - [Code Refactoring](#code-refactoring-2)\n - [Documentation](#documentation-6)\n - [Features](#features-6)\n - [Tests](#tests-6)\n - [Unclassified](#unclassified-6)\n- [0.11.1 (2023-01-14)](#0111-2023-01-14)\n - [Breaking Changes](#breaking-changes-5)\n - [Bug Fixes](#bug-fixes-7)\n - [Code Generation](#code-generation-6)\n - [Documentation](#documentation-7)\n - [Features](#features-7)\n - [Tests](#tests-7)\n- [0.11.0 (2022-12-02)](#0110-2022-12-02)\n - [Code Generation](#code-generation-7)\n - [Features](#features-8)\n- [0.11.0-alpha.0.pre.2 (2022-11-28)](#0110-alpha0pre2-2022-11-28)\n - [Breaking Changes](#breaking-changes-6)\n - [Bug Fixes](#bug-fixes-8)\n - [Code Generation](#code-generation-8)\n - [Code Refactoring](#code-refactoring-3)\n - [Documentation](#documentation-8)\n - [Features](#features-9)\n - [Reverts](#reverts-2)\n - [Tests](#tests-8)\n - [Unclassified](#unclassified-7)\n- [0.10.1 (2022-06-01)](#0101-2022-06-01)\n - [Bug Fixes](#bug-fixes-9)\n - [Code Generation](#code-generation-9)\n- [0.10.0 (2022-05-30)](#0100-2022-05-30)\n - [Breaking Changes](#breaking-changes-7)\n - [Bug Fixes](#bug-fixes-10)\n - [Code Generation](#code-generation-10)\n - [Code Refactoring](#code-refactoring-4)\n - [Documentation](#documentation-9)\n - [Features](#features-10)\n - [Tests](#tests-9)\n - [Unclassified](#unclassified-8)\n- [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25)\n - [Breaking Changes](#breaking-changes-8)\n - [Bug Fixes](#bug-fixes-11)\n - [Code Generation](#code-generation-11)\n - [Documentation](#documentation-10)\n- [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22)\n - [Bug Fixes](#bug-fixes-12)\n - [Code Generation](#code-generation-12)\n- [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21)\n - [Breaking Changes](#breaking-changes-9)\n - [Bug Fixes](#bug-fixes-13)\n - [Code Generation](#code-generation-13)\n - [Code Refactoring](#code-refactoring-5)\n - [Documentation](#documentation-11)\n - [Features](#features-11)\n - [Tests](#tests-10)\n - [Unclassified](#unclassified-9)\n- [0.8.3-alpha.1.pre.0 (2022-01-21)](#083-alpha1pre0-2022-01-21)\n - [Breaking Changes](#breaking-changes-10)\n - [Bug Fixes](#bug-fixes-14)\n - [Code Generation](#code-generation-14)\n - [Code Refactoring](#code-refactoring-6)\n - [Documentation](#documentation-12)\n - [Features](#features-12)\n - [Tests](#tests-11)\n- [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17)\n - [Bug Fixes](#bug-fixes-15)\n - [Code Generation](#code-generation-15)\n - [Documentation](#documentation-13)\n- [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13)\n - [Bug Fixes](#bug-fixes-16)\n - [Code Generation](#code-generation-16)\n - [Documentation](#documentation-14)\n - [Features](#features-13)\n - [Tests](#tests-12)\n- [0.8.0-alpha.4.pre.0 (2021-11-09)](#080-alpha4pre0-2021-11-09)\n - [Breaking Changes](#breaking-changes-11)\n - [Bug Fixes](#bug-fixes-17)\n - [Code Generation](#code-generation-17)\n - [Documentation](#documentation-15)\n - [Features](#features-14)\n - [Tests](#tests-13)\n- [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28)\n - [Bug Fixes](#bug-fixes-18)\n - [Code Generation](#code-generation-18)\n- [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28)\n - [Code Generation](#code-generation-19)\n- [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27)\n - [Breaking Changes](#breaking-changes-12)\n - [Bug Fixes](#bug-fixes-19)\n - [Code Generation](#code-generation-20)\n - [Code Refactoring](#code-refactoring-7)\n - [Documentation](#documentation-16)\n - [Features](#features-15)\n - [Reverts](#reverts-3)\n - [Tests](#tests-14)\n - [Unclassified](#unclassified-10)\n- [0.7.6-alpha.1 (2021-09-12)](#076-alpha1-2021-09-12)\n - [Code Generation](#code-generation-21)\n- [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11)\n - [Code Generation](#code-generation-22)\n- [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09)\n - [Bug Fixes](#bug-fixes-20)\n - [Code Generation](#code-generation-23)\n - [Documentation](#documentation-17)\n - [Features](#features-16)\n - [Tests](#tests-15)\n- [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28)\n - [Bug Fixes](#bug-fixes-21)\n - [Code Generation](#code-generation-24)\n - [Documentation](#documentation-18)\n - [Features](#features-17)\n- [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22)\n - [Bug Fixes](#bug-fixes-22)\n - [Code Generation](#code-generation-25)\n - [Documentation](#documentation-19)\n - [Tests](#tests-16)\n- [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13)\n - [Breaking Changes](#breaking-changes-13)\n - [Bug Fixes](#bug-fixes-23)\n - [Code Generation](#code-generation-26)\n - [Code Refactoring](#code-refactoring-8)\n - [Documentation](#documentation-20)\n - [Features](#features-18)\n - [Tests](#tests-17)\n - [Unclassified](#unclassified-11)\n- [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17)\n - [Breaking Changes](#breaking-changes-14)\n - [Bug Fixes](#bug-fixes-24)\n - [Code Generation](#code-generation-27)\n - [Code Refactoring](#code-refactoring-9)\n- [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14)\n - [Code Generation](#code-generation-28)\n - [Documentation](#documentation-21)\n- [0.6.1-alpha.1 (2021-05-11)](#061-alpha1-2021-05-11)\n - [Code Generation](#code-generation-29)\n - [Features](#features-19)\n- [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07)\n - [Bug Fixes](#bug-fixes-25)\n - [Code Generation](#code-generation-30)\n - [Features](#features-20)\n- [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05)\n - [Breaking Changes](#breaking-changes-15)\n - [Bug Fixes](#bug-fixes-26)\n - [Code Generation](#code-generation-31)\n - [Code Refactoring](#code-refactoring-10)\n - [Documentation](#documentation-22)\n - [Features](#features-21)\n - [Tests](#tests-18)\n - [Unclassified](#unclassified-12)\n- [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09)\n - [Bug Fixes](#bug-fixes-27)\n - [Code Generation](#code-generation-32)\n - [Documentation](#documentation-23)\n - [Features](#features-22)\n - [Tests](#tests-19)\n - [Unclassified](#unclassified-13)\n- [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11)\n - [Bug Fixes](#bug-fixes-28)\n - [Code Generation](#code-generation-33)\n - [Code Refactoring](#code-refactoring-11)\n - [Documentation](#documentation-24)\n - [Features](#features-23)\n- [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27)\n - [Bug Fixes](#bug-fixes-29)\n - [Code Generation](#code-generation-34)\n - [Documentation](#documentation-25)\n - [Features](#features-24)\n - [Tests](#tests-20)\n- [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22)\n - [Bug Fixes](#bug-fixes-30)\n - [Code Generation](#code-generation-35)\n - [Documentation](#documentation-26)\n - [Tests](#tests-21)\n- [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20)\n - [Bug Fixes](#bug-fixes-31)\n - [Code Generation](#code-generation-36)\n - [Documentation](#documentation-27)\n - [Features](#features-25)\n - [Tests](#tests-22)\n - [Unclassified](#unclassified-14)\n- [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15)\n - [Breaking Changes](#breaking-changes-16)\n - [Bug Fixes](#bug-fixes-32)\n - [Code Generation](#code-generation-37)\n - [Code Refactoring](#code-refactoring-12)\n - [Documentation](#documentation-28)\n - [Features](#features-26)\n - [Tests](#tests-23)\n - [Unclassified](#unclassified-15)\n- [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13)\n - [Bug Fixes](#bug-fixes-33)\n - [Code Generation](#code-generation-38)\n- [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13)\n - [Bug Fixes](#bug-fixes-34)\n - [Code Generation](#code-generation-39)\n- [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10)\n - [Bug Fixes](#bug-fixes-35)\n - [Code Generation](#code-generation-40)\n - [Documentation](#documentation-29)\n- [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08)\n - [Bug Fixes](#bug-fixes-36)\n - [Code Generation](#code-generation-41)\n- [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08)\n - [Bug Fixes](#bug-fixes-37)\n - [Code Generation](#code-generation-42)\n- [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08)\n - [Breaking Changes](#breaking-changes-17)\n - [Bug Fixes](#bug-fixes-38)\n - [Code Generation](#code-generation-43)\n - [Code Refactoring](#code-refactoring-13)\n - [Documentation](#documentation-30)\n - [Features](#features-27)\n - [Unclassified](#unclassified-16)\n- [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15)\n - [Breaking Changes](#breaking-changes-18)\n - [Bug Fixes](#bug-fixes-39)\n - [Chores](#chores-1)\n - [Code Refactoring](#code-refactoring-14)\n - [Documentation](#documentation-31)\n - [Features](#features-28)\n - [Unclassified](#unclassified-17)\n- [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05)\n - [Chores](#chores-2)\n - [Documentation](#documentation-32)\n- [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04)\n - [Breaking Changes](#breaking-changes-19)\n - [Bug Fixes](#bug-fixes-40)\n - [Chores](#chores-3)\n - [Code Refactoring](#code-refactoring-15)\n - [Documentation](#documentation-33)\n - [Features](#features-29)\n - [Unclassified](#unclassified-18)\n- [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18)\n - [Bug Fixes](#bug-fixes-41)\n - [Code Refactoring](#code-refactoring-16)\n - [Documentation](#documentation-34)\n- [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16)\n - [Bug Fixes](#bug-fixes-42)\n - [Code Refactoring](#code-refactoring-17)\n - [Documentation](#documentation-35)\n - [Features](#features-30)\n- [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06)\n - [Documentation](#documentation-36)\n - [Features](#features-31)\n- [0.1.0-alpha.4 (2020-02-06)](#010-alpha4-2020-02-06)\n - [Continuous Integration](#continuous-integration)\n - [Documentation](#documentation-37)\n- [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06)\n - [Continuous Integration](#continuous-integration-1)\n- [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03)\n - [Bug Fixes](#bug-fixes-43)\n - [Documentation](#documentation-38)\n - [Features](#features-32)\n - [Unclassified](#unclassified-19)\n- [0.1.0-alpha.1 (2020-01-31)](#010-alpha1-2020-01-31)\n - [Documentation](#documentation-39)\n- [0.0.3-alpha.15 (2020-01-31)](#003-alpha15-2020-01-31)\n - [Unclassified](#unclassified-20)\n- [0.0.3-alpha.14 (2020-01-31)](#003-alpha14-2020-01-31)\n - [Unclassified](#unclassified-21)\n- [0.0.3-alpha.13 (2020-01-31)](#003-alpha13-2020-01-31)\n - [Unclassified](#unclassified-22)\n- [0.0.3-alpha.11 (2020-01-31)](#003-alpha11-2020-01-31)\n - [Unclassified](#unclassified-23)\n- [0.0.3-alpha.10 (2020-01-31)](#003-alpha10-2020-01-31)\n - [Unclassified](#unclassified-24)\n- [0.0.3-alpha.7 (2020-01-30)](#003-alpha7-2020-01-30)\n - [Unclassified](#unclassified-25)\n- [0.0.3-alpha.5 (2020-01-30)](#003-alpha5-2020-01-30)\n - [Continuous Integration](#continuous-integration-2)\n - [Unclassified](#unclassified-26)\n- [0.0.3-alpha.4 (2020-01-30)](#003-alpha4-2020-01-30)\n - [Unclassified](#unclassified-27)\n- [0.0.3-alpha.2 (2020-01-30)](#003-alpha2-2020-01-30)\n - [Unclassified](#unclassified-28)\n- [0.0.3-alpha.1 (2020-01-30)](#003-alpha1-2020-01-30)\n - [Unclassified](#unclassified-29)\n- [0.0.1-alpha.9 (2020-01-29)](#001-alpha9-2020-01-29)\n - [Continuous Integration](#continuous-integration-3)\n- [0.0.2-alpha.1 (2020-01-29)](#002-alpha1-2020-01-29)\n - [Unclassified](#unclassified-30)\n- [0.0.1-alpha.6 (2020-01-29)](#001-alpha6-2020-01-29)\n - [Continuous Integration](#continuous-integration-4)\n- [0.0.1-alpha.5 (2020-01-29)](#001-alpha5-2020-01-29)\n - [Continuous Integration](#continuous-integration-5)\n - [Unclassified](#unclassified-31)\n- [0.0.1-alpha.3 (2020-01-28)](#001-alpha3-2020-01-28)\n - [Continuous Integration](#continuous-integration-6)\n - [Documentation](#documentation-40)\n - [Unclassified](#unclassified-32)\n\n\n\n# [](https://github.com/ory/kratos/compare/v26.2.0...v) (2026-03-20)\n\n# [26.2.0](https://github.com/ory/kratos/compare/v25.4.0...v26.2.0) (2026-03-20)\n\nv26.2.0\n\n### Bug Fixes\n\n- remove more instances of injecting unrecoverable email faults\n ([81e9151](https://github.com/ory/kratos/commit/81e9151758d89d31a673b2513102ccb9fe46fd1f)):\n\n GitOrigin-RevId: 7432f6c605be10cc59b58cf656736d627d7d6f74\n\n- Add missing indices on identity_id\n ([a085d87](https://github.com/ory/kratos/commit/a085d872fa180f28f22809fc6624cfc1e8318580)):\n\n GitOrigin-RevId: 0e9820c93111db7f89f85325a40081737e89978f\n\n- Add missing StrategyUsed attribute to Login and registration events\n ([e72c297](https://github.com/ory/kratos/commit/e72c2972340fa58415d53cc939d3e42e8ea6d6f9)):\n\n GitOrigin-RevId: 34d5db665ed61f78a94249d59ea686abce048983\n\n- Add missing transient nodes clear\n ([ed56dac](https://github.com/ory/kratos/commit/ed56daccaafb6b98f889b61834a8d8d31a055930)):\n\n GitOrigin-RevId: 8d262434213c9fbcb483b8fdc8a498e1167ed26f\n\n- Add oidc linking/unlinking to api settings flow\n ([6a6928c](https://github.com/ory/kratos/commit/6a6928c401084443f2475a9361096e9ddfcd1bb0)):\n\n GitOrigin-RevId: c3fc0688e531326c0e00b797402d01e324b9abfb\n\n- Always retry curl invocations to surmount transient third-party failures\n ([2473954](https://github.com/ory/kratos/commit/2473954f4e3e8b0d2f8d18a36ddb08c02953cfc2)):\n\n GitOrigin-RevId: b23ca94a4e1ba11367012a70a9e528b614f3ceb9\n\n- Base64encoded schemaURL cannot be resolved\n ([a86c212](https://github.com/ory/kratos/commit/a86c212198369083aaf47ab38e798781d42ceb34)):\n\n GitOrigin-RevId: 7b224a32afd2ff5ebf62ef96d797258e8de56afd\n\n- Batch identity error propagation\n ([2f9c3e3](https://github.com/ory/kratos/commit/2f9c3e3490e077b46bcff8e1167ee4204c00e328)):\n\n GitOrigin-RevId: 66a8cca953ee45f50adcdee2aabcb1fa6c429e50\n\n- Clarify password import\n ([849b0de](https://github.com/ory/kratos/commit/849b0def539bbe96ccca950a99998fcd3b0b6618)):\n\n GitOrigin-RevId: 8d1bffaae93e9aa484dd67803c2ad86398500b37\n\n- Context passing in jsonnetsecure\n ([7e33125](https://github.com/ory/kratos/commit/7e33125db8fcbc2163649a03eab20e5e6394c7bb)):\n\n GitOrigin-RevId: 5545bf7446208fafbc8f45f88ab2903a7000a318\n\n- Correctly scan SQL `NULL` into go JSON types\n ([6183672](https://github.com/ory/kratos/commit/6183672902a86988b82c6b4854089df8d6b96915)):\n\n GitOrigin-RevId: 7493c9efdb70ceea61e216660b83408bc7a5d367\n\n- Courier should not retry message dispatches in one go\n ([70f7b38](https://github.com/ory/kratos/commit/70f7b38ab3cf1ac198537379c09e9332f24d4d9f)):\n\n GitOrigin-RevId: f7631f29dff77e700e7495376527eca1f56b0e51\n\n- Data race making test flaky\n ([c651ecf](https://github.com/ory/kratos/commit/c651ecf2ebef1fa6bd43ae57f06c4133b05ce068)):\n\n GitOrigin-RevId: 263cada3af66101a06e617077ddd508d8ef86705\n\n- Deadlock when using -parallel 1\n ([8adaa02](https://github.com/ory/kratos/commit/8adaa024e8701c974f7644ec08d1be5caeb15822)):\n\n GitOrigin-RevId: 467c9c3c2ef22da59b31b7fadc443ca66bf208b9\n\n- Don't attempt to redirect to ory.com in kratos tests\n ([a06b3c2](https://github.com/ory/kratos/commit/a06b3c2b7d827aa64328825c38132c167044d852)):\n\n GitOrigin-RevId: 5ff2118ee1ded9ddfd6f3e8c2d11ebdac46b70cc\n\n- Down migrations in newer MySQL versions\n ([e948a0b](https://github.com/ory/kratos/commit/e948a0bfd4baf2bbb1382cd8a778cafa9697affa)):\n\n GitOrigin-RevId: 85c133fa17445d2579918d673db27d9e68e3fc8b\n\n- Duplicate credential error placeholder case mismatch\n ([84ee596](https://github.com/ory/kratos/commit/84ee59662ce43e250b00716c95aa47b37eba82f1)):\n\n GitOrigin-RevId: 04b013ad8069ef993d337a0cb97ea7fea84c188e\n\n- Failing down migration\n ([7bb24c5](https://github.com/ory/kratos/commit/7bb24c591704b83ea2fee62029029dd71786dc30)):\n\n GitOrigin-RevId: 30d15680f8916d2ec12c2acdad6768cb3c0ed439\n\n- Fetch login challenge after code submissions\n ([048d315](https://github.com/ory/kratos/commit/048d3150e518c8bf7a9cd4c7e57ea0617ca34ff5)):\n\n GitOrigin-RevId: 4ff0402e96d4b8242bbfcbae518f96c77e1fdf09\n\n- Fix benchmark test\n ([2886abe](https://github.com/ory/kratos/commit/2886abe1a0e39a63dc95dc6e1b009655af9aa4bb)):\n\n GitOrigin-RevId: 8cd5d90c7d7124671389cafbb89b87e6c9ced34c\n\n- Fix data race in courier test by protecting slice with mutex\n ([6673982](https://github.com/ory/kratos/commit/66739820c9d45ad4bc465b2ce3e10311967e29e4)):\n\n GitOrigin-RevId: ae11f746a59d8c0c35a04c1242e8c23ad4aa2497\n\n- Fix flaky email test\n ([01e1dd0](https://github.com/ory/kratos/commit/01e1dd04dce4ca08ba8a855866f47d635ed68076)):\n\n GitOrigin-RevId: feab815802aa1088bceca0ea7a968d99f674e657\n\n- Handle batch identities errors more gracefully\n ([952d7ea](https://github.com/ory/kratos/commit/952d7ea7829ba84699d51c52c5ea2eaf86a09c13)):\n\n GitOrigin-RevId: 973ed113f3cb0f6b3b43897b67d02fb5caf2533b\n\n- Incorrect default value for page_tokens\n ([9a5f8b9](https://github.com/ory/kratos/commit/9a5f8b9dee2eebfacd7be7440aadfa764c2f1a62)):\n\n GitOrigin-RevId: 74d3aa40f77a7b08f7616a5d00dd6097b6441e08\n\n- Incorrect error handling\n ([1757cdd](https://github.com/ory/kratos/commit/1757cdd2896235acb6d1d11901adfe8ec17a270a)):\n\n GitOrigin-RevId: 0fd490b859fdd3df0f628904dc4b9531b28a8f68\n\n- Incorrect usage of database/sql\n ([590d898](https://github.com/ory/kratos/commit/590d898dc7fcbd90ff6abc94f97cd1795315ba1e)):\n\n GitOrigin-RevId: a6bc423928fb9910a76e0b18afa2fc2a56fc052d\n\n- **kratos:** Otp fast-path 2fa body error\n ([95341a8](https://github.com/ory/kratos/commit/95341a83a6b639aeec7db9cbec44a93b55bfca98)):\n\n GitOrigin-RevId: 86ef2d84eed29078257d4fc30ca7e278d00e9947\n\n- Lint\n ([e7045c5](https://github.com/ory/kratos/commit/e7045c55a35c10ba5c9ef42627ee394de0cd2056)):\n\n GitOrigin-RevId: 76a6f406c39711497a9029cf8937e3b6d1b58e0e\n\n- Pass transient payload to webhooks in API/native OIDC flows\n ([d023775](https://github.com/ory/kratos/commit/d023775750c0e86f5aef64b91dc976f554f90699)):\n\n GitOrigin-RevId: f31711edace2a1515579991437250bbd08fa74a1\n\n- Properly accept login challenge in verification after login flows\n ([f6d59bb](https://github.com/ory/kratos/commit/f6d59bb1a7d5d9850dac9254bf67166c4e44f023)):\n\n GitOrigin-RevId: d71d9a347e6ec39854e291aa00d2a635f480a55c\n\n- Recovery code expires_in regression\n ([8f54814](https://github.com/ory/kratos/commit/8f5481428695071bdb4f09c3e22ebe848cb89a0c)):\n\n GitOrigin-RevId: 00c5dfe3b3c2ded1f6622410bb4b7c7f6cfbf129\n\n- Recovery code expiry error\n ([3447e0a](https://github.com/ory/kratos/commit/3447e0a6f5e5b8b22ef360e989e4944edc8491a2)):\n\n GitOrigin-RevId: 9505d3eb2da5ea82b200700483168bb1987966fa\n\n- Redact subject codes\n ([071ad54](https://github.com/ory/kratos/commit/071ad54b0a1fc601b162a63d8f96a7a95c8ad118)):\n\n GitOrigin-RevId: 56be74ec84ca7b8d9885c92f89cd1332e7af4238\n\n- Remove flaky test for unused function\n ([b4d8591](https://github.com/ory/kratos/commit/b4d85919854ee5b888d63519af6d0fe176973559)):\n\n GitOrigin-RevId: 736a6ab0e4bbdc424705c3d4589caf61b72d00d1\n\n- Remove redundant ORDER BY in QueryForCredentials\n ([65b27fd](https://github.com/ory/kratos/commit/65b27fd812b2fe6fe3fd1a2a706b8e38e265f523)):\n\n GitOrigin-RevId: 78e60dcdf2ed5082ffa3b7e5489ab9018fc2f5b2\n\n- Remove WithDumpMigrations option to MigrationBox\n ([7ee85fb](https://github.com/ory/kratos/commit/7ee85fb985b01efcfd7c9d486e1db85c0104648e)):\n\n GitOrigin-RevId: ec8bf6fb2d78337c71a158ba2f65dfe2e2d612f6\n\n- Request log config key\n ([1799e3a](https://github.com/ory/kratos/commit/1799e3a49f56875a3328add32ef90d3bab485caa)):\n\n GitOrigin-RevId: d81d89baac28e6ac486b3a0b1ca3683f537eb15e\n\n- Resolve incorrect error handling\n ([9144b55](https://github.com/ory/kratos/commit/9144b554c0feb5fc737f245ac71e99da904f2d98)):\n\n GitOrigin-RevId: e8bb70305cf8218b60e89db4d7bf128f7b590aa7\n\n- Resolve null response in OAuth2 flow with existing session\n ([e7d8bd1](https://github.com/ory/kratos/commit/e7d8bd1f7d13fff2e9aa065444556f27f9a9d688)):\n\n GitOrigin-RevId: 54adcc002fa545e2eb4abf1ef819d9e08089a279\n\n- Return a specific error message for email & phone validation errors\n ([d6b0f49](https://github.com/ory/kratos/commit/d6b0f492c4aa6608b821252ede2ae0175ff89b66)):\n\n GitOrigin-RevId: 48ed3f3642f831b1bc58f3238105911ad8a55de0\n\n- Return correct CSRF errors\n ([b7b7fd4](https://github.com/ory/kratos/commit/b7b7fd4f0bdbca38eb7e3f26c641cb99ad1337de)):\n\n GitOrigin-RevId: cab70529e9041391cd406fb96b8ce0b53b1a657f\n\n- Return oauth2 login challenge on Bad Request in self-service flows\n ([bc33d5c](https://github.com/ory/kratos/commit/bc33d5cd99c89a304e6e55b5bc8a3118133e9d9d)):\n\n GitOrigin-RevId: ab4e0fd801d619550234afba63614c098bc79fea\n\n- Seamlessly migrate existing users to SCIM\n ([76d35cf](https://github.com/ory/kratos/commit/76d35cfe1c79346628bcbc4adfe540b6099d2a62)):\n\n GitOrigin-RevId: b2088ed6bf263a408a124d411c118b1f3fa040b9\n\n- Show captcha on otp submission\n ([039d5bc](https://github.com/ory/kratos/commit/039d5bccd7955ca3d6ae4bfd656c790778c583c4)):\n\n GitOrigin-RevId: e1cee4e841345aec0aae698e25ddefa36a93210b\n\n- Stray debug print\n ([3da622f](https://github.com/ory/kratos/commit/3da622f0194469289f7e1067e42c16a8721b795c)):\n\n GitOrigin-RevId: eeb3d3c38faa92f79d2c0b5eb758bdf912a43bc7\n\n- Transfer OAuth2 login challenge in account linking flow\n ([1ab143c](https://github.com/ory/kratos/commit/1ab143c5f5427032d16fd5c03dfd5ee3dd86184f)):\n\n GitOrigin-RevId: b666119e260f3b0b2071161578b5179e49a89616\n\n- Update CONTRIBUTING.md\n ([95bf33b](https://github.com/ory/kratos/commit/95bf33bb29cc81d880933efa3ab38b8089006a3a)):\n\n GitOrigin-RevId: c40330cae452ab009c3a86892c0c2772d82ccfb8\n\n- Update dependencies and replace @ory/client for\n kratos-selfserivce-ui-react-native\n ([3d88a43](https://github.com/ory/kratos/commit/3d88a439c5084da333e2f514c6c7a114c9650867)):\n\n GitOrigin-RevId: 4d380b9988c7f01acf6b71d30eeb5021cdaef973\n\n- Update packages to fix GHSA-7h2j-956f-4vf2\n ([79fb49d](https://github.com/ory/kratos/commit/79fb49d39a400f6e8c67cf2cb7097ce43bb037bf)):\n\n GitOrigin-RevId: 55aad6f8b36d1d22a6e149b842d035eae6ccae35\n\n- Upgrade vulnerable dependencies across Go and npm\n ([c2adee4](https://github.com/ory/kratos/commit/c2adee419e9c6c6c35817193a2a9b45dc0022a26)):\n\n Co-authored-by: Deepak Prabhakara GitOrigin-RevId:\n c3fc33561a0d0eedbc9be03ff551f62452f1c905\n\n- Use correct client authentication method for Apple OIDC\n ([6c2f8fb](https://github.com/ory/kratos/commit/6c2f8fb90967d69637b5587ff5c31512b8232c92)):\n\n GitOrigin-RevId: 499278d7a86a26153f98d1c820f54e69879738f4\n\n- X data race and parallize some tests\n ([116a66e](https://github.com/ory/kratos/commit/116a66e18adfc10fe2cfc60c46c902d5d680543d)):\n\n GitOrigin-RevId: 737267e41d80a6278bcb8cc657208a3a0cf13dcd\n\n### Code Refactoring\n\n- Squash merge old backoffice migration and fix up command\n ([7790322](https://github.com/ory/kratos/commit/77903222ee85a015ffa1caa8504655895817bdb2)):\n\n GitOrigin-RevId: 047d524cb71a5f0e7a082c4f3ebec6426935739d\n\n### Documentation\n\n- Improve readme and dev instructions\n ([56be7ba](https://github.com/ory/kratos/commit/56be7baaabe11702b9406900412964028b17762c)):\n\n GitOrigin-RevId: 5269520d6b9313732e2a9f13747e8696bb96a8e4\n\n- Update readmes\n ([bc8dca6](https://github.com/ory/kratos/commit/bc8dca6807e0deb77aa3a9c589a367bc6772ba9d)):\n\n GitOrigin-RevId: 936016692123f481c9addb607355ac326edee206\n\n### Features\n\n- Add captcha strategy for recovery flow\n ([3dee8f5](https://github.com/ory/kratos/commit/3dee8f5f949973373f5e3d4ea9878981c30da07f)):\n\n GitOrigin-RevId: 8bf87d0de35855b50cd0c995329b4e40520a4c2b\n\n- Add captcha strategy for verification flow\n ([420f69d](https://github.com/ory/kratos/commit/420f69d5bcecb8358bd24a432d61608cccfd4479)):\n\n GitOrigin-RevId: c500a8b1fad779bd3a4da04ebc816ee488d21d25\n\n- Add column identity_id to identity_credential_identifiers and session_devices\n ([57b099f](https://github.com/ory/kratos/commit/57b099f24ce94ed3c443d2ee3acbc5c5670d1aa8)):\n\n GitOrigin-RevId: a8fc43b6bba9119a2d9472343eede30978ee72d7\n\n- Add native api flow support for passkeys\n ([39c341b](https://github.com/ory/kratos/commit/39c341b9260694bf5ac19874c66ef58e18094b9e)):\n\n GitOrigin-RevId: 407616212851156151f786e176be6e6349917c8d\n\n- Add ratelimit buckets to swagger definitions\n ([a14c3f2](https://github.com/ory/kratos/commit/a14c3f222617eef5573534745e957d5c15e4f589)):\n\n GitOrigin-RevId: 854dea8de34fc0402fbe1641af7f076f977cbcbc\n\n- Add session to all settings hooks payloads\n ([aebbc2b](https://github.com/ory/kratos/commit/aebbc2be0096e5727c1da0fa936d1a9a0b3273e1)):\n\n GitOrigin-RevId: baeb33ceb72409aaa231fee2988734d729115896\n\n- Add support for NULL and more column types to keysetpagination\n ([3f24dbf](https://github.com/ory/kratos/commit/3f24dbf3b98f51726a94240a5d6de947586c8112)):\n\n GitOrigin-RevId: 4e314fd71e85ebeb0fc5ef3bd8d5e892c610f01e\n\n- Auto account linking for google and apple\n ([623742e](https://github.com/ory/kratos/commit/623742e15227c36f85730185fe4230781febdd09)):\n\n GitOrigin-RevId: c66e7aeda756b80aee97ee82fed988123da72541\n\n- Automatic transaction retries for postgres\n ([80dcbac](https://github.com/ory/kratos/commit/80dcbac48d1c9a1882319fa009269692aee1709a)):\n\n GitOrigin-RevId: e7d567988621937fb25e9f41af7892b6f0aad65d\n\n- Better multi-region queries\n ([af48288](https://github.com/ory/kratos/commit/af48288839e0dee36f7a4cb86434bf3237cb6fd2)):\n\n GitOrigin-RevId: 007a93a33d5fe26ef336c35f3f6100ee8bcb4f61\n\n- Collect external latency data and write to logs\n ([97ce640](https://github.com/ory/kratos/commit/97ce6402184842f1cfcd79da274ab367a0e8124a)):\n\n GitOrigin-RevId: 6ffdbd26c4346ed65646a8f508a4ed44dd4b7637\n\n- Consider Go migrations DirHash when restoring full schema from backups\n ([99c8cdc](https://github.com/ory/kratos/commit/99c8cdc97bd8d70cef981f2c78fdae186806c389)):\n\n GitOrigin-RevId: 3b1e15bede6a985c746e16aee512d778c7bf9743\n\n- Forward (some) user request headers to SMS HTTP channel\n ([f2ce286](https://github.com/ory/kratos/commit/f2ce286eb11eb3fcd4ef63d2ec5b596c3cfc76df)):\n\n GitOrigin-RevId: 2f63cc936d612b530a3b1058656e54716f71559f\n\n- Generate events for SSO and SCIM provider revisions\n ([da8ec11](https://github.com/ory/kratos/commit/da8ec11af3506af8220280727c074cedcdf34f43)):\n\n GitOrigin-RevId: 61d08f591404d69e55057d745e0342c17446a713\n\n- Hydra benchmarking tool\n ([aa3071f](https://github.com/ory/kratos/commit/aa3071fa7a35ea4d6a6bd4f60c147bf571deedcb)):\n\n GitOrigin-RevId: a2db2f17a2eaf000ff7ffbfdd71c422721259d39\n\n- Improved tracing\n ([46c1028](https://github.com/ory/kratos/commit/46c1028e2b57ba17f4de5f79c882f34b19d84822)):\n\n GitOrigin-RevId: 98ae16a6f1de4414538c7692758af850aa0caaac\n\n- Infer regional-by-row region using foreign key constraints\n ([46c18eb](https://github.com/ory/kratos/commit/46c18eb372e93b3bcd1d92b5edb0606dbcc10b50)):\n\n GitOrigin-RevId: 0b33189034afb6a1090f49b06ec28cb68b335a89\n\n- Keto-cli improvements\n ([86968f5](https://github.com/ory/kratos/commit/86968f5773c0d7f6ecff71db08bd505b85222b7d)):\n\n GitOrigin-RevId: 7e569c384d891743c8b9a5c2cfca635e550cfc89\n\n- **kratos:** Auto-send code when it is the only available method\n ([86103bc](https://github.com/ory/kratos/commit/86103bcff46b4e4cb0d18c3934bbcef30fb4af68)):\n\n GitOrigin-RevId: cedeed8f92b51fdc746807b10937cb633d3c62d0\n\n- Login with uae pass\n ([1544efe](https://github.com/ory/kratos/commit/1544efe5ea3975f2eb9d61aea4d893eb51b7abaa)):\n\n GitOrigin-RevId: 9ea7e86014ca7202b0b54bc1e5707253121db6cb\n\n- Make new identity_id column on identifiers and session_devices NOT NULL and\n establish foreign key\n ([6bf18bf](https://github.com/ory/kratos/commit/6bf18bf87e02a25bd1f87bb40af71f8439a6c0c5)):\n\n GitOrigin-RevId: a837b24e7f0642fcd77b2f5c1c0532de07c49078\n\n- Make SCIM work with MySQL\n ([a34e951](https://github.com/ory/kratos/commit/a34e9515ad9742cb6dd5f981c248bbed8050a404)):\n\n GitOrigin-RevId: a833fe21172d9c218b55d7229e4ed3a131cfcb6c\n\n- Rename project revision columns\n ([e25723e](https://github.com/ory/kratos/commit/e25723e39492fc2c9f7e43970dfb4f08bba0a1b3)):\n\n GitOrigin-RevId: b20a153d86d72c43f83f7107b4c3ed602bcb5009\n\n- Speed up OIDC login+registration handling\n ([6bfbaf5](https://github.com/ory/kratos/commit/6bfbaf5791eddce0a2777b580a62983762314930)):\n\n GitOrigin-RevId: bd516d8f488b385e2968d56509123cde78d0f642\n\n- Update GetActiveRecoveryStrategies method\n ([b94f4c9](https://github.com/ory/kratos/commit/b94f4c9ba5b1178ac8ca16af2ce544c0479956a6)):\n\n GitOrigin-RevId: ae8121e4488d8fc332bea1bcea704b15c2cd7987\n\n- Use keysetpagination planner for keto read queries\n ([85590e8](https://github.com/ory/kratos/commit/85590e8a4ca192ebf8aad6a2ce79f5dc50c5f53f)):\n\n GitOrigin-RevId: e2ed9c3eecc60fd26eaedb3f8cca4f222fd1cb1e\n\n### Tests\n\n- Add assertions for json response body\n ([0f5085c](https://github.com/ory/kratos/commit/0f5085c67a3f6f8481246c1d86b080d932a4cfa4)):\n\n GitOrigin-RevId: b9ff0ad8e58bf96953980bb8aeb55aeee8138c04\n\n- Deflake and improve performance\n ([0451169](https://github.com/ory/kratos/commit/04511690ca6702f05ce7c64227b9db028fa5204f)):\n\n GitOrigin-RevId: 0f7be9e16ea12f9cb277f8cb3f03058e9db1aaa9\n\n- Deflake directory watcherx\n ([00c4f9e](https://github.com/ory/kratos/commit/00c4f9e4a67b7c78ff8359d4240a2ddaef05b4bb)):\n\n GitOrigin-RevId: 6b1c66f96f46833273490b22179aadcb5c7ce01c\n\n- Deflake SAML config assertion\n ([71da1e3](https://github.com/ory/kratos/commit/71da1e3c590f5001933b28102ffeb454497e1827)):\n\n GitOrigin-RevId: 3cad41ed2ded379328e6c0f50d1b27a9da9b0f38\n\n- Faster and more reliable courier tests\n ([2a552ea](https://github.com/ory/kratos/commit/2a552eacefb0dd385f01c678eae8544d276dfa90)):\n\n GitOrigin-RevId: 30c7ebf095fd5c233e173dc0a645d7bcbe69115f\n\n- Fix data races\n ([4014eeb](https://github.com/ory/kratos/commit/4014eeb08c65dee3956881127ce1e5c50d018449)):\n\n GitOrigin-RevId: 7dc520ddc926be30393d474734d37a5f58cc4851\n\n- Fix data races\n ([8482dd5](https://github.com/ory/kratos/commit/8482dd5de02900fd59746313504ee9b81c9ff874)):\n\n GitOrigin-RevId: 624aeee77f199dd8c67b67cefe2a61c2f9e7d759\n\n- **hydra:** Add plaintext backups for all DB types\n ([3369ebd](https://github.com/ory/kratos/commit/3369ebd6f3695c94c41e0bdd49fdff29d79971c7)):\n\n GitOrigin-RevId: ee2c8ff9ffacff66d09241827780350979957dba\n\n- Minor setup improvements\n ([b9e094d](https://github.com/ory/kratos/commit/b9e094d674629c8b4f8f4e3cf7679658c5551f55)):\n\n GitOrigin-RevId: cc7740e9ef1c5469df10001c6dd1bca50368ee01\n\n### Unclassified\n\n- apply review changes\n ([e7d5dd2](https://github.com/ory/kratos/commit/e7d5dd272b3618767223732e61b0b9a2f3c752f5)):\n\n GitOrigin-RevId: 9d4a25d813cb86f4a42fe879d7d1c346674e5dc6\n\n- storybook snapshots\n ([3f06c5d](https://github.com/ory/kratos/commit/3f06c5da026861664677472ffec986f90b5e5590)):\n\n GitOrigin-RevId: 066f7ecfdb4bc5614a7c238c4e0e21e959b7e6b7\n\n- fixes\n ([7982b73](https://github.com/ory/kratos/commit/7982b73ae145e5e709ab742c29d784d1a7f85db2)):\n\n GitOrigin-RevId: 11ef68918584d7711fca8b20f371ea0c8b86f127\n\n# [25.4.0](https://github.com/ory/kratos/compare/v1.3.0...v25.4.0) (2025-11-07)\n\nv25.4.0\n\n## Breaking Changes\n\nThe `require_verified_address` hook no longer returns a plain error. Previously,\nusers had to manually start the verification flow, which caused a poor\nexperience. Now, Ory Kratos automatically creates a verification flow and\nredirects the user using `continue_with` or an HTTP redirect. The verification\nflow starts with the first verified address found for the user. This aligns the\nbehavior of `require_verified_address` with using the `verification` and\n`show_verification_ui` hook combination for login.\n\nGoing forward, the node group of fields that are failing validation during oidc\nsign up are `default` and no longer `oidc`. For now, you can get the legacy\nbehavior back by turning on\n`feature_flags.legacy_oidc_registration_node_group=true`.\n\nCo-authored-by: Jonas Hungershausen \n\nBefore this change, `show_verification_ui` would always be included in\n`continue_with` for the registration flow when verification was enabled. After\nthis change, `show_verification_ui` is only included when the\n`show_verification_ui` post-registration hook is defined.\n\nAccount linking incorrectly returned a 200 OK status code even though the login\nflow was not completed successfully. Going forward, the correct 400 OK status\ncode will be sent when using the API flow or `Accept: application/json`.\n\nThis patch changes the behavior of configuration item `foo` to do bar. To keep\nthe existing behavior please do baz.\n\n```\n-->\n\n## Related issue(s)\n\n\n\n## Checklist\n\n\n\n- [ ] I have read the [contributing\nguidelines](../blob/master/CONTRIBUTING.md).\n- [ ] I have referenced an issue containing the design document if my\nchange\n introduces a new feature.\n- [ ] I am following the\n[contributing code\n\nThis patch changes the behavior of configuration item `foo` to do bar. To keep the existing\nbehavior please do baz.\n```\n\n-->\n\n## Related issue(s)\n\n\n\n## Checklist\n\n\n\n- [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md).\n- [ ] I have referenced an issue containing the design document if my change\n introduces a new feature.\n- [ ] I am following the [contributing code\n\nThis patch changes the behavior of configuration item `foo` to do bar. To keep\nthe existing behavior please do baz.\n\n```\n-->\n\n## Related issue(s)\n\n\n\n## Checklist\n\n\n\n- [ ] I have read the [contributing\nguidelines](../blob/master/CONTRIBUTING.md).\n- [ ] I have referenced an issue containing the design document if my\nchange\n introduces a new feature.\n- [ ] I am following the\n[contributing code\n\nThis patch changes the behavior of configuration item `foo` to do bar. To keep the existing\nbehavior please do baz.\n```\n\n-->\n\n## Related issue(s)\n\n\n\n## Checklist\n\n\n\n- [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md).\n- [ ] I have referenced an issue containing the design document if my change\n introduces a new feature.\n- [ ] I am following the [contributing code\n\nThis patch changes the behavior of configuration item `foo` to do bar. To keep\nthe existing behavior please do baz.\n\n```\n-->\n\n## Related issue(s)\n\n\n\n## Checklist\n\n\n\n- [ ] I have read the [contributing\nguidelines](../blob/master/CONTRIBUTING.md).\n- [ ] I have referenced an issue containing the design document if my\nchange\n introduces a new feature.\n- [ ] I am following the\n[contributing code\n\nThis patch changes the behavior of configuration item `foo` to do bar. To keep the existing\nbehavior please do baz.\n```\n\n-->\n\n## Related issue(s)\n\n\n\n## Checklist\n\n\n\n- [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md).\n- [ ] I have referenced an issue containing the design document if my change\n introduces a new feature.\n- [ ] I am following the [contributing code\n\nThe total count header `x-total-count` will no longer be sent in response to\n`GET /admin/sessions` requests.\n\nCloses https://github.com/ory-corp/cloud/issues/7177 Closes\nhttps://github.com/ory-corp/cloud/issues/7175 Closes\nhttps://github.com/ory-corp/cloud/issues/7176\n\n### Bug Fixes\n\n- Accept login challenge in session_issuer on SPA flows\n ([#4288](https://github.com/ory/kratos/issues/4288))\n ([e13687a](https://github.com/ory/kratos/commit/e13687ad51cdb889f0e680a005145a0134086fc7))\n- Accept login_challenge in SPA verification flows\n ([#4284](https://github.com/ory/kratos/issues/4284))\n ([7ca3b6b](https://github.com/ory/kratos/commit/7ca3b6be14c53e16c3a8f4e7eb83efe0b0e7c88e))\n- Account linking should only happen after 2fa when required\n ([#4174](https://github.com/ory/kratos/issues/4174))\n ([8e29b68](https://github.com/ory/kratos/commit/8e29b68a595d2ef18e48c2a01072335cefa36d86))\n- Account linking with 2FA ([#4188](https://github.com/ory/kratos/issues/4188))\n ([4a870a6](https://github.com/ory/kratos/commit/4a870a678dd3676abda7afc9803399dec4411b05)):\n\n This fixes some edge cases with OIDC account linking for accounts with 2FA\n enabled.\n\n- Add default issuer URL for LINE\n ([#4415](https://github.com/ory/kratos/issues/4415))\n ([292f65d](https://github.com/ory/kratos/commit/292f65d6bd1bc70b2f13b92bdbcb8e30256e0a17)):\n\n Fixed+expanded relevant comment.\n\n Fixed some tracing issues.\n\n Added error info and missing res.Body.Close() in courier.\n\n- Add exists clause ([#4191](https://github.com/ory/kratos/issues/4191))\n ([a313dd6](https://github.com/ory/kratos/commit/a313dd6ba6d823deb40f14c738e3b609dbaad56c))\n- Add missing autocomplete attributes to identifier_first strategy\n ([#4215](https://github.com/ory/kratos/issues/4215))\n ([e1f29c2](https://github.com/ory/kratos/commit/e1f29c2d3524f9444ec067c52d2c9f1d44fa6539))\n- Add missing csrf_token ([#4363](https://github.com/ory/kratos/issues/4363))\n ([f441f41](https://github.com/ory/kratos/commit/f441f41312b81a570e99348f69b88008f4516660))\n- Add missing discriminator ([#4365](https://github.com/ory/kratos/issues/4365))\n ([c10bb06](https://github.com/ory/kratos/commit/c10bb06bb9125fbc71863c5aa82194da2f2e2888))\n- Add missing saml group ([#4268](https://github.com/ory/kratos/issues/4268))\n ([44eb305](https://github.com/ory/kratos/commit/44eb305cf91672798f7d57550a026c6b970f7566))\n- Add missing submit group ([#4354](https://github.com/ory/kratos/issues/4354))\n ([106163d](https://github.com/ory/kratos/commit/106163d15e2eb84c3403d0ce8f829a9d9b3ce94f))\n- Add missing values to the session method enum\n ([a043b43](https://github.com/ory/kratos/commit/a043b43ceb5e7e1ce4fd1ef25f4ba8db72d7b478)):\n\n GitOrigin-RevId: 60b31e9f7d7b50dc652efc5f3a385be4adb25ba1\n\n- Add resend node to after registration verification flow\n ([#4260](https://github.com/ory/kratos/issues/4260))\n ([9bc83a4](https://github.com/ory/kratos/commit/9bc83a410b8de9d649b6393f136889dd14098b0d))\n- Add transient payload to fedcm\n ([#4369](https://github.com/ory/kratos/issues/4369))\n ([245f5dc](https://github.com/ory/kratos/commit/245f5dc1c83d35d7e228a45ee267d6bcdb705e98)),\n closes\n [../blob/master/CONTRIBUTING.md#contributing-code](https://github.com/../blob/master/CONTRIBUTING.md/issues/contributing-code):\n\n \n\n **Changes:**\n - Add `LoginStarted` and `RegistrationStarted` events along their required\n attributes\n - Sort all event attributes alphabetically\n - Emit these events when a new login/registration flow is created, _after_\n basic validation passed\n - It is unclear yet how many of these events will be emitted, as such it is\n suggested that in a first phase, they remain internal and are not yet sent\n externally to avoid surprises (note: sometimes, these events can be emitted\n without user action such as simply visiting/being redirected to the sign-in\n page, etc)\n\n **Documentation PR:** [ory/docs#2144](https://github.com/ory/docs/pull/2144)\n\n **Issue:** https://github.com/ory-corp/cloud/issues/7895\n\n \n\n Examples in Grafana:\n - LoginStarted: \"Screenshot\n - RegistrationStarted: \"Screenshot\n\n- Add migrate sql up|down|status\n ([#4228](https://github.com/ory/kratos/issues/4228))\n ([e6fa520](https://github.com/ory/kratos/commit/e6fa520058ca778e01d4e93a8ab4b31a74dd2e11)):\n\n This patch adds the ability to execute down migrations using:\n\n ```\n kratos migrate sql down -e --steps {num_of_steps}\n ```\n\n Please read `kratos migrate sql down --help` carefully.\n\n Going forward, please use the following commands\n\n ```\n kratos migrate sql up ...\n kratos migrate sql status ...\n ```\n\n instead of the previous, now deprecated\n\n ```\n kratos migrate sql ...\n kratos migrate status ...\n ```\n\n commands.\n\n See https://github.com/ory-corp/cloud/issues/7350\n\n- Add new Division ui node attributes\n ([235af52](https://github.com/ory/kratos/commit/235af527dea47b87ad0f18ff04f9b807e4639ae3)):\n\n Division nodes may be used to hook dynamic scripts and are not actively used\n in the Ory Kratos open source.\n\n- Add new endpoint to tokenize JWT with a webhook\n ([f7fa792](https://github.com/ory/kratos/commit/f7fa792a52af5bddbd2869fc4bc0383c73641dfb)):\n\n GitOrigin-RevId: ff93a3daadc993348ff40ee21c28ec0a30c6cfbe\n\n- Add oid as subject source for microsoft\n ([#4171](https://github.com/ory/kratos/issues/4171))\n ([77beb4d](https://github.com/ory/kratos/commit/77beb4de5209cee0bea4b63dfec21d656cf64473)),\n closes [#4170](https://github.com/ory/kratos/issues/4170):\n\n In the case of Microsoft, using `sub` as an identifier can lead to problems.\n Because the use of OIDC at Microsoft is based on an app registration, the\n content of `sub` changes with every new app registration. `Sub` is therefore\n not uniquely related to the user. It is therefore not possible to transfer\n users from one app registration to another without further problems.\n https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#payload-claims\n\n With the use of `oid` it is possible to identify a user by a unique id.\n\n- Add session in settings after hook\n ([1b57fdf](https://github.com/ory/kratos/commit/1b57fdf375e218ff1cb13fa4888ee01bbb2a986c)):\n\n GitOrigin-RevId: 754c057a2d2d5b92a417b429caea524a5d54b184\n\n- Add support for Line v2.1 OIDC provider\n ([#4240](https://github.com/ory/kratos/issues/4240))\n ([729effd](https://github.com/ory/kratos/commit/729effd61e4b08f28099bba09acef87aeb0c7ffd)):\n\n For OIDC Line Login, you only need to add id_token_key_type=JWK in the\n exchange step to issue tokens in ES256 format.\n\n https://github.com/ory/kratos/discussions/1116\n\n- Allow deleting password credentials\n ([#4304](https://github.com/ory/kratos/issues/4304))\n ([f2212d4](https://github.com/ory/kratos/commit/f2212d48af47f24ca6e504ca98bc31afe6774241)):\n\n The admin API did not allow to delete passwords at all. The restriction is now\n lifted to only block deletion of the first-factor credential if it is the last\n one.\n\n- Allow extra go migrations in persister\n ([#4183](https://github.com/ory/kratos/issues/4183))\n ([7bec935](https://github.com/ory/kratos/commit/7bec935c33b9adb6033aaecfa9a6dbe6c9c3daa1))\n- Allow listing identities by organization ID\n ([#4115](https://github.com/ory/kratos/issues/4115))\n ([b4c453b](https://github.com/ory/kratos/commit/b4c453b0472f67d0a52b345691f66aa48777a897))\n- Allow setting the org ID on creation\n ([#4306](https://github.com/ory/kratos/issues/4306))\n ([bccd2fb](https://github.com/ory/kratos/commit/bccd2fb8c8efac96938e564f1f34cd711b41d0a1))\n- Autoconfigure kratos-changefeed\n ([b8bf4c7](https://github.com/ory/kratos/commit/b8bf4c7ca4323adfa936cf2e24fc98e34123150a)):\n\n GitOrigin-RevId: 8e684d3c1ed528798c0c81cc4330858c54a39acf\n\n- Bump CRDB, establish foreign key,\n ([d76e70f](https://github.com/ory/kratos/commit/d76e70f275846e598c601b63fc337e5ceefa8f81)):\n\n GitOrigin-RevId: ca6d967ddb2e2eeb2d2eaf25e851652dddbc1d47\n\n- Cache OIDC providers ([#4222](https://github.com/ory/kratos/issues/4222))\n ([30485c4](https://github.com/ory/kratos/commit/30485c44e61c17231e0c46b321be842b19ea5a5f)):\n\n This change significantly reduces the number of requests to\n `/.well-known/openid-configuration` endpoints.\n\n- **changelog-oel:** Choose identity schema in self-service registration and\n login flows\n ([53f4b9f](https://github.com/ory/kratos/commit/53f4b9f943495ad265e4f0d87cbb018032f068a3)):\n\n GitOrigin-RevId: 8d6ee03cc8181d3277100a4b7412a3a113799964\n\n- **changelog-oel:** Improved tracing and metrics for the high-performance SQL\n connection pool\n ([ce1bf9f](https://github.com/ory/kratos/commit/ce1bf9f46810553ffd8e7ff8aff4abc44e4ce1f0)),\n closes [hi#performance](https://github.com/hi/issues/performance):\n\n GitOrigin-RevId: 9480f8997f7641b0f1276ca2ae0f25781428fdbc\n\n- **changelog:** Add a new feature flag for the Recovery V2 to ensure\n backwards-compatibility\n ([d68736b](https://github.com/ory/kratos/commit/d68736bed28e956e52a54fef5591bd4c88de6594)):\n\n GitOrigin-RevId: e630152345321a187bc75ee59a190cc3485556a3\n\n- **changelog:** Add CourierMessageAbandoned & CourierMessageDispatched events\n ([dfed493](https://github.com/ory/kratos/commit/dfed493184c64d6eee061577549caf7501d017ad)):\n\n GitOrigin-RevId: b4a2680d2fc9438b565a1283641b49871d1cbb11\n\n- **changelog:** Find-by and delete SAML credentials\n ([0c80f61](https://github.com/ory/kratos/commit/0c80f61ccafc24e5bb1a497e652edfc8e951431a)):\n\n GitOrigin-RevId: 4a34b9acfc999454a8678c3e520a1bba3fe84b16\n\n- **changelog:** Migrate http router to stdlib router\n ([48f5adb](https://github.com/ory/kratos/commit/48f5adb9ce720f6906283372515b85f365a7f0b5)):\n\n GitOrigin-RevId: ebd7ec330a4f7b9826cb70ba36ba2f727ea64c96\n\n- **changelog:** Reject new password same as old password when changing the\n password\n ([a7f50ab](https://github.com/ory/kratos/commit/a7f50abc99ddd7b6dac7dea09004feeb8e84c323)):\n\n GitOrigin-RevId: 96efafceac92934eb2ab81f1a1b329b0e777cd74\n\n- Console UI for multiple identity schemas\n ([1145cda](https://github.com/ory/kratos/commit/1145cda7ce2a7b7b30d78f936d005edaf5060fc3)):\n\n GitOrigin-RevId: c235c2874236762c54e619a1c09def1fd713ce78\n\n- Custom page token column extraction\n ([c5cb85e](https://github.com/ory/kratos/commit/c5cb85eabee29fe32b7b2ed4acae7308c41cb245)):\n\n GitOrigin-RevId: 706b836df390da53f8ef3e3800391b206b715949\n\n- Domain telemetry improvements\n ([93345d7](https://github.com/ory/kratos/commit/93345d7b9f2b302e3b35041191c44f85a6ea0973)):\n\n GitOrigin-RevId: 9a0825160976ff16b7a39024e650ecfaf9ce82a5\n\n- Drop unused indices post index migration\n ([#4201](https://github.com/ory/kratos/issues/4201))\n ([1008639](https://github.com/ory/kratos/commit/1008639428a6b72e0aa47bd13fe9c1d120aafb6e))\n- Emit admin recovery code event\n ([#4230](https://github.com/ory/kratos/issues/4230))\n ([a7cdc3a](https://github.com/ory/kratos/commit/a7cdc3a6911e265f4e78c780d8e4b8922066875c))\n- Emit event on Jsonnet claims mapping error\n ([#4394](https://github.com/ory/kratos/issues/4394))\n ([8caebdb](https://github.com/ory/kratos/commit/8caebdb6eb67c2039251b53804aac6a9f166f578)):\n\n We now emit an event containing the Jsonnet input and output in anonymized\n form when mapping the claims in the OIDC flow fails.\n\n- Emit events on jsonnet failure when templating a jwt\n ([#4409](https://github.com/ory/kratos/issues/4409))\n ([959ded5](https://github.com/ory/kratos/commit/959ded5c8bb17b12b2bf242e959802a56f7c43e0)),\n closes\n [../blob/master/CONTRIBUTING.md#contributing-code](https://github.com/../blob/master/CONTRIBUTING.md/issues/contributing-code):\n - Fix typo: parital -> partial\n - Document with comments why an event is not emitted or not documented\n - Emit `JsonnetMappingFailed` events on jsonnet failure when templating a jwt\n (see https://www.ory.sh/docs/identities/session-to-jwt-cors). After review\n it seems we otherwise always emit events in all the right places, except in\n this very case. Tested end-to-end manually with the UI.\n\n ## Related issue(s)\n\n https://github.com/ory-corp/cloud/issues/7291\n\n ## Checklist\n - [x] I have read the\n [contributing guidelines](../blob/master/CONTRIBUTING.md).\n - [x] I have referenced an issue containing the design document if my change\n introduces a new feature.\n - [x] I am following the [contributing code\n\n- Emit oryWebAuthnInitialized event once webauthn is initialized\n ([b4485f4](https://github.com/ory/kratos/commit/b4485f411651713a673b11e6984a3e467bd75e51)):\n\n GitOrigin-RevId: 65bf66553ee2027ce592b1f48741d320e1840de0\n\n- Enable JSONNet templating for password migration hook\n ([#4390](https://github.com/ory/kratos/issues/4390))\n ([b162897](https://github.com/ory/kratos/commit/b1628976a0251a0ad84fd2128d1df23f4dff5e99)):\n\n This enables JSONNet body templating for the password migration hook. There is\n also a significant refactoring of some internals around webhook config\n handling.\n\n- Expose Ory-Error-Id HTTP header\n ([f2b0cd5](https://github.com/ory/kratos/commit/f2b0cd5a5669e9116d248d1a43a875e5a38d723c)):\n\n GitOrigin-RevId: 3fe0ebc17fec11dd8135bfdd8e6facfd99ac2d5a\n\n- Fast add credential type lookups\n ([#4177](https://github.com/ory/kratos/issues/4177))\n ([eeb1355](https://github.com/ory/kratos/commit/eeb13552118504f17b48f2c7e002e777f5ee73f4))\n- Faster UpdateIdentity\n ([4c2cfae](https://github.com/ory/kratos/commit/4c2cfaefc777c38fee35d529156629f148b6da85)):\n\n GitOrigin-RevId: d3d0ea990908443967a2c576d6b04e5c4f8ba03a\n\n- Fewer DB loads when linking credentials, add tracing\n ([2c5bb21](https://github.com/ory/kratos/commit/2c5bb21224e28d5218354349f77514f4fbe71762))\n- Goreleaser\n ([db10a68](https://github.com/ory/kratos/commit/db10a68529088b7e45489e8ad463661cbdcffbff)):\n\n GitOrigin-RevId: c4975f609610e3f05eaff13eb1d07eec90c49a2d\n\n- Gracefully handle failing password rehashing during login\n ([#4235](https://github.com/ory/kratos/issues/4235))\n ([3905787](https://github.com/ory/kratos/commit/39057879821b387b49f5d4f7cb19b9e02ec924a7)):\n\n This fixes an issue where we would successfully import long passwords (>72\n chars), but fail when the user attempts to login with the correct password\n because we can't rehash it. In this case, we simply issue a warning to the\n logs, keep the old hash intact, and continue logging in the user.\n\n- **hydra:** Split up persister\n ([910cf9c](https://github.com/ory/kratos/commit/910cf9c0a220f310e08c35701fb721faeb8fb685)):\n\n GitOrigin-RevId: 203cf926c1613fcbb20393c5b7d0af25c7aecb15\n\n- Improve domain telemetry for OSS (Hydra & Kratos)\n ([86ab72a](https://github.com/ory/kratos/commit/86ab72ac7850b84e4608774a4fb98e4bd1d46ca0)):\n\n GitOrigin-RevId: b8aebb0ad8bae28ee8295b9052b2f60603244b7e\n\n- Improve identity import limits\n ([#4378](https://github.com/ory/kratos/issues/4378))\n ([e38e812](https://github.com/ory/kratos/commit/e38e812314850c80cb18f8e1921dffc7d324aeda))\n- Improve kratos courier metrics and debug log message\n ([c50ffcc](https://github.com/ory/kratos/commit/c50ffcc5cb2210a79953f38af2f99d46f013c780)):\n\n GitOrigin-RevId: 077bc86e499ca7be1076c3ae38412384c2777553\n\n- Improve QueryForCredentials\n ([#4181](https://github.com/ory/kratos/issues/4181))\n ([ca0d6a7](https://github.com/ory/kratos/commit/ca0d6a7ea717495429b8bac7fd843ac69c1ebf16))\n- Improve secondary indices for self service tables\n ([#4179](https://github.com/ory/kratos/issues/4179))\n ([825aec2](https://github.com/ory/kratos/commit/825aec208d966b54df9eeac6643e6d8129cf2253))\n- Improve verification required flows\n ([#4407](https://github.com/ory/kratos/issues/4407))\n ([2014a40](https://github.com/ory/kratos/commit/2014a403e0bc05a10d1f805b9ef81bdd4d8e2223))\n- Improved events and identity recent activity\n ([e47b858](https://github.com/ory/kratos/commit/e47b85851539345abc70468eb8d05db882e19df6)):\n\n GitOrigin-RevId: 3ef8d9391a402381025baaf25ba3c8c199805b7e\n\n- Improved tracing for courier\n ([85a7071](https://github.com/ory/kratos/commit/85a7071d20d0f072316c74bee82c76ee690276f8))\n- Index hint for CRDB when deleting identity credentials\n ([#4276](https://github.com/ory/kratos/issues/4276))\n ([c703a33](https://github.com/ory/kratos/commit/c703a338894f865c7dc1dcebc6e6980ad98eaa1d)):\n\n Ref https://support.cockroachlabs.com/hc/en-us/requests/25430\n\n- Jackson provider ([#4242](https://github.com/ory/kratos/issues/4242))\n ([f18d1b2](https://github.com/ory/kratos/commit/f18d1b24539f7d8dcf9c27986af861d0f8cb9683)):\n\n This adds a jackson provider to Kratos.\n\n- Load session only once when middleware is used\n ([#4187](https://github.com/ory/kratos/issues/4187))\n ([234b6f2](https://github.com/ory/kratos/commit/234b6f2f6435c62b7e161c032b888c4e2b3328d4))\n- Monorepo\n ([31f1894](https://github.com/ory/kratos/commit/31f18944116f6fde546fdd5139faf7e9b68a4c10)):\n\n GitOrigin-RevId: dbb48d171fad1f9b4fd31385f0ef4fb01e39e823\n\n- More extension points ([#4272](https://github.com/ory/kratos/issues/4272))\n ([373a2e6](https://github.com/ory/kratos/commit/373a2e6552f0da0488638306a58d8bd63a6ca10a)):\n\n This adds more extension points to the Kratos registry.\n\n- Move config testhelpers to ory/x\n ([8d43aae](https://github.com/ory/kratos/commit/8d43aae7bc6c003287b03e6f8900a536fd13dcef)):\n\n GitOrigin-RevId: fd484445e9715760231f7f86ec212d094e826377\n\n- Optimize identity-related secondary indices\n ([#4182](https://github.com/ory/kratos/issues/4182))\n ([53874c1](https://github.com/ory/kratos/commit/53874c1753940e08e0bf50753a1d3126add77af1))\n- Passwordless SMS and expiry notice in code / link templates\n ([#4104](https://github.com/ory/kratos/issues/4104))\n ([462cea9](https://github.com/ory/kratos/commit/462cea91448a00a0db21e20c2c347bf74957dc8f)):\n\n This feature allows Ory Kratos to use the SMS gateway for login and\n registration with code via SMS.\n\n Additionally, the default email and sms templates have been updated. We now\n also expose `ExpiresInMinutes` / `expires_in_minutes` in the templates, making\n it easier to remind the user how long the code or link is valid for.\n\n Closes https://github.com/ory/kratos/issues/1570 Closes\n https://github.com/ory/kratos/issues/3779\n\n- Recovery with any address including with a code via SMS\n ([71844dd](https://github.com/ory/kratos/commit/71844dd75fed5c60d29399dc3595ccafcc5f0809)):\n\n GitOrigin-RevId: 4fa4ea56feacf71fa7fc84fa2fc33ce94db5a21e\n\n- Refactor cmd/daemon ([#4371](https://github.com/ory/kratos/issues/4371))\n ([7fe55d9](https://github.com/ory/kratos/commit/7fe55d9fec5e5f4048b211eaa56ac61e29635157))\n- Remove duplicate queries during settings flow and use better index hint for\n credentials lookup ([#4193](https://github.com/ory/kratos/issues/4193))\n ([c33965e](https://github.com/ory/kratos/commit/c33965e5735ead3acddac87ef84c3a730874f9ab)):\n\n This patch reduces duplicate GetIdentity queries as part of submitting the\n settings flow, and improves an index to significantly reduce credential\n lookup.\n\n For better debugging, more tracing ha been added to the settings module.\n\n- Remove more unused indices\n ([#4186](https://github.com/ory/kratos/issues/4186))\n ([b294804](https://github.com/ory/kratos/commit/b2948044de4eee1841110162fe874055182bd2d2))\n- Return field name in generated node text label\n ([8c7a3dc](https://github.com/ory/kratos/commit/8c7a3dc5eb7e863b7a710cc9256a12e6125e359d)):\n\n GitOrigin-RevId: c37d048759b18337eafafbf9cdf8449253b64836\n\n- Rework the OTP code submit count mechanism\n ([#4251](https://github.com/ory/kratos/issues/4251))\n ([4ca4d79](https://github.com/ory/kratos/commit/4ca4d79cff5185caad27eddee7e6f8d0e58463ba)):\n - feat: rework the OTP code submit count mechanism\n\n Unlike what the previous comment suggested, incrementing and checking the\n submit count inside the database transaction is not actually optimal\n peformance- or security-wise.\n\n We now check atomically increment and check the submit count as the first part\n of the operation, and abort as early as possible if we detect brute-forcing.\n This prevents a situation where the check works only on certain transaction\n isolation levels.\n - chore: bump dependencies\n\n- Support android webauthn origins\n ([#4155](https://github.com/ory/kratos/issues/4155))\n ([a82d288](https://github.com/ory/kratos/commit/a82d288014411ae4eb82c718bfe825ca55b4fab0)):\n\n This patch adds the ability to verify Android APK origins used during\n WebAuthn/Passkey exchange.\n\n Upgrades go-webauthn and includes fixes for Go 1.23 and workarounds for\n Swagger.\n\n- Support CRUD OIDC providers through the onboarding portal API\n ([664fd1a](https://github.com/ory/kratos/commit/664fd1a48d822f29b1ee2164818c560df63b29e2)):\n\n GitOrigin-RevId: 76c77654a4dc1150d3edb92c2ba428bd325850bc\n\n- Support importing more credentials\n ([#4361](https://github.com/ory/kratos/issues/4361))\n ([9a6dadf](https://github.com/ory/kratos/commit/9a6dadfefaf0d54c227cdbab5a2cbe7da14faa96)):\n\n Adds support to import SAML credentials. SAML connections are only available\n in Ory Enterprise License / Ory Network.\n\n- Trace identity id in errors\n ([772572c](https://github.com/ory/kratos/commit/772572c0d633d5848f12d41947d52df1d391329b)):\n\n GitOrigin-RevId: dec38a20911ebf8038ed8eb5a5f286e79430266d\n\n- Update only necessary database columns in UpdateVerifiableAddress\n ([#4292](https://github.com/ory/kratos/issues/4292))\n ([168a3f6](https://github.com/ory/kratos/commit/168a3f6c68b1fbc0ddcd455f8762f6de19879442)):\n\n This is an optimization to reduce database load.\n\n When we specify exactly which columns changed, we should be able to elide\n updates to the\n `identity_verifiable_addresses_status_via_uq_idx (nid,via,value)` index.\n Updating that index requires contacting remote regions.\n\n Also fixed a bug where we did not set the `verified_at` timestamp correctly\n sometimes.\n\n- Use one transaction for `/admin/recovery/code`\n ([#4225](https://github.com/ory/kratos/issues/4225))\n ([3e87e0c](https://github.com/ory/kratos/commit/3e87e0c4559736f9476eba943bac8d67cde91aad))\n- Use stdlib HTTP router in Kratos\n ([acfa6ef](https://github.com/ory/kratos/commit/acfa6ef2ec4aa61f9a1a7da6fdda59609f1360e3)):\n\n GitOrigin-RevId: 799513e99acbf43a05fe3113ffda45d2fff2a9e0\n\n- Use vendored ory/x\n ([a9ab800](https://github.com/ory/kratos/commit/a9ab800a4373875a29c58492f174165e0b4592e7)):\n\n GitOrigin-RevId: 994f3b754946ca5b2bd1bab0fe20532f5d5ab62f\n\n- Webhook header allowlist configuration option\n ([#4309](https://github.com/ory/kratos/issues/4309))\n ([871f5aa](https://github.com/ory/kratos/commit/871f5aab6d7b2a655ebcd6f0f90e79635ffc85f6)),\n closes [#4290](https://github.com/ory/kratos/issues/4290):\n\n Adds a `clients.web_hook.header_allowlist` configuration option for\n configuring the webhook header allowlist.\n\n### Reverts\n\n- Tests: improve randomness in e2e tests\n ([19a41ec](https://github.com/ory/kratos/commit/19a41ecd505e1a78dcbefb8c1f264268adfd4415)):\n\n GitOrigin-RevId: 377b6b2dca8eec59f244d3b0f94883a6b443b772\n\n- Use account.apple.com for oidc discovery and appleid.apple.com for token\n verification and signing\n ([c772d8b](https://github.com/ory/kratos/commit/c772d8b87b1e13e761a2f64f545607c70b330b55)):\n\n GitOrigin-RevId: 5afe7dc747df323cf9c89d6406d4ea644c36ca68\n\n- Use appleid audience for secret exchange\n ([620e33e](https://github.com/ory/kratos/commit/620e33e11343b84f80cc1e83ec585fcc375bd65b)):\n\n GitOrigin-RevId: 2110e8e47501f01ead389eb5b76bd90bcd12ada7\n\n- Use updated appleid issuer\n ([9697c45](https://github.com/ory/kratos/commit/9697c453933a3ca33e35a8fbd2c59908603db28b)):\n\n GitOrigin-RevId: 56915792c8cdcf0330523a482ca3a8f1f68d95e3\n\n### Tests\n\n- Add golangci-lint config and GHA\n ([0720950](https://github.com/ory/kratos/commit/0720950361ffa44deb7078c6c842a2d9b49540c0)):\n\n GitOrigin-RevId: eb14c9f38e2b98d11a78ee0b90fd8f4f689abd3d\n\n- Don't require DB for hasher tests\n ([41c69db](https://github.com/ory/kratos/commit/41c69db6b2b44cdc8d3a72d3fb5c459bf96c1358)):\n\n GitOrigin-RevId: 2fd89b72bf82c88cff030b0df2eaa97fe8d4f095\n\n- **hydra:** Add snapshots for login & consent requests\n ([ee39bdb](https://github.com/ory/kratos/commit/ee39bdb5bd337dade757ed9f6ac33dd07bd76c35)):\n\n GitOrigin-RevId: 47d041cf207af6c3e9e21bf3016e5ea0cf044344\n\n- Improve pgxpool tests\n ([6297a8f](https://github.com/ory/kratos/commit/6297a8fc22cdb9c9a9301cfbba4496160d2b4aa5)):\n\n GitOrigin-RevId: 2008231a7e0eb05276484b7eda885899c67f0a3a\n\n- Resturcture and improve integration tests\n ([6f32d5d](https://github.com/ory/kratos/commit/6f32d5d623882e3e742c305f0eddd81156283173)):\n\n GitOrigin-RevId: 83dfe53cfc33f0a974d7b2f7eeed81d017d2518c\n\n- Update snapshots ([#4167](https://github.com/ory/kratos/issues/4167))\n ([b51f780](https://github.com/ory/kratos/commit/b51f780b7e4abc79a757ac1efe1cb65b3d35c8a4))\n\n### Unclassified\n\n- Improve randomness in e2e tests\n ([ecfe435](https://github.com/ory/kratos/commit/ecfe43591d6a9e476e22d4a3872d393f8b7179d0)):\n\n GitOrigin-RevId: 2dcb862d4375fa22824a5694767329bdea990bde\n\n- Run credential validation in its own goroutine when changing the password\n ([c7fedfe](https://github.com/ory/kratos/commit/c7fedfe21f2e95f89b54ced34bf9b49bd5f64fb9)):\n\n GitOrigin-RevId: fbc4ca277a1f3feeb2c6ec9344f498cee6d76dee\n\n# [1.3.0](https://github.com/ory/kratos/compare/v1.2.0...v1.3.0) (2024-09-26)\n\nWe are thrilled to announce the release\nof [Ory Kratos v1.3.0](https://www.ory.sh/kratos)! This release includes\nsignificant updates, enhancements, and fixes to improve your experience with Ory\nKratos.\n\n![Ory Kratos 1.3.0 Release](https://www.ory.sh/images/newsletter/kratos-1.3.0/kratos-1.3-release.png)\n\nEnhance your sign-in experience with Identifier First Authentication. This\nfeature allows users to first identify themselves (e.g., by providing their\nemail or username) and then proceed with the chosen authentication method,\nwhether it be OTP code, passkeys, passwords, or social login. By streamlining\nthe sign-in process, users can select the authentication method that best suits\ntheir needs, reducing friction and enhancing security. Identifier First\nAuthentication improves user flow and reduces the likelihood of errors,\nresulting in a more user-friendly and efficient login experience.\n\n![Identifier First Authentication](https://www.ory.sh/images/newsletter/kratos-1.3.0/identifier-first-demo.png)\n\nThe UI for OpenID Connect (OIDC) account linking has been improved to provide\nbetter user guidance and error messages during the linking process. As a result,\naccount linking error rates have dropped significantly, making it easier for\nusers to link multiple identities (e.g., social login and email-based accounts)\nto the same profile. This improvement enhances user convenience, reduces support\ninquiries, and offers a seamless multi-account experience.\n\nYou can now use Salesforce as an identity provider, expanding the range of\nsupported identity providers. This integration allows organizations already\nusing Salesforce for identity management to leverage their existing\ninfrastructure, simplifying user management and enhancing the authentication\nexperience.\n\nSocial sign-in has been enhanced with better detection and handling of\ndouble-submit issues, especially for platforms like Facebook and Apple mobile\nlogin. These changes make the social login process more reliable, reducing\nerrors and improving the user experience. Additionally, Ory Kratos now supports\nsocial providers in credential discovery, offering more flexibility during\nsign-up and sign-in flows.\n\nOne-Time Password (OTP) MFA has been improved with more robust handling of\ncode-based authentication. The enhancements ensure a smoother flow when using\nOTP for multi-factor authentication (MFA), providing clearer guidance to users\nand improving fallback mechanisms. These updates help to prevent users from\nbeing locked out due to misconfigurations or errors during the MFA process,\nincreasing security without compromising user convenience.\n\n- **Deprecated `via` Parameter for SMS 2FA**: The `via` parameter is now\n deprecated when performing SMS 2FA. If not included, users will see all their\n phone/email addresses to perform the flow. This parameter will be removed in a\n future version. Ensure your identity schema has the appropriate code\n configuration for passwordless or 2FA login.\n- **Endpoint Change**: The `/admin/session/.../extend` endpoint will now return\n 204 No Content for new Ory Network projects. Returning 200 with the session\n body will be deprecated in future versions.\n\n- **SDK Enhancements**: Added new methods and support for additional actions in\n the SDK, improving integration capabilities.\n- **Password Migration Hook**: Added a password migration hook to facilitate\n migrating passwords where the hash is unavailable, easing the transition to\n Ory Kratos.\n- **Partially Failing Batch Inserts:** When batch-inserting multiple identities,\n conflicts or validation errors of a subset of identities in the batch still\n allow the rest of the identities to be inserted. The returned JSON contains\n the error details that led to the failure.\n\n- **Security Fixes**: Fixed a security vulnerability where the `code` method did\n not respect the `highest_available`setting. Refer to\n the [security advisory](https://github.com/ory/kratos/security/advisories/GHSA-wc43-73w7-x2f5) for\n more details.\n- **Session Extension Issues**: Fixed issues related to session extension to\n prevent long response times on `/session/whoami` when extending sessions\n simultaneously.\n- **OIDC and Social Sign-In**: Fixed UI and error handling for OpenID Connect\n and social sign-in flows, improving the overall experience.\n- **Credential Identifier Handling**: Corrected handling of code credential\n identifiers, ensuring proper detection of phone numbers and correct\n functioning of SMS/email MFA.\n- **Concurrent Updates for Webhooks**: Fixed concurrent map update issues for\n webhook headers, improving webhook reliability.\n\n- **Passwordless & 2FA Login**: Before upgrading, ensure your identity schema\n has the appropriate code configuration when using the code method for\n passwordless or 2FA login.\n- **Code Method for 2FA**: If you use the code method for 2FA or 1FA login but\n haven't configured the code identifier,\n set `selfservice.methods.code.config.missing_credential_fallback_enabled` to `true` to\n avoid user lockouts.\n\nWe hope you enjoy the new features and improvements in Ory Kratos v1.3.0. Please\nremember to leave a [GitHub star](https://github.com/ory/kratos) and check out\nour other [open-source projects](https://github.com/ory). Your feedback is\nvaluable to us, so join the [Ory community](https://slack.ory.sh/) and help us\nshape the future of identity management.\n\n## Breaking Changes\n\nWhen using two-step registration, it was previously possible to send\n`method=profile:back` to get to the previous screen. This feature was not\ndocumented in the SDK API yet. Going forward, please instead use\n`screen=previous`.\n\nPlease note that the `via` parameter is deprecated when performing SMS 2FA. It\nwill be removed in a future version. If the parameter is not included in the\nrequest, the user will see all their phone/email addresses from which to perform\nthe flow.\n\nBefore upgrading, ensure that your identity schema has the appropriate code\nconfiguration when using the code method for passwordless or 2fa login.\n\nIf you are using the code method for 2FA login already, or you are using it for\n1FA login but have not yet configured the code identifier, set\n`selfservice.methods.code.config.missing_credential_fallback_enabled` to `true`\nto prevent users from being locked out.\n\nPlease note that the `via` parameter is deprecated when performing SMS 2FA. It\nwill be removed in a future version. If the parameter is not included in the\nrequest, the user will see all their phone/email addresses from which to perform\nthe flow.\n\nBefore upgrading, ensure that your identity schema has the appropriate code\nconfiguration when using the code method for passwordless or 2fa login.\n\nIf you are using the code method for 2FA login already, or you are using it for\n1FA login but have not yet configured the code identifier, set\n`selfservice.methods.code.config.missing_credential_fallback_enabled` to `true`\nto prevent users from being locked out.\n\nGoing forward, the `/admin/session/.../extend` endpoint will return 204 no\ncontent for new Ory Network projects. We will deprecate returning 200 + session\nbody in the future.\n\n### Bug Fixes\n\n- Add continue with only for json browser requests\n ([#4002](https://github.com/ory/kratos/issues/4002))\n ([e0a4010](https://github.com/ory/kratos/commit/e0a4010b84b43f364be14414a380c872b166274d))\n- Add fallback to providerLabel\n ([#3999](https://github.com/ory/kratos/issues/3999))\n ([d26f204](https://github.com/ory/kratos/commit/d26f2042eb5325a8d639c08d95a005724e61cb8e)):\n\n This adds a fallback to the provider label when trying to register a duplicate\n identifier with an oidc.\n\n Current error message:\n\n `Signing in will link your account to \"test@test.com\" at provider \"\". If you do not wish to link that account, please start a new login flow.`\n\n The label represents an optional label for the UI, but in my case it's always\n empty. I suggest we fallback to the provider when the label is not present. In\n case the label is present, the behaviour won't change.\n\n Fallback to provider:\n\n `Signing in will link your account to \"test@test.com\" at provider \"google\". If you do not wish to link that account, please start a new login flow.`\n\n- Add missing JS triggers\n ([7597bc6](https://github.com/ory/kratos/commit/7597bc6345848b66161d5a9b7a42307bbc85c978))\n- Add PKCE config key to config schema\n ([#4098](https://github.com/ory/kratos/issues/4098))\n ([2c7ff3c](https://github.com/ory/kratos/commit/2c7ff3c8baab6aaa105e2d733a483fc07537470f))\n- Batch identity created event\n ([#4111](https://github.com/ory/kratos/issues/4111))\n ([340f698](https://github.com/ory/kratos/commit/340f698243bd908e217394710b475a7f686a8cf9))\n- Concurrent map update for webhook header\n ([#4055](https://github.com/ory/kratos/issues/4055))\n ([6ceb2f1](https://github.com/ory/kratos/commit/6ceb2f1213e1b28d3aa72380661e4aa985bfa437))\n- Do not populate `id_first` first step for account linking flows\n ([#4074](https://github.com/ory/kratos/issues/4074))\n ([6ab2637](https://github.com/ory/kratos/commit/6ab2637652013e0ff377f52355e2025d68c7b3d3))\n- Downgrade go-webauthn ([#4035](https://github.com/ory/kratos/issues/4035))\n ([4d1954a](https://github.com/ory/kratos/commit/4d1954ac74dee358f9a08e619848dfe94e4934ce))\n- Emit SelfServiceMethodUsed in SettingsSucceeded event\n ([#4056](https://github.com/ory/kratos/issues/4056))\n ([76af303](https://github.com/ory/kratos/commit/76af303b20ae5dffb932169a73667a55be3f3f80))\n- Filter web hook headers ([#4048](https://github.com/ory/kratos/issues/4048))\n ([ddb838e](https://github.com/ory/kratos/commit/ddb838e0e8f7d752cd1708c505e80b6c0ccc0b8a))\n- Improve OIDC account linking UI\n ([#4036](https://github.com/ory/kratos/issues/4036))\n ([2b4a618](https://github.com/ory/kratos/commit/2b4a618485c9d79762243f59b35f142083f5492c))\n- Include duplicate credentials in account linking message\n ([#4079](https://github.com/ory/kratos/issues/4079))\n ([122b63d](https://github.com/ory/kratos/commit/122b63d68a3ff2ad78107300869c5a6d2aa43354))\n- Incorrect append of code credential identifier\n ([#4102](https://github.com/ory/kratos/issues/4102))\n ([3215792](https://github.com/ory/kratos/commit/3215792df4cab494c05ef09e969b2fa0ed95a98b)),\n closes [#4076](https://github.com/ory/kratos/issues/4076)\n- Jsonnet timeouts ([#3979](https://github.com/ory/kratos/issues/3979))\n ([7c5299f](https://github.com/ory/kratos/commit/7c5299f1f832ebbe0622d0920b7a91253d26b06c))\n- Move password migration hook config\n ([#3986](https://github.com/ory/kratos/issues/3986))\n ([b5a66e0](https://github.com/ory/kratos/commit/b5a66e0dde3a8fa6fdeb727482481b6302589631)):\n\n This moves the password migration hook to\n\n ```yaml\n selfservice:\n methods:\n password:\n config:\n migrate_hook: ...\n ```\n\n- Normalize code credentials and deprecate via parameter\n ([c417b4a](https://github.com/ory/kratos/commit/c417b4aa76a76d3aebb4474999d7bb072615bd9f)):\n\n Before this, code credentials for passwordless and mfa login were incorrectly\n stored and normalized. This could cause issues where the system would not\n detect the user's phone number, and where SMS/email MFA would not properly\n work with the `highest_available` setting.\n\n- Passthrough correct organization ID to CompletedLoginForWithProvider\n ([#4124](https://github.com/ory/kratos/issues/4124))\n ([ad1acd5](https://github.com/ory/kratos/commit/ad1acd51d8dd7582b05a3078b92f73970e1e2715))\n- Password migration hook config\n ([#4001](https://github.com/ory/kratos/issues/4001))\n ([50deedf](https://github.com/ory/kratos/commit/50deedfeecf7adbc948521371b181306a0c26cf1)):\n\n This fixes the config loading for the password migration hook.\n\n- Pw migration param ([#3998](https://github.com/ory/kratos/issues/3998))\n ([6016cc8](https://github.com/ory/kratos/commit/6016cc88a076eeea71a85d75cfb5191808b69844))\n- Refactor internal API to prevent panics\n ([#4028](https://github.com/ory/kratos/issues/4028))\n ([81bc152](https://github.com/ory/kratos/commit/81bc1525f09504729c666192d458cf2eaafab99f))\n- Remove flows from log messages\n ([#3913](https://github.com/ory/kratos/issues/3913))\n ([310a405](https://github.com/ory/kratos/commit/310a405202c6b44633b15ad30e1fdb8ebd153e4b))\n- Replace submit with continue button for recovery and verification and add\n maxlength\n ([04850f4](https://github.com/ory/kratos/commit/04850f45cfbdc89223366ffa3b540d579a3b44be))\n- Return credentials in FindByCredentialsIdentifier\n ([#4068](https://github.com/ory/kratos/issues/4068))\n ([f949173](https://github.com/ory/kratos/commit/f949173b3ed3d45167bb4af8b95440d5e4a39636)):\n\n Instead of re-fetching the credentials later (expensive), we load them only\n once.\n\n- Return error if invalid UUID is supplied to ids filter\n ([#4116](https://github.com/ory/kratos/issues/4116))\n ([98140f2](https://github.com/ory/kratos/commit/98140f2fd43ccd889e2635e4f3e7582b92fe96ab))\n- **security:** Code credential does not respect `highest_available` setting\n ([b0111d4](https://github.com/ory/kratos/commit/b0111d4bd561d0f0e2f5883f30fac36fcf7135d5)):\n\n This patch fixes a security vulnerability which prevents the `code` method to\n properly report it's credentials count to the `highest_available` mechanism.\n\n For more details on this issue please refer to the\n [security advisory](https://github.com/ory/kratos/security/advisories/GHSA-wc43-73w7-x2f5).\n\n- Timestamp precision on mysql\n ([9a1f171](https://github.com/ory/kratos/commit/9a1f171c1a4a8d20dc2103073bdc11ee3fdc70af))\n- Transient_payload is lost when verification flow started as part of\n registration ([#3983](https://github.com/ory/kratos/issues/3983))\n ([192f10f](https://github.com/ory/kratos/commit/192f10f4ad9eb44a612baaccfc71765d52c7e1ed))\n- Trigger oidc web hook on sign in after registration\n ([#4027](https://github.com/ory/kratos/issues/4027))\n ([ad5fb09](https://github.com/ory/kratos/commit/ad5fb09687f863e7c5d45868d0b8f5ec2d965372))\n- Typo in login link CLI error messages\n ([#3995](https://github.com/ory/kratos/issues/3995))\n ([8350625](https://github.com/ory/kratos/commit/835062542077b9dd8d6a30836d0455adb015265d))\n- Validate page tokens for better error codes\n ([#4021](https://github.com/ory/kratos/issues/4021))\n ([32737dc](https://github.com/ory/kratos/commit/32737dc708c1ecf0ec0ceaa4bbc0ac09286186fd))\n- Whoami latency ([#4070](https://github.com/ory/kratos/issues/4070))\n ([ff6ed5b](https://github.com/ory/kratos/commit/ff6ed5b70b7f715fc38a41cedd17b5323aebd79e))\n\n### Code Generation\n\n- Pin v1.3.0 release commit\n ([0a49fd0](https://github.com/ory/kratos/commit/0a49fd05245f179501b117163cd574786f287fe8))\n\n### Documentation\n\n- Add google to supported providers in ID Token doc strings\n ([#4026](https://github.com/ory/kratos/issues/4026))\n ([955bd8f](https://github.com/ory/kratos/commit/955bd8fbc1353d7a9f84d8f591c3af31781cf7b7))\n- Typo in changelog\n ([c508980](https://github.com/ory/kratos/commit/c5089801af2a656e9c1fc371a11aeb23918ba359))\n\n### Features\n\n- Add additional messages\n ([735fc5b](https://github.com/ory/kratos/commit/735fc5b2c5a99746d3012cc38ee2e1b7cc3a67f2))\n- Add browser return_to continue_with action\n ([7b636d8](https://github.com/ory/kratos/commit/7b636d860c6917cb1133d6d1d7401808adb890c7))\n- Add if method to sdk\n ([612e3bf](https://github.com/ory/kratos/commit/612e3bf09dbffd3feba08d5100bffbc39cbd240a))\n- Add redirect to continue_with for SPA flows\n ([99c945c](https://github.com/ory/kratos/commit/99c945c92d0c2745dc8df4402d755afd53e1b9aa)):\n\n This patch adds the new `continue_with` action `redirect_browser_to`, which\n contains the redirect URL the app should redirect to. It is only supported for\n SPA (not server-side browser apps, not native apps) flows at this point in\n time.\n\n- Add social providers to credential discovery as well\n ([5f4a2bf](https://github.com/ory/kratos/commit/5f4a2bf619d540d45e96586129c8ee1e7850e745))\n- Add support for Salesforce as identity provider\n ([#4003](https://github.com/ory/kratos/issues/4003))\n ([3bf1ca9](https://github.com/ory/kratos/commit/3bf1ca9030555df90ef9903c34313ae4bd1fecae))\n- Add tests for two step login\n ([#3959](https://github.com/ory/kratos/issues/3959))\n ([8225e40](https://github.com/ory/kratos/commit/8225e40e3d767e945006b33eebdfc47fd242ff06))\n- Allow deletion of an individual OIDC credential\n ([#3968](https://github.com/ory/kratos/issues/3968))\n ([a43cef2](https://github.com/ory/kratos/commit/a43cef23c177acddbf8b03afef087feeaca51981)):\n\n This extends the existing `DELETE /admin/identities/{id}/credentials/{type}`\n API to accept an `?identifier=foobar` query parameter for `{type}==oidc` like\n such:\n\n `DELETE /admin/identities/{id}/credentials/oidc?identifier=github%3A012345`\n\n This will delete the GitHub OIDC credential with the identifier\n `github:012345` (`012345` is the subject as returned by GitHub).\n\n To find out which OIDC credentials exist, call\n `GET /admin/identities/{id}?include_credential=oidc` beforehand.\n\n This will allow you to delete individual OIDC credentials for users even if\n they have several set up.\n\n- Allow partially failing batch inserts\n ([#4083](https://github.com/ory/kratos/issues/4083))\n ([4ba7033](https://github.com/ory/kratos/commit/4ba70330cf9e0eda9044b0a5a504c34493ae17ed)):\n\n When batch-inserting multiple identities, conflicts or validation errors of a\n subset of identities in the batch still allow the rest of the identities to be\n inserted. The returned JSON contains the error details that lead to the\n failure.\n\n- Better detection if credentials exist on identifier first login\n ([#3963](https://github.com/ory/kratos/issues/3963))\n ([42ade94](https://github.com/ory/kratos/commit/42ade94e32a9a7ad6c0bda785e86d7209c46d8bb))\n- Change `method=profile:back` to `screen=previous`\n ([#4119](https://github.com/ory/kratos/issues/4119))\n ([2cd8483](https://github.com/ory/kratos/commit/2cd8483e809170d0524fe6a5d13837108d29fa54))\n- Clarify session extend behavior\n ([#3962](https://github.com/ory/kratos/issues/3962))\n ([af5ea35](https://github.com/ory/kratos/commit/af5ea35759e74d7a1637823abcc21dc8e3e39a9d))\n- Client-side PKCE take 3 ([#4078](https://github.com/ory/kratos/issues/4078))\n ([f7c1024](https://github.com/ory/kratos/commit/f7c102456a71b226d8353b9d59cc03fb2ba0af40)):\n - feat: client-side PKCE\n\n This change introduces a new configuration for OIDC providers: pkce with\n values auto (default), never, force.\n\n When auto is specified or the field is omitted, Kratos will perform\n autodiscovery and perform PKCE when the server advertises support for it. This\n requires the issuer_url to be set for the provider.\n\n never completely disables PKCE support. This is only theoretically useful:\n when a provider advertises PKCE support but doesn't actually implement it.\n\n force always sends a PKCE challenge in the initial redirect URL, regardless of\n what the provider advertises. This setting is useful when the provider offers\n PKCE but doesn't advertise it in his ./well-known/openid-configuration.\n\n Important: When setting pkce: force, you must whitelist a different return URL\n for your OAuth2 client in the provider's configuration. Instead of\n /self-service/methods/oidc/callback/, you must use\n /self-service/methods/oidc/callback (note missing last path\n segment). This is to enable the use of the same OAuth client ID+secret when\n configuring several Kratos OIDC providers, without having to whitelist\n individual redirect_uris for each Kratos provider config.\n - chore: regenerate SDK, bump DB versions, cleanup tool install\n - chore: get final organization ID from provider config during registration\n and login\n - chore: fixup OIDC function signatures and improve tests\n\n- Emit events in identity persister\n ([#4107](https://github.com/ory/kratos/issues/4107))\n ([20156f6](https://github.com/ory/kratos/commit/20156f651f2faa0a79842de8d2fb4a09ee7094c1))\n- Enable new-style OIDC state generation\n ([#4121](https://github.com/ory/kratos/issues/4121))\n ([eb97243](https://github.com/ory/kratos/commit/eb97243d6499e2d9f2338a2ce3f5e39579d19086))\n- Identifier first auth\n ([1bdc19a](https://github.com/ory/kratos/commit/1bdc19ae3e1a3df38234cb892f65de4a2c95f041))\n- Identifier first login for all first factor login methods\n ([638b274](https://github.com/ory/kratos/commit/638b27431312bcd91844ac4a00733a840976aa4f))\n- Improve session extend performance\n ([#3948](https://github.com/ory/kratos/issues/3948))\n ([4e3fad4](https://github.com/ory/kratos/commit/4e3fad4b4739b5cf00d658155350cb599f2cd06a)):\n\n This patch improves the performance for extending session lifespans. Lifespan\n extension is tricky as it is often part of the middleware of Ory Kratos\n consumers. As such, it is prone to transaction contention when we read and\n write to the same session row at the same time (and potentially multiple\n times).\n\n To address this, we:\n 1. Introduce a locking mechanism on the row to reduce transaction contention;\n 2. Add a new feature flag that toggles returning 204 no content instead of\n 200 + session.\n\n Be aware that all reads on the session table will have to wait for the\n transaction to commit before they return a value. This may cause long(er)\n response times on `/session/whoami` for sessions that are being extended at\n the same time.\n\n- Password migration hook ([#3978](https://github.com/ory/kratos/issues/3978))\n ([c9d5573](https://github.com/ory/kratos/commit/c9d55730a10b71ac61bb5097f5f9c33f144f2a95)):\n\n This adds a password migration hook to easily migrate passwords for which we\n do not have the hash.\n\n For each user that needs to be migrated to Ory Network, a new identity is\n created with a credential of type password with a config of\n {\"use_password_migration_hook\": true} . When a user logs in, the credential\n identifier and password will be sent to the password_migration web hook if all\n of these are true: The user’s identity’s password credential is\n {\"use_password_migration_hook\": true} The password_migration hook is\n configured After calling the password_migration hook, the HTTP status code\n will be inspected: On 200, we parse the response as JSON and look for\n {\"status\": \"password_match\"}. The password credential config will be replaced\n with the hash of the actual password. On any other status code, we assume that\n the password is not valid.\n\n- **sdk:** Add missing profile discriminator to update registration\n ([0150795](https://github.com/ory/kratos/commit/0150795d902dcc7cfb2298c3b5a98da1c2541e46))\n- **sdk:** Avoid eval with javascript triggers\n ([dd6e53d](https://github.com/ory/kratos/commit/dd6e53d62f343a317edf403218b20599539218c6)):\n\n Using `OnLoadTrigger` and `OnClickTrigger` one can now map the trigger to the\n corresponding JavaScript function.\n\n For example, trigger `{\"on_click_trigger\":\"oryWebAuthnRegistration\"}` should\n be translated to `window.oryWebAuthnRegistration()`:\n\n ```\n if (attrs.onClickTrigger) {\n window[attrs.onClickTrigger]()\n }\n ```\n\n- Separate 2fa refresh from 1st factor refresh\n ([#3961](https://github.com/ory/kratos/issues/3961))\n ([89355d8](https://github.com/ory/kratos/commit/89355d86258ace19c03fcb38dd3861f88e28af59))\n- Set maxlength for totp input\n ([51042d9](https://github.com/ory/kratos/commit/51042d99fab301f0bb44665e56c5a2364e7d8866))\n\n### Tests\n\n- Add form hydration tests for code login\n ([37781a9](https://github.com/ory/kratos/commit/37781a93dda9b8f0127217a6b0ac2434dda1cc58))\n- Add form hydration tests for idfirst login\n ([633b0ba](https://github.com/ory/kratos/commit/633b0ba7f724374f4c02128a5b0f748bd2e9413e))\n- Add form hydration tests for oidc login\n ([df0cdcb](https://github.com/ory/kratos/commit/df0cdcb424cae6c49143ef2ef2d0b2c95f14fffb))\n- Add form hydration tests for passkey login\n ([a777854](https://github.com/ory/kratos/commit/a777854e8d99336ab8f5755fdbc9d257e5edd1c0))\n- Add form hydration tests for password login\n ([7186e7e](https://github.com/ory/kratos/commit/7186e7e060e04a4918e22e0b03fefbf4eb9f4a4b))\n- Add form hydration tests for webauthn login\n ([8b68163](https://github.com/ory/kratos/commit/8b68163a3f293f7dceb58397f0ef555f1d8fd7c3))\n- Add tests for idfirst\n ([5f76c15](https://github.com/ory/kratos/commit/5f76c1565e89bfb99f23c3f0f3a9beadbdfa270c))\n- Additional code credential test case\n ([#4122](https://github.com/ory/kratos/issues/4122))\n ([4f2c854](https://github.com/ory/kratos/commit/4f2c8542ab04b88c7112d7b564d91bcfd8f5791a))\n- Deflake and parallelize persister tests\n ([#3953](https://github.com/ory/kratos/issues/3953))\n ([61f87d9](https://github.com/ory/kratos/commit/61f87d90bd67e5bb1f00ee110d986e4f72fc4c91))\n- Deflake session extend config side-effect\n ([#3950](https://github.com/ory/kratos/issues/3950))\n ([b192c92](https://github.com/ory/kratos/commit/b192c92d6c969d470d6479bc33dbc351d327c1f9))\n- Enable server-side config from context\n ([#3954](https://github.com/ory/kratos/issues/3954))\n ([e0001b0](https://github.com/ory/kratos/commit/e0001b0db784457652581366bd7ead7cdf6b3898))\n- Improve stability of refresh test\n ([#4037](https://github.com/ory/kratos/issues/4037))\n ([68693a4](https://github.com/ory/kratos/commit/68693a43e4e1e3028f17789e72d0b79f6298d139))\n- Resolve CI failures ([#4067](https://github.com/ory/kratos/issues/4067))\n ([dbf7274](https://github.com/ory/kratos/commit/dbf7274f7a4be56c33b06559875c42725bf4a351))\n- Resolve issues and update snapshots for all selfservice strategies\n ([e2e81ac](https://github.com/ory/kratos/commit/e2e81ac16726b180d33c57913e3cac099daf946b))\n- Update incorrect usage of Auth0 in Salesforce tests\n ([#4007](https://github.com/ory/kratos/issues/4007))\n ([6ce3068](https://github.com/ory/kratos/commit/6ce306824cec81890c50dcf23c2b8a5825f20a10))\n- Verify redirect continue_with in hook executor for browser clients\n ([7b0b94d](https://github.com/ory/kratos/commit/7b0b94d30ec9069de6978427814d55a30e62adb8))\n\n### Unclassified\n\n- Merge commit from fork\n ([123e807](https://github.com/ory/kratos/commit/123e80782b392095631ee2e0d1bd6ec337c1fb79)):\n - fix(security): code credential does not respect `highest_available` setting\n\n This patch fixes a security vulnerability which prevents the `code` method to\n properly report it's credentials count to the `highest_available` mechanism.\n\n For more details on this issue please refer to the\n [security advisory](https://github.com/ory/kratos/security/advisories/GHSA-wc43-73w7-x2f5).\n - fix: normalize code credentials and deprecate via parameter\n\n Before this, code credentials for passwordless and mfa login were incorrectly\n stored and normalized. This could cause issues where the system would not\n detect the user's phone number, and where SMS/email MFA would not properly\n work with the `highest_available` setting.\n\n- Update .github/workflows/ci.yaml\n ([2d60772](https://github.com/ory/kratos/commit/2d60772062a684c3a27f28b8836c3548f5b8cea9))\n- Update Code QL action to v2\n ([#4008](https://github.com/ory/kratos/issues/4008))\n ([e3f1da0](https://github.com/ory/kratos/commit/e3f1da0f4bf41a8a8733758fcd9edb9910c55cfa))\n\n# [1.2.0](https://github.com/ory/kratos/compare/v1.1.0...v1.2.0) (2024-06-05)\n\nOry Kratos v1.2 is the most complete, scalable, and secure open-source identity\nserver available. We are thrilled to announce its release!\n\n![Ory Kratos 1.2 released](https://www.ory.sh/images/newsletter/kratos-1.2.0/banner.png)\n\nThis release introduces two major features: two-step registration and full\nPassKey with resident key support.\n\nPasskeys provide a secure and convenient authentication method, eliminating the\nneed for passwords while ensuring strong security. With this release, we have\nadded support for resident keys, enabling offline authentication. Credential\ndiscovery allows users to link existing passkeys to their Ory account\nseamlessly.\n\n[Watch the PassKey demo video](https://github.com/aeneasr/web-next-deprecated/assets/3372410/e676c518-c82a-42a6-821e-28aecadb270c)\n\nTwo-step registration improves the user experience by dividing the registration\nprocess into two steps. Users first enter their identity traits, and then choose\na credential method for authentication, resulting in a streamlined process. This\nfeature is especially useful when enabling multiple authentication strategies,\nas it eliminates the need to repeat identity traits for each strategy.\n\n![Two-Step Registration](https://ik.imagekit.io/launchnotes/production/tr:w-1640,c-at_max,f-auto/ngul9dzfjdt3pe8benegjjeeagi1)\n\nThe 107 commits since v1.1 include several improvements:\n\n- **Webhooks** now carry session information if available.\n- **Transient Payloads** are now available across all self-service flows.\n- **Sign in with Twitter** is now available.\n- **Sign in with LinkedIn** now includes an additional v2 provider compatible\n with LinkedIn's new SSO API.\n- **Two-Step Registration**: An improved registration experience that separates\n entering profile information from choosing authentication methods.\n- **User Credentials Meta-Information** can now be included on the list\n endpoint.\n- **Social Sign-In** is now resilient to double-submit issues common with\n Facebook and Apple mobile login.\n\n**Two-Step Registration Enabled by Default**: This is now the default setting.\nTo disable, set `selfservice.flows.registration.enable_legacy_flow` to `true`.\n\n- Improved account linking and credential discovery during sign-up.\n- The `return_to` parameter is now respected in OIDC API flows.\n- Adjustments to database indices.\n- Enhanced error messages for security violations.\n- Improved SDK types.\n- The `verification` and `verification_ui` hooks are now available in the login\n flow.\n- Webhooks now contain the correct identity state in the after-verification hook\n chain.\n\nWe are doing this survey to find out how we can support self-hosted Ory users\nbetter. We strive to provide you with the best product and service possible and\nyour feedback will help us understand what we're doing well and where we can\nimprove to better meet your needs. We truly value your opinion and thank you in\nadvance for taking the time to share your thoughts with us!\n\nFill out the\n[survey now](https://share-eu1.hsforms.com/15DiCnJpcRuijnpAdnDhxxwextgn)!\n\n## Breaking Changes\n\nThis feature enables two-step registration per default. Two-step registration is\na significantly improved sign up flow and recommended when using more than one\nsign up methods. To disable two-step registration, set\n`selfservice.flows.registration.enable_legacy_flow` to `true`. This value\ndefaults to `false`.\n\n### Bug Fixes\n\n- Add login succeeded event to post registration hook\n ([#3739](https://github.com/ory/kratos/issues/3739))\n ([b685fa5](https://github.com/ory/kratos/commit/b685fa5477be2ba099fd2420b27b2411fafc7e51))\n- Add missing env vars to set up guide\n ([#3855](https://github.com/ory/kratos/issues/3855))\n ([da90502](https://github.com/ory/kratos/commit/da90502dc3bf8e3d34fb4ecc531834b1919989ad)):\n\n Closes https://github.com/ory/kratos/issues/3828\n\n- Add missing indexes and remove unused index\n ([6d7372e](https://github.com/ory/kratos/commit/6d7372ee3d88ee4fc552b969dd0ff338dcc0544c))\n- Add missing indexes and remove unused index\n ([#3756](https://github.com/ory/kratos/issues/3756))\n ([c905f02](https://github.com/ory/kratos/commit/c905f02473c5d77ab309a45f10251b1ba7e88584))\n- Add sms mfa via parameter to spec\n ([#3766](https://github.com/ory/kratos/issues/3766))\n ([b291c95](https://github.com/ory/kratos/commit/b291c959c18c72f5edc55607ab23b4592faf8d53))\n- Allow updating just the verified_at timestamp of addresses\n ([#3880](https://github.com/ory/kratos/issues/3880))\n ([696cc1b](https://github.com/ory/kratos/commit/696cc1b59b18627fec63915070f4d8c5b3e3250d))\n- Always issue session last ([#3876](https://github.com/ory/kratos/issues/3876))\n ([e942507](https://github.com/ory/kratos/commit/e94250705e999567e2ed58cebdb3f6a9d589e3ef)):\n\n In post persist hooks, the session issuance hook always needs to come last.\n This fixes the getHooks function to ensure this.\n\n- Audit issues ([#3797](https://github.com/ory/kratos/issues/3797))\n ([7017490](https://github.com/ory/kratos/commit/7017490caa9c70e22d5c626773c0266521813ff5))\n- Change return urls in quickstarts\n ([#3928](https://github.com/ory/kratos/issues/3928))\n ([9730e09](https://github.com/ory/kratos/commit/9730e099a656d211389d8e993c64d8082784c929))\n- Close res body ([#3870](https://github.com/ory/kratos/issues/3870))\n ([cc39f8d](https://github.com/ory/kratos/commit/cc39f8df7c235af0df616432bc4f88681896ad85))\n- CVEs in dependencies ([#3902](https://github.com/ory/kratos/issues/3902))\n ([e5d3b0a](https://github.com/ory/kratos/commit/e5d3b0afde3c80c6c9cf8815c56d82e291ede663))\n- Db index and duplicate credentials error\n ([#3896](https://github.com/ory/kratos/issues/3896))\n ([9f34a21](https://github.com/ory/kratos/commit/9f34a21ea2035a5d33edd96753023a3c8c6c054c)):\n - fix: don't return password cred type if empty\n - fix: better index for config.user_handle on identity_credentials\n\n- Do not require method to be passkey in settings schema\n ([#3862](https://github.com/ory/kratos/issues/3862))\n ([660f330](https://github.com/ory/kratos/commit/660f330ab69ef0e6fd21501fbc9dfed693d4a715))\n- Don't require connection_uri in SMTP\n ([#3861](https://github.com/ory/kratos/issues/3861))\n ([800f8f1](https://github.com/ory/kratos/commit/800f8f1036ef46a561d24dcdec45dd48803978d7))\n- Don't treat passkeys as AAL2\n ([#3853](https://github.com/ory/kratos/issues/3853))\n ([8eee972](https://github.com/ory/kratos/commit/8eee972d89accb02b3caa053fca2f16ed2c876f1))\n- Drop index if exists ([#3846](https://github.com/ory/kratos/issues/3846))\n ([ad0619d](https://github.com/ory/kratos/commit/ad0619d803cd2842a67c56a545ec5ab252501b0f))\n- Drop trigram index on identifiers\n ([#3827](https://github.com/ory/kratos/issues/3827))\n ([8f8fd90](https://github.com/ory/kratos/commit/8f8fd90304886ecd689a85fc60c4712e47526cdd))\n- Enum type of session expandables\n ([#3891](https://github.com/ory/kratos/issues/3891))\n ([63d785e](https://github.com/ory/kratos/commit/63d785e5e73ff067ec804ecc2107fac1525d3688))\n- Enum type of session expandables\n ([#3895](https://github.com/ory/kratos/issues/3895))\n ([c435727](https://github.com/ory/kratos/commit/c435727c1e3c70c040b7fc7648ce621b136e5fc2))\n- Execute verification & verification_ui properly in login flows\n ([#3847](https://github.com/ory/kratos/issues/3847))\n ([5aad1c1](https://github.com/ory/kratos/commit/5aad1c1e6cc92f72af56511dacb9812edb600813))\n- Ignore decrypt errors in WithDeclassifiedCredentials\n ([#3731](https://github.com/ory/kratos/issues/3731))\n ([8f5192f](https://github.com/ory/kratos/commit/8f5192fbb74c4b952029a6856284de8d59027770))\n- Improve SDK discriminators\n ([#3844](https://github.com/ory/kratos/issues/3844))\n ([c08b3ad](https://github.com/ory/kratos/commit/c08b3ad76c5adb712c945cdbd92a9a51832e94b9))\n- Include all creds in duplicate credential err\n ([#3881](https://github.com/ory/kratos/issues/3881))\n ([e06c241](https://github.com/ory/kratos/commit/e06c241ffe3f0e696bb1cbc1d1080f9d4e09fbd2))\n- Linkedin issuer override ([#3875](https://github.com/ory/kratos/issues/3875))\n ([11d221a](https://github.com/ory/kratos/commit/11d221a4d33878930ca7025ae1b5c18b25dd1add))\n- Make sure emails can still be sent with SMS enabled\n ([#3795](https://github.com/ory/kratos/issues/3795))\n ([7c68c5a](https://github.com/ory/kratos/commit/7c68c5aa69ed76a84a37a37a3555277ddc772cf8))\n- Missing indices and foreign keys\n ([#3800](https://github.com/ory/kratos/issues/3800))\n ([0b32ce1](https://github.com/ory/kratos/commit/0b32ce113be47aa724d3468062ced09f8f60c52a))\n- **oidc:** Grace period for continuity container on oidc callbacks\n ([#3915](https://github.com/ory/kratos/issues/3915))\n ([1a9a096](https://github.com/ory/kratos/commit/1a9a096d619925dd3718ad9dd9daf77387572ece))\n- Passing transient payloads\n ([#3838](https://github.com/ory/kratos/issues/3838))\n ([d01b670](https://github.com/ory/kratos/commit/d01b6705bf36efb6e0f3d71ed22d0574ab8a98a4))\n- Prevent SMTP URL leak on unparsable URL\n ([#3770](https://github.com/ory/kratos/issues/3770))\n ([c5f39f4](https://github.com/ory/kratos/commit/c5f39f4bc481e400f736ede7f8f0be546a55eebf))\n- Respect return_to in OIDC API flow error case\n ([#3893](https://github.com/ory/kratos/issues/3893))\n ([e8f1bcb](https://github.com/ory/kratos/commit/e8f1bcb1342af994b8e08282aa4066ee00ffe7d4)):\n - fix: respect return_to in OIDC API flow error case\n\n This fix ensures that we redirect the user to the return_to URL when an error\n occurs during the OIDC login for native flows.\n\n Native flows are initialized through the API, and the browser URL is retrieved\n from a 422 response after a POST to submit the login flow. Successful OIDC\n flows already returned the `code` to the `return_to` URL. Now, unsuccessful\n flows return the `flow` with the current flow ID (which might have changed),\n so that the caller can retrieve the full flow and act accordingly.\n - fix: ignore trivvy CVE report\n\n Bump in distroless is still open\n\n- **sdk:** Expand identity in session extension\n ([#3843](https://github.com/ory/kratos/issues/3843))\n ([04f0231](https://github.com/ory/kratos/commit/04f02318d4de5290cbf100e9b301284d5ee40fe7)),\n closes [#3842](https://github.com/ory/kratos/issues/3842)\n- **sdk:** Improve discriminators for node and Go\n ([#3821](https://github.com/ory/kratos/issues/3821))\n ([9ddf7cc](https://github.com/ory/kratos/commit/9ddf7cc7c52313c4ee13ccdc2886ad94b5d1317f))\n- Show error page on identity mismatch\n ([#3790](https://github.com/ory/kratos/issues/3790))\n ([e6db689](https://github.com/ory/kratos/commit/e6db689e0de41067e6e78889c3dab9637a96236e))\n- Test assertions on declassifying OIDC tokens\n ([#3773](https://github.com/ory/kratos/issues/3773))\n ([7f8a7f1](https://github.com/ory/kratos/commit/7f8a7f142a91c8c74f32eadb41224fc4f69c2109))\n- Tolerate more \"truthy\" values when creating new flows\n ([#3841](https://github.com/ory/kratos/issues/3841))\n ([49d93c0](https://github.com/ory/kratos/commit/49d93c0e3383f602fe6be3c7bf749b54f344aa72)),\n closes [#3839](https://github.com/ory/kratos/issues/3839):\n\n Use strconv.ParseBool to accept multiple \"truthy\" values for the `refresh` and\n `return_session_token_exchange_code` query parameters when creating a new\n login flow.\n\n For some SDKs (e.g.: Python), these stringification of booleans is not\n user-controlled and these endpoints could not be used fully due to the backend\n ignoring any value other than `true` (all lowercase).\n\n- Tweaks to UpsertSessions ([#3878](https://github.com/ory/kratos/issues/3878))\n ([da51dcd](https://github.com/ory/kratos/commit/da51dcdb8c82a5dbd290ab2f48ad74a1c6dd18f0))\n- Use correct post-verification identity state in post-hooks\n ([#3863](https://github.com/ory/kratos/issues/3863))\n ([6e63d06](https://github.com/ory/kratos/commit/6e63d06db1cd1ab62f8a2d0b202ec74572420204))\n- Webhook transient payload in OIDC login flows\n ([#3857](https://github.com/ory/kratos/issues/3857))\n ([2cdfc70](https://github.com/ory/kratos/commit/2cdfc70c726a166790b98d419895f0396d13176f)):\n - fix: transient payload with OIDC login\n\n### Code Generation\n\n- Pin v1.2.0 release commit\n ([1a70648](https://github.com/ory/kratos/commit/1a70648c4d5b9b8d135dd7bea3842057e67b574e))\n\n### Documentation\n\n- Remove delete reference from batch patch identity\n ([#3906](https://github.com/ory/kratos/issues/3906))\n ([cd01cb9](https://github.com/ory/kratos/commit/cd01cb9fb23a24e52d46538a9ea63c2144c3b145))\n\n### Features\n\n- Add `include_credential` query param to `/admin/identities` list call\n ([#3343](https://github.com/ory/kratos/issues/3343))\n ([d94530a](https://github.com/ory/kratos/commit/d94530a716358895b01b65babd77226fab69f494))\n- Add headers to web hooks ([#3849](https://github.com/ory/kratos/issues/3849))\n ([4642de0](https://github.com/ory/kratos/commit/4642de0cfd1fb15bc48c7093be9449abd488755c))\n- Add session to post login webhook\n ([#3877](https://github.com/ory/kratos/issues/3877))\n ([386078e](https://github.com/ory/kratos/commit/386078e0b5c74c54ce2c7dc6fd12fd865817b87a))\n- Add transient payloads to all flows\n ([#3738](https://github.com/ory/kratos/issues/3738))\n ([b8b747b](https://github.com/ory/kratos/commit/b8b747b2adc59c8cf938a0ee30accdb4135634b8))\n- Add twitter SSO ([#3778](https://github.com/ory/kratos/issues/3778))\n ([930fb19](https://github.com/ory/kratos/commit/930fb19842e527e5e9c415efa983b36e02829516))\n- Add verification hook to login flow\n ([#3829](https://github.com/ory/kratos/issues/3829))\n ([43e4ead](https://github.com/ory/kratos/commit/43e4eadce7fa6e66bf1f9c03136d141bffd3094f))\n- Allow admin to create API code recovery flows\n ([#3939](https://github.com/ory/kratos/issues/3939))\n ([25d1ecd](https://github.com/ory/kratos/commit/25d1ecd90317193095e01b97ff21d92920035b02))\n- Control edge cache ttl ([#3808](https://github.com/ory/kratos/issues/3808))\n ([c9dcce5](https://github.com/ory/kratos/commit/c9dcce5a41137937df1aad7ac81170b443740f88))\n- Linkedin v2 provider ([#3804](https://github.com/ory/kratos/issues/3804))\n ([a6ad983](https://github.com/ory/kratos/commit/a6ad983ac83aa3ea65c4dc0c46b582096574c25a)):\n - feat: add linkedin-v2 provider\n - docs: document linkedin special-case\n\n- PassKeys with Resident Keys and two-step registration\n ([#3748](https://github.com/ory/kratos/issues/3748))\n ([3621411](https://github.com/ory/kratos/commit/3621411dc4386d841bc6766a5ab8d03e65812073))\n- Send OIDC claim keys to tracing\n ([#3798](https://github.com/ory/kratos/issues/3798))\n ([04390be](https://github.com/ory/kratos/commit/04390bee426befe51af2ee8177afabaa9ce4fa80))\n- Use authenticate endpoint for x\n ([#3833](https://github.com/ory/kratos/issues/3833))\n ([3d9ba5d](https://github.com/ory/kratos/commit/3d9ba5df85e0d0c4d8002365987e536b37678104)):\n\n Improves the \"Log in with X\" experience by not asking the user to\n re-authenticate every time.\n\n### Tests\n\n- Deflake session test ([#3864](https://github.com/ory/kratos/issues/3864))\n ([6b275f3](https://github.com/ory/kratos/commit/6b275f35a0732ffb723d47df5b6afbdc06eaf71f))\n- Resolve failing test for empty tokens\n ([#3775](https://github.com/ory/kratos/issues/3775))\n ([7277368](https://github.com/ory/kratos/commit/7277368bc28df8f0badffc7e739cef20f05e9a02))\n- Resolve flaky e2e tests ([#3935](https://github.com/ory/kratos/issues/3935))\n ([a14927d](https://github.com/ory/kratos/commit/a14927dfa5f8d0fbda7e5a831f0a09a42369e06c)):\n - test: resolve flaky code registration tests\n - chore: don't fail logout if cookie is not found\n - chore: remove .only\n - chore: reduce wait\n - chore: u\n - chore: u\n - chore: u\n\n### Unclassified\n\n- Remove unnecessary COPY command from Dockerfile (#3771)\n ([087748c](https://github.com/ory/kratos/commit/087748c0651ff0fc93259f7ab6b10668c09f5eba)),\n closes [#3771](https://github.com/ory/kratos/issues/3771)\n\n# [1.1.0](https://github.com/ory/kratos/compare/v1.0.0...v1.1.0) (2024-02-20)\n\n![Ory Kratos v1.1.0](https://www.ory.sh/images/newsletter/kratos-1.1.0/banner.png)\n\nOry Kratos v1.1 is the most complete, most scalable, and most secure open-source\nidentity server on the planet, and we are thrilled to announce its release! This\nrelease comes with over 270 commits and an incredible amount of new features and\ncapabilities!\n\n- **Phone Verification & 2FA with SMS**: Enhance convenient security with phone\n verification and two-factor authentication (2FA) via SMS, integrating easily\n with SMS gateways like Twilio. This feature not only adds a convenient layer\n of security but also offers a straightforward method for user verification,\n increasing your trust in user accounts.\n- **Translations & Internationalization**: Ory Kratos now supports multiple\n languages, making it accessible to a global audience. This improvement\n enhances the user experience by providing a localized interface, ensuring\n users interact with the system in their preferred language.\n- **Native Support for Sign in with Google and Apple on Android/iOS**: Get more\n sign-ups with native support for \"Sign in with Google\" and \"Sign in with\n Apple\" on mobile platforms. Great user experience matters!\n- **Account Linking**: Simplify user management with new features that\n facilitate account linking. If a user registers with a password and later\n signs in with a social account sharing the same email, new screens make\n account linking straightforward, enhancing user convenience and reducing\n support inquiries.\n- **Passwordless \"Magic Code\"**: Introduce a passwordless login method with\n \"Magic Code,\" which sends a one-time code to the user's email for sign-up and\n login. This method can also serve as a fallback when users forget their\n password or their social login is unavailable, streamlining the login process\n and improving user accessibility.\n- **Session to JWT Conversion**: Convert an Ory Session Cookie or Ory Session\n Token into a JSON Web Token (JWT), providing more flexibility in handling\n sessions and integrating with other systems. This feature allows for seamless\n authentication and authorization processes across different platforms and\n services.\n\n**Note:** To ensure a seamless upgrade experience with minimal impact, some of\nthese features are gated behind the `feature_flags` config parameter, allowing\ncontrolled deployment and testing.\n\nThe following features have been shipped exclusively to Ory Network for this\nversion:\n\n- **[B2B SSO](https://www.ory.sh/docs/kratos/organizations)** allows your\n customers to connect their LDAP / Okta / AD / … to your login. Ory selects the\n correct login provider based on the user’s email domain.\n- [\\*\\*Significantly better API performance](https://www.ory.sh/docs/api/eventual-consistency)\\*\\*\n for expensive API operations by specifying the desired consistency\n (`strong`, `eventual`).\n- **Finding users effortlessly** with our new fuzzy search for credential\n identifiers available for\n the [Identity List API](https://www.ory.sh/docs/kratos/reference/api#tag/identity/operation/listIdentities).\n\n- Better reliability when sending out emails across different providers.\n- Streamlining the HTTP API and improving related SDK methods.\n- Better performance when calling the whoami API endpoint, updating identities,\n and listing identities.\n- The performance of listing identities has significantly improved with the\n introduction of keyset pagination. Page pagination is still available but will\n be fully deprecated soon.\n- Ability to list multiple identities in a batch call.\n- Passkeys and WebAuthn now support multiple origins, useful when working with\n subdomains.\n- The logout flow now redirects the user back to the `return_to` parameter set\n in the API call.\n- When updating their settings, the user was sometimes incorrectly asked to\n confirm the changes by providing their password. This issue has now been\n fixed.\n- When signing up with an account that already exists, the user will be shown a\n hint helping them sign in to their existing account.\n- CORS configuration can now be hot-reloaded.\n- The integration with Ory OAuth2 / Ory Hydra has improved for logout, login\n session management, verification, and recovery flows.\n- A new passwordless method has been added: \"Magic code\". It sends a one-time\n code to the user's email during sign-up and log-in. This method can\n additionally be used as a fallback login method when the user forgets their\n password.\n- Integration with social sign-in has improved, and it is now possible to use\n the email verified status from the social sign-in provider.\n- Ory Elements and the default Ory Account Experience are now internationalized\n with translations.\n- It is now possible to convert an Ory Session Cookie or Ory Session Token into\n a JSON Web Token.\n- Recovery on native apps has improved significantly and no longer requires the\n user to switch to a browser for the recovery step.\n- Administrators can now find users by their identifiers with fuzzy search -\n this feature is still in preview.\n- Importing HMAC-hashed passwords is now possible.\n- Webhooks can now update identity admin metadata.\n- New screens have been added to make account linking possible when a user has\n registered with a password and later tries signing in with a social account\n sharing the same email.\n- Ability to revoke all sessions of a user when they change their password.\n- Webhooks are now available for all login, registration, and login methods,\n including Passkeys, TOTP, and others.\n- The login screen now longer shows “ID” for the primary identifier, but instead\n extracts the correct label - for example, “Email” or “Username” from the\n Identity Schema.\n- Login hints help users with guidance when they are unable to sign in (wrong\n social sign-in provider) but have an active account.\n- Phone numbers can now be verified via an SMS gateway like Twilio.\n- SMS OTP is now a two-factor option. Ory Kratos 1.1 is a major release that\n marks a significant milestone in our journey.\n\nWe sincerely hope that you find these new features and improvements in Ory\nKratos 1.1 valuable for your projects. To experience the power of the latest\nrelease, we encourage you to get the latest version of Ory\nKratos [here](https://github.com/ory/kratos) or leverage Ory Kratos\nin [Ory Network](https://www.ory.sh/network/) — the easiest, simplest, and most\ncost-effective way to run Ory.\n\nFor organizations seeking to upgrade their self-hosted solution, **Ory offers\nenterprise support services to ensure a smooth transition**. Our team is ready\nto assist you throughout the migration process, ensuring uninterrupted access to\nthe latest features and improvements. Additionally, we provide\nvarious [support plans](https://www.ory.sh/support/) specifically tailored for\nself-hosting organizations. These plans offer comprehensive assistance and\nguidance to optimize your Ory deployments and meet your unique requirements. We\nextend our heartfelt gratitude to the vibrant and supportive Ory Community.\nWithout your constant support, feedback, and contributions, reaching this\nsignificant milestone would not have been possible. As we continue on this\njourney, your feedback and suggestions are invaluable to us. Together, we are\nshaping the future of identity management and authentication in the digital\nlandscape.\n\nContributors to this release in no particular\norder: [moose115](https://github.com/ory/kratos/commits?author=moose115), [K3das](https://github.com/ory/kratos/commits?author=K3das), [sidartha](https://github.com/ory/kratos/commits?author=sidartha), [efesler](https://github.com/ory/kratos/commits?author=efesler), [BrandonNoad](https://github.com/ory/kratos/commits?author=BrandonNoad) ,[Saancreed](https://github.com/ory/kratos/commits?author=Saancreed), [jpogorzelski](https://github.com/ory/kratos/commits?author=jpogorzelski), [dreksx](https://github.com/ory/kratos/commits?author=dreksx), [martinloesethjensen](https://github.com/ory/kratos/commits?author=martinloesethjensen), [cpoyatos1](https://github.com/ory/kratos/commits?author=cpoyatos1), [misamu](https://github.com/ory/kratos/commits?author=misamu), [tristankenney](https://github.com/ory/kratos/commits?author=tristankenney), [nxy7](https://github.com/ory/kratos/commits?author=nxy7), [anhnmt](https://github.com/ory/kratos/commits?author=anhnmt)\n\nAre you passionate about security and want to make a meaningful impact in one of\nthe biggest open-source communities? Join\nthe [Ory community](https://slack.ory.sh/) and become a part of the new ID\nstack. Together, we are building the next generation of IAM solutions that\nempower organizations and individuals to secure their identities effectively.\nWant to check out Ory Kratos yourself? Use these commands to get your Ory Kratos\nproject running on the Ory Network:\n\n```\nbrew install ory/tap/cli\n\nscoop bucket add ory \nscoop install ory\n\nbash <(curl ) -b . ory\nsudo mv ./ory /usr/local/bin/\n\nory auth login\n\nory create project --name \"My first Kratos project\"\n\nory open account-experience registration\n\nory patch identity-config \\\n --replace '/identity/default_schema_id=\"preset://username\"' \\\n --replace '/identity/schemas=[{\"id\":\"preset://username\",\"url\":\"preset://username\"}]' \\\n --format yaml\n\nory open account-experience registration\n```\n\n## Breaking Changes\n\nPagination parameters for the `list identities` CLI command have changed from\narguments to flags `--page-token` and `page-size`:\n\n```\n- kratos list identities 1 100\n+ kratos list identities --page-size 100 --page-token ...\n```\n\nFurthermore, the JSON / JSON pretty output of `list identities` has changed:\n\n```patch\n-[\n- { \"id\": \"...\" },\n- { /* ... */ },\n- // ...\n-]\n+{\n+ \"identities\": [\n+ {\"id\": \"...\"},\n+ { /* ... */ },\n+ // ...\n+ ],\n+ \"next_page_token\": \"...\"\n+}\n```\n\nCloses https://github.com/ory/sdk/issues/284 Closes\nhttps://github.com/ory/kratos/pull/3480\n\n### Bug Fixes\n\n- `oidc` does not require a method in the payload\n ([#3564](https://github.com/ory/kratos/issues/3564))\n ([b299abc](https://github.com/ory/kratos/commit/b299abcfa1ebdb8bbb6bb9339f61873d5c77c44f)):\n - fix: `oidc` does not require a method in the payload\n - refactor: only update strategies order in test\n - chore: update audit messages and comments\n\n- Accept all 200 responses as OK in courier\n ([#3401](https://github.com/ory/kratos/issues/3401))\n ([88237e2](https://github.com/ory/kratos/commit/88237e25b080a9643f6cbf7eedbf23988ba9ba7c)),\n closes [#3399](https://github.com/ory/kratos/issues/3399):\n - fix: accept all 200 responses as OK in courier\n\n- Accept login_challenge after verification\n ([#3427](https://github.com/ory/kratos/issues/3427))\n ([6b02350](https://github.com/ory/kratos/commit/6b02350c21aa65decd1bb16e559e1cc7dae42d55)):\n\n Part of https://github.com/ory/network/issues/320\n\n- Add caching to Jsonnet snippet during session JWT tokenization\n ([#3699](https://github.com/ory/kratos/issues/3699))\n ([1da8180](https://github.com/ory/kratos/commit/1da818072154baa5c0921134919afde595031e94))\n- Add consistency flag ([#3733](https://github.com/ory/kratos/issues/3733))\n ([fd79950](https://github.com/ory/kratos/commit/fd7995077307cc101550eda5d7724ea1f68fa98a))\n- Add max-age to default cors headers\n ([#3584](https://github.com/ory/kratos/issues/3584))\n ([c5b4aaa](https://github.com/ory/kratos/commit/c5b4aaa2df5d010b62a99ccf45850583daad3a66))\n- Add missing tracing & attributes in oidc strategy\n ([#3429](https://github.com/ory/kratos/issues/3429))\n ([09bcb71](https://github.com/ory/kratos/commit/09bcb71f1f0b3238e2d0f4376a1a2290d062c6c1))\n- Add return_to parameter to API spec of createRecoveryLinkForIdentity\n ([#3711](https://github.com/ory/kratos/issues/3711))\n ([757a5e4](https://github.com/ory/kratos/commit/757a5e43257e9ff28a16bfe76f8e737b656d3696))\n- Add value code to authentication method enum\n ([#3546](https://github.com/ory/kratos/issues/3546))\n ([95dc7a2](https://github.com/ory/kratos/commit/95dc7a20f49aa682f324b70e507ec56c20159ebb)):\n - fix: add value code to authentication method enum\n - chore: generate sdk\n\n- Additional_id_token_audiences key in config schema\n ([#3622](https://github.com/ory/kratos/issues/3622))\n ([9396bb0](https://github.com/ory/kratos/commit/9396bb0b586d1d1e74a85c0ae3bcf9de81214f1b))\n- Adjust tracing verbosity\n ([976cd0d](https://github.com/ory/kratos/commit/976cd0dc3dd95c2c1992bfa82394e9fad39f34f2))\n- Allow post recovery hooks to interrupt the flow\n ([#3393](https://github.com/ory/kratos/issues/3393))\n ([6c1d2f1](https://github.com/ory/kratos/commit/6c1d2f1e4173cfb9a7abe2bfe4f20e47b7568d3b))\n- Allow updating admin metadata from webhook responses\n ([#3569](https://github.com/ory/kratos/issues/3569))\n ([22f61f0](https://github.com/ory/kratos/commit/22f61f015495c55e58db4f31ee6882444b9a3caf))\n- Always return relative URLs in the Link header for pagination\n ([fb229c9](https://github.com/ory/kratos/commit/fb229c982c6f7d7a4f5f0f84ffc971a576906160))\n- Auto migrate old accounts to use code credential\n ([#3581](https://github.com/ory/kratos/issues/3581))\n ([569b14a](https://github.com/ory/kratos/commit/569b14aba864761236bd3d5a48e4e69f10ea6c86))\n- Carry `oauth2_login_challenge` over to registration flow\n ([#3419](https://github.com/ory/kratos/issues/3419))\n ([76241be](https://github.com/ory/kratos/commit/76241bee3dc7fec4690346ee85bc4b9f897fdd34)):\n\n Fixes https://github.com/ory/kratos/issues/3321\n\n- Change ListIdentities to keyset pagination\n ([e16fed1](https://github.com/ory/kratos/commit/e16fed1f8563509aac30886386668bb85e6dc797))\n- Change shebangs and makefile from /bin/bash to /usr/bin/env bash\n ([#3597](https://github.com/ory/kratos/issues/3597))\n ([1343bbb](https://github.com/ory/kratos/commit/1343bbbfa11ff3e7fcbc0f233b858d13fd40c66d)):\n - makefile fix\n - shebangs changed to /usr/bin/env bash\n\n Signed-off-by: nxy7 \n\n- Check whoami aal before accepting hydra login request\n ([#3669](https://github.com/ory/kratos/issues/3669))\n ([a2f79c3](https://github.com/ory/kratos/commit/a2f79c31f3208b88024897fc8bf1307ccac6f895))\n- Code method on registration and 2fa\n ([#3481](https://github.com/ory/kratos/issues/3481))\n ([7aa2e29](https://github.com/ory/kratos/commit/7aa2e293175d0f4b6c13552cc3781f54f8caf3a0))\n- Consider OIDC registration flows errored with duplicate credential to be\n completed by strategy ([#3525](https://github.com/ory/kratos/issues/3525))\n ([3e3c789](https://github.com/ory/kratos/commit/3e3c78967523676cbce9a227d574c2f7f4ea314d)):\n\n Returning anything else here may cause Kratos to respond with two concatenated\n JSON objects: new login flow with actual error message as the first one and a\n very confusing '500, aborted registration hook execution' as the second one.\n\n- Csrf token regenerate on browser flows\n ([#3706](https://github.com/ory/kratos/issues/3706))\n ([e4908db](https://github.com/ory/kratos/commit/e4908dbe4a42fad5a80c4d46004e1e3710cabeb7)),\n closes [#3705](https://github.com/ory/kratos/issues/3705)\n- Data race in test\n ([ab6dc31](https://github.com/ory/kratos/commit/ab6dc3121535d27668fed58804a218b17b17ae43))\n- Do not encode full config in multiple places\n ([#3500](https://github.com/ory/kratos/issues/3500))\n ([57a3273](https://github.com/ory/kratos/commit/57a3273055c6e8627dd0b736e881dba3fb0fe75d))\n- Do not generate CSRF token for api flows\n ([#3704](https://github.com/ory/kratos/issues/3704))\n ([d93570d](https://github.com/ory/kratos/commit/d93570d330155c27a9315d1f530a0002a459910a))\n- Do not initialize parts of the registry in parallel\n ([#3534](https://github.com/ory/kratos/issues/3534))\n ([ff177db](https://github.com/ory/kratos/commit/ff177db8a97f27abc3e883e79832685348602334))\n- Don't list org SSOs in settings\n ([#3637](https://github.com/ory/kratos/issues/3637))\n ([6c7068c](https://github.com/ory/kratos/commit/6c7068cf41df51cde5fe9fc79cca84ec6124d38a))\n- Don't require code credential for MFA flows\n ([#3753](https://github.com/ory/kratos/issues/3753))\n ([40ed809](https://github.com/ory/kratos/commit/40ed809db631149874864f216a106c43ea5df670))\n- Don't require session for OIDC verification\n ([#3443](https://github.com/ory/kratos/issues/3443))\n ([e08f831](https://github.com/ory/kratos/commit/e08f831c2715e515bf58dc2dbb47fc3576421a5c))\n- Don't return 500 on conflict for POST /admin/identities\n ([#3437](https://github.com/ory/kratos/issues/3437))\n ([1429949](https://github.com/ory/kratos/commit/142994932e449d9948148804502c98ef73daafff))\n- Don't return nil if code is invalid\n ([#3662](https://github.com/ory/kratos/issues/3662))\n ([df8ec2b](https://github.com/ory/kratos/commit/df8ec2b9b77a53beb32e3f94a8fccb711896d8e7)):\n - fix: don't return nil if code is invalid\n - chore: add test\n\n- Error handling on identity import\n ([#3520](https://github.com/ory/kratos/issues/3520))\n ([83bfb2d](https://github.com/ory/kratos/commit/83bfb2d2a9c69bf3a3442500b9484c1a69f8c794)):\n\n When importing identities without any traits, or with malformed traits, 500s\n are returned. This improves the error handling and messaging.\n\n- False-positives for requiring re-authentication on update\n ([#3421](https://github.com/ory/kratos/issues/3421))\n ([ce8139f](https://github.com/ory/kratos/commit/ce8139f2325a8317388cbcaaa98f3f83d626657b))\n- Http courier using should use lower case json\n ([#3740](https://github.com/ory/kratos/issues/3740))\n ([84149c4](https://github.com/ory/kratos/commit/84149c4b420ea89f0a16a579c017a8e7e1670204))\n- Identity list pagination in CLI command and SDK\n ([#3482](https://github.com/ory/kratos/issues/3482))\n ([1e8b1ae](https://github.com/ory/kratos/commit/1e8b1aeb4bf866892788986f62a31255372de999)):\n\n Adds correct pagination parameters to the SDK methods for listing identities\n and sessions.\n\n- Ignore CSRF middleware on Apple OIDC callback\n ([309c506](https://github.com/ory/kratos/commit/309c50694c11162cad070337f9b1d4e0fcdf444b))\n- Ignore more cloudflare cookies\n ([#3499](https://github.com/ory/kratos/issues/3499))\n ([f124ab5](https://github.com/ory/kratos/commit/f124ab5586781cdbfc0a0cfd11b4355bfc8a115c))\n- Improved SSRF protection ([#3629](https://github.com/ory/kratos/issues/3629))\n ([6d08576](https://github.com/ory/kratos/commit/6d08576bbc2c06014192f05e0129b95eb6c9fd80)):\n\n This also improves tracing in the OIDC strategy.\n\n- Incorrect login accept challenge\n ([#3658](https://github.com/ory/kratos/issues/3658))\n ([b5dede3](https://github.com/ory/kratos/commit/b5dede329247d0962688b15872a6caf027cf910f))\n- Incorrect sdk generator path\n ([#3488](https://github.com/ory/kratos/issues/3488))\n ([ed996c0](https://github.com/ory/kratos/commit/ed996c0d25e68e8a2c7de861c546f0b0e42e9e6e))\n- Incorrect SMTP error handling\n ([#3636](https://github.com/ory/kratos/issues/3636))\n ([ee138ec](https://github.com/ory/kratos/commit/ee138ec4e1ba55ef077858653220db9e6b0c7254))\n- Incorrect swagger spec for filter parameter\n ([#3684](https://github.com/ory/kratos/issues/3684))\n ([2c1470a](https://github.com/ory/kratos/commit/2c1470ab3556e639f06a01ac1646a6b90c7ecac7)),\n closes [#3676](https://github.com/ory/kratos/issues/3676)\n [#3675](https://github.com/ory/kratos/issues/3675)\n- Increase connection-level timeouts and shutdown timeouts\n ([#3570](https://github.com/ory/kratos/issues/3570))\n ([200b413](https://github.com/ory/kratos/commit/200b4138a429d113ee045d16031bb0a6312c1c01)):\n\n The admin API is generally expected to require longer timeouts, for example\n during bulk identity import.\n\n- Issue session after verification after registration with OIDC SSO\n ([#3467](https://github.com/ory/kratos/issues/3467))\n ([a28b523](https://github.com/ory/kratos/commit/a28b523238743f3873b51479eea3b86d684092f9))\n- Lint\n ([e8740c3](https://github.com/ory/kratos/commit/e8740c3498446dcaeab2990604a317e61dc170df))\n- Lower-case recovery & verification emails on import\n ([#3571](https://github.com/ory/kratos/issues/3571))\n ([e2ac9ff](https://github.com/ory/kratos/commit/e2ac9ff4e2101788f1fca1b8c83f8791cce446e2)):\n\n Emails that contained upper-case characters would be overwritten by the\n identity schema extension runner, because there all emails are lower-cased.\n\n- Mark identity as optional in session struct\n ([#3463](https://github.com/ory/kratos/issues/3463))\n ([7ae02ba](https://github.com/ory/kratos/commit/7ae02ba697f68c9cfae5fe8f696b2c55a3ba9ddc)),\n closes [#3461](https://github.com/ory/kratos/issues/3461):\n\n The identity is not always available in the session struct, for example when\n AAL2 is required.\n\n- Omit irrelevant OIDC providers in forced refresh login flows\n ([#3608](https://github.com/ory/kratos/issues/3608))\n ([912dccd](https://github.com/ory/kratos/commit/912dccdf04a550604c5bfeb53ccf79c5f1133ef2)):\n\n Whenever an user is asked to reauthenticate (e.g. because they wish to execute\n settings flow touching their credentials and their session is no longer\n privileged) they are asked to provide their credentials again. The\n forced-refresh login flow generated for such cases already excludes some\n strategies that are enabled in Kratos but cannot be used to authenticate as\n current identity, and for example the form presented to the user will not have\n a password field if the identity does not have a password credential.\n\n This, however, does not currently apply to OIDC providers; the user will\n always see the full set even if some of them can't be used to sign in as\n current identity. This change causes forced refresh login flows to also omit\n irrelevant OIDC providers in generated form in order to avoid confunding the\n user about which strategies/providers are valid and can actually be used to\n reauthenticate.\n\n- On verification required after registration, preserve return_to\n ([#3589](https://github.com/ory/kratos/issues/3589))\n ([6a0a914](https://github.com/ory/kratos/commit/6a0a9149b9828ba994bec9b48a43f9d70245f43f)):\n - fix: on verification required after registration, preserve return_to\n - test: return_to on verification flow\n - chore: refactor\n\n- Panic in recovery ([#3639](https://github.com/ory/kratos/issues/3639))\n ([c25ddff](https://github.com/ory/kratos/commit/c25ddffd2270a8d0861e2fc78cd0ba26e63af4eb))\n- Pass context ([#3452](https://github.com/ory/kratos/issues/3452))\n ([c492bdc](https://github.com/ory/kratos/commit/c492bdcd0c5dbdf527ae523d879a6c1eeb9c4cdf))\n- Properly normalize OIDC verified emails\n ([#3450](https://github.com/ory/kratos/issues/3450))\n ([703b910](https://github.com/ory/kratos/commit/703b910927d879558bfeb0fd2c3339b1d301fac8))\n- Redirect to verification URL even if login_challenge is set\n ([#3412](https://github.com/ory/kratos/issues/3412))\n ([cd9e6a0](https://github.com/ory/kratos/commit/cd9e6a0e1e4cb4957d2a50ae3d288ebb0591e42d)):\n\n Fixes https://github.com/ory/network/issues/320\n\n- Reduce db lookups in whoami for aal check\n ([#3372](https://github.com/ory/kratos/issues/3372))\n ([d814a48](https://github.com/ory/kratos/commit/d814a4864d5c25c4f320daca733873577d517331)):\n\n Significantly improves performance by reducing the amount of queries we need\n to do when checking for the different AAL levels.\n\n- Registration code ui nodes group\n ([#3505](https://github.com/ory/kratos/issues/3505))\n ([6220184](https://github.com/ory/kratos/commit/622018459ddb16c182da49dfd91fd1c6ef8c6b73)):\n - fix: registration code ui nodes group\n - style: format\n\n- Registration should accept hydra login\n ([#3592](https://github.com/ory/kratos/issues/3592))\n ([7a47827](https://github.com/ory/kratos/commit/7a47827cfd58ef68ebfbbeaf5ed86c394ba2bd5e)):\n - fix: registration should accept hydra login\n - fix: oauth2 registration flow with session\n - wip: registration oauth flow tests\n - wip: refactor oauth flows test\n - wip: refactor op_registration_test\n - wip: oauth provider registration test\n - wip: refactor oauth flows test\n - fix(test): oauth provider login\n - style: format\n\n- Registration with verification\n ([#3451](https://github.com/ory/kratos/issues/3451))\n ([77c3196](https://github.com/ory/kratos/commit/77c3196fd60c5927b84e9a7f6546f80ac2d78ee5))\n- Reject obviously invalid email addresses from courier\n ([8cb9e4c](https://github.com/ory/kratos/commit/8cb9e4cae9dffd4c25d52920186f9c5fbe2bd0fe))\n- Remove `earliest_possible_extend` default in schema\n ([#3464](https://github.com/ory/kratos/issues/3464))\n ([7e05b7d](https://github.com/ory/kratos/commit/7e05b7db3c01efc96185ac18042e971e33da37c8))\n- Remove duplicate message ID usage\n ([#3468](https://github.com/ory/kratos/issues/3468))\n ([dfcbe22](https://github.com/ory/kratos/commit/dfcbe226bc53b91f3a6c9837496a159b85c2e68a))\n- Remove requirement for smtp section\n ([#3405](https://github.com/ory/kratos/issues/3405))\n ([59a3f14](https://github.com/ory/kratos/commit/59a3f1469b8412e49846a500493cb02fc6eb34b1))\n- Remove slow queries from update identities\n ([#3553](https://github.com/ory/kratos/issues/3553))\n ([d138abb](https://github.com/ory/kratos/commit/d138abb6278ebb232e120bee0fb956a0f2816b8d))\n- Rename \"phone\" courier channel to \"sms\"\n ([#3680](https://github.com/ory/kratos/issues/3680))\n ([eb8d1b9](https://github.com/ory/kratos/commit/eb8d1b9abd6d2b3eb86ab11d48d9ebd059586b67))\n- Respect gomail.SendError in mail queue\n ([#3600](https://github.com/ory/kratos/issues/3600))\n ([9c608b9](https://github.com/ory/kratos/commit/9c608b991874d839782d9219f2fc27d0d4a398af))\n- Respond with 422 when SPA identity requires AAL2\n ([#3572](https://github.com/ory/kratos/issues/3572))\n ([df18c09](https://github.com/ory/kratos/commit/df18c09e0089743e8aee17540d277b9572252e06)):\n\n If you submit a browser login flow with an `Accept` header of\n `application/json`, but the login flow requires AAL2, then there is no way for\n the code to know it needs to redirect the user to the 2FA page. Instead of\n responding with the `Session` in this scenario, this PR changes the behaviour\n to respond with a `browser_location_change_required` error (status `422`) to\n indicate that the browser needs to open a specific URL,\n /self-service/login/browser?aal=aal2.\n\n- Return 400 bad request for invalid login challenge\n ([#3404](https://github.com/ory/kratos/issues/3404))\n ([ca34e9b](https://github.com/ory/kratos/commit/ca34e9b744482b41d65082f3bed52e9c4ebd7ba4))\n- Return HTTP 400 if key unmarshal fails\n ([#3594](https://github.com/ory/kratos/issues/3594))\n ([fdf4956](https://github.com/ory/kratos/commit/fdf4956d9218cfa1d2227c4880e48f9bbdaeb95d)):\n - fix: return HTTP 400 if key unmarshal fails\n - fix: apply reviewer's suggestion, prepare for bump\n - fix: follow up reviewer suggestion from ory/x\n - chore: bump ory/x\n\n- Schema test errors ([#3528](https://github.com/ory/kratos/issues/3528))\n ([bee0341](https://github.com/ory/kratos/commit/bee0341c5bf5708a2210146fc59f050a1b9df663))\n- Set iss from userinfo claims if missing\n ([#3744](https://github.com/ory/kratos/issues/3744))\n ([241a911](https://github.com/ory/kratos/commit/241a911af74e8ad7353d6e3cab86db20758b86fc))\n- Specify correct minimum versions in migratest\n ([18b89ea](https://github.com/ory/kratos/commit/18b89ea588d129fa88379f7b0d7f4fd00ec6023d))\n- Tracing context passing in /sessions/whoami\n ([1254bf5](https://github.com/ory/kratos/commit/1254bf5a38dbe2c0e2798e07dd0ee5e4b2f63d6e))\n- Tracing improvements\n ([c804cb2](https://github.com/ory/kratos/commit/c804cb2bebbefc97073cf3b8fa250c3eefc58894))\n- Type-assert all interfaces that WebHook implements\n ([ffda1a0](https://github.com/ory/kratos/commit/ffda1a0dab661c5f11ad849b9287094313561b79))\n- Ui node input attributes key added\n ([#3561](https://github.com/ory/kratos/issues/3561))\n ([9eff0f3](https://github.com/ory/kratos/commit/9eff0f3a611f32af7aa7f27587b3d3f4448ce915)):\n - fix: ui node InputAttributes.Key added\n - fix: selfservice recovery flow add React unique key and numeric pattern\n - fix: remove React related key addition\n - test: update snapshot\n\n- Use ID label on login with multiple identifiers\n ([#3657](https://github.com/ory/kratos/issues/3657))\n ([be907db](https://github.com/ory/kratos/commit/be907dbbd841025fd854344b77d3368b2ff8089f))\n- Use org ID from session if available in login flow\n ([#3545](https://github.com/ory/kratos/issues/3545))\n ([1b3647c](https://github.com/ory/kratos/commit/1b3647c2acdad966f920c2b9e6e657c52aa50c6e))\n- Use provider label in link message\n ([#3661](https://github.com/ory/kratos/issues/3661))\n ([fa5ec93](https://github.com/ory/kratos/commit/fa5ec93e8ae7d971d07f0e9b3acaa0840b9ac7de))\n- Use registry client for schema loading\n ([#3471](https://github.com/ory/kratos/issues/3471))\n ([3a57726](https://github.com/ory/kratos/commit/3a577269980213e4415fd5fa713882990e2e7640))\n- Using first name as last name\n ([#3556](https://github.com/ory/kratos/issues/3556))\n ([df80377](https://github.com/ory/kratos/commit/df80377f5fe6180fba5904baa5be1ba1d68eb2aa))\n- Wrong continue_with enum declaration\n ([#3522](https://github.com/ory/kratos/issues/3522))\n ([4c34c24](https://github.com/ory/kratos/commit/4c34c2417db0cb1f79b42db5f33544c90b38ad87))\n\n### Code Generation\n\n- Pin v1.1.0 release commit\n ([f47675b](https://github.com/ory/kratos/commit/f47675b82012e0ff74b05b9b7e713b3aa2fdda54))\n\n### Documentation\n\n- Add example for `allowed_return_urls` to include wildcard url\n ([#3533](https://github.com/ory/kratos/issues/3533))\n ([39b0c3c](https://github.com/ory/kratos/commit/39b0c3c03df0aec254b32c840730452d4856872b)),\n closes [#1528](https://github.com/ory/kratos/issues/1528)\n- Improve enum handling and completeness\n ([#3714](https://github.com/ory/kratos/issues/3714))\n ([4b881ca](https://github.com/ory/kratos/commit/4b881cae4359bfa068261d2d0765ce3daadcbcf2))\n- Remove experimental warnings\n ([#3406](https://github.com/ory/kratos/issues/3406))\n ([d4d26e6](https://github.com/ory/kratos/commit/d4d26e6e1510c8e09346e95251f420f95ec54998)):\n\n See https://github.com/ory/kratos/discussions/3388\n\n- Update link to hashed password formats\n ([#3484](https://github.com/ory/kratos/issues/3484))\n ([8ca3adc](https://github.com/ory/kratos/commit/8ca3adcb8a5db2906fbeb92f4b74aa4242fabdef))\n\n### Features\n\n- Add ability to convert session to JWT when calling whoami\n ([#3472](https://github.com/ory/kratos/issues/3472))\n ([57b7bb8](https://github.com/ory/kratos/commit/57b7bb846c8072f786ea6b80cd688fdee75805da)),\n closes [#2487](https://github.com/ory/kratos/issues/2487):\n\n This patch adds a query parameter `tokenize_as` to `/session/whoami` which\n encodes the session to a JWT. It is possible to customize the JWT claims by\n using a JsonNet template, and furthermore change the expiry of the token.\n\n The tokenize feature supports multiple templates, which makes it easy to use\n the resulting JWT in a variety of use cases.\n\n- Add event ([#3524](https://github.com/ory/kratos/issues/3524))\n ([75031e6](https://github.com/ory/kratos/commit/75031e67bc82a820a6aba134115e8d5f93303638))\n- Add GetID member functions to RecoveryAddress and Credentials\n ([#3474](https://github.com/ory/kratos/issues/3474))\n ([085d500](https://github.com/ory/kratos/commit/085d5002df27d455057d33bd2d93dfbca0de4872))\n- Add ID Token sign in with Google Android/iOS SDK\n ([#3515](https://github.com/ory/kratos/issues/3515))\n ([055ed92](https://github.com/ory/kratos/commit/055ed9226d9d12f5142542be2e18438ff708c2e2))\n- Add OpenTelemetry span for password hash comparison\n ([#3383](https://github.com/ory/kratos/issues/3383))\n ([e3fcf0c](https://github.com/ory/kratos/commit/e3fcf0c31db9742ed61bcf783e37ee119ed19d42))\n- Add request URL to email and SMS templates\n ([bf5f8c3](https://github.com/ory/kratos/commit/bf5f8c3cfb2eb523a77239addb8249adf9f8b31d))\n- Add sms verification for phone numbers\n ([#3649](https://github.com/ory/kratos/issues/3649))\n ([e3a3c4f](https://github.com/ory/kratos/commit/e3a3c4fe0d6697f6864283daf4be8a8f8971c7b4))\n- Add support for recovery on native flows\n ([#3273](https://github.com/ory/kratos/issues/3273))\n ([e363889](https://github.com/ory/kratos/commit/e363889732c0a1cb801fd12b2e0e8546006e9714))\n- Add WebhookSucceeded event\n ([aa8c936](https://github.com/ory/kratos/commit/aa8c93677a8f682f7693afe69f1baf1887355e0a))\n- Added various new text messages\n ([ea91483](https://github.com/ory/kratos/commit/ea914834e6bb626de2977e228af2b40935ccc980)):\n\n To improve i18n and message customization, we added a bunch of new messages.\n Integrations that do message customization should probably handle those new\n message codes:\n - 1010014\n - 1010015\n - 1040005\n - 1040006\n - 1070012\n - 1070013\n - 4000028\n - 4000029\n - 4000030\n - 4000031\n - 4000032\n - 4000033\n - 4000034\n - 4000035\n - 4000036\n - 4010007\n - 4010008\n - 4040002\n - 4040003\n\n Additionally, these messages got more context:\n - 1050014\n - 1050018\n - 1070002\n - 4000001\n - 4000003\n - 4000004\n - 4000017\n - 4000018\n - 4000019\n - 4000020\n - 4000021\n - 4000022\n - 4000023\n - 4000024\n - 4000025\n - 4000026\n - 4010001\n - 4040001\n - 4050001\n - 4060005\n - 4070005\n - 5000001\n\n- Allow additional id token audiences\n ([#3616](https://github.com/ory/kratos/issues/3616))\n ([0fa648d](https://github.com/ory/kratos/commit/0fa648d9f7b837a35de9b230a05b5951e95d5874))\n- Allow extra migrations in NewPersister\n ([96c1ff7](https://github.com/ory/kratos/commit/96c1ff7747ea38e23a3892f74b75ee555ed49c88))\n- Allow fuzzy-search on credential identifiers\n ([#3526](https://github.com/ory/kratos/issues/3526))\n ([2cb3ea2](https://github.com/ory/kratos/commit/2cb3ea2eaff909ac936611d5653f69e713f41b64)):\n\n This PR adds the ability to search for sub-strings and similar strings in\n credential identifiers.\n\n Note that the **postgres** and **CRDB** migrations create special indexes\n useful for this feature. To use\n [online schema changes](https://www.cockroachlabs.com/docs/v23.1/online-schema-changes)\n with cockroach, we recommend to manually copy the index definition and run it\n before applying migrations. The migration will then be a no-op.\n\n If you run on **mysql** (or **sqlite**), no special index is created. If\n desired, you can create such an index manually, and it would be highly\n appreciated if you could contribute its definition.\n\n This feature is a preview and will change in behavior! Similarity search is\n not expected to return deterministic results but are useful for humans.\n\n- Allow importing hmac hashed passwords\n ([#3544](https://github.com/ory/kratos/issues/3544))\n ([0a0e1f7](https://github.com/ory/kratos/commit/0a0e1f7200e226ef24de062811a05bcdd02b6acd)),\n closes [#2422](https://github.com/ory/kratos/issues/2422):\n\n The basic format is\n `$hmac-$$`:\n\n ```\n # password = test; key=key; hash function=sha\n $hmac-sha1$NjcxZjU0Y2UwYzU0MGY3OGZmZTFlMjZkY2Y5YzJhMDQ3YWVhNGZkYQ==$a2V5\n ```\n\n- Allow marking OIDC provider-verified addresses as verified during registration\n ([#3448](https://github.com/ory/kratos/issues/3448))\n ([e7b33a1](https://github.com/ory/kratos/commit/e7b33a168bf0c0fe0492901abd3df8b6d6a08a68)),\n closes [#3445](https://github.com/ory/kratos/issues/3445)\n [#3424](https://github.com/ory/kratos/issues/3424)\n [#1057](https://github.com/ory/kratos/issues/1057):\n\n This feature allows marking emails provided by social sign in providers as\n verified.\n\n- Batch list identities ([#3598](https://github.com/ory/kratos/issues/3598))\n ([8ad54f1](https://github.com/ory/kratos/commit/8ad54f1be53b30fdb24b616be0c52fd66829f201)),\n closes [#2448](https://github.com/ory/kratos/issues/2448):\n\n This change allows to filter `GET /admin/identities` by ID with the following\n syntax:\n\n ```\n /admin/identities?ids=id1&ids=id2&ids=id3\n ```\n\n- **changelog:** Add support for native recovery\n ([#3624](https://github.com/ory/kratos/issues/3624))\n ([492808c](https://github.com/ory/kratos/commit/492808cae0e804793aef9a02a902fce988f9fc6d)):\n\n Adds the ability to complete the recovery flow properly on API flows. This PR\n also streamlines the behavior for SPA flows to not return 422 errors anymore.\n To enable this new behavior, set the features.use_continue_with_transitions\n flag in the config to `true`.\n\n See also https://github.com/ory/kratos/pull/3273\n\n- Claims from userinfo endpoint\n ([#3718](https://github.com/ory/kratos/issues/3718))\n ([90bdc61](https://github.com/ory/kratos/commit/90bdc61d28466f10e4e609df014b220afbee0478)):\n - feat: claims from userinfo endpoint\n - chore: update libraries\n - test: improve coverage\n\n- Emit error details when we find stray cookies in an API flow\n ([#3496](https://github.com/ory/kratos/issues/3496))\n ([df74339](https://github.com/ory/kratos/commit/df74339802d98a292abb32806eca35fb2554960b))\n- Eventually consistency API controls\n ([#3558](https://github.com/ory/kratos/issues/3558))\n ([00cf11c](https://github.com/ory/kratos/commit/00cf11c071344103c603c078f07196401d091780)):\n\n Adds a feature used in Ory Network which enables trading faster reads for\n slightly stale data.\n\n This feature depends on Cockroach functionality and configuration, and is not\n possible for MySQL or PostgreSQL.\n\n- Extend Microsoft Graph API capabilities\n ([#3609](https://github.com/ory/kratos/issues/3609))\n ([4a7bcc9](https://github.com/ory/kratos/commit/4a7bcc9322be37e6fd141e411bd65e3977eeb692)):\n\n This change queries for all user information available with the `User.Read`\n scope during OIDC, and populates the `RawClaims` field.\n\n- Extract identifier label for login from default identity schema\n ([#3645](https://github.com/ory/kratos/issues/3645))\n ([180828e](https://github.com/ory/kratos/commit/180828eb507ab239a9c6589f747a6816b6e50074))\n- Fine-grained hooks for all available flow methods\n ([#3519](https://github.com/ory/kratos/issues/3519))\n ([a37f6bd](https://github.com/ory/kratos/commit/a37f6bddc48443b2fc464699fa5c2922f64d81f6)):\n\n Adds fine-grained hook configurations to the post-settings flow for methods\n totp, webauthn, lookup_secret and the post-login flow for totp, lookup_secret,\n and code.\n\n- Hook to revoke sessions after password changed\n ([#3514](https://github.com/ory/kratos/issues/3514))\n ([e6af6db](https://github.com/ory/kratos/commit/e6af6db37ff5de33a656ce7804c813451395459d)),\n closes [#3513](https://github.com/ory/kratos/issues/3513):\n\n Currently, the Kratos system does not automatically log out or invalidate\n other active sessions when a user changes their password. This poses a\n significant security risk as it allows potentially unauthorized individuals to\n maintain access to the account even after the password has been updated.\n\n This PR provides the option to add the `revoke_active_sessions` hook to the\n actions sections of the selfservice settings.\n\n- Hot-reload CORS origins ([#3423](https://github.com/ory/kratos/issues/3423))\n ([157d934](https://github.com/ory/kratos/commit/157d9345aeb04f371f9d85b70c89e8646e781333))\n- Improve messages for easier i18n\n ([#3457](https://github.com/ory/kratos/issues/3457))\n ([37f1657](https://github.com/ory/kratos/commit/37f16577d92ba88869bf15fb1ea54e819b062724))\n- Improve performance by computing password hashes while validating\n ([#3508](https://github.com/ory/kratos/issues/3508))\n ([a9786c5](https://github.com/ory/kratos/commit/a9786c599d09f61e2e07df5066ce94feb2d99bac))\n- Improved webhook tracing ([#3746](https://github.com/ory/kratos/issues/3746))\n ([9d7021d](https://github.com/ory/kratos/commit/9d7021d87f47690c2c1f8000e87b425e49bc9496))\n- Jsonnet caching for OIDC claims mapper, webhooks, JWT session tokenizer\n ([#3701](https://github.com/ory/kratos/issues/3701))\n ([1d26e09](https://github.com/ory/kratos/commit/1d26e097b273aeda36f73637765da5bdb2aa4a66))\n- Link oidc credentials when login\n ([#3563](https://github.com/ory/kratos/issues/3563))\n ([b784949](https://github.com/ory/kratos/commit/b784949d03b849d9d1d594977f75f5843b7b5da8)),\n closes [#2727](https://github.com/ory/kratos/issues/2727)\n [#3222](https://github.com/ory/kratos/issues/3222):\n\n When user tries to login with OIDC for the first time but has already\n registered before with email/password a credentials identifier conflict may be\n detected by Kratos. In this case user needs to login with email/password first\n and then link OIDC credentials on a settings screen. This PR simplifies UX and\n allows user to link OIDC credentials to existing account right in the login\n flow, without switching to settings flow.\n\n- List by OIDC cred ([#3721](https://github.com/ory/kratos/issues/3721))\n ([bff9c61](https://github.com/ory/kratos/commit/bff9c61b147648ab139e7e86cda4336b5d1cfd39))\n- Login with code on any credential type\n ([#3549](https://github.com/ory/kratos/issues/3549))\n ([ceed7d5](https://github.com/ory/kratos/commit/ceed7d5478c5cca894587698c57f676dda100b27)):\n\n Should be able to login with the `code` credential even if the user did not\n register on the `code` credential. Only `identifier` matching is done and\n validation based on the identity schema.\n\n- One-time code native flows\n ([#3516](https://github.com/ory/kratos/issues/3516))\n ([9b0fee3](https://github.com/ory/kratos/commit/9b0fee30f980d860fd548e7589fa6a06e593537a))\n- Order sessions by created_at\n ([#3696](https://github.com/ory/kratos/issues/3696))\n ([688111c](https://github.com/ory/kratos/commit/688111c9a6bf9872657cf6aada77f55fa2520e00))\n- Parametrize courier worker\n ([#3601](https://github.com/ory/kratos/issues/3601))\n ([0e4be57](https://github.com/ory/kratos/commit/0e4be57e41e1152f4be22f490541c2c099cfe3fe)):\n\n Allows one to parametrize how many messages the courier will fetch and how\n often it will fetch messages.\n\n- Passwordless browser login and registration via code to email\n ([#3378](https://github.com/ory/kratos/issues/3378))\n ([eaaf375](https://github.com/ory/kratos/commit/eaaf37519917612671238412a633847386d7c613)),\n closes [#2029](https://github.com/ory/kratos/issues/2029)\n [ory-corp/cloud#3573](https://github.com/ory-corp/cloud/issues/3573):\n\n This feature adds passwordless email code login. When a user signs up, or\n signs in, a code is sent to their email address which they can use to complete\n the authentication process.\n\n This feature is currently only working for browser facing APIs.\n\n- Pooled process-isolated Jsonnet VM\n ([9a52ddf](https://github.com/ory/kratos/commit/9a52ddfbe7c24c41b6aa3ddc3c79c6fcbfb8db02))\n- Provide login hints when registration fails due to duplicate\n credentials/addresses ([#3430](https://github.com/ory/kratos/issues/3430))\n ([8b28469](https://github.com/ory/kratos/commit/8b284697e4a26fb01ad57d2e9ebd8f714be49f33)):\n - feat: provide login hints when registration fails due to duplicate\n credentials or identifiers\n - feat: identify edge cases and write tests\n - chore: synchronize workspaces\n - feat: make login hints configurable\n - chore: synchronize workspaces\n - chore: synchronize workspaces\n - chore: synchronize workspaces\n - chore: synchronize workspaces\n\n- Support auth_type parameter\n ([#3487](https://github.com/ory/kratos/issues/3487))\n ([fc30304](https://github.com/ory/kratos/commit/fc303040b71139f512fd1491ce30f80837b940b9)):\n\n The Facebook OIDC provider supports an auth_type parameter that when set to\n \"reauthenticate\" will force the user to reauthenticate (similar to\n `prompt=login` for other Providers).\n\n- Support for B2B SSO ([#3489](https://github.com/ory/kratos/issues/3489))\n ([0ec037a](https://github.com/ory/kratos/commit/0ec037ab298ed28fb0ac84db6a4d2b14b81e57df))\n- Support MFA via SMS ([#3682](https://github.com/ory/kratos/issues/3682))\n ([1516cf6](https://github.com/ory/kratos/commit/1516cf64e346819dccace1cc25aaccac38b9e47c))\n- Support multiple origins for WebAuthN\n ([#3380](https://github.com/ory/kratos/issues/3380))\n ([013f335](https://github.com/ory/kratos/commit/013f335881831bbf90ac31b219b57118fc089fe6)):\n\n Users can now supply a list of origins for webauthn in the configuration.\n\n- Support native social sign using apple sdk\n ([#3476](https://github.com/ory/kratos/issues/3476))\n ([f561013](https://github.com/ory/kratos/commit/f561013dd737dadcc82c4ec049fde12861e91e43))\n- Transmit current session ID to Hydra when accepting the login\n ([#3426](https://github.com/ory/kratos/issues/3426))\n ([610c76d](https://github.com/ory/kratos/commit/610c76d9140f2f43217ac55094051a994ea83ecc)):\n - chore: change react-native port to 19006\n - feat: transmit current session ID when accepting login\n - fix: upgrade hydra in tests\n\n- Webhook analytic events\n ([9c8a25e](https://github.com/ory/kratos/commit/9c8a25eb0d3e06df182565d3d959d57e5dccfed8))\n\n### Reverts\n\n- Revert \"chore: simplify courier code (#3603)\"\n ([7c54c9f](https://github.com/ory/kratos/commit/7c54c9f36c86142c8e071a5359c71cf6213a1a69)),\n closes [#3603](https://github.com/ory/kratos/issues/3603):\n\n This reverts commit 316cd4aacfe31efafa7d737a7c476e2c794e9c9b.\n\n### Tests\n\n- Add test for link + oidc challenge\n ([#3720](https://github.com/ory/kratos/issues/3720))\n ([67360cf](https://github.com/ory/kratos/commit/67360cf39482b935604f088a4b7a83cc4deab375))\n- **e2e:** Logout return_to ([#3418](https://github.com/ory/kratos/issues/3418))\n ([c348c12](https://github.com/ory/kratos/commit/c348c12ab3c9cdb4ce8159fe774ed179ff6a4d8a))\n- Fix cypress setup ([#3527](https://github.com/ory/kratos/issues/3527))\n ([70c8ddd](https://github.com/ory/kratos/commit/70c8ddd49c8abb9c10f2ca349e01061b791c5e7b))\n- Fix e2e failures and speed up e2e tests\n ([#3483](https://github.com/ory/kratos/issues/3483))\n ([70a6171](https://github.com/ory/kratos/commit/70a617194d61763f4b75691b22cfa76ba71ab019))\n- Fix hydra tests on master ([#3737](https://github.com/ory/kratos/issues/3737))\n ([12166b4](https://github.com/ory/kratos/commit/12166b4370d607a069f268227752bb7b18a50b57))\n- Reduce logging in go tests\n ([#3562](https://github.com/ory/kratos/issues/3562))\n ([05de3a2](https://github.com/ory/kratos/commit/05de3a29fed020593c44ea7a7b29e45197fef4f7))\n- Resolve cypress issues ([#3531](https://github.com/ory/kratos/issues/3531))\n ([4206d26](https://github.com/ory/kratos/commit/4206d2605dfa30b19e132be31b85b1a35f8dca78))\n\n### Unclassified\n\n- Revert \"feat: extend Microsoft Graph API capabilities (#3609)\" (#3717)\n ([549308d](https://github.com/ory/kratos/commit/549308db1f7dca42004631ed6156cae5f827b8fe)),\n closes [#3609](https://github.com/ory/kratos/issues/3609)\n [#3717](https://github.com/ory/kratos/issues/3717):\n\n This reverts commit 4a7bcc9322be37e6fd141e411bd65e3977eeb692.\n\n# [1.0.0](https://github.com/ory/kratos/compare/v0.13.0...v1.0.0) (2023-07-12)\n\nWe are thrilled to announce Ory Kratos v1.0, the powerful Identity, User\nManagement, and Authentication system! With this major update, Ory Kratos brings\na host of enhancements and fixes that greatly improve the user experience and\noverall performance.\n\nSeveral compelling reasons led to label Ory Kratos as a major release, like\nsuccessfully processing over 100 million API requests daily and having about 100\nmillion Docker Pulls. We have maintained stability within the Ory Kratos APIs\nfor nearly two years, demonstrating their robustness and reliability. No\nbreaking changes mean that developers can trust the stability of Ory Kratos in\nproduction.\n\nOry Kratos 1.0 introduces a variety of new features while focusing on stability,\nrobustness, and improved performance. Major enhancements include support for\nsocial login and single-sign-on via OpenID connect in native apps, emails sent\nthrough HTTP rather than SMTP, and full compatibility with Ory Hydra v2.2.0.\nUsers will also find multi-region support in the Ory Network for broader\ngeographic reach, improved export functionality for all credential types, and\nenhanced session management with the introduction of the \"provider ID\"\nparameter. Other additions comprise distroless images for leaner resource\nutilization and faster deployment and support for the Lark OIDC provider.\n\nSignificant improvements and fixes accompany these new features. Enhanced OIDC\nflows now include the ability to forward prompt upstream parameters, offering\ndevelopers increased flexibility and customization options. The logout flow also\nsupports the `return_to` parameter, facilitating more flexible redirection\npost-user logout. Performance has been a key focus, with Ory Kratos 1.0 now\ncapable of handling hundreds of millions of active users monthly. Critical bug\nfixes have been applied to prevent users from being redirected to incorrect\ndestinations, ensuring smoother authentication and authorization. Additionally,\nthere's more support for legacy systems via implemented crypt(3) hashers and a\nfix for metadata patching has been deployed to ensure consistent user metadata\nmanagement. For a detailed view of all changes, refer to the\n[changelog on GitHub](https://github.com/ory/kratos/blob/master/CHANGELOG.md).\nFeedback and support are, as always, greatly appreciated.\n\nOry Kratos 1.0 is a major release that marks a significant milestone in our\njourney.\n\nWe sincerely hope that you find these new features and improvements in Ory\nKratos 1.0 valuable for your projects. To experience the power of the latest\nrelease, we encourage you to get the latest version of Ory\nKratos [here](https://github.com/ory/kratos) or leverage Kratos\nin [Ory Network](https://www.ory.sh/network/) — the easiest, simplest, and most\ncost-effective way to run Ory.\n\nFor organizations seeking to upgrade their self-hosted solution, **Ory offers\ndedicated support services to ensure a smooth transition**. Our team is ready to\nassist you throughout the migration process, ensuring uninterrupted access to\nthe latest features and improvements. Additionally, we provide\nvarious [support plans](https://www.ory.sh/support/) specifically tailored for\nself-hosting organizations. These plans offer comprehensive assistance and\nguidance to optimize your Ory deployments and meet your unique requirements.\n\nWe extend our heartfelt gratitude to the vibrant and supportive Ory Community.\nWithout your constant support, feedback, and contributions, reaching this\nsignificant milestone would not have been possible. As we continue on this\njourney, your feedback and suggestions are invaluable to us. Together, we are\nshaping the future of identity management and authentication in the digital\nlandscape.\n\nContributors to this release in alphabetical order:\n[borisroman](https://github.com/ory/kratos/commits?author=borisroman),\n[ci42](https://github.com/ory/kratos/commits?author=ci42),\n[CNLHC](https://github.com/ory/kratos/commits?author=CNLHC),\n[David-Wobrock](https://github.com/ory/kratos/commits?author=David-Wobrock),\n[giautm](https://github.com/ory/kratos/commits?author=giautm),\n[IchordeDionysos](https://github.com/ory/kratos/commits?author=IchordeDionysos),\n[indietyp](https://github.com/ory/kratos/commits?author=indietyp),\n[jossbnd](https://github.com/ory/kratos/commits?author=jossbnd),\n[kralicky](https://github.com/ory/kratos/commits?author=kralicky),\n[PhakornKiong](https://github.com/ory/kratos/commits?author=PhakornKiong),\n[sunakan](https://github.com/ory/kratos/commits?author=sunakan),\n[steverusso](https://github.com/ory/kratos/commits?author=steverusso)\n\nAre you passionate about security and want to make a meaningful impact in one of\nthe biggest open-source communities? Join the\n[Ory community](https://slack.ory.sh) and become a part of the new ID stack.\nTogether, we are building the next generation of IAM solutions that empower\norganizations and individuals to secure their identities effectively.\n\nWant to check out Ory Kratos yourself? Use these commands to get your Ory Kratos\nproject running on the Ory Network:\n\n```shell\nbrew install ory/tap/cli\n\nscoop bucket add ory https://github.com/ory/scoop.git\nscoop install ory\n\nbash <(curl ) -b . ory\nsudo mv ./ory /usr/local/bin/\n\nory auth\n\nory create project --name \"My first Kratos project\"\n\nory open account-experience registration\n\nory patch identity-config \\\\\n --replace '/identity/default_schema_id=\"preset://username\"' \\\\\n --replace '/identity/schemas=[{\"id\":\"preset://username\",\"url\":\"preset://username\"}]' \\\\\n --format yaml\n\nory open account-experience registration\n```\n\n### Bug Fixes\n\n- Ability to patch metadata even if it is `null`\n ([#3304](https://github.com/ory/kratos/issues/3304))\n ([3c04d8f](https://github.com/ory/kratos/commit/3c04d8fb63cacf91774864450b02d6d1eb90d856))\n- Accept OIDC login request in browser+JSON login flow\n ([#3271](https://github.com/ory/kratos/issues/3271))\n ([ad54093](https://github.com/ory/kratos/commit/ad540930df96e84fb65a36616d5081ec0bb46df5)):\n - fix: OIDC login in browser JSON flow\n - test: add test for OIDC+JSON continuity cookie\n\n- Add error checking when creating verification code\n ([#3328](https://github.com/ory/kratos/issues/3328))\n ([7182eca](https://github.com/ory/kratos/commit/7182eca074c8e84be325d62c75b62d22698878be))\n- Add missing SessionIssued event for api flows\n ([#3348](https://github.com/ory/kratos/issues/3348))\n ([adf78e0](https://github.com/ory/kratos/commit/adf78e09f336b2ac83f8ff1ba5ca382c7cfbec23)):\n - fix: missing SessionIssued event for api flows\n - chore: add SessionIssued event to post registration hook\n - chore: format\n - chore: move sessionissued event to persister\n\n- Bump quickstart version ([#3257](https://github.com/ory/kratos/issues/3257))\n ([6db70a8](https://github.com/ory/kratos/commit/6db70a81afac5860a86c31881a6fc988096ff0e4))\n- Cypress TOTP test\n ([eac908c](https://github.com/ory/kratos/commit/eac908c4fc14831288e6fd5b3c65ac197d2f58e1))\n- Do not require items to be unique\n ([#3349](https://github.com/ory/kratos/issues/3349))\n ([17be30d](https://github.com/ory/kratos/commit/17be30dd84c667e5d1ae13bd79827b7ca9cdd2de))\n- Don't assume the login challenge to be a UUID\n ([#3317](https://github.com/ory/kratos/issues/3317))\n ([3172862](https://github.com/ory/kratos/commit/3172862929ad68011fc940a6e0876fa07187a275)):\n\n For compatibility with https://github.com/ory/hydra/pull/3515, which now\n encodes the whole flow in the login challenge, we cannot further assume that\n the challenge is a UUID.\n\n- **e2e:** Install kratos-selfservice-ui-node peer deps\n ([#3354](https://github.com/ory/kratos/issues/3354))\n ([ce20063](https://github.com/ory/kratos/commit/ce20063a858acecb5d9124792fe6d3899bf95c1c))\n- Identity list pagination ([#3325](https://github.com/ory/kratos/issues/3325))\n ([9d3ef0d](https://github.com/ory/kratos/commit/9d3ef0df9333aff2c587005df0cdd263028029f3)):\n\n Resolves a pesky issue that would skip the last page.\n\n- IdentityCreated event ([#3314](https://github.com/ory/kratos/issues/3314))\n ([78e31cb](https://github.com/ory/kratos/commit/78e31cb82a28e240a6176c8d3d9ef3bc64559e75))\n- Incorrect override in identity hydrate\n ([#3368](https://github.com/ory/kratos/issues/3368))\n ([eaa3f3c](https://github.com/ory/kratos/commit/eaa3f3c19feaf9048e800cc5a5f1e28d3708c624))\n- Increase size for request url\n ([#3366](https://github.com/ory/kratos/issues/3366))\n ([10713cc](https://github.com/ory/kratos/commit/10713cc703457cb6f4a1b38482c836e54a0cb224))\n- Minor refactorings in package hash\n ([#3186](https://github.com/ory/kratos/issues/3186))\n ([831fb19](https://github.com/ory/kratos/commit/831fb19e1c98b9fade3ff61d26ad249c548292d6))\n- Missing id for login event\n ([#3315](https://github.com/ory/kratos/issues/3315))\n ([b6b80a3](https://github.com/ory/kratos/commit/b6b80a3af1162e4009fa8c7c5e9ae7225e941849))\n- Properly normalize uppercase mail addresses\n ([4984e0f](https://github.com/ory/kratos/commit/4984e0fb329291484a54344255f797008142b7cc)):\n\n Fixes https://github.com/ory/kratos/issues/3187 Fixes\n https://github.com/ory/kratos/issues/3289\n\n- Provide index hint in QueryForCredentials\n ([#3329](https://github.com/ory/kratos/issues/3329))\n ([4ba530e](https://github.com/ory/kratos/commit/4ba530ef593272d3cc0a9e1d354e81db495e8686)):\n - fix: provide index hint in QueryForCredentials\n - feat: remove customizable join predicate in QueryForCredentials\n - chore: remove obsolete config tracer\n\n- Reduce lookups in whoami call\n ([#3364](https://github.com/ory/kratos/issues/3364))\n ([5bb7b0c](https://github.com/ory/kratos/commit/5bb7b0c83b330ee893bdeb4e636655179bd29e39))\n- Reintroduce ExpandAll ([#3369](https://github.com/ory/kratos/issues/3369))\n ([8f9bff5](https://github.com/ory/kratos/commit/8f9bff527528780b623bf8e4801f7f3c37a5a6f3))\n- Remove codeball\n ([aa29606](https://github.com/ory/kratos/commit/aa296067e2736cad329814f7acffd816ce0d74a3))\n- Remove duplicate SessionIssued event\n ([#3351](https://github.com/ory/kratos/issues/3351))\n ([b1e78ad](https://github.com/ory/kratos/commit/b1e78ad3e39418695639e521ddceb64589455d87))\n- Return HTTP 400 instead of 500 for bad query parameters\n ([58258eb](https://github.com/ory/kratos/commit/58258eba99aa15f2ac852123c0200f56518ecb2a))\n- **sdk:** Add cookie for updateLogoutFlow\n ([#3284](https://github.com/ory/kratos/issues/3284))\n ([95ed2b9](https://github.com/ory/kratos/commit/95ed2b94cc99d40af6bbe57e5356ec0f28cb9b78)):\n\n Closes https://github.com/ory/sdk/issues/255\n\n- **sdk:** Update the API spec to reflect the 204 NoContent in\n DeleteIdentityCredentials ([#3347](https://github.com/ory/kratos/issues/3347))\n ([f3dee86](https://github.com/ory/kratos/commit/f3dee869bef0e0dd2d36541823ae57d54ba5788e))\n- Settings should persist `return_to` after required mfa login flow\n ([#3263](https://github.com/ory/kratos/issues/3263))\n ([0ed1abd](https://github.com/ory/kratos/commit/0ed1abd391b6b5369862ee5db8faa4f4aaf68b09)):\n - fix: get settings should persist `return_to` when redirecting to aal2\n - feat(e2e): verify `return_to` persists in recovery flows\n - test: recovery strategy with mfa account\n - test: code recovery return to persists to settings with aal2\n - u\n - fix: return to settings flow after mfa login\n - fix(test): login handler\n - fix: flow between settings and mfa\n - fix: get settings endpoint should redirect to settings ui instead of to\n itself\n - feat(test): preserve URL from various settings flows through login mfa flow\n - chore: cleanup\n - fix(e2e): recovery return to spa tests\n - fix: e2e proxy\n - fix: do not always redirect back to settings on mfa\n - fix: new settings flow with required mfa shouldn't be added to login flow\n return_to unless it contains a return_to parameter\n - fix(e2e): let test dynamically handle required_aal\n - chore: cleanup unused code\n - test: `DoesSessionSatisfy` with method options\n - test: recovery strategy with aal2\n\n- String to enum for updateVerificationFlowWithLinkMethod Method\n ([#3279](https://github.com/ory/kratos/issues/3279))\n ([34ff1d2](https://github.com/ory/kratos/commit/34ff1d2912e7f7aefb35dae759dce2eb37ecb790)),\n closes [#2943](https://github.com/ory/kratos/issues/2943)\n- Update correct typo ([#3281](https://github.com/ory/kratos/issues/3281))\n ([0fea75c](https://github.com/ory/kratos/commit/0fea75c4093d2c7edc84c14f0ab5bebf33a58970)):\n\n The text for verification code input should be `Verification code` not\n `Verify code`.\n\n- Update README ([#3363](https://github.com/ory/kratos/issues/3363))\n ([c426014](https://github.com/ory/kratos/commit/c4260140966489a05169a0197e209ff98181bc2e))\n- Use RETURNING clause for batch create\n ([#3293](https://github.com/ory/kratos/issues/3293))\n ([8ae8783](https://github.com/ory/kratos/commit/8ae8783935292fb011b1018ac7417ed77eb6abb7))\n- Use the correct redirect_uri for linkedin social login\n ([#3269](https://github.com/ory/kratos/issues/3269))\n ([27ccecc](https://github.com/ory/kratos/commit/27ccecc1cd490eaa71da7f8235b4b0057b8f14fe))\n- Webhook config parse for settings flow\n ([#3305](https://github.com/ory/kratos/issues/3305))\n ([95ad94d](https://github.com/ory/kratos/commit/95ad94d08efdbb369caecaa64cd0a30058c34ed3))\n\n### Code Generation\n\n- Pin v1.0.0 release commit\n ([41b7c51](https://github.com/ory/kratos/commit/41b7c51c1c6b3bdff9e9ea8bb5e455e3c15c5256))\n\n### Documentation\n\n- Fix typo in readme ([#3299](https://github.com/ory/kratos/issues/3299))\n ([b40544e](https://github.com/ory/kratos/commit/b40544e427891f20cea6838e79f4dee5b52ea5d1))\n\n### Features\n\n- Add “provider id” parameter to kratos session\n ([#3292](https://github.com/ory/kratos/issues/3292))\n ([387f5a2](https://github.com/ory/kratos/commit/387f5a2711ca8eee97ad0f6bb2575ec9ba4797d9)),\n closes [#3283](https://github.com/ory/kratos/issues/3283)\n- Add distroless and static images\n ([#3350](https://github.com/ory/kratos/issues/3350))\n ([1e65662](https://github.com/ory/kratos/commit/1e65662c92b107290466c20de38bbdc0571b596a))\n- Add return_to parameters to the `createLogout` handler\n ([#3336](https://github.com/ory/kratos/issues/3336))\n ([08fed36](https://github.com/ory/kratos/commit/08fed36973274ef294491d00811bc867f1537d62)):\n - feat: add return_to parameters to the `createLogout` handler\n - test: logout take over return_to from create to update\n - test(e2e): logout return to\n - test(e2e): logout return to\n - test: logout return_to isnt applicable to react\n\n- Allow customization of JOIN predicate in QueryForCredentials\n ([#3253](https://github.com/ory/kratos/issues/3253))\n ([8785166](https://github.com/ory/kratos/commit/87851668e776404aabbfbc67af73a43ea3ee28fc))\n- Emit events for login/logout and registration\n ([#3235](https://github.com/ory/kratos/issues/3235))\n ([c784b7e](https://github.com/ory/kratos/commit/c784b7e7ed2834ca83c6db2326b735e78e5a75f2))\n- Forward `prompt` upstream parameter during OIDC flow\n ([#3276](https://github.com/ory/kratos/issues/3276))\n ([d290cb0](https://github.com/ory/kratos/commit/d290cb05bb4f63d04ec3763db127060e13c350dc)),\n closes [#2709](https://github.com/ory/kratos/issues/2709)\n- Implement `crypt(3)` hashers\n ([#3303](https://github.com/ory/kratos/issues/3303))\n ([afe06db](https://github.com/ory/kratos/commit/afe06db95663cc0cb9704ba4f7014ed9bfb4de09)),\n closes [#3291](https://github.com/ory/kratos/issues/3291):\n\n This PR implements md5crypt, sha256crypt, sha512crypt, which are considered\n legacy (like md5), but are used in legacy systems looking to convert to ory.\n They use the existing format of crypt(5) (which is compliant to PHC).\n\n- Improve event types and capture more events\n ([#3297](https://github.com/ory/kratos/issues/3297))\n ([835fe13](https://github.com/ory/kratos/commit/835fe13d9ce81f7c0ed91dd2863a740fbb0c6209))\n- Lark OIDC provider ([#2925](https://github.com/ory/kratos/issues/2925))\n ([f884dfb](https://github.com/ory/kratos/commit/f884dfbaa8aeba58b3b1595bd45e41f9b3e5a0e0))\n- Return to oauth flow after switching from login to other flows\n ([#3212](https://github.com/ory/kratos/issues/3212))\n ([a1fea6c](https://github.com/ory/kratos/commit/a1fea6c353768bbf154900766fbbe51f2a148554)):\n - feat: return to oauth flow after switching from login to other flows\n - feat(e2e): flows should have return_to set to hydra request_url\n - u\n - fix: override return_to URL on OAuth flows\n - style: format\n - fix: TestOAuth2Provider\n - feat: config to opt into using OAuth request url as return_to\n - chore: cleanup\n - fix(e2e): oauth2 login flow switching to recovery\n - feat(test): oauth2 login flow to recovery through oidc provider\n - fix(e2e): oidc-provider registration\n - chore: rename `oauth2_provider.return_to_enabled` to\n `oauth2_provider.override_return_to`\n - style: format\n - chore: nit config description\n\n- Sort sessions by authenticated_at\n ([#3324](https://github.com/ory/kratos/issues/3324))\n ([46f92ff](https://github.com/ory/kratos/commit/46f92ffebf14d1cf4133ca37a2151e8c3aef9d2d)):\n\n Closes https://github.com/ory/network/issues/295\n\n- Sqa metrics v2 ([#3300](https://github.com/ory/kratos/issues/3300))\n ([98fe73f](https://github.com/ory/kratos/commit/98fe73faa75c56be47c19c61a780578ef24e7267))\n- Support exporting of all credential types\n ([#3290](https://github.com/ory/kratos/issues/3290))\n ([de6c857](https://github.com/ory/kratos/commit/de6c8574c9c6070458303f9b5caf7e8533f06b69)):\n\n It's now possible to export all credential types (including passwords) when\n calling the `getIdentity` SDK method.\n\n- Support OIDC flows for native apps\n ([#3216](https://github.com/ory/kratos/issues/3216))\n ([cb10609](https://github.com/ory/kratos/commit/cb106097210ac9a146738d06c20a4306c2345923)),\n closes [#707](https://github.com/ory/kratos/issues/707):\n\n Implements Social Sign In and OpenID Connect for native apps.\n\n### Tests\n\n- Run Playwright in CI ([#3259](https://github.com/ory/kratos/issues/3259))\n ([342edec](https://github.com/ory/kratos/commit/342edeced4080a1b914000dfb8427196abebc596)):\n - run Playwright in CI\n - add cleanup for session token exchangers\n - fixup: ci\n - fix: compatibility between OIDC+code and other flows\n\n This improves the compatibility between OIDC+code and other flows such as\n TOTP, settings, password auth.\n - Update persistence/sql/persister_cleanup_test.go\n - fix: error handling with OIDC+Code\n - fix: increase playwright timeout\n\n### Unclassified\n\n- @barnarddt @hperl feat: send emails via http api endpoint instead of smtp\n (#1030) (#3341)\n ([28b7b04](https://github.com/ory/kratos/commit/28b7b04a34eeba2d84de5c543f5ba8b41b38a129)),\n closes [#1030](https://github.com/ory/kratos/issues/1030)\n [#3341](https://github.com/ory/kratos/issues/3341)\n [#1030](https://github.com/ory/kratos/issues/1030)\n [#3008](https://github.com/ory/kratos/issues/3008):\n\n This change adds a new delivery method to the courier called `mailer`. Similar\n to SMS functionality it posts a templated Data model to a API endpoint. This\n API can then send emails via a CRM or any other mechanism that it wants.\n\n `Mailer` still uses the existing email data models so any new email added will\n automatically be sent to the API/CRM as well.\n\n ## Related issue(s)\n\n Resolves https://github.com/ory/kratos/issues/2825\n\n# [0.13.0](https://github.com/ory/kratos/compare/v0.11.1...v0.13.0) (2023-04-18)\n\nWe’re excited to announce the release of Ory Kratos v0.13.0! This update brings\nmany enhancements and fixes, improving the user experience and overall\nperformance. Here are the highlights:\n\n- We’ve added new social sign-in options with Patreon OIDC and LinkedIn\n providers, making it even easier for your users to register and log in.\n Furthermore, we’ve introduced a new admin API that allows you to remove\n specific 2nd factor credentials, giving you more control over your user\n accounts.\n- Performance has been a key focus in this release. We’ve optimized the whoami\n calls, parallelized the getIdentity and getSession calls, and made\n asynchronous webhooks fully async. These improvements will result in faster\n response times and a smoother experience for your users. Additionally, we’ve\n implemented better tracing to help you diagnose and resolve issues more\n effectively.\n- We’ve also made several updates to the webhook system. A new response.parse\n configuration has been introduced, allowing you to update identity data during\n registration. This includes admin/public metadata, identity traits,\n enabling/disabling identity, and modifying verified/recovery addresses. Please\n note that can_interrupt is now deprecated in favor of response.parse.\n- Lastly, we’ve made several important fixes, such as resolving the wrong\n message ID on resend code buttons, implementing the offline scope as Google\n expects, and improving the OIDC flow on duplicate account registration. We’ve\n also added the ability to configure whether the system should notify unknown\n recipients when attempting to recover an account or verify an address,\n enhancing security with “anti-account-enumeration measures.”\n\nWe hope you enjoy these new features and improvements in Ory Kratos v0.13.0! All\nfeatures are already live on the Ory Network - the simplest, fastest and most\nscalable way to run Ory.\n\nPlease note that the v0.12.0 release was skipped due to CI issues.\n\nHead over to the changelog at\n[https://github.com/ory/kratos/blob/master/CHANGELOG.md](https://github.com/ory/kratos/blob/master/CHANGELOG.md)\nto read all the details. As always, we appreciate your feedback and support!\n\n## Breaking Changes\n\nBy default, Kratos no longer sends out these Emails. If you want to keep\nnotifying unknown addresses (keep the current behavior), set\n`selfservice.flows.recovery.notify_unknown_recipients` to `true` for recovery,\nor `selfservice.flows.verification.notify_unknown_recipients` for verification\nflows.\n\n### Bug Fixes\n\n- Access rules example ([#3178](https://github.com/ory/kratos/issues/3178))\n ([a206772](https://github.com/ory/kratos/commit/a206772d78efed6febe783ee88dae92de80063d0))\n- Account experience redirects to verification page\n ([#3195](https://github.com/ory/kratos/issues/3195))\n ([2e96d75](https://github.com/ory/kratos/commit/2e96d75c2e0a1c9a884e2d3342725fb1983b495d))\n- Account settings broken on OIDC removal\n ([#3185](https://github.com/ory/kratos/issues/3185))\n ([61ae531](https://github.com/ory/kratos/commit/61ae531ba86636e1ad4d63e37df47ef76dfa5f29)),\n closes [ory-corp/cloud#3514](https://github.com/ory-corp/cloud/issues/3514)\n- Add `after_verification_return_to` to sdk and api docs\n ([#3097](https://github.com/ory/kratos/issues/3097))\n ([c70704c](https://github.com/ory/kratos/commit/c70704cebafff7a92f32928273e4570abb3b1c3d)),\n closes [#3096](https://github.com/ory/kratos/issues/3096)\n- Add `HydraLoginRequest` on flow creation\n ([#3152](https://github.com/ory/kratos/issues/3152))\n ([09312dd](https://github.com/ory/kratos/commit/09312dd2d7f89eadbae603e4c8891f39630a2570)),\n closes [#3108](https://github.com/ory/kratos/issues/3108):\n\n The oauth2_login_request field was missing when initially creating the login\n flow.\n\n- Add missing `code` discriminator in updateVerificationFlow\n ([#3213](https://github.com/ory/kratos/issues/3213))\n ([21576be](https://github.com/ory/kratos/commit/21576bebc0d8c3796a4a16b1972ff42889814d61))\n- Add missing index ([#3181](https://github.com/ory/kratos/issues/3181))\n ([756bed4](https://github.com/ory/kratos/commit/756bed4db3789428117ec105ac0713a52d610938))\n- Add mutex to test SMTP server setup/teardown\n ([20c2359](https://github.com/ory/kratos/commit/20c2359407044c81850759e27b03c371cb0e4886))\n- Avoid unchecked casts from IdentityPool to PrivilegedIdentityPool\n ([71d35dd](https://github.com/ory/kratos/commit/71d35ddd582b3c7081f66e0cdc0c43457816ab25))\n- Correctly apply patches to identity metadata\n ([#3103](https://github.com/ory/kratos/issues/3103))\n ([1193a56](https://github.com/ory/kratos/commit/1193a5681fbc25d03c1e26a4296fa0b9abd2452b)),\n closes [#2950](https://github.com/ory/kratos/issues/2950)\n- Do not omit last page on identity list\n ([#3169](https://github.com/ory/kratos/issues/3169))\n ([f95f48a](https://github.com/ory/kratos/commit/f95f48a79395b7b99c7482c0974bc5188e007cc0))\n- Don't return 500 if active strategy is disabled\n ([#3197](https://github.com/ory/kratos/issues/3197))\n ([3a734c2](https://github.com/ory/kratos/commit/3a734c2dc2bd848033dbdc7d6116b8b6db6fa760))\n- Don't reuse ports in courier/SMTP tests\n ([#3156](https://github.com/ory/kratos/issues/3156))\n ([e260fcf](https://github.com/ory/kratos/commit/e260fcf06181ce9339edc729ab74826aa4be78cf))\n- Don't treat missing session as error in tracing\n ([290d28a](https://github.com/ory/kratos/commit/290d28ada1a55b599af7e41e638de699a474f1d8))\n- Error messages in OpenAPI/Swagger / improve error messages from failed\n webhooks and client timeouts\n ([#3218](https://github.com/ory/kratos/issues/3218))\n ([b1bdcd3](https://github.com/ory/kratos/commit/b1bdcd32828fcdbf65bc43b85b64df210ba4c646))\n- Handle upstream errors in patreon provider\n ([#3032](https://github.com/ory/kratos/issues/3032))\n ([39fa31f](https://github.com/ory/kratos/commit/39fa31f85deb3f015aa0f1b30b4a17e4b51d461b))\n- Identity.CopyWithoutCredentials\n ([989c99d](https://github.com/ory/kratos/commit/989c99d6a32e02759a8a7a07606a90832afec460))\n- Implement offline scope in the way google expects\n ([#3088](https://github.com/ory/kratos/issues/3088))\n ([39043d4](https://github.com/ory/kratos/commit/39043d451e154af44123ba031381f0e3c10fbb00))\n- Improve webhook resilience\n ([#3200](https://github.com/ory/kratos/issues/3200))\n ([0a05d99](https://github.com/ory/kratos/commit/0a05d9941c6be549acfe65a78f4a8b21d6efbcdc)):\n - fix: improve webhook logging\n - chore: bump x\n - feat: decouple context in PostRegistrationPostPersist hook\n\n- Invalid SQL syntax in ListIdentities\n ([#3202](https://github.com/ory/kratos/issues/3202))\n ([162ab9b](https://github.com/ory/kratos/commit/162ab9b5634329135b1b729ad401701019aca222)):\n\n PostgresQL does not support `... WHERE x IN ( )` with an empty argument list.\n\n- Issuer missing from netid claims\n ([#3080](https://github.com/ory/kratos/issues/3080))\n ([dec7cbc](https://github.com/ory/kratos/commit/dec7cbc4286cbbe2d787b1f8998ee57054d7c95b)):\n\n The NetID provider omits the issuer claim in the userinfo response. To resolve\n this issue, the ID token returned by NetID is now validated and its `sub` and\n `iss` values are used.\n\n- Lint errors and unused code\n ([ae49ef0](https://github.com/ory/kratos/commit/ae49ef04ed24c23406a5639d34c2e81ab0130c75))\n- Make async webhooks fully async\n ([#3111](https://github.com/ory/kratos/issues/3111))\n ([342bfb0](https://github.com/ory/kratos/commit/342bfb0332d235a2d535493d586192815b7d4974))\n- Make session AAL satisfaction check resilient against a nil identity in the\n session\n ([5ab1a56](https://github.com/ory/kratos/commit/5ab1a56cfd41e95fbb30b8f93426a27e510c62c7)):\n\n Also fix tracing.\n\n- Missing issuer regression in OIDC\n ([#3220](https://github.com/ory/kratos/issues/3220))\n ([52f0740](https://github.com/ory/kratos/commit/52f07402edac2624cb37c72c768737a785658d29)):\n\n Closes https://github.com/ory/kratos/issues/3182 Closes\n https://github.com/ory/kratos/issues/3040\n\n- Nolint comment\n ([93e6501](https://github.com/ory/kratos/commit/93e6501c63a253336c081f156ada58458b83ef92))\n- Only return one result set for credentials_identifier\n ([#3107](https://github.com/ory/kratos/issues/3107))\n ([59f35d1](https://github.com/ory/kratos/commit/59f35d11e61a246d1079ac02cb8958ba81b37f75)),\n closes [#3105](https://github.com/ory/kratos/issues/3105)\n- Orphaned webhook spans\n ([a7f9414](https://github.com/ory/kratos/commit/a7f9414460eb214a8f2b2ff96a2b6b303721f806))\n- Re-use existing CSRF token in verification flows\n ([#3188](https://github.com/ory/kratos/issues/3188))\n ([08a3447](https://github.com/ory/kratos/commit/08a344761e049c64cffafca2f94c942468201d24)):\n - fix: re-use existing CSRF token in verification flows\n - chore: fix if/else\n\n- Reduce SQL tracing noise\n ([1650426](https://github.com/ory/kratos/commit/1650426a2b59cd46035e5556ff8f69994602e88e))\n- Remove `http.Redirect` from `show_verification_ui` hook\n ([#3238](https://github.com/ory/kratos/issues/3238))\n ([054705b](https://github.com/ory/kratos/commit/054705b8c6c933d20b8fb45fcb2593a451cee685))\n- Remove network omit flag ([#3066](https://github.com/ory/kratos/issues/3066))\n ([c629b72](https://github.com/ory/kratos/commit/c629b72be42001e3e1671d61cc8348373b686844))\n- Report correct errors for json schema validation\n ([#3085](https://github.com/ory/kratos/issues/3085))\n ([9477ea4](https://github.com/ory/kratos/commit/9477ea4a7bde6efa73ed94f61c2d4ed66fd43a08)):\n - Implemented the translation of `jsonschema.ValidationError` to errors codes\n documented\n [here](https://www.ory.sh/docs/kratos/concepts/ui-user-interface#machine-readable-format)\n - Added missing error codes for relevant schema errors | Validation | Name |\n ID | | ------------------ | ------------------------------- | ------- | |\n `maxLength` | ErrorValidationMaxLength | 4000017 | | `minimum` |\n ErrorValidationMinimum. | 4000018 | | `exclusiveMinimum` |\n ErrorValidationExclusiveMinimum | 4000019 | | `maximum` |\n ErrorValidationMaximum | 4000020 | | `exclusiveMaximum` |\n ErrorValidationExclusiveMaximum | 4000021 | | `multipleOf` |\n ErrorValidationMultipleOf | 4000022 | | `maxItems` | ErrorValidationMaxItems\n | 4000023 | | `minItems` | ErrorValidationMinItems | 4000024 | |\n `uniqueItems` | ErrorValidationUniqueItems | 4000025 | | `type` |\n ErrorValidationWrongType | 4000026 |\n - Updated e2e tests to check these IDs explicitly\n\n- Respect the after recovery return to URL from config\n ([#3141](https://github.com/ory/kratos/issues/3141))\n ([3467fd3](https://github.com/ory/kratos/commit/3467fd3b860dd2ad915449e3fff7e4da2d2c61ca)):\n\n Fixes https://github.com/ory-corp/cloud/issues/1405\n\n- Set DB connection max idle time\n ([8d4762c](https://github.com/ory/kratos/commit/8d4762c1bffad14c94ac69575e488fc67d3f5dde))\n- Set proper maxAge for session cookies\n ([#3209](https://github.com/ory/kratos/issues/3209))\n ([1180c05](https://github.com/ory/kratos/commit/1180c051b34eb5de786d6b4e4bd94e863f60d06a)),\n closes [#3208](https://github.com/ory/kratos/issues/3208)\n- Sqa config values unified across projects\n ([#3237](https://github.com/ory/kratos/issues/3237))\n ([523b93f](https://github.com/ory/kratos/commit/523b93fd1fe8715d06aeedc2db0ac072dfcafb71))\n- Test contract names\n ([e9ac00b](https://github.com/ory/kratos/commit/e9ac00b3941641a955f5d8f32f25a4031c87a726))\n- Use correct names in WebAuthN dialogs\n ([#3215](https://github.com/ory/kratos/issues/3215))\n ([3bc1ff0](https://github.com/ory/kratos/commit/3bc1ff0e63c885c1db08e3d1332d959799edb0a8))\n- Use type alias instead of type definition\n ([#3148](https://github.com/ory/kratos/issues/3148))\n ([dba3803](https://github.com/ory/kratos/commit/dba38032d5939ff7286560ec19d83a89fe0410ce))\n- Webhook tracing and missing defers\n ([#3145](https://github.com/ory/kratos/issues/3145))\n ([46eb063](https://github.com/ory/kratos/commit/46eb063f414a0ad9b901407cf781002ccb97ad93))\n- Wrong context in logout trace span\n ([#3168](https://github.com/ory/kratos/issues/3168))\n ([b9ccccf](https://github.com/ory/kratos/commit/b9ccccf0f1b6a5ba903293133b2be15b528c8308))\n\n### Code Generation\n\n- Pin v0.13.0 release commit\n ([349d0ee](https://github.com/ory/kratos/commit/349d0ee1899e2ff0f81587b528c04fa0287e5546))\n\n### Code Refactoring\n\n- Identity persistence ([#3101](https://github.com/ory/kratos/issues/3101))\n ([ceb5cc2](https://github.com/ory/kratos/commit/ceb5cc2b8a78be2f5b65d9a026c01ff0afe106af))\n\n### Documentation\n\n- Fix broken docs links and code example to get verification flow\n ([#3170](https://github.com/ory/kratos/issues/3170))\n ([bdbddcc](https://github.com/ory/kratos/commit/bdbddcce2909b290e2e04dee493519b842715ab4))\n- Update security email ([#3164](https://github.com/ory/kratos/issues/3164))\n ([9252f5a](https://github.com/ory/kratos/commit/9252f5a3c746927a2f537efc39cb1eb0aba167a5))\n\n### Features\n\n- Add a new admin API to remove a specific 2nd factor credential\n ([#2962](https://github.com/ory/kratos/issues/2962))\n ([44556a4](https://github.com/ory/kratos/commit/44556a468ef233b18fd0f16a83a4e1b2e5f05dcf)),\n closes [#2505](https://github.com/ory/kratos/issues/2505)\n- Add API to batch insert identities\n ([#3157](https://github.com/ory/kratos/issues/3157))\n ([829bda7](https://github.com/ory/kratos/commit/829bda701acfd6706ffd72845414d177895ff8fe)),\n closes [ory/network#266](https://github.com/ory/network/issues/266)\n- Add Inspect option to driver\n ([8aa75e9](https://github.com/ory/kratos/commit/8aa75e97e4bfee37e7cf551173b516c6244786ff))\n- Add patreon oidc provider ([#3021](https://github.com/ory/kratos/issues/3021))\n ([20ea29e](https://github.com/ory/kratos/commit/20ea29e018b33231cf6b2743de74d2233f756c2a))\n- Add test to verify GetIdentityConfidential expands everything\n ([#3217](https://github.com/ory/kratos/issues/3217))\n ([f088ccd](https://github.com/ory/kratos/commit/f088ccdf462f5e6373aceb142caa181d98975a09))\n- Add token prefixes to session and logout tokens\n ([#3132](https://github.com/ory/kratos/issues/3132))\n ([8210cd0](https://github.com/ory/kratos/commit/8210cd09200d370b101072649fddd1ad9a7f32a9)):\n\n This feature adds token prefixes to Ory session and logout tokens:\n - `ory_st_`: Ory session token prefix\n - `ory_lt_`: Logout token prefix\n\n- Add upstream parameters to oidc provider\n ([#3138](https://github.com/ory/kratos/issues/3138))\n ([b6b1679](https://github.com/ory/kratos/commit/b6b1679c3bd053cd08ff8f26c762735e380fed67)),\n closes [#3127](https://github.com/ory/kratos/issues/3127)\n [#2069](https://github.com/ory/kratos/issues/2069):\n\n This PR introduces the upstream OIDC query parameters `login_hint` and `hd`.\n\n To send additional upstream parameters the form can post this on a login,\n registration or settings link submit. For example the form below does an OIDC\n flow to Google. We can now add additional parameters such as `login_hint` and\n `hd` to the upstream request to Google login with a pre-filled email\n `email@example.com`:\n\n ```html\n
\n \n \n \n \n ```\n\n- Allow importing (salted) SHA hashing algorithms\n ([#2741](https://github.com/ory/kratos/issues/2741))\n ([132255e](https://github.com/ory/kratos/commit/132255eff24a3f5a7fc2249a0ecf9b8716a8f1e7)),\n closes [#2422](https://github.com/ory/kratos/issues/2422)\n- Allow passing transient data from registration to webhook\n ([#3104](https://github.com/ory/kratos/issues/3104))\n ([4a3a076](https://github.com/ory/kratos/commit/4a3a07657d2eb2a39d777565b58882cb48e928fa))\n- Don't pre-generate UUIDs for transient objects\n ([e17f307](https://github.com/ory/kratos/commit/e17f307732f8ced34727d5f3a70929866a0595e0))\n- Drop unused index ([#3165](https://github.com/ory/kratos/issues/3165))\n ([852dea9](https://github.com/ory/kratos/commit/852dea90881a7c9abdbfc127a2e8d1cc0aacb166))\n- Even more tracing of hidden HTTP requests\n ([9d8b1e2](https://github.com/ory/kratos/commit/9d8b1e223072e66d284c9e7890060678b77c1d4f))\n- Identity by identifier ([#3077](https://github.com/ory/kratos/issues/3077))\n ([c288d4d](https://github.com/ory/kratos/commit/c288d4d136bca1a9ed3931b4827967eb44e80ede))\n- Improve tracing span naming in hooks\n ([bf828d3](https://github.com/ory/kratos/commit/bf828d3f5d56a963529e98958f4039f0dc569979))\n- Improve webhook diagnostics\n ([d4eb2f6](https://github.com/ory/kratos/commit/d4eb2f6b728a211f1e1454559c2eff73f2f77936))\n- Improved oidc flow on duplicate account registration\n ([#3151](https://github.com/ory/kratos/issues/3151))\n ([4d2fda4](https://github.com/ory/kratos/commit/4d2fda453b16349589e941af06fcce312c2e5c37)):\n\n This PR improves the OIDC registration flow when a duplicate account error\n happens.\n\n Currently the flow looks as follows:\n 1. User registers with password (or other credentials)\n 2. User forgot they registered with password and tries to login through an\n OIDC provider (e.g. Google)\n 3. Kratos attempts a registration since the OIDC credentials do not exist\n 4. (optional) User needs to add missing traits (e.g. full name) which could\n not be retrieved from the OIDC provider\n 5. User gets a duplicate account error with a \"Continue\" button.\n 6. After submitting the \"Continue\" button the flow continues again to the OIDC\n provider, back to Kratos and redirects to UI with duplicate error (Steps 3\n to 5)\n\n Instead of causing a confusing redirect loop we should show the user the error\n with a fresh login flow (since the account exists). This also gives the user\n the option to do a recovery flow.\n 1. User registers with password (or other credentials)\n 2. User forgot they registered with password and tries to login through an\n OIDC provider (e.g. Google)\n 3. Kratos attempts a registration since the OIDC credentials do not exist\n 4. (optional) User needs to add missing traits\n 5. User is returned to a Login flow with the duplication error\n\n- Let DB generate ID for session devices\n ([62402c7](https://github.com/ory/kratos/commit/62402c7bed3c57ef5b957572e4b84f56d9c530ae))\n- Make notification to unknown recipients configurable\n ([#3075](https://github.com/ory/kratos/issues/3075))\n ([1a5ead4](https://github.com/ory/kratos/commit/1a5ead43a60e7a0388617877a9f16d1dec61459b)),\n closes [#2345](https://github.com/ory/kratos/issues/2345)\n [#2585](https://github.com/ory/kratos/issues/2585):\n\n Added the ability to configure whether the system should notify unknown\n recipients, if some tries to recover their account or verify their address\n (\"anti-account-enumeration measures\").\n\n- Make password validator (HIBP check) cancelable and add tracing\n ([28f8914](https://github.com/ory/kratos/commit/28f8914bfb8276d38e08b9be9a3ad1c59d1410bb))\n- Parallelize get identity and session calls\n ([#3023](https://github.com/ory/kratos/issues/3023))\n ([6393519](https://github.com/ory/kratos/commit/6393519977bc3d804673b5669166e07c561f1c79))\n- Refactor credentials fetching\n ([#3183](https://github.com/ory/kratos/issues/3183))\n ([590269f](https://github.com/ory/kratos/commit/590269f91e24203f987124cfbf11d31c04c1d35c)):\n\n This change revamps the way we fetch identity credentials. We no longer need\n most of the helper fields for gobuffalo/pop inside the `Identity` and\n `Credentials` structures, and we collect all the credentials in one joined\n query rather than using pop's `EagerPreload` functionality.\n\n- Return hydra error messages\n ([b3d037b](https://github.com/ory/kratos/commit/b3d037b33b248f1873f09d641e5d61376bcfde80))\n- Return verification flow ID after registration flow\n ([#3144](https://github.com/ory/kratos/issues/3144))\n ([eb854be](https://github.com/ory/kratos/commit/eb854becd9fe75213fba6ebe4283cc4ed2c9d128)),\n closes [#2975](https://github.com/ory/kratos/issues/2975)\n- Show \"continue\" screen after successful verification\n ([#3090](https://github.com/ory/kratos/issues/3090))\n ([fb6b160](https://github.com/ory/kratos/commit/fb6b1600d3d75e5d11fb98445c499a6218e6b869)):\n\n The `link` strategy for verification now shows a confirmation screen with a\n \"continue\" link after successful verification, aligning its behavior to the\n `code` strategy.\n\n Also fixes a bug, where the `default_browser_return_url` of the verification\n flow was not respected when using the code strategy.\n\n Closes https://github.com/ory-corp/cloud#3925 Fixes\n https://github.com/ory/network#228 Fixes\n https://github.com/ory/network/issues/224\n\n- Social sign in via linkedin\n ([#3079](https://github.com/ory/kratos/issues/3079))\n ([5de6bf4](https://github.com/ory/kratos/commit/5de6bf46aba6c13f927ef1c4c425322a34063ca9)),\n closes [#2856](https://github.com/ory/kratos/issues/2856):\n\n Adds LinkedIn as a social sign in provider.\n\n- Webhooks that update identities\n ([2cbee3e](https://github.com/ory/kratos/commit/2cbee3e8eea6bac376faf9382bf5b15acb732f03)),\n closes [#2161](https://github.com/ory/kratos/issues/2161):\n\n Introduces a new configuration `response.parse` in webhooks. This enables\n updating of identity data during registration, including admin/public\n metadata, identity traits, enabling/disabling identity, and modifying\n verified/recovery addresses.\n\n Please note that `can_interrupt` is being deprecated in favor of\n `response.parse`.\n\n### Tests\n\n- **e2e:** Fix compile errors in commands\n ([#3179](https://github.com/ory/kratos/issues/3179))\n ([0002668](https://github.com/ory/kratos/commit/00026682b548b1f33e255a8ee865d90ea127a254))\n- Parallelize several unit tests\n ([#3081](https://github.com/ory/kratos/issues/3081))\n ([5403f86](https://github.com/ory/kratos/commit/5403f863d21a6fb5ba4b8572fb054d52e5a8205d))\n\n### Unclassified\n\n- Revert \"fix: do not omit last page on identity list (#3169)\" (#3184)\n ([73b5f13](https://github.com/ory/kratos/commit/73b5f13935ef051aae5538cf3d189bb430ea49ae)),\n closes [#3169](https://github.com/ory/kratos/issues/3169)\n [#3184](https://github.com/ory/kratos/issues/3184):\n\n This reverts commit f95f48a79395b7b99c7482c0974bc5188e007cc0.\n\n# [0.11.1](https://github.com/ory/kratos/compare/v0.11.0...v0.11.1) (2023-01-14)\n\n- Fixed several bugs to improve overall stability.\n- Optimized performance for faster load times and smoother operation.\n- Improved tracing capabilities for better debugging and issue resolution.\n\nWe are constantly working to improve Ory Kratos and this release is no\nexception. Thank you for using Ory and please let us know if you have any\nfeedback or encounter any issues.\n\n## Breaking Changes\n\nThe `/admin/courier/messages` endpoint now uses `keysetpagination` instead.\n\n### Bug Fixes\n\n- Add missing indexes ([#2973](https://github.com/ory/kratos/issues/2973))\n ([bbb3995](https://github.com/ory/kratos/commit/bbb399572926bd433928b22764f7b3558bb0c21d))\n- Add missing indexes for identity delete\n ([#2952](https://github.com/ory/kratos/issues/2952))\n ([dc311f9](https://github.com/ory/kratos/commit/dc311f9a9dc0dbb26e2375b3cd4232a4e8cccb61)):\n\n This significantly improves the performance of identity deletes.\n\n- Cors headers not added to the response\n [#2922](https://github.com/ory/kratos/issues/2922)\n ([#2934](https://github.com/ory/kratos/issues/2934))\n ([1ed6839](https://github.com/ory/kratos/commit/1ed6839369baeecc99610d9f04d78dfee53ad72a))\n- Dont reset to false ([#2965](https://github.com/ory/kratos/issues/2965))\n ([ae8ad7b](https://github.com/ory/kratos/commit/ae8ad7be5b6f3dbb9142bee55448a71c7df44e52))\n- Flaky test now stable\n ([4e5dcd0](https://github.com/ory/kratos/commit/4e5dcd0df6baffda8b15eda37fd7a247793f3297))\n- Listing sessions query ([#2958](https://github.com/ory/kratos/issues/2958))\n ([3e06c99](https://github.com/ory/kratos/commit/3e06c991ad557f4629ef7412c256ede2386a7bed)),\n closes [#2930](https://github.com/ory/kratos/issues/2930)\n- Missing index on courier list count\n ([#3002](https://github.com/ory/kratos/issues/3002))\n ([3b50711](https://github.com/ory/kratos/commit/3b507110d6e0296e90d3c495515bf2a066b7c09b))\n- Pin geckodriver version to bypass GitHub API quota\n ([#2972](https://github.com/ory/kratos/issues/2972))\n ([585cb9e](https://github.com/ory/kratos/commit/585cb9e79be5de8b3d684313edb72bb703ffaa78))\n- Quickstart demos ([#2940](https://github.com/ory/kratos/issues/2940))\n ([a7720b2](https://github.com/ory/kratos/commit/a7720b2ba389c08c83c4f3118b83e1fc044773cc))\n- Remove duplicate query in GetIdentity\n ([#2987](https://github.com/ory/kratos/issues/2987))\n ([33b01bb](https://github.com/ory/kratos/commit/33b01bbb0e53fc8ac0127531de72ee1b680be656))\n- Remove unused x-session-cookie parameter\n ([#2983](https://github.com/ory/kratos/issues/2983))\n ([56b5c26](https://github.com/ory/kratos/commit/56b5c26e666af2442b3e99449b62b2f76a3a4677)):\n\n This patch removes the undocumented and experimental `X-Session-Cookie` header\n from the `/sessions/whoami` endpoint.\n\n- Resilient social sign in ([#3011](https://github.com/ory/kratos/issues/3011))\n ([ca35b45](https://github.com/ory/kratos/commit/ca35b45a26c6781be81086a7677344fc165dac9f))\n- Respect `return_to` URL parameter in registration flow when the user is\n already registered ([#2957](https://github.com/ory/kratos/issues/2957))\n ([3462ce1](https://github.com/ory/kratos/commit/3462ce1512d03529b613421a69bcf4c1d5e98e08))\n- Set accept header for GitLab\n ([#2998](https://github.com/ory/kratos/issues/2998))\n ([e892113](https://github.com/ory/kratos/commit/e892113cc00a010490492def7f128bfb5c15b8de))\n- Set config at the start\n ([e58bc6e](https://github.com/ory/kratos/commit/e58bc6e9bacd5c9c6ee9369beb843a4c54059ae2))\n- Spurious cancelation of async webhooks, better tracing\n ([#2969](https://github.com/ory/kratos/issues/2969))\n ([72de640](https://github.com/ory/kratos/commit/72de640bad75da29424222bd613a21d10e1811ec)):\n\n Previously, async webhooks (response.ignore=true) would be canceled early once\n the incoming Kratos request was served and it's associated context released.\n We now dissociate the cancellation of async hooks from the normal request\n processing flow.\n\n- TOTP internal context after saving settings\n ([#2960](https://github.com/ory/kratos/issues/2960))\n ([8b647b1](https://github.com/ory/kratos/commit/8b647b1f54bb674982b982ce483fbd877e42c43a)),\n closes [#2680](https://github.com/ory/kratos/issues/2680)\n- Update pquerna/otp to fix TOTP URL encoding\n ([#2951](https://github.com/ory/kratos/issues/2951))\n ([7248636](https://github.com/ory/kratos/commit/72486368f5403c02772e4a99ed9edc34e84c217c)):\n\n v1.4.0 fixes generating TOTP URLs. Query params now use %20 instead of + to\n encode spaces. + was not correctly interpreted by some Android authenticator\n apps, and would show up in the issuer name, e.g. \"My+Issuer\" instead of \"My\n Issuer\".\n\n- Update year\n ([d77e2cf](https://github.com/ory/kratos/commit/d77e2cf56ceab4c73e1c2fd579d43ae25a19d345))\n- Webhook tracing instrumentation+memory leak\n ([f0044a3](https://github.com/ory/kratos/commit/f0044a365b39a5f940d6d268977744f8fcb2e49b))\n\n### Code Generation\n\n- Pin v0.11.1 release commit\n ([41595c5](https://github.com/ory/kratos/commit/41595c52cf48e2bae81b1a901577062cc6e3dc06))\n\n### Documentation\n\n- Improve api headline ([#2989](https://github.com/ory/kratos/issues/2989))\n ([fc2787b](https://github.com/ory/kratos/commit/fc2787ba9a5cb9088a76b7ec25752d75ef399281))\n\n### Features\n\n- Add client IP to span events\n ([7ce3a74](https://github.com/ory/kratos/commit/7ce3a7471243898e111ca3e2b5d1346131c55dae))\n- Add NID to logs in courier\n ([#2956](https://github.com/ory/kratos/issues/2956))\n ([b407aa9](https://github.com/ory/kratos/commit/b407aa9427382f38dd8a992a6998202a7b6ba83a))\n- Improve error message when no session is found\n ([#2988](https://github.com/ory/kratos/issues/2988))\n ([7ad2b97](https://github.com/ory/kratos/commit/7ad2b970089cee2209b3afeaaffd7e04f803918d))\n- Improve tracing ([#2992](https://github.com/ory/kratos/issues/2992))\n ([04d0280](https://github.com/ory/kratos/commit/04d0280ca1338b93ac6e3026a8a2d852fbb46ef2))\n- Remove duplicate queries from whoami calls\n ([#2995](https://github.com/ory/kratos/issues/2995))\n ([b50a222](https://github.com/ory/kratos/commit/b50a22298eedef30a45979866163921604bc698a)),\n closes [#2402](https://github.com/ory/kratos/issues/2402):\n\n Introduces an expand API to the identity persister which greatly improves\n whoami performance.\n\n- Require verification on login\n ([#2927](https://github.com/ory/kratos/issues/2927))\n ([efb8ae8](https://github.com/ory/kratos/commit/efb8ae89cbc31477c2696a0df4c89d6dbf856d27))\n- Store errors of courier message\n ([#2914](https://github.com/ory/kratos/issues/2914))\n ([fc7aa86](https://github.com/ory/kratos/commit/fc7aa86545f9e74c22738891af92abafe0030d7f))\n\n### Tests\n\n- Improve parallelization\n ([e8e8ce5](https://github.com/ory/kratos/commit/e8e8ce5eb3713f28ce1c9a05564ec7f74b48ab4d))\n- Regenerate csrf if verification flow expired\n ([#2455](https://github.com/ory/kratos/issues/2455))\n ([7025081](https://github.com/ory/kratos/commit/7025081b76171ce0a8f312a7b671aead1bb21215))\n- Update integrity snapshots\n ([#3000](https://github.com/ory/kratos/issues/3000))\n ([6d26e5c](https://github.com/ory/kratos/commit/6d26e5c735a28ecb8b2d8cd142751ef679e19e86))\n\n# [0.11.0](https://github.com/ory/kratos/compare/v0.11.0-alpha.0.pre.2...v0.11.0) (2022-12-02)\n\nThe 2022 winter release of Ory Kratos is here, and we are extremely excited to\nshare with you some of the highlights included:\n\n- Ory Kratos now supports verification and recovery codes, which replace are now\n the default strategy and should be used instead of magic links.\n- Import of MD5-hashed passwords is now supported.\n- Ory Kratos can now act as the login app for the Ory Hydra Consent & Login Flow\n using the `oauth2_provider.url` configuration value.\n- Ory Kratos' SDK is now released as version 1. Learn more in the\n [upgrade guide](https://www.ory.sh/docs/guides/upgrade/sdk-v1).\n- New APIs are available to manage Ory Sessions.\n- Ory Sessions now contain device information.\n- Added all claims to the Social Sign-In data mapper as well as the option to\n customize admin and public metadata.\n- Add webhooks that can block the request, useful to do some additional\n validation.\n- Add asynchronous webhooks which do not block the request.\n- A CLI helper to clean up stale data.\n\nPlease read the changelog carefully to identify changes which might affect you.\nAlways test upgrading with a copy of your production system before applying the\nupgrade in production.\n\n### Code Generation\n\n- Pin v0.11.0 release commit\n ([59c30b6](https://github.com/ory/kratos/commit/59c30b6860b56990e132416366e0ae6abe7a275f))\n\n### Features\n\n- Forward parsed request cookies to webhook Jsonnet snippet\n ([#2917](https://github.com/ory/kratos/issues/2917))\n ([70ed068](https://github.com/ory/kratos/commit/70ed068debe7a711ba36e2eb4fcf60be8cae4681)):\n\n Request cookies were already available in raw form in the ctx.request_headers\n top-level argument to the Jsonnet snippet. Parsing cookies in Jsonnet is\n tedious and error-prone, though, so we parse them internally for convenience.\n\n# [0.11.0-alpha.0.pre.2](https://github.com/ory/kratos/compare/v0.10.1...v0.11.0-alpha.0.pre.2) (2022-11-28)\n\nautogen: pin v0.11.0-alpha.0.pre.2 release commit\n\n## Breaking Changes\n\nThis patch changes the behavior of the recovery flow. It introduces a new\nstrategy for account recovery that sends out short \"one-time passwords\" (`code`)\nthat a user can use to prove ownership of their account and recovery access to\nit. This PR also updates the default recovery strategy to `code`.\n\nThis patch invalidates recovery flows initiated using the Admin API. Please\nre-generate any admin-generated recovery flows and tokens.\n\nThis is a breaking change, as it removes the `courier.message_ttl` config key\nand replaces it with a counter `courier.message_retries`.\n\nCloses https://github.com/ory/kratos/issues/402 Closes\nhttps://github.com/ory/kratos/issues/1598\n\nSDK Method `getJsonSchema` was renamed to `getIdentitySchema`.\n\n### Bug Fixes\n\n- Active attribute based off IsActive checks\n ([#2901](https://github.com/ory/kratos/issues/2901))\n ([bcbf68e](https://github.com/ory/kratos/commit/bcbf68e716aa62f684acbe91e8c35f6c006a4706))\n- Add issuerURL for apple id\n ([#2565](https://github.com/ory/kratos/issues/2565))\n ([2aeb0a2](https://github.com/ory/kratos/commit/2aeb0a210e6e6433f1a9d9e6a75b21b8e3083239)):\n\n No issuer url was specified when using the Apple ID provider, this forced\n usersers to manually enter it in the provider config.\n\n This PR adds the Apple ID issuer url to the provider simplifying the setup.\n\n- Add missing go.mod to docker build\n ([7c4964e](https://github.com/ory/kratos/commit/7c4964ef65769b40f1ec572a87c2c4106a800bf9))\n- Add support for verified Graph API calls for facebook oidc provider\n ([#2547](https://github.com/ory/kratos/issues/2547))\n ([1ba7c66](https://github.com/ory/kratos/commit/1ba7c66fc4897b676690f0ac701a0b68aee4f151))\n- Admin recovery CSRF & duplicate form elements\n ([#2846](https://github.com/ory/kratos/issues/2846))\n ([de80b7f](https://github.com/ory/kratos/commit/de80b7f508afdd56f5d8396f03919bd9a98e49d3))\n- Bump docker image ([#2594](https://github.com/ory/kratos/issues/2594))\n ([071c885](https://github.com/ory/kratos/commit/071c885d8231a1a66051002ecfcff5c8e5237085))\n- Bump graceful to deal with http header timeouts\n ([9ce2d26](https://github.com/ory/kratos/commit/9ce2d260338f020e2da077e81464e520883f582b))\n- Cache migration status ([#2631](https://github.com/ory/kratos/issues/2631))\n ([9020738](https://github.com/ory/kratos/commit/902073836e4dcf6dc87776921e7988d795943718)):\n\n See https://github.com/ory-corp/cloud/issues/2691\n\n- Check return code of ms graphapi /me request.\n ([#2647](https://github.com/ory/kratos/issues/2647))\n ([3f490a3](https://github.com/ory/kratos/commit/3f490a31cddc53ce5d9958454f41c352580904c9))\n- **cli:** Dry up code ([#2572](https://github.com/ory/kratos/issues/2572))\n ([d1b6b40](https://github.com/ory/kratos/commit/d1b6b40aa9dcc7a3ec9237eec28c4fa55f0b8627))\n- Codecov ([#2879](https://github.com/ory/kratos/issues/2879))\n ([e446c5a](https://github.com/ory/kratos/commit/e446c5a53dbe9963e8047a3e9ca443fa6a7e64eb))\n- Correct name of span on recovery code deletion\n ([#2823](https://github.com/ory/kratos/issues/2823))\n ([44f775f](https://github.com/ory/kratos/commit/44f775f45d47eff63379d77a2339b824a6ede235))\n- Correctly calculate `expired_at` timestamp for FlowExpired errors\n ([#2836](https://github.com/ory/kratos/issues/2836))\n ([ddde43e](https://github.com/ory/kratos/commit/ddde43ec0d77a1214cd03e1f3e48ab4c34193779))\n- Debugging Docker setup ([#2616](https://github.com/ory/kratos/issues/2616))\n ([aaabe75](https://github.com/ory/kratos/commit/aaabe754659b96d2a5b727c4cada3ec300624434))\n- Disappearing title label on verification and recovery flow\n ([#2613](https://github.com/ory/kratos/issues/2613))\n ([29aa3b6](https://github.com/ory/kratos/commit/29aa3b6c37b3a173dcfeb02fdad4abc83774bc0b)),\n closes [#2591](https://github.com/ory/kratos/issues/2591)\n- Distinguish credential types properly when collecting identifiers\n ([#2873](https://github.com/ory/kratos/issues/2873))\n ([705f7b1](https://github.com/ory/kratos/commit/705f7b105c98b1d68b3e35d6e6893e9cfb661548))\n- Do not crash process on invalid smtp url\n ([#2890](https://github.com/ory/kratos/issues/2890))\n ([c5d3ebc](https://github.com/ory/kratos/commit/c5d3ebc6927f7293ee05b65aee745a19ec96ce77)):\n\n Closes https://github.com/ory-corp/cloud/issues/3321\n\n- Do not double-commit webhooks on registration\n ([#2888](https://github.com/ory/kratos/issues/2888))\n ([88e75d9](https://github.com/ory/kratos/commit/88e75d997348450b1a2a3e4619bcbd614a5582e8))\n- Do not invalidate recovery addr on update\n ([#2699](https://github.com/ory/kratos/issues/2699))\n ([1689bb9](https://github.com/ory/kratos/commit/1689bb9f0a52387f699568da6bc773929b1201ae))\n- **docker:** Add missing dependencies\n ([#2643](https://github.com/ory/kratos/issues/2643))\n ([c589520](https://github.com/ory/kratos/commit/c589520ff865cefdb287e597b9e858851a778755))\n- **docker:** Update images\n ([b5f80c1](https://github.com/ory/kratos/commit/b5f80c1198e4bb9ed392521daca934548eb21ee6))\n- Duplicate messages in recovery flow\n ([#2592](https://github.com/ory/kratos/issues/2592))\n ([43fcc51](https://github.com/ory/kratos/commit/43fcc51b9bf6996fc4f7b0ef797189eb8f3978dc))\n- Express e2e tests for new account experience\n ([#2708](https://github.com/ory/kratos/issues/2708))\n ([84ea0cf](https://github.com/ory/kratos/commit/84ea0cf4c72b14f246835d435d22a31f96d9e644))\n- Format\n ([0934def](https://github.com/ory/kratos/commit/0934defff7a0d56e712af98c1cec87c60b3c934b))\n- Format check stage in the CI\n ([#2737](https://github.com/ory/kratos/issues/2737))\n ([bbe4463](https://github.com/ory/kratos/commit/bbe44632de77cfb3d4983b68647107d914cd4c46))\n- Gosec false positives\n ([e3e7ed0](https://github.com/ory/kratos/commit/e3e7ed08f5ce47fc794bd5c093018cee51baf689))\n- Identity sessions list response includes pagination headers\n ([#2763](https://github.com/ory/kratos/issues/2763))\n ([0c2efa2](https://github.com/ory/kratos/commit/0c2efa2d4345c035649208a71332a64c225313c3)),\n closes [#2762](https://github.com/ory/kratos/issues/2762)\n- **identity:** Migrate identity_addresses to lower case\n ([#2517](https://github.com/ory/kratos/issues/2517))\n ([c058e23](https://github.com/ory/kratos/commit/c058e23599d994e12b676e87f7282c1f2b2e089c)),\n closes [#2426](https://github.com/ory/kratos/issues/2426)\n- Ignore commata in HIBP response\n ([0856bd7](https://github.com/ory/kratos/commit/0856bd719b7e06a6d2163bf428ff6513d86376db))\n- Ignore CSRF for session extension on public route\n ([866b472](https://github.com/ory/kratos/commit/866b472750fba7bf498d359796f24867af7270ad))\n- Ignore error explicitly\n ([772d596](https://github.com/ory/kratos/commit/772d5968d5a0cb7ac9415cfb2b1e9e86ae3a3131))\n- Improve migration status speed\n ([#2637](https://github.com/ory/kratos/issues/2637))\n ([a2e3c41](https://github.com/ory/kratos/commit/a2e3c41f9e513e1de47f6320f6a10acd1fed5eea))\n- Include flow id in use recovery token query\n ([#2679](https://github.com/ory/kratos/issues/2679))\n ([d56586b](https://github.com/ory/kratos/commit/d56586b028d79387886f880c1455edb5e4df2209)):\n\n This PR adds the `selfservice_recovery_flow_id` to the query used when \"using\"\n a token in the recovery flow.\n\n This PR also adds a new enum field for `identity_recovery_tokens` to\n distinguish the two flows: admin versus self-service recovery.\n\n- Include metadata_admin in admin identity list response\n ([#2791](https://github.com/ory/kratos/issues/2791))\n ([aa698e0](https://github.com/ory/kratos/commit/aa698e03a3a96abf1563aea24273735bd9cc412d)),\n closes [#2711](https://github.com/ory/kratos/issues/2711)\n- Incorrect swagger annotation for `getSession`\n ([#2891](https://github.com/ory/kratos/issues/2891))\n ([797ea68](https://github.com/ory/kratos/commit/797ea6857e29e5477e0769af5dd51dd7e43080b2))\n- **lint:** Fixed lint error causing ci failures\n ([4aab5e0](https://github.com/ory/kratos/commit/4aab5e0114dd02b8b0ce45376a0fe4bf11e38221))\n- Make `courier.TemplateType` an enum\n ([#2875](https://github.com/ory/kratos/issues/2875))\n ([65aeb0a](https://github.com/ory/kratos/commit/65aeb0a7fd90bfbc81f68b77141f8271aef011fe))\n- Make hydra consistently localhost\n ([70211a1](https://github.com/ory/kratos/commit/70211a17a452d5ced8317822afda3f8e6185cc71))\n- Make ID field in VerifiableAddress struct optional\n ([#2507](https://github.com/ory/kratos/issues/2507))\n ([0844b47](https://github.com/ory/kratos/commit/0844b47c30851c548d46273927afee103cdc0e97)),\n closes [#2506](https://github.com/ory/kratos/issues/2506)\n- Make servicelocator explicit\n ([4f841da](https://github.com/ory/kratos/commit/4f841dae5423acf3514d50add9e99d28bc339fbb))\n- Make swagger/openapi go 1.19 compatible\n ([fec6772](https://github.com/ory/kratos/commit/fec6772739129e0d5bb4103c717b1ac60df45aa8))\n- Mark gosec false positives\n ([13eaddb](https://github.com/ory/kratos/commit/13eaddb7babe630750361c6d8f3ffc736898ddec))\n- Metadata should not be required\n ([05afd68](https://github.com/ory/kratos/commit/05afd68381abe58c5e7cdd51cbf0ae409f5f0eb0))\n- Migration error detection\n ([a115486](https://github.com/ory/kratos/commit/a11548603a4c9b46ba238d2a7ee58fffb7f6d857))\n- Missing usage to recovery_code_invalid template\n ([#2798](https://github.com/ory/kratos/issues/2798))\n ([5ac7553](https://github.com/ory/kratos/commit/5ac7553d191885957215b5a63f3bbdc2d020f3fe))\n- Not cleared field validation message\n ([#2800](https://github.com/ory/kratos/issues/2800))\n ([cdaf68d](https://github.com/ory/kratos/commit/cdaf68db8e6dd7bacfdb5fc6ff28e5d960f75c2c))\n- Panic\n ([1182278](https://github.com/ory/kratos/commit/11822789c1561b27c2d769c9ea53a81835702f4a))\n- Patch invalidates credentials\n ([#2721](https://github.com/ory/kratos/issues/2721))\n ([c4d95af](https://github.com/ory/kratos/commit/c4d95afac590136acd14efa093f48c301fd07164)),\n closes [ory/cloud#148](https://github.com/ory/cloud/issues/148)\n- Potentially resolve tx issue in crdb\n ([#2595](https://github.com/ory/kratos/issues/2595))\n ([9d22035](https://github.com/ory/kratos/commit/9d22035695b6a793ac4bc5e2bd0a68b3aeea039c))\n- Preserve return_to param between flows\n ([#2644](https://github.com/ory/kratos/issues/2644))\n ([f002649](https://github.com/ory/kratos/commit/f002649d45658a1486fac551d8ca6b37b3d03026))\n- Proper annotation for patch\n ([#2784](https://github.com/ory/kratos/issues/2784))\n ([0cbfe41](https://github.com/ory/kratos/commit/0cbfe410c50cfe551693683881b4145d115c1aa3))\n- Re-add service to quickstart\n ([8c52c33](https://github.com/ory/kratos/commit/8c52c33cf277eda82c9b00b77cd9e03f1e5b4602))\n- Re-issue outdated cookie in /whoami\n ([#2598](https://github.com/ory/kratos/issues/2598))\n ([bf6f27e](https://github.com/ory/kratos/commit/bf6f27e37b8aa342ae002e0a9f227a31e0f7c279)),\n closes [#2562](https://github.com/ory/kratos/issues/2562)\n- Remove jackc rewrites ([#2634](https://github.com/ory/kratos/issues/2634))\n ([fe00c5b](https://github.com/ory/kratos/commit/fe00c5be72b0cdcc8d462a97aa04c413f758e8e3))\n- Remove jsonnet import support\n ([d708c81](https://github.com/ory/kratos/commit/d708c81abbec424e4376a68140e5008bdba4eaaf))\n- Remove newline sign from email subject\n ([#2576](https://github.com/ory/kratos/issues/2576))\n ([ca3d9c2](https://github.com/ory/kratos/commit/ca3d9c24e25ce501e9eae23547f87e1c35b2ea97))\n- Remove rust workaround\n ([355ec43](https://github.com/ory/kratos/commit/355ec431a304eef236a088571e2414f96c49d862))\n- Replace io/util usage by io and os package\n ([e2d805b](https://github.com/ory/kratos/commit/e2d805b7e336d202f7cf3c2e0ce586d78ac03cc0))\n- Resolve bug where 500s in web hooks are not properly retried\n ([e572e81](https://github.com/ory/kratos/commit/e572e8185e17839addabf2a72f4e9921bda8b47a))\n- Respect more http sources for computing request URL\n ([66a9448](https://github.com/ory/kratos/commit/66a94488eb2fc778a00a5c69916e7958b3535440))\n- Return browser to 'return_to' when logging in without registered account using\n oidc. ([#2496](https://github.com/ory/kratos/issues/2496))\n ([a4194f5](https://github.com/ory/kratos/commit/a4194f58dd4ccecca6698d5b43284d857a70a221)),\n closes [#2444](https://github.com/ory/kratos/issues/2444)\n- Return empty array not null when there are no sessions\n ([#2548](https://github.com/ory/kratos/issues/2548))\n ([fffba47](https://github.com/ory/kratos/commit/fffba473440fec3118a3951b697d5a0d2d4e30d6))\n- Revert Go 1.19 formatting changes\n ([7fb085b](https://github.com/ory/kratos/commit/7fb085b6ca4fbfe2978998bea868959966ae193d))\n- Revert removal of required field in uiNodeInputAttributes\n ([#2623](https://github.com/ory/kratos/issues/2623))\n ([fee154b](https://github.com/ory/kratos/commit/fee154b28dfb3007f8d20a807cfd6d362c3bd9e7))\n- **sdk:** Identity metadata is nullable\n ([#2841](https://github.com/ory/kratos/issues/2841))\n ([4c70578](https://github.com/ory/kratos/commit/4c7057823b5292cb38f43bd5a96041aed178ad0a)):\n\n Closes https://github.com/ory/sdk/issues/218\n\n- **sdk:** Make InputAttributes.Type an enum\n ([ff6190f](https://github.com/ory/kratos/commit/ff6190f31f538cf8ed735dfd1bb3b7afcd944c36))\n- **sdk:** Rust compile issue with required enum\n ([#2619](https://github.com/ory/kratos/issues/2619))\n ([8800085](https://github.com/ory/kratos/commit/8800085d5bde32367217170d00f7141b7ea46733))\n- Send out correct verification invalid email in code strategy\n ([#2908](https://github.com/ory/kratos/issues/2908))\n ([d2bb67a](https://github.com/ory/kratos/commit/d2bb67af64d031613f2516b4848208d4f709e7b4))\n- Set cache default to false\n ([#2906](https://github.com/ory/kratos/issues/2906))\n ([e407f92](https://github.com/ory/kratos/commit/e407f92572b7823f70df17d463400807f14c8ae8))\n- Take over return_to param from unauthorized settings to login flow\n ([#2787](https://github.com/ory/kratos/issues/2787))\n ([504fb36](https://github.com/ory/kratos/commit/504fb36b6e72900808666dde778906a069f3c48b))\n- Unable to find JSON Schema ID: default\n ([#2393](https://github.com/ory/kratos/issues/2393))\n ([f43396b](https://github.com/ory/kratos/commit/f43396bdc03f89812f026c2a94b0b50100134c23))\n- Use correct download location for golangci-lint\n ([c36ca53](https://github.com/ory/kratos/commit/c36ca53d4552596e62ec323795c3bf21438d4f26))\n- Use errors instead of fatal for serve cmd\n ([02f7e9c](https://github.com/ory/kratos/commit/02f7e9cfd17ab60c3f38aab3ae977c427b26990d))\n- Use full URL for webhook payload\n ([72595ad](https://github.com/ory/kratos/commit/72595adcb68a1a2d350c4687328653e28d888847))\n- Use process-isolated Jsonnet VM\n ([#2869](https://github.com/ory/kratos/issues/2869))\n ([9eeedc0](https://github.com/ory/kratos/commit/9eeedc06408c447077b630fff65e9ca4ed1ec59a))\n- Verification redirect & continue label\n ([#2905](https://github.com/ory/kratos/issues/2905))\n ([e1119e8](https://github.com/ory/kratos/commit/e1119e8f2e0372152d7d8367e7843fd5a49bf728)):\n\n This PR resolves an issue with the redirect after a successful verification,\n if not specified.\n\n- Wrap migration error in WithStack\n ([#2636](https://github.com/ory/kratos/issues/2636))\n ([4ce9f1e](https://github.com/ory/kratos/commit/4ce9f1ebb39cccfd36c4f0fb4a2ae2a17fbc18cc))\n- Wrong config key in admin recovery documentation\n ([#2815](https://github.com/ory/kratos/issues/2815))\n ([154b61b](https://github.com/ory/kratos/commit/154b61b9ff50306c540eb0904ae012195e735da4))\n- X-forwarded-for header parsing\n ([#2807](https://github.com/ory/kratos/issues/2807))\n ([4682afa](https://github.com/ory/kratos/commit/4682afaca3655dc809582b775a5a1c56205a4b4a))\n\n### Code Generation\n\n- Pin v0.11.0-alpha.0.pre.2 release commit\n ([624e1f0](https://github.com/ory/kratos/commit/624e1f0d23b1c58bc28b2eaf845d4ef63e64bdba))\n\n### Code Refactoring\n\n- Hot reloading\n ([b0d8f38](https://github.com/ory/kratos/commit/b0d8f3853886228a64e82437643a82b3970d6ff7))\n- Make embedding easier with internal sdk\n ([e9aa21f](https://github.com/ory/kratos/commit/e9aa21f02b4bb7b09e268197334beb9c5772d13d))\n- SDK v1 naming\n ([11f9d30](https://github.com/ory/kratos/commit/11f9d30a5d245b4dfc922a766853eaac2a20a8f5)):\n\n Find the full\n [upgrade guide in our documentation](https://www.ory.sh/docs/guides/upgrade/sdk).\n\n- **sdk:** Rename `getJsonSchema` to `getIdentitySchema`\n ([#2606](https://github.com/ory/kratos/issues/2606))\n ([8dc2ecf](https://github.com/ory/kratos/commit/8dc2ecf4919c9a14ef0bd089677de66ab3cfed92))\n- Use gotemplates for command usage\n ([baa84c6](https://github.com/ory/kratos/commit/baa84c681b0c7fa29d653bd7226e792a5f44cb4c))\n- Use gotemplates for command usage\n ([#2770](https://github.com/ory/kratos/issues/2770))\n ([1d22b23](https://github.com/ory/kratos/commit/1d22b235291ce7102dd186a53a431b55780973d3))\n\n### Documentation\n\n- Cleanup v0alpha2 endpoint summaries\n ([db9a95b](https://github.com/ory/kratos/commit/db9a95b6d28f7db3416c9d1530be4fd63a17ac6b))\n- Cypress on arm based mac ([#2795](https://github.com/ory/kratos/issues/2795))\n ([d8514b5](https://github.com/ory/kratos/commit/d8514b50b5df9c098c77c5cb817602657b2a02ea))\n- Enable 2FA methods in docker-compose quickstart setup\n ([#2828](https://github.com/ory/kratos/issues/2828))\n ([8f52e8b](https://github.com/ory/kratos/commit/8f52e8b728bf8e2a99807f4d4899c2eaaca9e7e5))\n- Fix badge\n ([dbb7506](https://github.com/ory/kratos/commit/dbb7506ec1a5a2b5bef21cb7838b6c86e755f0f9))\n- Importing credentials supported\n ([4e8b5cf](https://github.com/ory/kratos/commit/4e8b5cf775c1bfe4c2eb5588bfebe900d1c390eb))\n- **sdk:** Identifier is actually required\n ([#2593](https://github.com/ory/kratos/issues/2593))\n ([f89d279](https://github.com/ory/kratos/commit/f89d2794d8a2122e3f86eeb8aa5d554da32e753e))\n- **sdk:** Incorrect URL ([#2521](https://github.com/ory/kratos/issues/2521))\n ([ac6c4cc](https://github.com/ory/kratos/commit/ac6c4ccfc1901d38855ecd9991ef8de80e9d7c40))\n- Update README\n ([5da4c6b](https://github.com/ory/kratos/commit/5da4c6b934b1b820d4a6ca67621855e87ecef773))\n- Update readme badges\n ([7136e94](https://github.com/ory/kratos/commit/7136e94028dc64877e887776a1ccafb8826ce23c))\n- Write messages as single json document\n ([#2519](https://github.com/ory/kratos/issues/2519))\n ([3d8cf38](https://github.com/ory/kratos/commit/3d8cf38ef05c6ca5edf1161846c63bd3a23d9adc)),\n closes [#2498](https://github.com/ory/kratos/issues/2498)\n\n### Features\n\n- Add \"success\" UITextType ([#2900](https://github.com/ory/kratos/issues/2900))\n ([2ff34b6](https://github.com/ory/kratos/commit/2ff34b604757c46aae5cf3cbb23f39f982341486))\n- Add admin get api for session\n ([#2855](https://github.com/ory/kratos/issues/2855))\n ([1aa1321](https://github.com/ory/kratos/commit/1aa13211d1459e7453c2ba8fec69fee1c79aecbc))\n- Add api endpoint to fetch messages\n ([#2651](https://github.com/ory/kratos/issues/2651))\n ([5fddcbf](https://github.com/ory/kratos/commit/5fddcbf6554264766301e63ed3889ba746f0cd1a)):\n\n Closes https://github.com/ory/kratos/issues/2639\n\n- Add autocomplete attributes\n ([#2523](https://github.com/ory/kratos/issues/2523))\n ([6284a9a](https://github.com/ory/kratos/commit/6284a9a5152924018d85f306e5758e9d8d759283)),\n closes [#2396](https://github.com/ory/kratos/issues/2396)\n- Add cache headers ([#2817](https://github.com/ory/kratos/issues/2817))\n ([71e2449](https://github.com/ory/kratos/commit/71e2449d7038594e107f39934e4716f845be7bb7))\n- Add codecov yaml\n ([90da0bb](https://github.com/ory/kratos/commit/90da0bb4aeb50ed697c998342300cc56de5d5e1c))\n- Add DingTalk social login ([#2494](https://github.com/ory/kratos/issues/2494))\n ([7b966bd](https://github.com/ory/kratos/commit/7b966bd16333f419b2a57f2a0b8684d6d86b34e6))\n- Add flow id check to use verification token\n ([#2695](https://github.com/ory/kratos/issues/2695))\n ([54c64fc](https://github.com/ory/kratos/commit/54c64fcea40ede17a87253042259fd97eeb780fe))\n- Add handler with openapi def for admin revoke session\n ([#2867](https://github.com/ory/kratos/issues/2867))\n ([2438ca0](https://github.com/ory/kratos/commit/2438ca0c9aed997870dcf60d41dad783838dd840))\n- Add identity id to \"account disabled\" error\n ([#2557](https://github.com/ory/kratos/issues/2557))\n ([f09b1b3](https://github.com/ory/kratos/commit/f09b1b3701c6deda4d25cebb7ccf2e97089be32a))\n- Add missing config entry\n ([8fe9de6](https://github.com/ory/kratos/commit/8fe9de6d60a381611e07226614241a83b0010126))\n- Add missing cookie headers to SDK methods\n ([#2720](https://github.com/ory/kratos/issues/2720))\n ([32e32d1](https://github.com/ory/kratos/commit/32e32d1b98404ac14a44b2f0ccefa8c02d38c5f7)):\n\n See https://github.com/ory/kratos/discussions/2583\n\n- Add OpenTelemetry span events\n ([#2858](https://github.com/ory/kratos/issues/2858))\n ([37b1a3b](https://github.com/ory/kratos/commit/37b1a3bb0cf2ea859d672674ca0e95893e63301b))\n- Add PATCH to adminUpdateIdentity\n ([#2380](https://github.com/ory/kratos/issues/2380))\n ([#2471](https://github.com/ory/kratos/issues/2471))\n ([94a3741](https://github.com/ory/kratos/commit/94a37416011086582e309f62dc2c45ca84083a33))\n- Add pre-hooks to settings, verification, recovery\n ([c0ceaf3](https://github.com/ory/kratos/commit/c0ceaf31f9327cca903c19b77597cae4587737e6))\n- Add session cache header feature flag\n ([#2899](https://github.com/ory/kratos/issues/2899))\n ([02a92b4](https://github.com/ory/kratos/commit/02a92b4d8ab5ced5d0d9387b38491990fa7cb724)),\n closes [ory-corp/cloud#3283](https://github.com/ory-corp/cloud/issues/3283)\n- Add support for firebase scrypt hashes on identity import and login hash\n upgrade ([#2734](https://github.com/ory/kratos/issues/2734))\n ([3852eb4](https://github.com/ory/kratos/commit/3852eb460251a079bad68d08bee2aef23516d168)),\n closes [#2422](https://github.com/ory/kratos/issues/2422)\n- Add verification via `code`\n ([#2838](https://github.com/ory/kratos/issues/2838))\n ([a82ee92](https://github.com/ory/kratos/commit/a82ee9295681b8dde96c3c6fb156e791df68613c)),\n closes [#2824](https://github.com/ory/kratos/issues/2824):\n\n The new `code` strategy is now supported as a verification strategy. If\n enabled, the strategy sends a code, instead of a magic link to the user's\n address, which they can use to verify their address.\n\n- Adding admin session listing api\n ([#2818](https://github.com/ory/kratos/issues/2818))\n ([59588d2](https://github.com/ory/kratos/commit/59588d2e290a8b72125021fa899661622e4cd946))\n- Adding device information to the session\n ([#2715](https://github.com/ory/kratos/issues/2715))\n ([82bc9ce](https://github.com/ory/kratos/commit/82bc9ce00d44085287e6d8d9e3fb67e107be2503)):\n\n Closes https://github.com/ory/kratos/issues/2091 See\n https://github.com/ory-corp/cloud/issues/3011\n\n Co-authored-by: Patrik \n\n- Allow importing scrypt hashing algorithm\n ([#2689](https://github.com/ory/kratos/issues/2689))\n ([3e3b59e](https://github.com/ory/kratos/commit/3e3b59e53de8cb89e9fd01cfec75a0f8a601035b)),\n closes [#2422](https://github.com/ory/kratos/issues/2422):\n\n It is now possible to import scrypt-hashed passwords.\n\n- Allow setting public and admin metadata with the jsonnet data mapper\n ([#2569](https://github.com/ory/kratos/issues/2569))\n ([aa6eb13](https://github.com/ory/kratos/commit/aa6eb13c1c42c11354074553fac9c90ee0a8999e)),\n closes [#2552](https://github.com/ory/kratos/issues/2552)\n- Automatic TLS certificate reloading\n ([#2744](https://github.com/ory/kratos/issues/2744))\n ([09751e6](https://github.com/ory/kratos/commit/09751e6a03783701af60ce606633694ef67deacc))\n- Change code length to 6 numbers\n ([#2894](https://github.com/ory/kratos/issues/2894))\n ([56feb07](https://github.com/ory/kratos/commit/56feb079c3b99856c03cd8beb950673c10310520))\n- **cli:** Helper for cleaning up stale records\n ([#2406](https://github.com/ory/kratos/issues/2406))\n ([29d6376](https://github.com/ory/kratos/commit/29d6376e22e4de617ec63ca0a5dcb4dbf34c7c37)),\n closes [#952](https://github.com/ory/kratos/issues/952)\n- Handler for update API with credentials\n ([#2423](https://github.com/ory/kratos/issues/2423))\n ([561187d](https://github.com/ory/kratos/commit/561187dafe2fea324d55c4efe3ffa6b65f9bed72)),\n closes [#2334](https://github.com/ory/kratos/issues/2334)\n- Immutable cookie session values\n ([#2761](https://github.com/ory/kratos/issues/2761))\n ([a6f2793](https://github.com/ory/kratos/commit/a6f27935ce17a7ff5b3deaa4973d72a7d83454fb)),\n closes [#2701](https://github.com/ory/kratos/issues/2701)\n- Implement blocking webhooks\n ([#1585](https://github.com/ory/kratos/issues/1585))\n ([e48e9fa](https://github.com/ory/kratos/commit/e48e9fac7ab6a982e0e941bfea1d15569eb53582)),\n closes [#1724](https://github.com/ory/kratos/issues/1724)\n [#1483](https://github.com/ory/kratos/issues/1483)\n- Improve cache handling\n ([6e8579b](https://github.com/ory/kratos/commit/6e8579b835d54d5ebb5371297ea60f24e915882d))\n- Improve state generation logic\n ([546ee3d](https://github.com/ory/kratos/commit/546ee3dc900874bc0614923b10697388c4e7676b))\n- Ingest hydra bugfix\n ([3c11216](https://github.com/ory/kratos/commit/3c112165e553161696cf746befb9e03c2e6e07fb))\n- OAuth2 integration ([#2804](https://github.com/ory/kratos/issues/2804))\n ([7c6eb2a](https://github.com/ory/kratos/commit/7c6eb2a5128c6bc76ac7306edafaa54c4893ea82)):\n\n This feature allows Ory Kratos to act as a login provider for Ory Hydra using\n the `oauth2_provider.url` configuration value.\n\n Closes https://github.com/ory/kratos/issues/273 Closes\n https://github.com/ory/kratos/discussions/2293 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/50 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/68 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/108 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/111 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/149 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/170 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/198 See\n https://github.com/ory/kratos-selfservice-ui-node/pull/207\n\n- Parse all id token claims into raw_claims\n ([#2765](https://github.com/ory/kratos/issues/2765))\n ([1da0cf6](https://github.com/ory/kratos/commit/1da0cf62b3f0ed8a81bca22123474baa7cf6de65)),\n closes [#2528](https://github.com/ory/kratos/issues/2528):\n\n All ID Token claims resulting from the Social Sign In flow are now available\n in `raw_claims` and can be used in the Social Sign In JsonNet Mapper.\n\n- Replace magic links with one time codes in recovery flow\n ([#2645](https://github.com/ory/kratos/issues/2645))\n ([a1532ba](https://github.com/ory/kratos/commit/a1532ba79722ccfc9c8608ef6f51a6d9ecb24a8e)),\n closes [#1451](https://github.com/ory/kratos/issues/1451):\n\n This feature introduces a new `code` strategy to recover an account.\n\n Currently, if a user needs to initiate a recovery flow to recover a lost\n password/MFA/etc., they’ll receive an email containing a “magic link”. This\n link contains a flow_id and a recovery_token. This is problematic because some\n antivirus software opens links in emails to check for malicious content, etc.\n\n Instead of the magic link, we send an 8-digit code that is clearly displayed\n in the email or SMS. A user can now copy/paste or type it manually into the\n text-field that is shown after the user clicks “submit” on the initiate flow\n page.\n\n- Replace message_ttl with static max retry count\n ([#2638](https://github.com/ory/kratos/issues/2638))\n ([b341756](https://github.com/ory/kratos/commit/b341756130ee808ddcc003163884f09e3f006d0a)):\n\n This PR replaces the `courier.message_ttl` configuration option with a\n `courier.message_retries` option to limit how often the sending of a message\n is retried before it is marked as `abandoned`.\n\n- Standardize license headers\n ([#2790](https://github.com/ory/kratos/issues/2790))\n ([8406eaf](https://github.com/ory/kratos/commit/8406eaf92006d9812108bd3ae57245f01e627bfc))\n- Support ip exceptions\n ([de46c08](https://github.com/ory/kratos/commit/de46c08534dfae6165f6a570cc59829f367c0b57))\n- Support md5 hash import ([#2725](https://github.com/ory/kratos/issues/2725))\n ([d1b4e17](https://github.com/ory/kratos/commit/d1b4e1748f66c0dc8033235f1a9c155aac0d5caa))\n- Trace WebHooks ([#2911](https://github.com/ory/kratos/issues/2911))\n ([665605b](https://github.com/ory/kratos/commit/665605bbc4f6ca838f0180680cdd68905f07d482)):\n\n Previously the context was not propagated to the http client. As a result the\n (instrumented) client did not find the existing span and the sapns for\n outgoing http request have been orphains.\n\n With this simple Fix they are now children of the corresponding webhook spans.\n\n- Update for the Ory Network\n ([#2814](https://github.com/ory/kratos/issues/2814))\n ([3e09e58](https://github.com/ory/kratos/commit/3e09e58a695cf5d9d57b9f773e0f50b1fd794915))\n- Upgrade hydra to v2\n ([fdb108f](https://github.com/ory/kratos/commit/fdb108fe2542569202bfb39ef55e1a7e8c5b5ebf))\n\n### Reverts\n\n- Revert \"autogen(openapi): regenerate swagger spec and internal client\"\n ([24eddfb](https://github.com/ory/kratos/commit/24eddfb2adc67e22d34efdc6b6a6723c7be64237)):\n\n This reverts commit 4159b93ae3f8175cf7ccf77d34e4a7a2d0181d4f.\n\n### Tests\n\n- **e2e:** Add typescript\n ([37018c0](https://github.com/ory/kratos/commit/37018c0161d0affe88c9f2574d043f337579e4a9))\n- **e2e:** Fix flaky assertions\n ([21a8487](https://github.com/ory/kratos/commit/21a8487f984168abbc7279c590c66822414c718e))\n- **e2e:** Fix issuer config\n ([32454d2](https://github.com/ory/kratos/commit/32454d2fbd169a7839fc3d02786376ef4c7c986d))\n- **e2e:** Fix webauthn regression\n ([26001e7](https://github.com/ory/kratos/commit/26001e7544b60ad0004153773a21c1d04abf9987))\n- **e2e:** Improve webauthn test reliability\n ([4d323d0](https://github.com/ory/kratos/commit/4d323d01b53b9f7b0dc346211ac4fda0626d357a))\n- **e2e:** Migrate to cypress 10.x\n ([317fab0](https://github.com/ory/kratos/commit/317fab0fe76a2762a77b3d2f8a75735598cb1c0e))\n- **e2e:** Resolve flaky hydra configuration\n ([d8c82da](https://github.com/ory/kratos/commit/d8c82dabad4f04874647c48ecbf0eda91c7c90fa))\n- **e2e:** Resolve max-age and issuer regression\n ([0ee4cf0](https://github.com/ory/kratos/commit/0ee4cf058cbda2bef52b3fa830f3db411f442197))\n- **e2e:** Resolve max-age regression\n ([904f75d](https://github.com/ory/kratos/commit/904f75d254e9513aa3edad4fa3f9ead4d80e46df))\n- **e2e:** Use correct dir\n ([907dbe3](https://github.com/ory/kratos/commit/907dbe3f605d5be5038ddc06029082b2df0914e2))\n- Fix broken assertions\n ([e5f1311](https://github.com/ory/kratos/commit/e5f131138243ad5806c7927dd5a642d029cfad6c))\n- Fix oidc test regression\n ([6c14b68](https://github.com/ory/kratos/commit/6c14b682d0984175495051308985281d72c0988e))\n- Improve e2e tooling\n ([390ccaa](https://github.com/ory/kratos/commit/390ccaac18023979ff36bc7ee2df6c0d4a90d8c8))\n- Parallelize and speed up config tests\n ([#2611](https://github.com/ory/kratos/issues/2611))\n ([d8dea01](https://github.com/ory/kratos/commit/d8dea0138b09d4dff3c30aa14e0e99e423b355fe))\n- Resolve builder regression\n ([934c30d](https://github.com/ory/kratos/commit/934c30d6064d1e7dfc59f4eef43d096e977c113e))\n- Try and recover from allocated port error\n ([3b5ac5f](https://github.com/ory/kratos/commit/3b5ac5ff03b653191c1979fe1e4e9a4ea3ed7d36))\n- Update snapshots ([#2877](https://github.com/ory/kratos/issues/2877))\n ([cbaaceb](https://github.com/ory/kratos/commit/cbaaceb9ef73a91e1b4ce5e4f7b9d7bac04d4c03))\n\n### Unclassified\n\n- Revert \"refactor: use gotemplates for command usage (#2770)\" (#2778)\n ([d612612](https://github.com/ory/kratos/commit/d612612313dc26f1ddaaa84dbca65139b967d52c)),\n closes [#2770](https://github.com/ory/kratos/issues/2770)\n [#2778](https://github.com/ory/kratos/issues/2778):\n\n This reverts commit 1d22b235291ce7102dd186a53a431b55780973d3.\n\n- Remove empty script (#2739)\n ([1515b83](https://github.com/ory/kratos/commit/1515b839f52044d6c9674d4a2df43dfeda3bb15b)),\n closes [#2739](https://github.com/ory/kratos/issues/2739)\n\n# [0.10.1](https://github.com/ory/kratos/compare/v0.10.0...v0.10.1) (2022-06-01)\n\nRe-release the SDK.\n\n### Bug Fixes\n\n- Bump ory cli\n ([12ceae0](https://github.com/ory/kratos/commit/12ceae005749c5dd01959720925418d643f13070))\n\n### Code Generation\n\n- Pin v0.10.1 release commit\n ([ab16580](https://github.com/ory/kratos/commit/ab16580b4326250885b920198b280456eb873a6b))\n\n# [0.10.0](https://github.com/ory/kratos/compare/v0.9.0-alpha.3...v0.10.0) (2022-05-30)\n\nWe achieved a major milestone - Ory Kratos is out of alpha! Ory Kratos had no\nmajor changes in the APIs for the last months and feel confident that no large\nbreaking changes will need to be introduced in the near future.\n\nThis release focuses on quality-of-live improvements, resolves several bugs,\nirons out developer experience issues, and introduces session renew\ncapabilities!\n\n## Breaking Changes\n\nPlease be aware that the SDK method signatures for\n`submitSelfServiceRecoveryFlow`, `submitSelfServiceRegistrationFlow`,\n`submitSelfServiceLoginFlow`, `submitSelfServiceSettingsFlow`,\n`submitSelfServiceVerificationFlow` might have changed in your SDK.\n\nThis patch moves several CLI command to comply with the Ory CLI command\nstructure:\n\n```patch\n- ory identities get ...\n+ ory get identity ...\n\n- ory identities delete ...\n+ ory delete identity ...\n\n- ory identities import ...\n+ ory import identity ...\n\n- ory identities list ...\n+ ory list identities ...\n\n- ory identities validate ...\n+ ory validate identity ...\n\n- ory jsonnet format ...\n+ ory format jsonnet ...\n\n- ory jsonnet lint ...\n+ ory lint jsonnet ...\n```\n\nThis patch moves several CLI command to comply with the Ory CLI command\nstructure:\n\n```patch\n- ory identities get ...\n+ ory get identity ...\n\n- ory identities delete ...\n+ ory delete identity ...\n\n- ory identities import ...\n+ ory import identity ...\n\n- ory identities list ...\n+ ory list identities ...\n\n- ory identities validate ...\n+ ory validate identity ...\n\n- ory jsonnet format ...\n+ ory format jsonnet ...\n\n- ory jsonnet lint ...\n+ ory lint jsonnet ...\n```\n\n### Bug Fixes\n\n- Add flow id when return_to is passed to the verification\n ([#2482](https://github.com/ory/kratos/issues/2482))\n ([c2b1c23](https://github.com/ory/kratos/commit/c2b1c2303cd0587b9419d500f2e3d5f9c9c80ad4))\n- Add indices for slow queries\n ([e0cdbc9](https://github.com/ory/kratos/commit/e0cdbc9ab3389de0f65b37758d86bea56d294d64))\n- Add legacy session value\n ([ecfd052](https://github.com/ory/kratos/commit/ecfd05216f5ebb70f1617595d2d398cf1fa3c660)),\n closes [#2398](https://github.com/ory/kratos/issues/2398)\n- **auth0:** Created_at workaround\n ([#2492](https://github.com/ory/kratos/issues/2492))\n ([52a965d](https://github.com/ory/kratos/commit/52a965dc7e4ac868d21261cb44576846426bffa5)),\n closes [#2485](https://github.com/ory/kratos/issues/2485)\n- Avoid excessive memory allocations in HIBP cache\n ([#2389](https://github.com/ory/kratos/issues/2389))\n ([ee2d410](https://github.com/ory/kratos/commit/ee2d41057a7e6cb2c57c6304c2e7bbf5ad7c56da)),\n closes [#2354](https://github.com/ory/kratos/issues/2354)\n- Change SQLite database mode to 0600\n ([#2344](https://github.com/ory/kratos/issues/2344))\n ([0e5d3b7](https://github.com/ory/kratos/commit/0e5d3b7726a8923fbc2a4c10ec18f0ba97ffbcff)):\n\n The default mode is 0644, which is allows broader access than necessary.\n\n- Compile issues from merge conflict\n ([#2419](https://github.com/ory/kratos/issues/2419))\n ([85a90c8](https://github.com/ory/kratos/commit/85a90c892d785b834cbdf8d029315550210444e2))\n- Correct location\n ([b249aaa](https://github.com/ory/kratos/commit/b249aaad97eabc88c269265359a33cea920ef7f2))\n- **courier:** Add ability to specify backoff\n ([#2349](https://github.com/ory/kratos/issues/2349))\n ([bf970f3](https://github.com/ory/kratos/commit/bf970f32f571164b8081f09f602a3473e079194e))\n- Do not expose debug in a response when a schema is not found\n ([#2348](https://github.com/ory/kratos/issues/2348))\n ([aee2b1e](https://github.com/ory/kratos/commit/aee2b1ed1189b57fcbb1aaa456444d5121be94b1))\n- Do not fail release if no changes needed\n ([114c93e](https://github.com/ory/kratos/commit/114c93eb48c242702b72d7785da70bd31d858214))\n- **Dockerfile:** Use existing builder base image\n ([#2390](https://github.com/ory/kratos/issues/2390))\n ([37de25a](https://github.com/ory/kratos/commit/37de25a541a24e03407ecf344fb750775e48c782))\n- Embed schema\n ([b797bba](https://github.com/ory/kratos/commit/b797bba5910dfd925a11fb86e2dbd14b5dd839d9))\n- Get user first name and last name from Apple\n ([#2331](https://github.com/ory/kratos/issues/2331))\n ([4779909](https://github.com/ory/kratos/commit/47799098b35ea1cf5a1163f57d872a5bb2242d97))\n- Improve error reporting from OpenAPI\n ([8a1009b](https://github.com/ory/kratos/commit/8a1009b16653df13485bab8e33926967c449bf4e))\n- Improve performance of identity schema call\n ([af28de2](https://github.com/ory/kratos/commit/af28de267f21cd72953f3f353d8fd587937b2249))\n- Internal Server Error on Empty PUT /identities/id body\n ([#2417](https://github.com/ory/kratos/issues/2417))\n ([5a50231](https://github.com/ory/kratos/commit/5a50231b553aaa64bd90a3d2cd1be9d2e3aba9ac))\n- Load return_to and append to errors\n ([#2333](https://github.com/ory/kratos/issues/2333))\n ([5efe4a3](https://github.com/ory/kratos/commit/5efe4a33e35e74d248d4eec43dc901b7b6334037)),\n closes [#2275](https://github.com/ory/kratos/issues/2275)\n [#2279](https://github.com/ory/kratos/issues/2279)\n [#2285](https://github.com/ory/kratos/issues/2285)\n- Make delete formattable\n ([0005f35](https://github.com/ory/kratos/commit/0005f357a049ecbf94d76a1e73434837753a04ea))\n- Mark body as required ([#2479](https://github.com/ory/kratos/issues/2479))\n ([c9ae117](https://github.com/ory/kratos/commit/c9ae1175340993cfc93db436c06462c80935ea2a))\n- New issue templates\n ([b9ad684](https://github.com/ory/kratos/commit/b9ad684311ee8c654b2fa382010315e892581f5c))\n- Openapi regression ([#2465](https://github.com/ory/kratos/issues/2465))\n ([37a3369](https://github.com/ory/kratos/commit/37a3369cea8ed5af34e8324a291a7d7dba0eb43a))\n- Quickstart docker-compose ([#2490](https://github.com/ory/kratos/issues/2490))\n ([9717762](https://github.com/ory/kratos/commit/97177629c715028affbc294bdd432fd6c954d5ad)),\n closes [#2488](https://github.com/ory/kratos/issues/2488)\n- Refresh is always false when session exists\n ([d3436d7](https://github.com/ory/kratos/commit/d3436d7fa17589d91e25c9f0bd66bc3bb5b150fa)),\n closes [#2341](https://github.com/ory/kratos/issues/2341)\n- Remove required legacy field\n ([#2410](https://github.com/ory/kratos/issues/2410))\n ([638d45c](https://github.com/ory/kratos/commit/638d45caf480b7287c9762cbf3c593217f40e3e8))\n- Remove wrong templates\n ([4fe2d25](https://github.com/ory/kratos/commit/4fe2d25dd68033a8d7b3dd5f62d87b23a7ba361d))\n- Reorder transactions\n ([78ca4c6](https://github.com/ory/kratos/commit/78ca4c6ca5a49b0800d9c34954638a926d80078b))\n- Resolve index naming issues\n ([d5550b5](https://github.com/ory/kratos/commit/d5550b5ddc4e1677e4c4f808578f573760c6581e))\n- Resolve MySQL index issues\n ([50bdba9](https://github.com/ory/kratos/commit/50bdba9f1117c60e80e153416bc997187b4a60b7))\n- Resolve otelx panics\n ([6613a02](https://github.com/ory/kratos/commit/6613a02b8fd5f6f06e9b6301bdc39037771b3d9b))\n- **sdk:** Improved OpenAPI specifications for UI nodes\n ([#2375](https://github.com/ory/kratos/issues/2375))\n ([a42a0f7](https://github.com/ory/kratos/commit/a42a0f772af3625c457032d6dcc34289a62acc61)),\n closes [#2357](https://github.com/ory/kratos/issues/2357)\n- Serve.admin.request_log.disable_for_health behaviour\n ([#2399](https://github.com/ory/kratos/issues/2399))\n ([0a381fa](https://github.com/ory/kratos/commit/0a381fa3d702f77e614d0492dafa3ac2cd102c7e))\n- **sql:** Add additional join argument to resolve MySQL query issue\n ([854e5cb](https://github.com/ory/kratos/commit/854e5cba80cad52b58571587980c00c038ff6596)),\n closes [#2262](https://github.com/ory/kratos/issues/2262)\n- Unreliable HIBP caching strategy\n ([#2468](https://github.com/ory/kratos/issues/2468))\n ([93bf1e2](https://github.com/ory/kratos/commit/93bf1e2cd53f3a4de3ff414017c17813d36b56da))\n- Use `path` instead of `filepath` to join http route paths\n ([16b1244](https://github.com/ory/kratos/commit/16b12449c841bf7a237fe436b884b4b5012cd022)),\n closes [#2292](https://github.com/ory/kratos/issues/2292)\n- Use JOIN instead of iterative queries\n ([0998cfb](https://github.com/ory/kratos/commit/0998cfb2fdda27ba8baeebcc603aae5fbe5c901f)),\n closes [#2402](https://github.com/ory/kratos/issues/2402)\n- Use pointer of string for PasswordIdentifier in example code\n ([#2421](https://github.com/ory/kratos/issues/2421))\n ([61f12e7](https://github.com/ory/kratos/commit/61f12e7579c7c337d0f415ac2b4029790c659c3d))\n- Use predictable SQLite in memory DSNs\n ([#2415](https://github.com/ory/kratos/issues/2415))\n ([51a13f7](https://github.com/ory/kratos/commit/51a13f712d38a942772b3f4c014971ecb4658d7a)),\n closes [#2059](https://github.com/ory/kratos/issues/2059)\n\n### Code Generation\n\n- Pin v0.10.0 release commit\n ([87e0de7](https://github.com/ory/kratos/commit/87e0de7a10b2a7478d8113ca028bfdb6525bc8e5))\n\n### Code Refactoring\n\n- Deprecate fizz renderer\n ([5277668](https://github.com/ory/kratos/commit/5277668b1324173df95db5e9e4b96ed841ff088b))\n- Move CLI commands to match Ory CLI structure\n ([d11a9a9](https://github.com/ory/kratos/commit/d11a9a9dafdebb53ed9a8359496eb70b8adb99dd))\n- Move CLI commands to match Ory CLI structure\n ([73910a3](https://github.com/ory/kratos/commit/73910a329b1ee46de2607c7ab1958ef2fb6de5f4))\n\n### Documentation\n\n- Add docs about change in default schema\n ([#2447](https://github.com/ory/kratos/issues/2447))\n ([5093cd4](https://github.com/ory/kratos/commit/5093cd47f22311c2e1fdbffd82f0494806076f08))\n- Remove notice importing credentials not possible\n ([#2418](https://github.com/ory/kratos/issues/2418))\n ([b80ed69](https://github.com/ory/kratos/commit/b80ed6955518003ae6b7f647dffd2d49cc999fbc))\n\n### Features\n\n- Add certificate based authentication for smtp client\n ([#2351](https://github.com/ory/kratos/issues/2351))\n ([7200037](https://github.com/ory/kratos/commit/72000375c028f5f7f9cb0d0b1b02f8aa09503e4f))\n- Add ID to the recovery error when already logged in\n ([#2483](https://github.com/ory/kratos/issues/2483))\n ([29e4a51](https://github.com/ory/kratos/commit/29e4a51cc5344dcb44839f8aa57197c41aeeb78d))\n- Add localName to smtp config\n ([#2445](https://github.com/ory/kratos/issues/2445))\n ([27336b6](https://github.com/ory/kratos/commit/27336b63b0c11c1667d5a07230bed82283475aa4)),\n closes [#2425](https://github.com/ory/kratos/issues/2425)\n- Add render-schema script\n ([a0c006e](https://github.com/ory/kratos/commit/a0c006e40fb00608d682b74f44725883b9c7bf4f))\n- Add session renew capabilities\n ([#2146](https://github.com/ory/kratos/issues/2146))\n ([4348b86](https://github.com/ory/kratos/commit/4348b8640a282cd61fe30961faba5753e2af8bb0)),\n closes [#615](https://github.com/ory/kratos/issues/615)\n- Add support for netID provider\n ([#2394](https://github.com/ory/kratos/issues/2394))\n ([ee7fc79](https://github.com/ory/kratos/commit/ee7fc79d49cd6d8f2985809585d1675c8e2ed376))\n- Add tracing to persister\n ([391c54e](https://github.com/ory/kratos/commit/391c54eb3ba721e4912a7a4676acc2f630be2a72))\n- **identity:** Add admin and public metadata fields\n ([562e340](https://github.com/ory/kratos/commit/562e340fe980e7c65ab3fc41f82a2a8899a33bfa)),\n closes [#2388](https://github.com/ory/kratos/issues/2388)\n [#47](https://github.com/ory/kratos/issues/47):\n\n This patch adds two new keys to identities, `metadata_public` and\n `metadata_admin` that can be used to store additional metadata about\n identities in Ory.\n\n- Read subject id from https://graph.microsoft.com/v1.0/me for microsoft\n ([#2347](https://github.com/ory/kratos/issues/2347))\n ([852f24f](https://github.com/ory/kratos/commit/852f24fb5cd8576f3f6d35017ce85e4fa1c51c95)):\n\n Adds the ability to read the OIDC subject ID from the\n `https://graph.microsoft.com/v1.0/me` endpoint. This introduces a new field\n `subject_source` to the OIDC configuration.\n\n Closes https://github.com/ory/kratos/pull/2153\n\n- **sdk:** Add cookie headers to all form submissions\n ([#2467](https://github.com/ory/kratos/issues/2467))\n ([9a969fd](https://github.com/ory/kratos/commit/9a969fd927ae8436a863e91ecb6574cb3bb1c3a6)),\n closes [#2003](https://github.com/ory/kratos/issues/2003)\n [#2454](https://github.com/ory/kratos/issues/2454)\n- **sdk:** Add csrf cookie for login flow submission\n ([#2454](https://github.com/ory/kratos/issues/2454))\n ([2bffee8](https://github.com/ory/kratos/commit/2bffee81f0e8a98851a3e11b4fc4969d95e9b445))\n- Support argon2i password ([#2395](https://github.com/ory/kratos/issues/2395))\n ([8fdadf9](https://github.com/ory/kratos/commit/8fdadf9d1724d28ae11996304703e06671549660))\n- Switch to opentelemetry tracing\n ([#2318](https://github.com/ory/kratos/issues/2318))\n ([121a4d3](https://github.com/ory/kratos/commit/121a4d3fc0f396e8da50ad1985cacf68a5c85a12))\n- **tracing:** Improved tracing for requests\n ([#2475](https://github.com/ory/kratos/issues/2475))\n ([b90a558](https://github.com/ory/kratos/commit/b90a5582284f1ceb0e97575e3b3562603b65ec5f))\n- Upgrade to Go 1.18\n ([725d202](https://github.com/ory/kratos/commit/725d202e6ae15b3b5c3282e03c03a40480a2e310))\n\n### Tests\n\n- Fix incorrect assertion\n ([b5b1361](https://github.com/ory/kratos/commit/b5b1361defa8faa6ea36d50a8d940c76f70c4ddd))\n- Resolve regressions\n ([dd44593](https://github.com/ory/kratos/commit/dd44593a51a9277c717170360f9794837e4f910c))\n\n### Unclassified\n\n- BREAKING CHANGES: This patch group updates the tracing provider from\n OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin,\n DataDog, Elastic APM have been deactivated temporarily. The best way to re-add\n support for them is to make a pull request at\n https://github.com/ory/x/tree/master/otelx and check the status of\n https://github.com/ory/x/issues/499\n ([7165fa0](https://github.com/ory/kratos/commit/7165fa04fa1c9442cad8da5c5814453e1ca0ba7b)):\n\n The configuration has not changed, and thus no changes to your system are\n required if you use Jaeger.\n\n# [0.9.0-alpha.3](https://github.com/ory/kratos/compare/v0.9.0-alpha.2...v0.9.0-alpha.3) (2022-03-25)\n\nResolves an issue in the quickstart.\n\n## Breaking Changes\n\nCalling /self-service/recovery without flow ID or with an invalid flow ID while\nauthenticated will now respond with an error instead of redirecting to the\ndefault page.\n\nCloses https://github.com/ory-corp/cloud/issues/2173\n\nCo-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com>\n\n### Bug Fixes\n\n- Accept recovery link from authenticated users\n ([#2195](https://github.com/ory/kratos/issues/2195))\n ([0fa64dd](https://github.com/ory/kratos/commit/0fa64dd7fdaaadf92bddb600bbf201fb6e9d1fed)):\n\n When a recovery link is opened while the user already has a session cookie\n (possibly for another account), the endpoint will now correctly complete the\n recovery process and issue new cookies.\n\n- Quickstart\n ([73b461c](https://github.com/ory/kratos/commit/73b461c6ea45e0feaab734d0eb0ce380993e95d4)):\n\n Closes https://github.com/ory/kratos/issues/2339\n\n- Resolve issue where CF cookies would mingle with CSRF detection in API flows\n ([011219a](https://github.com/ory/kratos/commit/011219a40027d2c1b06c2797951a55e2f07c0845))\n- Typo in error message ([#2332](https://github.com/ory/kratos/issues/2332))\n ([b075a5b](https://github.com/ory/kratos/commit/b075a5b30b47e79af1330238a3b5ea97a3c2ac4b))\n- Update v0.9.0-alpha.2 config schema path\n ([#2328](https://github.com/ory/kratos/issues/2328))\n ([55705c7](https://github.com/ory/kratos/commit/55705c7ce0ff76dc7ddda24524db919dcb51225a))\n- **version schema:** Require version or fall back to latest\n ([52c9824](https://github.com/ory/kratos/commit/52c98247d4c170f79fa25a019d7f4a73b3e5fdc4))\n\n### Code Generation\n\n- Pin v0.9.0-alpha.3 release commit\n ([32e36d4](https://github.com/ory/kratos/commit/32e36d4e75f888e69653625a52171200b4968a6c))\n\n### Documentation\n\n- Add missing error codes\n ([b854bb8](https://github.com/ory/kratos/commit/b854bb8a33794bba684abbfe5abc6b8da1c54f44))\n- Clarify 410 error for api payloads\n ([2c7ac3b](https://github.com/ory/kratos/commit/2c7ac3b15a65e629ba25c0170fce68aa9eb3a80a))\n\n# [0.9.0-alpha.2](https://github.com/ory/kratos/compare/v0.9.0-alpha.1...v0.9.0-alpha.2) (2022-03-22)\n\nResolves an issue in the SDK release pipeline.\n\n### Bug Fixes\n\n- Swag location\n ([5b51bfb](https://github.com/ory/kratos/commit/5b51bfbb10592c9e7dce14689f48530427c34edc))\n\n### Code Generation\n\n- Pin v0.9.0-alpha.2 release commit\n ([f5501cf](https://github.com/ory/kratos/commit/f5501cf575a74884555e0e1e4cba39c552f4868f))\n\n# [0.9.0-alpha.1](https://github.com/ory/kratos/compare/v0.8.3-alpha.1.pre.0...v0.9.0-alpha.1) (2022-03-21)\n\nOry Kratos v0.9 is here! We're extremely happy to announce that the new release\nis out and once again it's been made even better thanks to the incredible\ncontributions from our awesome community. <3\n\nEnjoy!\n\nHere's an overview of things you can expect from the v0.9 release:\n\n1. We introduced 1:1 compatibility between self-hosting Ory Kratos and using Ory\n Cloud. The configuration works the same across all modes of operation and\n deployment!\n2. Passwordless login with WebAuthn is now available! Authentication with\n YubiKeys, TouchID, FaceID, Microsoft Hello, and other WebAuthn-supported\n methods is now available. The refactored infrastructure lays a foundation for\n more passwordless flows to come.\n3. All the docs are now available in a single repo. Go to the\n [ory/docs](https://github.com/ory/docs) repository to find docs for all Ory\n projects.\n4. You can now load custom email templates that'll make your essential messaging\n like project invitations or password recovery emails look slick.\n5. We've laid the foundation for adding SMS-dependant flows.\n6. Security is always a top priority. We've made changes and updates such as CSP\n nonces, SSRF defenses, session invalidation hooks, and more.\n7. Kratos now gracefully handles cookie errors.\n8. Password policies are now configurable.\n9. Added configuration to control the flow of webhooks. Now you can cancel flows\n & run them in the background.\n10. You can import identities along with their credentials (password, social\n sign-in connections, WebAuthn, ...).\n11. Infra: we migrated all of our CIs from CircleCI to GitHub Actions.\n12. We moved the admin API from `/` to `admin`. **This is a breaking change**.\n Please read the explanation and proceed with caution!\n13. Bugfix: fixed a bug in the handling of secrets. **This is a breaking\n change**. Please read the explanation and proceed with caution!\n14. Bugfix: several bugs in different self-service flows are no more.\n\nAs you can see, this release introduces breaking changes. We tried to keep the\nHTTP API as backward-compatible as possible by introducing HTTP redirects and\nother measures, but this update requires you to take extra care. Make sure\nyou've read the release notes and understand the risk before updating.\n\nYou must apply SQL migrations for this release. **Make sure to create backup\nbefore you start!**\n\n## Breaking Changes\n\nConfiguration key `selfservice.whitelisted_return_urls` has been renamed to\n`allowed_return_urls`.\n\nAll endpoints at the Admin API are now exposed at `/admin/`. For example,\nendpoint `https://kratos:4434/identities` is now exposed at\n`https://kratos:4434/admin/identities`. This change makes it easier to configure\nreverse proxies and API Gateways. Additionally, it introduces 1:1 compatibility\nbetween Ory Cloud's APIs and self-hosted Ory Kratos. Please note that nothing\nhas changed in terms of the port. To make the migration less painful, we have\nset up redirects from the old endpoints to the new `/admin` endpoints, so your\nAPIs, SDKs, and clients should continue working as they were working before.\nThis change is marked as a breaking change as it touches many endpoints and\nmight be confusing when encountering the redirect for the first time.\n\nIf you are using two or more secrets for the `secrets.session`, this patch might\nbreak existing Ory Session Cookies. This has the effect that users will need to\nre-authenticate when visiting your app.\n\nThe `password_identifier` form field of the password login strategy has been\nrenamed to `identifier` to make compatibility with passwordless flows possible.\nField name `password_identifier` will still be accepted. Please note that the UI\nnode for displaying the \"username\" / \"email\" field has this `name=\"identifier\"`\ngoing forward. Additionally, the `traits` of the password strategy are no longer\nwithin group `password` but instead in group `profile` going forward!\n\nThe following OpenID Connect configuration keys have been renamed to better\nexplain their purpose:\n\n```patch\n- private_key_id\n+ apple_private_key_id\n\n- private_key\n+ apple_private_key\n\n- team_id\n+ apple_team_id\n\n- tenant\n+ microsoft_tenant\n```\n\nA major issue has been lingering in the configuration for a while. What happens\nto your identities when you update a schema? The answer was, it depends on the\nchange. If the change is incompatible, some things might break!\n\nTo resolve this problem we changed the way you define schemas. Instead of having\na global `default_schema_url` which developers used to update their schema, you\nnow need to define the `default_schema_id` which must reference schema ID in\nyour config. To update your existing configuration, check out the patch example\nbelow:\n\n```patch\nidentity:\n- default_schema_url: file://stub/identity.schema.json\n+ default_schema_id: default\n+ schemas:\n+ - id: default\n+ url: file://stub/identity.schema.json\n```\n\nIdeally, you would version your schema and update the `default_schema_id` with\nevery change to the new version:\n\n```yaml\nidentity:\n default_schema_id: user_v1\n schemas:\n - id: user_v0\n url: file://path/to/user_v0.json\n - id: user_v1\n url: file://path/to/user_v1.json\n```\n\n### Bug Fixes\n\n- Add CourierConfig to default registry\n ([#2243](https://github.com/ory/kratos/issues/2243))\n ([2e1fba3](https://github.com/ory/kratos/commit/2e1fba3ca88e273362978fe29197fe44a879813e))\n- Add DispatchMessage to interface\n ([df2ca7a](https://github.com/ory/kratos/commit/df2ca7a7c97a28d40c6a8af082f99ff7706ee9db))\n- Add missing enum ([#2223](https://github.com/ory/kratos/issues/2223))\n ([4b7d7d0](https://github.com/ory/kratos/commit/4b7d7d0011207614ab12f52bb3a911b62581ebe9)):\n\n Closes https://github.com/ory/sdk/issues/147\n\n- Add output-dir input to cli-next\n ([#2230](https://github.com/ory/kratos/issues/2230))\n ([1eb3f18](https://github.com/ory/kratos/commit/1eb3f189f29cc032c44cbd9803acbf99362e5a62))\n- Added malformed config test\n ([5a3c9c1](https://github.com/ory/kratos/commit/5a3c9c162bd1da5c7bb938192a5e82789bac52cc))\n- Appropriately pass context around\n ([#2241](https://github.com/ory/kratos/issues/2241))\n ([668f6b2](https://github.com/ory/kratos/commit/668f6b246db1f61b9800f7581bedba4fa25318c4)):\n\n Closes https://github.com/ory/cloud/issues/56\n\n- Base redirect URL decoding\n ([acdefa7](https://github.com/ory/kratos/commit/acdefa7464825e5307132eab5cd2752e1841c3de))\n- Base64 encode identity schema URLs\n ([ad44e4d](https://github.com/ory/kratos/commit/ad44e4d5f2cea86a95cc376c94fb5f5ac5bc1b82)):\n\n Previously, identity schema IDs with special characters could lead to broken\n URLs. This patch introduces a change where identity schema IDs are base64\n encoded to address this issue. Schema IDs that are not base64 encoded will\n continue working.\n\n- Broken links API spec\n ([e1e7516](https://github.com/ory/kratos/commit/e1e75165785f48f5a154c899e1c4168bcbb7d8c3))\n- Cloud config issue\n ([135b29c](https://github.com/ory/kratos/commit/135b29c647c87569cc85e8a72babb8d6777ebd24))\n- Correct recovery hook\n ([c7682a8](https://github.com/ory/kratos/commit/c7682a8fd97fdac87d59d3e7fb798384b018c40f))\n- **courier:** Improve composability\n ([d47150e](https://github.com/ory/kratos/commit/d47150e8440a03ce34d6085fb693bddf2c02620b))\n- Do not error when HIBP behaves unexpectedly\n ([#2251](https://github.com/ory/kratos/issues/2251))\n ([a431c1e](https://github.com/ory/kratos/commit/a431c1e1976f740bedb2fec4ce88b7d1b832e42c)),\n closes [#2145](https://github.com/ory/kratos/issues/2145)\n- Do not remove all credentials when remove all security keys\n ([#2233](https://github.com/ory/kratos/issues/2233))\n ([ecd715a](https://github.com/ory/kratos/commit/ecd715a0437c0b068aa0c6a17cd2ba53fe034354))\n- Don't inherit flow type in recovery and verification flows\n ([#2250](https://github.com/ory/kratos/issues/2250))\n ([c5b444a](https://github.com/ory/kratos/commit/c5b444aa2bf46b3a86d08f693ab200a30bd4a609)),\n closes [#2049](https://github.com/ory/kratos/issues/2049)\n- **embed:** Disallow additional props\n ([b2018ce](https://github.com/ory/kratos/commit/b2018ce3b1667fffc9d0a2c4c82cfafed7f3cac5))\n- **embed:** Do not require plaintext/html in email config\n ([dfe4140](https://github.com/ory/kratos/commit/dfe4140dda44d4b64988b94272b4776e362abde5))\n- Ensure no internal networks can be called in SMS sender\n ([65e42e5](https://github.com/ory/kratos/commit/65e42e5cb3a9a3a81e3c623fa066a7651dfb0699))\n- **identity:** Slow query performance on MySQL\n ([731b3c7](https://github.com/ory/kratos/commit/731b3c7ba48271e2fb6bbd53b0281d5269012332)),\n closes [#2278](https://github.com/ory/kratos/issues/2278)\n- Improve password error resilience on settings flow\n ([e614f6e](https://github.com/ory/kratos/commit/e614f6e94e1d0f66f48bd058b015ab467d6b1b07))\n- Improve soundness of credential identifier normalization\n ([e475163](https://github.com/ory/kratos/commit/e475163330d06ca02cd0419e4b7216f03218e8c5))\n- Incorrect makefile rule ([#2222](https://github.com/ory/kratos/issues/2222))\n ([83a0ce7](https://github.com/ory/kratos/commit/83a0ce7d20e59c2fb1a35fa071a3d11a9280bcad))\n- **login:** Put passwordless login before password\n ([df9245f](https://github.com/ory/kratos/commit/df9245fbc403e1b8f2dd1378678963cc0d71ef1a))\n- **lookup:** Resolve credentials counting regression\n ([50782c6](https://github.com/ory/kratos/commit/50782c68c77ce1c0d8c092678a6710e0be6fa18d))\n- Lower-case jsonnet context for sms\n ([8c58e94](https://github.com/ory/kratos/commit/8c58e94707122a9b50873ca1acaa32659b5b8416))\n- Mark struct as used\n ([33f3dfe](https://github.com/ory/kratos/commit/33f3dfeba5af3808f34b16241d74993ceed788be))\n- Mark width and height as required\n ([#2322](https://github.com/ory/kratos/issues/2322))\n ([37f2f22](https://github.com/ory/kratos/commit/37f2f220ce699e031018777c9976cafa22faa984)):\n\n Closes https://github.com/ory/sdk/issues/157\n\n- Move to new post-release steps\n ([#2206](https://github.com/ory/kratos/issues/2206))\n ([10778fd](https://github.com/ory/kratos/commit/10778fdd16a116b5dc8f4c2bdc96a895728d9aec))\n- Mr comment fix\n ([96c917e](https://github.com/ory/kratos/commit/96c917e3c1b02b13be55056bfd94b517007fc206))\n- **oidc:** Improve empty credential handling\n ([124d4ce](https://github.com/ory/kratos/commit/124d4ce9fe949dcea4fd5ff8e45530835d38cb3c))\n- **oidc:** Incorrect error handling\n ([c8d789c](https://github.com/ory/kratos/commit/c8d789c10e2be11dfc8c3eea01a339637f89ea63))\n- Order regression\n ([2cb5d2b](https://github.com/ory/kratos/commit/2cb5d2bf2d645a0e63cf289c966ee8557edbf333))\n- Pass context to registration flow\n ([c8d55b3](https://github.com/ory/kratos/commit/c8d55b339647cdca3c9beace760dc3a9beac31c1))\n- Pass docs output dir as a separate argument\n ([78c69a2](https://github.com/ory/kratos/commit/78c69a2790c957bf8102260150d69b1844899ed9))\n- Pass token to render-version-schema\n ([#2246](https://github.com/ory/kratos/issues/2246))\n ([4d117e5](https://github.com/ory/kratos/commit/4d117e51abef739d686e48dede63a030a753be41))\n- **password:** Schema regressions\n ([271d5fa](https://github.com/ory/kratos/commit/271d5fa93f96721d7bf8aa841c700dfec1de4104))\n- Properly check for not found\n ([77ac199](https://github.com/ory/kratos/commit/77ac199f00f04eb7fd40db6fb546921271026e20))\n- Properly pass context ([#2300](https://github.com/ory/kratos/issues/2300))\n ([fab8a93](https://github.com/ory/kratos/commit/fab8a939c97e61c028143e37e2a78d3edd569da0))\n- Provide access to root path and error page\n ([#2317](https://github.com/ory/kratos/issues/2317))\n ([f360ee8](https://github.com/ory/kratos/commit/f360ee8e65dc64983181746d1059eac53588e029))\n- Rebase regressions\n ([d1c5085](https://github.com/ory/kratos/commit/d1c508570032c620a654b896111215a76a811517))\n- **registration:** Order for passwordless webauthn\n ([8427322](https://github.com/ory/kratos/commit/8427322b31fb5206a55e9f62823745fcc6983a22))\n- Remove non-hermetic sprig functions\n ([#2201](https://github.com/ory/kratos/issues/2201))\n ([17e0acc](https://github.com/ory/kratos/commit/17e0acc527cfbb703d9d44b776138da23b217ca4)):\n\n Closes https://github.com/ory/kratos/issues/2087\n\n- Resolve issues with the CI pipeline\n ([d15bd90](https://github.com/ory/kratos/commit/d15bd90433ed191c2eb41f119ed288906827334e))\n- Resolve merge regression\n ([d8ca4f3](https://github.com/ory/kratos/commit/d8ca4f327499f94c811c55237f210288fb6a9dd5))\n- Resolve prettier issues\n ([32bf052](https://github.com/ory/kratos/commit/32bf052f0084860623ea815ed913e94261c89070))\n- Resolve remaining passwordless regressions\n ([151c8cf](https://github.com/ory/kratos/commit/151c8cfb53402aaf2518a471579c25c3785b13d2))\n- Resovle lint errors\n ([afb7aaf](https://github.com/ory/kratos/commit/afb7aaf7b019756a624e7f1b2e35fd575882570a))\n- Return 400 instead of 404 on admin recovery\n ([ae2509c](https://github.com/ory/kratos/commit/ae2509cf7a95f940d33945271ac1fe8fc255506b)),\n closes [#1664](https://github.com/ory/kratos/issues/1664)\n- **sdk:** Add all available discriminators\n ([5d70f9c](https://github.com/ory/kratos/commit/5d70f9c70a39067c2d6c0b1f127ff28ca39e77a9)),\n closes [#2287](https://github.com/ory/kratos/issues/2287)\n [#2288](https://github.com/ory/kratos/issues/2288)\n- **sdk:** Add webauth and lookup_secret to identityCredentialsType\n ([#2276](https://github.com/ory/kratos/issues/2276))\n ([61ce3c0](https://github.com/ory/kratos/commit/61ce3c0c35366f587bfee5c89496fa15432bb241))\n- **sdk:** Correct minimum page to 1\n ([a28362e](https://github.com/ory/kratos/commit/a28362e054cf12441ed25d8927cd63e3264bfed6)),\n closes [#2286](https://github.com/ory/kratos/issues/2286)\n- **selfservice:** Cannot login after remove security keys and all other 2FA\n settings ([#2181](https://github.com/ory/kratos/issues/2181))\n ([5ff6773](https://github.com/ory/kratos/commit/5ff6773ab8512bdfb8d2c7b650970711cbb012ba)),\n closes [#2180](https://github.com/ory/kratos/issues/2180)\n- **selfservice:** Login self service flow with TOTP does not pass on return_to\n URL ([#2175](https://github.com/ory/kratos/issues/2175))\n ([3eaa88e](https://github.com/ory/kratos/commit/3eaa88e74e1540b14b6e41df2881346c60b92046)),\n closes [#2172](https://github.com/ory/kratos/issues/2172)\n- **session:** Correctly calculate aal for passwordless webauthn\n ([c7eb970](https://github.com/ory/kratos/commit/c7eb970ed252577e06d3d769d2545d5e8e98175a))\n- **session:** Properly declare session secrets\n ([6312afd](https://github.com/ory/kratos/commit/6312afd2eb0d1dc808d600a902eb1e16b07fd9cb)),\n closes [#2272](https://github.com/ory/kratos/issues/2272):\n\n Previously, a misconfiguration of Gorilla's session store caused incorrect\n handling of the configured secrets. From now on, cookies will also be properly\n encrypted at all times.\n\n- Snapshot regression\n ([6481441](https://github.com/ory/kratos/commit/6481441fe7df1a2fc43ff153697e9bd2160c49b3))\n- Static analysis\n ([a1d3254](https://github.com/ory/kratos/commit/a1d3254346ec0bcc0a8c42bf66a8171e027f0d97))\n- **test:** Parallelization issues\n ([dbcf3fb](https://github.com/ory/kratos/commit/dbcf3fb616db64e1b1f4cb5066113f703ca0b2ee))\n- **text:** Incorrect IDs for different messages\n ([0833321](https://github.com/ory/kratos/commit/0833321e04e9865046294b051376bed415a41441)),\n closes [#2277](https://github.com/ory/kratos/issues/2277)\n- **totp:** Resolve credentials counting regression\n ([737bb3f](https://github.com/ory/kratos/commit/737bb3f71e91f7c735231d0131072aca4f5622ea))\n- Typo\n ([fbc8b4f](https://github.com/ory/kratos/commit/fbc8b4f9901e7761bef9a7f74a483cb077007cf8))\n- Typo\n ([3bb0d41](https://github.com/ory/kratos/commit/3bb0d41e3696be90cfc12f1bf00a546536e283b6))\n- Unstable ordering\n ([bee26c6](https://github.com/ory/kratos/commit/bee26c65c9511af82b9ed2051ab4f45b9570602d))\n- Unstable webauthn order\n ([6262160](https://github.com/ory/kratos/commit/626216098fcd9411c1b4b7cb3b42784146b29924))\n- Updated oathkeeper+kratos example\n ([#2273](https://github.com/ory/kratos/issues/2273))\n ([567a3d7](https://github.com/ory/kratos/commit/567a3d765aa2115951f6af5b4ed4d2c791231de0))\n- URL with hash sign in after_verification_return_to stays encoded\n ([#2173](https://github.com/ory/kratos/issues/2173))\n ([fb1cb8a](https://github.com/ory/kratos/commit/fb1cb8a993cbf6cb050d7dce91672b05efd53224)),\n closes [#2068](https://github.com/ory/kratos/issues/2068)\n- Use actions/checkout for ui repos\n ([f0136ca](https://github.com/ory/kratos/commit/f0136cac639862bf50933063b7dc38973739139b))\n- Use correct dir for clidoc\n ([8c8a1ab](https://github.com/ory/kratos/commit/8c8a1ab7b41fa026189cec8d1f77e2e89c696d11))\n- Use HTTP 303 instead of 302 for selfservice redirects\n ([#2215](https://github.com/ory/kratos/issues/2215))\n ([50b6bd8](https://github.com/ory/kratos/commit/50b6bd892ae6efba34773811ef488f15fc95154f)),\n closes [#1969](https://github.com/ory/kratos/issues/1969)\n- Use latest hydra version\n ([ffb3f20](https://github.com/ory/kratos/commit/ffb3f20e67d357160c024f5e58ebf63a9aec41ff))\n- **webauthn:** Resolve missing identifier bug\n ([93a1ae4](https://github.com/ory/kratos/commit/93a1ae4fe98487a0bca00d2afdc5e7b07c0e1c46))\n- **webauthn:** Schema regressions\n ([970e861](https://github.com/ory/kratos/commit/970e861714ec01c5cfe19545871798d9ad0ae70c))\n- **webauth:** SPA regressions for login\n ([be378ff](https://github.com/ory/kratos/commit/be378ffa5ddbd56a00b471dce861ec074eed5192))\n- Yq version\n ([41b6f18](https://github.com/ory/kratos/commit/41b6f1879f23866c070100dd1767f841bff3a815))\n\n### Code Generation\n\n- Pin v0.9.0-alpha.1 release commit\n ([72bd2ed](https://github.com/ory/kratos/commit/72bd2ed67559a64415b2686e8f67c42df888e49e))\n\n### Code Refactoring\n\n- All admin endpoints are now exposed under `/admin/` on the admin port\n ([8acb4cf](https://github.com/ory/kratos/commit/8acb4cfaa61ef52619e889b8c862191c6b92e5eb))\n- Distinguish between first and multi factor credentials\n ([8de9d01](https://github.com/ory/kratos/commit/8de9d01d9edae485f5a6ea7c68584ba4019a24d6))\n- Identity.default_schema_url is now `identity.default_schema_id`\n ([#1964](https://github.com/ory/kratos/issues/1964))\n ([e4f205d](https://github.com/ory/kratos/commit/e4f205d69bec07a71bf1d34d97ab3a6b99a4cc46))\n- **identity:** Move credentials counter\n ([c9875a7](https://github.com/ory/kratos/commit/c9875a7582accc740061e6a19d7b4b0998899f3f))\n- Mimic credentials config on import\n ([c3eb7ce](https://github.com/ory/kratos/commit/c3eb7ce60597954a60b8903ac011a643d0facf12))\n- Move credential configs for oidc and password\n ([50ac851](https://github.com/ory/kratos/commit/50ac851cc4534aa474a76c208f15483548ec8631))\n- Move docs to ory/docs\n ([57151da](https://github.com/ory/kratos/commit/57151da6adc85753d54c108637298642ccbc8347))\n- **oidc:** Credentials counting\n ([b75a639](https://github.com/ory/kratos/commit/b75a6390de85e10db8e9e17a74e95dd6dd716442))\n- **password:** DRY up registration helpers\n ([8a51839](https://github.com/ory/kratos/commit/8a51839ba85ddb5a345fef65f30b4325103ce38a))\n- **password:** Internals and deprecated fields\n ([a7784bd](https://github.com/ory/kratos/commit/a7784bdb52aff0ac171e59b2301755b65c842813))\n- Rename `password_identifier` field to `identifier`\n ([4dbe0ea](https://github.com/ory/kratos/commit/4dbe0ea41f49e198840292fc101258a4bdca826e))\n- Rename `whitelisted_return_urls` to `allowed_return_urls`\n ([#2299](https://github.com/ory/kratos/issues/2299))\n ([686c9ba](https://github.com/ory/kratos/commit/686c9ba08ff1db8a310eaed5c4b3aec69e0f84da))\n- **session:** Aal computation\n ([a136de9](https://github.com/ory/kratos/commit/a136de99a0f8fe78ee344f2243359c781b166378))\n- Update apple and microsoft config key names\n ([#2261](https://github.com/ory/kratos/issues/2261))\n ([6da2370](https://github.com/ory/kratos/commit/6da2370b4e6833ef61ca03214261e45c4786cb44)),\n closes [#1979](https://github.com/ory/kratos/issues/1979)\n\n### Documentation\n\n- Add debug tip ([#2186](https://github.com/ory/kratos/issues/2186))\n ([a1ada22](https://github.com/ory/kratos/commit/a1ada2255d132b1f3ea8cb494620b9c17b42f161))\n- Add react example code ([#2185](https://github.com/ory/kratos/issues/2185))\n ([0689cc7](https://github.com/ory/kratos/commit/0689cc73ccc9a472c5610f1e011c6ccbc5e0c20d))\n- Cloud\n ([8d1d65d](https://github.com/ory/kratos/commit/8d1d65d9d12a894bd25c82394e0392e228fe383d))\n- Fix broken links\n ([d88c56f](https://github.com/ory/kratos/commit/d88c56fc0ebf042d1270d04a2382784e5200654d))\n- Fix broken links API doc ([#2296](https://github.com/ory/kratos/issues/2296))\n ([47eaae5](https://github.com/ory/kratos/commit/47eaae575023469834c0c3a4aac64dc6d880e164))\n- Fix versions\n ([7186ff3](https://github.com/ory/kratos/commit/7186ff354b9c3d0fbd3fb809546075fcfcd0c57f))\n- Replace all mentions of Ory Kratos SDK with Ory SDK\n ([#2187](https://github.com/ory/kratos/issues/2187))\n ([4e6897f](https://github.com/ory/kratos/commit/4e6897ff2220b5668d784a16dd1f48db30f271f0))\n- Update readme\n ([e7d9da1](https://github.com/ory/kratos/commit/e7d9da199825fb15ae720c0496a257590b353a26))\n\n### Features\n\n- Abandon courier messages after configurable timeout\n ([#2257](https://github.com/ory/kratos/issues/2257))\n ([bff92f7](https://github.com/ory/kratos/commit/bff92f73b3f12d2dffa2061eb0e51e746eba2185))\n- Add `webauthn` to list of identifiers\n ([1a8b256](https://github.com/ory/kratos/commit/1a8b256cca33aa9cbb143e7e8fc1efc8217e9b8a)):\n\n This patch adds the key `webauthn` to the list of possible identifiers in the\n Identity JSON Schema. Use this key to specify what field is used to find the\n WebAuthn credentials on passwordless login flows.\n\n- Add credential migrator pattern\n ([77afc6f](https://github.com/ory/kratos/commit/77afc6f8ea868eaba7853adfcb9ed159b44ecbc8))\n- Add message for missing webauthn credentials\n ([303dc6b](https://github.com/ory/kratos/commit/303dc6bc33c20cd619d2542180247bd7b7f02092))\n- Add new messages\n ([09e6fd1](https://github.com/ory/kratos/commit/09e6fd16bb6be0ff3ee209bbfe69e967546f70da))\n- Add npm install step\n ([3d253e5](https://github.com/ory/kratos/commit/3d253e58ec7d4464d9749efe6ecc4a5c1d9be789))\n- Add versioning and improve compatibility for credential migrations\n ([78ce668](https://github.com/ory/kratos/commit/78ce668a38c914939028be42cd30eefa566ed09a))\n- Added sms sending support to courier\n ([687eca2](https://github.com/ory/kratos/commit/687eca24aac7a7b89cc949693271343573107898))\n- Allow empty version string\n ([419f94b](https://github.com/ory/kratos/commit/419f94bc1065771e49982faf56f8ef90a30bc306))\n- Cancelable web hooks\n ([44a5323](https://github.com/ory/kratos/commit/44a5323f835860dccd11460d666f620026e8b58d)):\n\n Introduces the ability to cancel web hooks by calling `error \"cancel\"` in\n JsonNet.\n\n- **config:** Add option to mark webauthn as passwordless-able\n ([0455e3f](https://github.com/ory/kratos/commit/0455e3fe901cff6ff314fd59a35864886672327c)):\n\n Adds option `passwordless` to `selfservice.methods.webauthn.config`, making it\n possible to use WebAuthn for first-factor authentication, or so-called\n \"passwordless\" authentication.\n\n- Courier template configs ([#2156](https://github.com/ory/kratos/issues/2156))\n ([799b6a8](https://github.com/ory/kratos/commit/799b6a81add747d3001a1758e08ee7b4c6463d64)),\n closes [#2054](https://github.com/ory/kratos/issues/2054):\n\n It is now possible to override individual courier email templates using the\n configuration system!\n\n- **courier:** Expose setters again\n ([598dc3a](https://github.com/ory/kratos/commit/598dc3a4d7c27838e9058382378972a1c0330bde))\n- **e2e:** Add passwordless flows and fix bugs\n ([ef3871b](https://github.com/ory/kratos/commit/ef3871bd9b3e7e5f4360da8d1b7749cc005b4e19))\n- **identity:** Add identity credentials helpers\n ([b7be327](https://github.com/ory/kratos/commit/b7be327a370368932ff390968acffaa1ce6d55a0))\n- **identity:** Add versioning to credentials\n ([aaf779a](https://github.com/ory/kratos/commit/aaf779ac1c29b24ece6d5f3d7892a3bf08277653))\n- Ignore web hook response\n ([ae87914](https://github.com/ory/kratos/commit/ae87914512025c05d814a1200eda66d8f931ce44)):\n\n Introduces the ability to ignore responses from web hooks in favor of faster\n and non-blocking execution.\n\n- Make sensitive log value redaction text configurable\n ([#2321](https://github.com/ory/kratos/issues/2321))\n ([9b66e43](https://github.com/ory/kratos/commit/9b66e437d0aeed61643b76aea7d49cad001dc8cf))\n- **oidc:** Customizable base redirect uri\n ([fa1f234](https://github.com/ory/kratos/commit/fa1f23469f2fecfa82fa38147f601d969bd9aaa4)):\n\n Closes https://github.com/ory-corp/cloud/issues/2003\n\n- Password, social sign, verified email in import\n ([41a27b1](https://github.com/ory/kratos/commit/41a27b1e15e090d3e99cdcfc3c1ba8eac76097a4)),\n closes [#605](https://github.com/ory/kratos/issues/605):\n\n This patch introduces the ability to import passwords (cleartext, PKBDF2,\n Argon2, BCrypt) and Social Sign In connections when creating identities!\n\n- **recovery:** Allow invalidation of existing sessions\n ([5029884](https://github.com/ory/kratos/commit/502988474e2bce46752f7fc7885bc1b91423bbdd)),\n closes [#1077](https://github.com/ory/kratos/issues/1077):\n\n You can now use the `revoke_active_sessions` hook in the recovery flow. It\n invalidates all of an identity's sessions on successful account recovery.\n\n- **schema:** Add functionality to disallow internal HTTP requests\n ([6e08416](https://github.com/ory/kratos/commit/6e08416235bd821493df4d9cda2e8bd76d507871)):\n\n See https://github.com/ory-corp/cloud/issues/1261\n\n- **security:** Add e2e tests for various private network SSRF defenses\n ([b049bc3](https://github.com/ory/kratos/commit/b049bc304cd79568ee82f1423e583949f63d3377))\n- **security:** Add SSRF defenses in OIDC\n ([d37dc5d](https://github.com/ory/kratos/commit/d37dc5d7946252783463bc9e99f7f792e2735614))\n- **session:** Add webauthn to extension validation\n ([049fd8e](https://github.com/ory/kratos/commit/049fd8edc382f344018398027a4e0b3915116ff2))\n- **session:** Webauthn can now be a first factor as well\n ([861bee0](https://github.com/ory/kratos/commit/861bee0f029e3bb3f6b7218be19eaf6c26562b76))\n- Trace web hook calls ([#2154](https://github.com/ory/kratos/issues/2154))\n ([98ee300](https://github.com/ory/kratos/commit/98ee300e065c6e81e6128a509af3f48612cda88a))\n- **webauthn:** Add error preventing deleting last webauthn credential\n ([1209eda](https://github.com/ory/kratos/commit/1209edacaf1b7dea32bd1bd124c86910bc2553c6))\n- **webauthn:** Add new decoder schemas\n ([c3e1501](https://github.com/ory/kratos/commit/c3e1501bf5170416a034130eb68d1db456a47239))\n- **webauthn:** Add passwordless credentials indicator\n ([6e3057a](https://github.com/ory/kratos/commit/6e3057a96a34d22cac193e5c17b4a3c01d2ca045))\n- **webauthn:** Add swagger type\n ([14c2b74](https://github.com/ory/kratos/commit/14c2b745e951a185dee600f6f2e8f93788c67285))\n- **webauthn:** Count passwordless credentials\n ([145af23](https://github.com/ory/kratos/commit/145af23aef8f5c9ffdcec47bac5758da709d4646))\n- **webauthn:** Implement refresh using webauth\n ([bf10868](https://github.com/ory/kratos/commit/bf108688ed146211da3cc2ec4bf0df015e535220)),\n closes [#2284](https://github.com/ory/kratos/issues/2284):\n\n This change introduces the ability to refresh a session (for example when\n entering \"sudo\" mode\") using WebAuthn credentials. In this case, it does not\n matter whether the WebAuthN credentials are for MFA or passwordless flows.\n\n- **webauthn:** Improve schema\n ([790dcf3](https://github.com/ory/kratos/commit/790dcf3a7079d57a088d399c03d040af1019a3aa))\n- **webauthn:** Manage webauthn passwordless keys\n ([5a62ced](https://github.com/ory/kratos/commit/5a62ced175248a85b1e843b4017757aa86d62d23))\n- **webauthn:** Passwordless login\n ([b4c4fd2](https://github.com/ory/kratos/commit/b4c4fd2c25ae5d55350ce573df8295fe6d8c42a1))\n- **webauthn:** Update messages and nodes\n ([22534d8](https://github.com/ory/kratos/commit/22534d8253384f2002033a5b2bbdcf573779a49c))\n- **webauthn:** Use plain bytes for wrapped user\n ([97c8c9e](https://github.com/ory/kratos/commit/97c8c9e25234847622f1ab508cd5d50758d323c0))\n\n### Tests\n\n- Add data for new migration\n ([b0488ef](https://github.com/ory/kratos/commit/b0488efa600024f40b2c019fa0f492dd39c8bfa9))\n- Add tests for new sms options\n ([799fa10](https://github.com/ory/kratos/commit/799fa106cd0fed33afbe76903911df9292d49bf6))\n- **cmd:** Fix regressions\n ([4b92be9](https://github.com/ory/kratos/commit/4b92be9325d02e605e12d96c7990774234ed1d1d))\n- **driver:** Fix regressions\n ([c6f5137](https://github.com/ory/kratos/commit/c6f51377f253275bf7321c67a5e949699ac12adb))\n- **e2e:** Add import tests\n ([ed90f39](https://github.com/ory/kratos/commit/ed90f394d32ee0a3e42c3a9c1c066f94a05d02c1))\n- **e2e:** Reenable hydra\n ([055a491](https://github.com/ory/kratos/commit/055a4912d3e7712d4bc3a3f5cf9c68d1834998dc))\n- **e2e:** Resolve privileged regression\n ([f7dd5ab](https://github.com/ory/kratos/commit/f7dd5aba26b43aa9f60d8429a7d256f48f228578))\n- **e2e:** Resolve regression\n ([b5053c9](https://github.com/ory/kratos/commit/b5053c902331ae166824eb92b89295e693bf0dc7))\n- **e2e:** Resolve regressions\n ([da154c5](https://github.com/ory/kratos/commit/da154c5e549f79ca5703209852981ded07281f43))\n- **e2e:** Resolve regressions\n ([d46d435](https://github.com/ory/kratos/commit/d46d435c40c383bbd844af8fead283ee46a137fb))\n- **e2e:** Resolve regressions and flakes\n ([a607385](https://github.com/ory/kratos/commit/a60738510875f770f9dbb0b3449dbcf2d473ada3))\n- **e2e:** Wait for initial network requests\n ([#2242](https://github.com/ory/kratos/issues/2242))\n ([c5a04b5](https://github.com/ory/kratos/commit/c5a04b5f174e06faca99ebc7461c8ebe8e1f694d))\n- Extract common registration helpers to library\n ([5c1f11b](https://github.com/ory/kratos/commit/5c1f11b2ae65dd73d572e456b522a7d83ac1f473))\n- Fix concurrent database access\n ([46f6fb7](https://github.com/ory/kratos/commit/46f6fb7d246b384e561bdf8952185855f25cce56))\n- Fix regression\n ([f96e48f](https://github.com/ory/kratos/commit/f96e48fa6d4d8b341bcd3f52228b7abff8b934fb))\n- **identity:** Ensure migrations run when fetching identities\n ([322d467](https://github.com/ory/kratos/commit/322d467ac11dcdf4e3210f947b80029c77662065))\n- **identity:** Fix regressions\n ([f492f0e](https://github.com/ory/kratos/commit/f492f0e1d112813d926eac48b5ad5d2e1857a382))\n- Re-enable MySQL\n ([cbe8f6e](https://github.com/ory/kratos/commit/cbe8f6ea4fe48fe84a5cbc8915754f83e7eff428))\n- Remove obsolete test\n ([cd644ae](https://github.com/ory/kratos/commit/cd644aef9175fe21024c37a381722503fcd88555))\n- Remove obsolete test failure\n ([f8fd480](https://github.com/ory/kratos/commit/f8fd48041404344636c51b63d55a668209bed0e0))\n- Remove only\n ([87b3bce](https://github.com/ory/kratos/commit/87b3bce3433601dd918f76c0bc2d25ea4af6e482))\n- Remove unnecessary test\n ([2fa33e4](https://github.com/ory/kratos/commit/2fa33e4f28759b5dc5de78e00e42ed8cc4ccce89))\n- Resolve potential panic\n ([d44af28](https://github.com/ory/kratos/commit/d44af289e9c09a981e80b6f69d22a5cce6b1dbfa))\n- **schema:** Resolve regressions\n ([c6d0810](https://github.com/ory/kratos/commit/c6d08105a270fafd21a14a19e412d7081dedc754))\n- Significantly reduce persister run time\n ([647d6ef](https://github.com/ory/kratos/commit/647d6ef73797462020c2f59ece15e645561182b0))\n- Update fixtures\n ([21462b7](https://github.com/ory/kratos/commit/21462b7eb8cbac719d8ae531969b0fd9d42b5e0c))\n- Update fixtures\n ([299c6e3](https://github.com/ory/kratos/commit/299c6e3be7c120bb769a4b2572ebe42c5ab3ddb1))\n- **webauthn:** Add passwordless profile\n ([88199ea](https://github.com/ory/kratos/commit/88199ea28e8b3460ccc585e5fd1713d398cae15c))\n- **webauthn:** Passwordless registration\n ([c9b6280](https://github.com/ory/kratos/commit/c9b6280720c2fd08191994c86e85ceb1f52a27d2))\n\n### Unclassified\n\n- Move login hinting to own package\n ([1eb2604](https://github.com/ory/kratos/commit/1eb260423491af917edb1256d260ca3d3fb198dc))\n\n# [0.8.3-alpha.1.pre.0](https://github.com/ory/kratos/compare/v0.8.2-alpha.1...v0.8.3-alpha.1.pre.0) (2022-01-21)\n\nautogen: pin v0.8.3-alpha.1.pre.0 release commit\n\n## Breaking Changes\n\nThis patch removes the ability to use domain aliases, an obscure feature rarely\nused that had several issues and inconsistencies.\n\n### Bug Fixes\n\n- Add `identity_id` index to `identity_verifiable_addresses` table\n ([#2147](https://github.com/ory/kratos/issues/2147))\n ([86fd942](https://github.com/ory/kratos/commit/86fd942e9a80e36dd65ef4ac57c5a5546f94995a)):\n\n The verifiable addresses are loaded eagerly into the identity. When that\n happens, the `identity_verifiable_addresses` table is queried by `nid` and\n `identity_id`. This index should greatly improve performance, especially of\n the `/sessions/whoami` endpoint.\n\n- Add ability to resume continuity sessions from several cookies\n ([#2131](https://github.com/ory/kratos/issues/2131))\n ([8b87bdb](https://github.com/ory/kratos/commit/8b87bdb1967654b5fbfbf9799948485b2a9a6af0)),\n closes [#2016](https://github.com/ory/kratos/issues/2016)\n [#1786](https://github.com/ory/kratos/issues/1786)\n- Add hiring notice to README\n ([#2074](https://github.com/ory/kratos/issues/2074))\n ([0c1e816](https://github.com/ory/kratos/commit/0c1e816693ad4a6c3fdb7206bbc95c81cdfdf3c0))\n- Add missing version tag in quickstart.yml\n ([#2110](https://github.com/ory/kratos/issues/2110))\n ([1d281ea](https://github.com/ory/kratos/commit/1d281ea69e551cc3d40415f5405690f445891bb6))\n- Adjust scan configuration ([#2140](https://github.com/ory/kratos/issues/2140))\n ([8506fcf](https://github.com/ory/kratos/commit/8506fcf59d572851b24041b48af6a04b31520a32)),\n closes [#2083](https://github.com/ory/kratos/issues/2083)\n- Admin endpoint `/schemas` not redirecting to public endpoint\n ([#2133](https://github.com/ory/kratos/issues/2133))\n ([413833f](https://github.com/ory/kratos/commit/413833f128c0674f4e8dbb9e73698a9df04cfc1a)),\n closes [#2084](https://github.com/ory/kratos/issues/2084)\n- Choose correct CSRF cookie when multiple are set\n ([633076b](https://github.com/ory/kratos/commit/633076be008104afd50186ebe60722ef21999d5d)),\n closes [ory/kratos#2121](https://github.com/ory/kratos/issues/2121)\n [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786):\n\n Resolves an issue where, when multiple CSRF cookies are set, a random one\n would be used to verify the CSRF token. Now, regardless of how many\n conflicting CSRF cookies exist, if one of them is valid, the request will pass\n and clean up the cookie store.\n\n- **continuity:** Properly reset cookies that became invalid\n ([8e4b4fb](https://github.com/ory/kratos/commit/8e4b4fb3d6dbe668cf0166f4cff49eae753d481c)),\n closes [#2121](https://github.com/ory/kratos/issues/2121)\n [ory-corp/cloud#1786](https://github.com/ory-corp/cloud/issues/1786):\n\n Resolves several reports related to incorrect handling of invalid continuity\n issues.\n\n- **continuity:** Remove cookie on any error\n ([428ac03](https://github.com/ory/kratos/commit/428ac03b582184dbbbc0c9c3ffd399273fd8e1a5))\n- Do not send session after registration without hook\n ([#2094](https://github.com/ory/kratos/issues/2094))\n ([3044229](https://github.com/ory/kratos/commit/3044229227229e81a4ba770eec241a748dd0945c)),\n closes [#2093](https://github.com/ory/kratos/issues/2093)\n- Docker-compose standalone definition\n ([3c7065a](https://github.com/ory/kratos/commit/3c7065ad32ff314c8cbdad8ed89fd9a9f5928f72))\n- Explain mitigations in cookie error messages\n ([ef4b01a](https://github.com/ory/kratos/commit/ef4b01a80ea91114b182ff26759d98cd5ba2cd02))\n- Expose network wrapper\n ([a570607](https://github.com/ory/kratos/commit/a570607d460e7c5f9d49ce38ba7a4e06ae172359))\n- Faq ([#2101](https://github.com/ory/kratos/issues/2101))\n ([311f906](https://github.com/ory/kratos/commit/311f9066a524308b970afc81d98d1a14b78bf63d)):\n\n This patch\n - moves the FAQ to the Debug & Help section\n - renames it to Tips & Troubleshooting\n - moves many of the questions to documents where they fit better, reformatted\n and with added information where needed.\n - also some other spelling/format fixes\n\n See also https://github.com/ory/docusaurus-template/pull/87\n\n- Ignore whitespace around identifier with password strategy\n ([#2160](https://github.com/ory/kratos/issues/2160))\n ([45335c5](https://github.com/ory/kratos/commit/45335c50f719af504974fe54e504d7653db03c78)),\n closes [#2158](https://github.com/ory/kratos/issues/2158)\n- Improve courier test signature\n ([b8888e3](https://github.com/ory/kratos/commit/b8888e3c93a602635b396503b7301396ce740ff8))\n- Include missing type string in config schema\n ([#2142](https://github.com/ory/kratos/issues/2142))\n ([ec2c88a](https://github.com/ory/kratos/commit/ec2c88ac2d65ea1db1146101519cdbb709ebdbbb)):\n\n Inside the config.schema.json under the CORS setting, add the missing type\n (string) for the items of the allowed_origins array\n\n- **login:** Error handling when failed to prepare for an expired flow\n ([#2120](https://github.com/ory/kratos/issues/2120))\n ([fdad834](https://github.com/ory/kratos/commit/fdad834e7577e298887b83b693ddf20632cd7c43))\n- Minor fixes in FAQ update ([#2130](https://github.com/ory/kratos/issues/2130))\n ([b53eec7](https://github.com/ory/kratos/commit/b53eec721489514a80719b73bc5c758dc2adedfd))\n- Quickstart standalone service definition\n ([#2149](https://github.com/ory/kratos/issues/2149))\n ([872b06e](https://github.com/ory/kratos/commit/872b06e1f798deacfef101edc3ab33fd75af9b29))\n- Resolve configx regression\n ([672c0ff](https://github.com/ory/kratos/commit/672c0ffc7f5edd1fd238dcdd0c5d0430b30966c6))\n- **selfservice:** Recovery self service flow passes on return_to URL\n ([#1920](https://github.com/ory/kratos/issues/1920))\n ([b925d35](https://github.com/ory/kratos/commit/b925d351dd0ce48cb6aed046dcf2698796453751)),\n closes [#914](https://github.com/ory/kratos/issues/914)\n- Send 404 instead of null response for unknown verification flows\n ([#2102](https://github.com/ory/kratos/issues/2102))\n ([c9490c8](https://github.com/ory/kratos/commit/c9490c8927209b686aafe54b8a16207a8ef47ebe)),\n closes [#2099](https://github.com/ory/kratos/issues/2099):\n\n Fixes the verification handler to write the error, instead of nil object, when\n the flow does not exist. Adds tests for every handler to check proper behavior\n in that regard.\n\n- Support setting complex configs from the environment\n ([c45bf83](https://github.com/ory/kratos/commit/c45bf83a9e6744a0b3f2f24e3b07a6f0131d9a40)):\n\n Closes https://github.com/ory/kratos/issues/1535 Closes\n https://github.com/ory/kratos/issues/1792 Closes\n https://github.com/ory/kratos/issues/1801\n\n- Update download urls according to the new names\n ([#2078](https://github.com/ory/kratos/issues/2078))\n ([86ae016](https://github.com/ory/kratos/commit/86ae0166c8893b809929c7c45a2ba84416ddf228))\n\n### Code Generation\n\n- Pin v0.8.3-alpha.1.pre.0 release commit\n ([b1f1da2](https://github.com/ory/kratos/commit/b1f1da2c0b4fbf6e6b4259c58b39a3e88e990142))\n\n### Code Refactoring\n\n- Deprecate domain aliases\n ([894a2cc](https://github.com/ory/kratos/commit/894a2cc39671fbc9d2c13b1fc1b45b217da5145d))\n\n### Documentation\n\n- Fix incorrect port\n ([c9a3587](https://github.com/ory/kratos/commit/c9a358717a99af436c6802f45c9c1f6edc77585f)),\n closes [#2095](https://github.com/ory/kratos/issues/2095)\n- Fix link\n ([c245ed4](https://github.com/ory/kratos/commit/c245ed40d443e3068bc5eee902e6b14f6ae777c6)):\n\n Closes https://github.com/ory/kratos-selfservice-ui-node/issues/164\n\n- Ory cloud mentions + spelling\n ([#2100](https://github.com/ory/kratos/issues/2100))\n ([0c2fa5b](https://github.com/ory/kratos/commit/0c2fa5bdb98b95877ef740297b6d96a931a3430f))\n- Pagination ([#2143](https://github.com/ory/kratos/issues/2143))\n ([0807a03](https://github.com/ory/kratos/commit/0807a03fba8ff9a3123cd038a472e90895502e82)),\n closes [#2039](https://github.com/ory/kratos/issues/2039)\n- Typo ([#2073](https://github.com/ory/kratos/issues/2073))\n ([e1a54f9](https://github.com/ory/kratos/commit/e1a54f9129d41b34cc8864c8ac38d1448e1f9372))\n- Typo ([#2114](https://github.com/ory/kratos/issues/2114))\n ([a7a16d7](https://github.com/ory/kratos/commit/a7a16d7c91d89e274ea5fd79787cd4671d825532))\n- Update docker guide\n ([072ca4d](https://github.com/ory/kratos/commit/072ca4d990cf4060555c8b2626f39ff18172d064)),\n closes [#2086](https://github.com/ory/kratos/issues/2086)\n- Upgrade guide ([#2132](https://github.com/ory/kratos/issues/2132))\n ([4a4ab05](https://github.com/ory/kratos/commit/4a4ab05573ebb20f82f62bfd38767de68d7708e9)):\n\n Closes https://github.com/ory/kratos/discussions/2104\n\n### Features\n\n- Add preset CSP nonce ([#2096](https://github.com/ory/kratos/issues/2096))\n ([8913292](https://github.com/ory/kratos/commit/8913292c1193c416e5a54997e3635bef87affc01)):\n\n Closes https://github.com/ory/kratos-selfservice-ui-node/issues/162\n\n- Added phone number identifier\n ([#1938](https://github.com/ory/kratos/issues/1938))\n ([294dfa8](https://github.com/ory/kratos/commit/294dfa85b4552b9266c44bb3376b8610c1ff5521)),\n closes [#137](https://github.com/ory/kratos/issues/137)\n- Allow registration to be disabled\n ([#2081](https://github.com/ory/kratos/issues/2081))\n ([864b00d](https://github.com/ory/kratos/commit/864b00d6ecddefdb06ac22fda04670bfa43f2fd5)),\n closes [#882](https://github.com/ory/kratos/issues/882)\n- Courier templates fs support\n ([#2164](https://github.com/ory/kratos/issues/2164))\n ([13689a7](https://github.com/ory/kratos/commit/13689a7135311a05b17383486f5fdab2e7a412d0))\n- **courier:** Override default link base URL\n ([cc99096](https://github.com/ory/kratos/commit/cc99096d07408c8b713ef9a7b17b8345597a9129)):\n\n Added a new configuration value `selfservice.methods.link.config.base_url`\n which allows to change the default base URL of recovery and verification\n links. This is useful when the email should send a link which does not match\n the globally configured base URL.\n\n See https://github.com/ory-corp/cloud/issues/1766\n\n- **docker:** Add jaeger\n ([27ec2b7](https://github.com/ory/kratos/commit/27ec2b74ee42697102c6a9a79bc5ca3c09756d94))\n- Enable Buildkit ([#2079](https://github.com/ory/kratos/issues/2079))\n ([f40df5c](https://github.com/ory/kratos/commit/f40df5cd932aa3185b2155368db51a49b7f05991)):\n\n Looks like this was attempted before but the magic comment was not on the\n first line.\n\n- Expose courier template load\n ([#2082](https://github.com/ory/kratos/issues/2082))\n ([790716e](https://github.com/ory/kratos/commit/790716e58a4be06f04f3cbc5b974f16d873ae0d8))\n- Generalise courier tests ([#2125](https://github.com/ory/kratos/issues/2125))\n ([75c6053](https://github.com/ory/kratos/commit/75c60537e366760fe87b7b8978e9854873b7f702))\n- Make the password policy more configurable\n ([#2118](https://github.com/ory/kratos/issues/2118))\n ([70c627b](https://github.com/ory/kratos/commit/70c627b9feb3ec55765070b7c6c3fd64f2640e59)),\n closes [#970](https://github.com/ory/kratos/issues/970)\n- **security:** Add option to disallow private IP ranges in webhooks\n ([05f1e5a](https://github.com/ory/kratos/commit/05f1e5a99426ed54cb70514554e64d851f0ba8d6)),\n closes [#2152](https://github.com/ory/kratos/issues/2152)\n- Selfservice and administrative session management\n ([#2011](https://github.com/ory/kratos/issues/2011))\n ([0fe4155](https://github.com/ory/kratos/commit/0fe4155b878102b77f7f13de5f0754ff75961498)),\n closes [#655](https://github.com/ory/kratos/issues/655)\n [#2007](https://github.com/ory/kratos/issues/2007)\n\n### Tests\n\n- Update cypress ([#2090](https://github.com/ory/kratos/issues/2090))\n ([883a1b1](https://github.com/ory/kratos/commit/883a1b1ea33a1d3ef8b33342328382b59e4f18c3))\n\n# [0.8.2-alpha.1](https://github.com/ory/kratos/compare/v0.8.1-alpha.1...v0.8.2-alpha.1) (2021-12-17)\n\nThis release addresses further important security updates in the base Docker\nImages. We also resolved all issues related to ARM support on both Linux and\nmacOS and fixed a bug that prevent the binary from compiling on FreeBSD.\n\nThis release also makes use of our new build architecture which means that the\nDocker Images names have changed. We removed the \"scratch\" images as we received\nfrequent complaints about them. Additionally, all Docker Images have now, per\ndefault, SQLite support built-in. If you are relying on the SQLite images,\nupdate your Docker Pull commands as follows:\n\n```patch\n- docker pull oryd/kratos:{version}-sqlite\n+ docker pull oryd/kratos:{version}\n```\n\nAdditionally, all passwords now have to be at least 8 characters long, following\nrecommendations from Microsoft and others.\n\nIn v0.8.1-alpha.1 we failed to include all the exciting things that landed, so\nwe'll cover them now!\n\n1. Advanced E-Mail templating support with sprig - makes it possible to\n translate emails as well!\n2. Support wildcards for allowing redirection targets.\n3. Account Recovery initiated by the Admin API now works even if identities have\n no email address.\n\nEnjoy this release!\n\n### Bug Fixes\n\n- Add missing sample app paths to oathkeeper config\n ([#2058](https://github.com/ory/kratos/issues/2058))\n ([a527db4](https://github.com/ory/kratos/commit/a527db4487c4efd2e96f8bf84d48a3cca30a14a1)):\n\n Add \"welcome,registration,login,verification\" and \"\\*\\*.png\" to the paths\n oathkeeper forwards to self service ui.\n\n- Add section on webauthn constraints\n ([#2072](https://github.com/ory/kratos/issues/2072))\n ([23663b5](https://github.com/ory/kratos/commit/23663b50afce59cec2cfcaa4d3f50ae0abcf6310))\n- After release hooks\n ([56c2e61](https://github.com/ory/kratos/commit/56c2e61195b6e6808ed76b9fd5dee0da1f489ce9))\n- Dockerfile clean up\n ([52420cc](https://github.com/ory/kratos/commit/52420ccc17a8d395f0b13c0ad03ac334434c4b0e)),\n closes [#2070](https://github.com/ory/kratos/issues/2070)\n- Goreleaser after hook\n ([c763f2b](https://github.com/ory/kratos/commit/c763f2b394543a142f35b022d9c9d154c8e8489c))\n- Goreleaser config\n ([7099af2](https://github.com/ory/kratos/commit/7099af20929ad003968e7fc9e47a4fe745984fbb)):\n\n See https://github.com/goreleaser/goreleaser/issues/2762\n\n- Release hook\n ([90bd769](https://github.com/ory/kratos/commit/90bd7698380168b88ee301d9f343054052b208fd))\n\n### Code Generation\n\n- Pin v0.8.2-alpha.1 release commit\n ([627f4a1](https://github.com/ory/kratos/commit/627f4a1ddb378db84510a85013c4580a9d8024ad))\n\n### Documentation\n\n- Fix bodged release\n ([032b23a](https://github.com/ory/kratos/commit/032b23aba3fa04e5e2a638b78b806ca49a6a8e1c))\n- Quickstart update ([#2060](https://github.com/ory/kratos/issues/2060))\n ([3387cf6](https://github.com/ory/kratos/commit/3387cf6f111db5944fbff536fd0a9a67bc388f9a)),\n closes [#2032](https://github.com/ory/kratos/issues/2032)\n [#1916](https://github.com/ory/kratos/issues/1916)\n\n# [0.8.1-alpha.1](https://github.com/ory/kratos/compare/v0.8.0-alpha.4.pre.0...v0.8.1-alpha.1) (2021-12-13)\n\nThis maintenance release important security updates for the base Docker Images\n(e.g. Alpine). Additionally, several hiccups with the new ARM support have been\nresolved and the binaries are now downloadable for all major platforms. Please\nnote that passwords now have to be at least 8 characters long, following\nrecommendations from Microsoft and others.\n\nEnjoy this release!\n\n### Bug Fixes\n\n- Bodget docs commit\n ([f9d2f82](https://github.com/ory/kratos/commit/f9d2f8245bc94aaf21ddc9e5516b64e7887dae4b))\n- Build docs on release\n ([2cf137a](https://github.com/ory/kratos/commit/2cf137a0540b81f4e405920cafd251db71d2f9fa))\n- De-duplicate message IDs ([#1973](https://github.com/ory/kratos/issues/1973))\n ([9d8e197](https://github.com/ory/kratos/commit/9d8e19720fcc2e5b5371c2ddea4e2501304a93fd))\n- Docs links ([#2008](https://github.com/ory/kratos/issues/2008))\n ([8515e17](https://github.com/ory/kratos/commit/8515e17938570770ca4cbf93028782925e28f431))\n- Require minimum length of 8 characters password\n ([#2009](https://github.com/ory/kratos/issues/2009))\n ([bb5846e](https://github.com/ory/kratos/commit/bb5846ecb446b9e58b2a4949c678fddac4bbac4f)):\n\n Kratos follows\n [NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers](https://pages.nist.gov/800-63-3/sp800-63b.html)\n and\n [password policy](https://www.ory.sh/kratos/docs/concepts/security#password-policy)\n says\n\n > Passwords must have a minimum length of 8 characters and all characters\n > (unicode, ASCII) must be allowed.\n\n- Resolve freebsd build issue\n ([#2004](https://github.com/ory/kratos/issues/2004))\n ([9c75fe9](https://github.com/ory/kratos/commit/9c75fe9e7ab4ff27f8d1f2399a58baaadefaaa0d)),\n closes [#1645](https://github.com/ory/kratos/issues/1645)\n- Revert tag\n ([f1d7b9e](https://github.com/ory/kratos/commit/f1d7b9e2db2cab4acdcaacbae06a85c42417b334)),\n closes [#1945](https://github.com/ory/kratos/issues/1945)\n- Set dockerfile\n ([c860b99](https://github.com/ory/kratos/commit/c860b992aee6a63d9696377ed9047e8cdeef0098))\n- Skip docs publishing for pre releases\n ([eb6d8cd](https://github.com/ory/kratos/commit/eb6d8cdb2d3d400eb3b9398a15825ecdb10d3cf8))\n- Support complex lifespans ([#2050](https://github.com/ory/kratos/issues/2050))\n ([0edbebe](https://github.com/ory/kratos/commit/0edbebed896e79fd2979a54756932ea27c2ddb99))\n- Update docs after release\n ([850be90](https://github.com/ory/kratos/commit/850be9065b64bcf268b42e4018f60b25a7a73da5))\n- Verification error code ([#1967](https://github.com/ory/kratos/issues/1967))\n ([44411ab](https://github.com/ory/kratos/commit/44411ab4ac5f184c7f42e6ece0ccb2ae7cbdc42c)),\n closes [#1956](https://github.com/ory/kratos/issues/1956)\n\n### Code Generation\n\n- Pin v0.8.1-alpha.1 release commit\n ([8247416](https://github.com/ory/kratos/commit/82474161f61a3a22afad478838ffe8fe837d41ac))\n\n### Documentation\n\n- Add `Content-Type` to recommended CORS allowed headers\n ([#2015](https://github.com/ory/kratos/issues/2015))\n ([dd890ab](https://github.com/ory/kratos/commit/dd890ab96727d7a2c8c2f52279dc3516096213f0))\n- **debug:** Fix typo ([#1976](https://github.com/ory/kratos/issues/1976))\n ([0647554](https://github.com/ory/kratos/commit/0647554179d7b0119ed01d353cd0ea9eb8317752))\n- Fix incorrect tag\n ([bbd2355](https://github.com/ory/kratos/commit/bbd2355bbb220389021b596eec339a25652d932a)),\n closes [#2032](https://github.com/ory/kratos/issues/2032)\n [#2028](https://github.com/ory/kratos/issues/2028)\n- Fixed date format example ([#2038](https://github.com/ory/kratos/issues/2038))\n ([fc4703a](https://github.com/ory/kratos/commit/fc4703aa34066a56fa3cf3b664a0d032157e477a))\n- Improve text around bcrypt\n ([#2037](https://github.com/ory/kratos/issues/2037))\n ([ba6981e](https://github.com/ory/kratos/commit/ba6981e344e880936b5e995c433dae85659ba780))\n- Levenshtein-Distance has been released\n ([#2040](https://github.com/ory/kratos/issues/2040))\n ([393b6b3](https://github.com/ory/kratos/commit/393b6b38cdc4758e838eec20e81d486662f7b4a7))\n- Minor fixes ([#2010](https://github.com/ory/kratos/issues/2010))\n ([12918db](https://github.com/ory/kratos/commit/12918dbf4b0edb2857e06736aee9cccf1a5f76ff))\n- Password-strength meter has been dropped\n ([#2041](https://github.com/ory/kratos/issues/2041))\n ([9848fb3](https://github.com/ory/kratos/commit/9848fb3b40c12799eafc73d2ec0f410bf5b22aa8))\n- This has been done ([#2045](https://github.com/ory/kratos/issues/2045))\n ([7e8c91a](https://github.com/ory/kratos/commit/7e8c91ace5229fdc394461b3453acb3f01da0a6c))\n- Totp unlink image in 2fa docs\n ([#1957](https://github.com/ory/kratos/issues/1957))\n ([7afb731](https://github.com/ory/kratos/commit/7afb731c15ebbd6bab54a133f2e80e938dd937d4))\n- Update email template docs\n ([#1960](https://github.com/ory/kratos/issues/1960))\n ([#1968](https://github.com/ory/kratos/issues/1968))\n ([b0f25a9](https://github.com/ory/kratos/commit/b0f25a9a6013f1e450163f5c08b221d328c210be))\n- Webhooks have landed ([#2035](https://github.com/ory/kratos/issues/2035))\n ([80e53eb](https://github.com/ory/kratos/commit/80e53eb83d0dc84d2082ee343bfcecd2bfd99e13))\n\n### Features\n\n- Add alpine dockerfile\n ([587eaee](https://github.com/ory/kratos/commit/587eaeee60cab2f539af8f309800f5a6e9cdfe6f))\n- Add x-total-count to paginated pages\n ([b633ec3](https://github.com/ory/kratos/commit/b633ec3da6ccca196cd9d78c3c43d9797bd8d982))\n- Buildkit with multi stage build\n ([#2025](https://github.com/ory/kratos/issues/2025))\n ([57ab7f7](https://github.com/ory/kratos/commit/57ab7f784674c2cef2b1cef4b6922e9834213e3d))\n- **cmd:** Add OIDC credential include\n ([#2017](https://github.com/ory/kratos/issues/2017))\n ([1482844](https://github.com/ory/kratos/commit/148284485db8a86aa10c5aefb34373f9a8c7d95a)):\n\n With this change, the `kratos identities get` CLI can additionally fetch OIDC\n credentials.\n\n- Generalise courier ([#2019](https://github.com/ory/kratos/issues/2019))\n ([1762a73](https://github.com/ory/kratos/commit/1762a730886707be3549bc6789f65c66d755e1d0))\n- **oidc:** Add spotify provider\n ([#2024](https://github.com/ory/kratos/issues/2024))\n ([0064e35](https://github.com/ory/kratos/commit/0064e350ccb417fefee6f48ca5895f3d75247bb3))\n\n### Tests\n\n- Add web hook test cases ([#2051](https://github.com/ory/kratos/issues/2051))\n ([316e940](https://github.com/ory/kratos/commit/316e940a70684084c857e80a2ffaf334a64aee94))\n- **e2e:** Split e2e script into setup and test phase\n ([#2027](https://github.com/ory/kratos/issues/2027))\n ([1761418](https://github.com/ory/kratos/commit/176141860f3aa946519073d0e35bf3acacd6c685))\n- Fix changed message ID ([#2013](https://github.com/ory/kratos/issues/2013))\n ([0bb66de](https://github.com/ory/kratos/commit/0bb66de582ebcb501c161655ae00e276a1d7d5d2))\n\n# [0.8.0-alpha.4.pre.0](https://github.com/ory/kratos/compare/v0.8.0-alpha.3...v0.8.0-alpha.4.pre.0) (2021-11-09)\n\nautogen: pin v0.8.0-alpha.4.pre.0 release commit\n\n## Breaking Changes\n\nTo celebrate this change, we cleaned up the ways you install Ory software, and\nwill roll this out to all other projects soon:\n\nThere is now one central brew / bash curl repository:\n\n```patch\n-brew install ory/kratos/kratos\n+brew install ory/tap/kratos\n\n-bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)\n+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) kratos\n```\n\n### Bug Fixes\n\n- Add base64 to ReadSchema ([#1918](https://github.com/ory/kratos/issues/1918))\n ([8c8815b](https://github.com/ory/kratos/commit/8c8815b7ced0051eb0120198ae75b8fcf0fce2ba)),\n closes [#1529](https://github.com/ory/kratos/issues/1529)\n- Add error.id to invalid cookie/token settings flow\n ([#1919](https://github.com/ory/kratos/issues/1919))\n ([73610d4](https://github.com/ory/kratos/commit/73610d4cfb16789385d2660e278419664b1ea3f3)),\n closes [#1888](https://github.com/ory/kratos/issues/1888)\n- Adds missing webauthn authentication method\n ([#1914](https://github.com/ory/kratos/issues/1914))\n ([44892f3](https://github.com/ory/kratos/commit/44892f379c1aa9ffd7f5c92c9c1b32cc34a0dada))\n- Allow use of relative URLs in config\n ([#1754](https://github.com/ory/kratos/issues/1754))\n ([5f73bb0](https://github.com/ory/kratos/commit/5f73bb0784aeb7c4f3b1ed949926f9d9aed968d1)),\n closes [#1446](https://github.com/ory/kratos/issues/1446)\n- Do not use csrf for meta endpoints\n ([#1927](https://github.com/ory/kratos/issues/1927))\n ([fd14798](https://github.com/ory/kratos/commit/fd147989a55357248a37a30548c5d4c104bcf0f7))\n- E2e test regression ([#1937](https://github.com/ory/kratos/issues/1937))\n ([c9be009](https://github.com/ory/kratos/commit/c9be009112b03291ea76dd4de0911f495cf1e1ac))\n- Include text label for link email field\n ([07a1dbb](https://github.com/ory/kratos/commit/07a1dbb95156ca50116219dc837ca61e3d597df1)),\n closes [#1909](https://github.com/ory/kratos/issues/1909)\n- Panic on webhook with nil body\n ([#1890](https://github.com/ory/kratos/issues/1890))\n ([4bf1825](https://github.com/ory/kratos/commit/4bf18250373b7255e26e95d51a257e5280ad3148)),\n closes [#1885](https://github.com/ory/kratos/issues/1885)\n- Paths\n ([8c852c7](https://github.com/ory/kratos/commit/8c852c73136e130d163e2c9c5e0ca8a3449f4e26))\n- Speed up git clone\n ([d3e4bde](https://github.com/ory/kratos/commit/d3e4bdefd252131b6a1b84917962ff07284e3f9f))\n- Update sdk orb\n ([94e12e6](https://github.com/ory/kratos/commit/94e12e6d767ffa46d9060fdfb463adb83806990b))\n- Use bcrypt for password hashing in example\n ([a9196f2](https://github.com/ory/kratos/commit/a9196f27791c30d32743e6b69a86595d76362f29))\n- Use new ory installation method\n ([09cfc7e](https://github.com/ory/kratos/commit/09cfc7e2c23885270ef02193b4fdddc5550f3c23))\n\n### Code Generation\n\n- Pin v0.8.0-alpha.4.pre.0 release commit\n ([3e443b7](https://github.com/ory/kratos/commit/3e443b77ef63d72e5bf0b806790c86841a140afc))\n\n### Documentation\n\n- Add subdomain configuration in csrf page\n ([#1896](https://github.com/ory/kratos/issues/1896))\n ([681750f](https://github.com/ory/kratos/commit/681750f92d7fe517e7cc184cb4b65e6a21903ee9)):\n\n Add some instructions as to how kratos can be configured to work across\n subdomains.\n\n- Remove unintended characters in subdomain section in csrf page\n ([#1897](https://github.com/ory/kratos/issues/1897))\n ([dfb9007](https://github.com/ory/kratos/commit/dfb900797fc98ca7900631ccf8018858c4e43e85))\n\n### Features\n\n- Add new goreleaser build chain\n ([#1932](https://github.com/ory/kratos/issues/1932))\n ([cf1714d](https://github.com/ory/kratos/commit/cf1714dafaa0cda98640c772106620586dae7763)):\n\n This patch adds full compatibility with ARM architectures, including Apple\n Silicon (M1). We additionally added cryptographically signed signatures\n verifiable using [cosign](https://github.com/sigstore/cosign) for both\n binaries as well as docker images.\n\n- Add quickstart mimicking hosted ui\n ([813fb4c](https://github.com/ory/kratos/commit/813fb4cf48df1154ea334cca751cb55f7b3c77eb))\n- Advanced e-mail templating support\n ([#1859](https://github.com/ory/kratos/issues/1859))\n ([54b97b4](https://github.com/ory/kratos/commit/54b97b45506eff9cfafe338842ddf818b0c81f62)),\n closes [#834](https://github.com/ory/kratos/issues/834)\n [#925](https://github.com/ory/kratos/issues/925)\n- Allow wildcard domains for redirect_to checks\n ([#1528](https://github.com/ory/kratos/issues/1528))\n ([349cdcf](https://github.com/ory/kratos/commit/349cdcf4b1298d9e544344705ecd8e7b5eada48c)),\n closes [#943](https://github.com/ory/kratos/issues/943):\n\n Support wildcard domains in redirect_to checks.\n\n- Configurable health endpoints access logging\n ([#1934](https://github.com/ory/kratos/issues/1934))\n ([1301f68](https://github.com/ory/kratos/commit/1301f689bb0f1f44b66a057c8915f77ac71f30cc)):\n\n This PR introduces a new boolean configuration parameter that allows turning\n off logging of health endpoints requests in the access log. The implementation\n is basically a rip-off from Ory Hydra and the configuration parameter is the\n same:\n\n ```\n serve.public.request_log.disable_for_health\n serve.admin.request_log.disable_for_health\n ```\n\n The default value is _false_.\n\n- Integrate sbom generation to goreleaser\n ([#1850](https://github.com/ory/kratos/issues/1850))\n ([305bb28](https://github.com/ory/kratos/commit/305bb28d689dabc4d211baac5e6babd34862af5f))\n- Make admin recovery to work without emails\n [#1419](https://github.com/ory/kratos/issues/1419)\n ([#1750](https://github.com/ory/kratos/issues/1750))\n ([db00e85](https://github.com/ory/kratos/commit/db00e85e65c31b2bc497f0f4b4a28684b9f8bb9a))\n\n### Tests\n\n- **e2e:** Improved SDK set up and arm fix\n ([#1933](https://github.com/ory/kratos/issues/1933))\n ([c914ba1](https://github.com/ory/kratos/commit/c914ba10a85e89c031e7acfb73bf22c53201e287))\n- Update snapshots\n ([a820653](https://github.com/ory/kratos/commit/a820653718475656b7ae44a1bc7235a8fb97b8b5))\n\n# [0.8.0-alpha.3](https://github.com/ory/kratos/compare/v0.8.0-alpha.2...v0.8.0-alpha.3) (2021-10-28)\n\nResolves issues in the quickstart.\n\n### Bug Fixes\n\n- Resolve quickstart issues ([#1900](https://github.com/ory/kratos/issues/1900))\n ([d047009](https://github.com/ory/kratos/commit/d0470095f3263e287f76e8be0abb8df332492dd9)):\n\n Closes https://github.com/ory/kratos/discussions/1899\n\n### Code Generation\n\n- Pin v0.8.0-alpha.3 release commit\n ([a307deb](https://github.com/ory/kratos/commit/a307deb6779dacd2ce54e161a00d347600d2c583))\n\n# [0.8.0-alpha.2](https://github.com/ory/kratos/compare/v0.8.0-alpha.1...v0.8.0-alpha.2) (2021-10-28)\n\nResolves an issue in the SDK release pipeline.\n\n### Code Generation\n\n- Pin v0.8.0-alpha.2 release commit\n ([2178929](https://github.com/ory/kratos/commit/217892978c4fa9897a88b140276c2d27622c5de4))\n\n# [0.8.0-alpha.1](https://github.com/ory/kratos/compare/v0.7.6-alpha.1...v0.8.0-alpha.1) (2021-10-27)\n\nWe are extremely excited to share this next generation of Ory Kratos! The\nproject is truly maturing and the community is getting larger by the hour.\n\nOn this special occasion, we would like to bring to your attention that the\n[**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage)\nYou will hear gripping talks from the Ory Community and Ory maintainers! And the\nbest part, tickets are free and we are covering multiple time zones!\n\nThis release is truly the best version of Ory Kratos to date and we want to give\nyou a tl;dr of the 345 commits and 1152 files changed, and what you can expect\nfrom this release:\n\n- Full multi-factor authentication with different enforcement policies\n (soft/hard MFA).\n- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from\n fingerprints to hardware tokens every FIDO2 device is supported!\n- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID\n Tokens an identity receives when performing social sign up. Optionally, these\n tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)!\n- Support for TOTP (Google Authenticator) two-factor\n verification/authentication.\n- Advanced two-factor recovery with lookup secrets.\n- [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui).\n- \"Native\" support for Single-Page App Single Sign-On.\n- Much improved single-page app and native app APIs for all self-service flows.\n- Support for PKBDF2 password hashing, which will help import user passwords\n from other systems in the future.\n- Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs.\n- ARM Docker Images.\n- Greatly improved internal e2e test pipeline using Cypress 8.x.\n- Improved functional tests with cupaloy snapshot testing.\n- Documentation on different error codes and message identifiers to easier\n translate messages in your own UI.\n- Better form decoding and ability to mark required JSON Schema fields as\n required in the UI.\n- Bug fixes that could result in users ending up in irrecoverable UI states.\n- Better support for `return_to` across flows (e.g. OIDC) and in custom UIs.\n- SBOM Software Supply Chain scanning & reporting.\n- Docker Image vulnerability checking as part of the release pipeline.\n- Support sending emails via AWS SES SMTP.\n- A REST endpoint to invalidate all an identity's sessions.\n\nAs you can see, much has happened and we are grateful for all the great\ninteractions we have with you, every day!\n\nLet's take a look at some of the breaking changes. Even though much was added,\nlittle has changed in breaking ways! This is a testament that Ory Kratos'\ninternals and APIs are becoming more stable!\n\nThis release requires you to run SQL migrations. Please, as always, create a\nbackup of your database first!\n\nThe SDKs are now generated with tag v0alpha2 to reflect that some signatures\nhave changed in a breaking fashion. Please update your imports from `v0alpha1`\nto `v0alpha2`.\n\nThe SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP\nconnection types is now only supporting implicit TLS. For StartTLS and cleartext\nSMTP, please use the SMTP scheme instead.\n\nExample:\n\n- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true`\n- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` ->\n `smtp://foo:bar@my-mailserver:1234/`\n- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true`\n -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this\n next generation of Ory Kratos! The project is truly maturing and the community\n is getting larger by the hour.\n\nOn this special occasion, we would like to bring to your attention that the\n[**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage)\nYou will hear gripping talks from the Ory Community and Ory maintainers! And the\nbest part, tickets are free and we are covering multiple time zones!\n\nThis release is truly the best version of Ory Kratos to date and we want to give\nyou a tl;dr of the 345 commits and 1152 files changed, and what you can expect\nfrom this release:\n\n- Full multi-factor authentication with different enforcement policies\n (soft/hard MFA).\n- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from\n fingerprints to hardware tokens every FIDO2 device is supported!\n- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID\n Tokens an identity receives when performing social sign up. Optionally, these\n tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)!\n- Support for TOTP (Google Authenticator) two-factor\n verification/authentication.\n- Advanced two-factor recovery with lookup secrets.\n- [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui).\n- \"Native\" support for Single-Page App Single Sign-On.\n- Much improved single-page app and native app APIs for all self-service flows.\n- Support for PKBDF2 password hashing, which will help import user passwords\n from other systems in the future.\n- Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs.\n- ARM Docker Images.\n- Greatly improved internal e2e test pipeline using Cypress 8.x.\n- Improved functional tests with cupaloy snapshot testing.\n- Documentation on different error codes and message identifiers to easier\n translate messages in your own UI.\n- Better form decoding and ability to mark required JSON Schema fields as\n required in the UI.\n- Bug fixes that could result in users ending up in irrecoverable UI states.\n- Better support for `return_to` across flows (e.g. OIDC) and in custom UIs.\n- SBOM Software Supply Chain scanning & reporting.\n- Docker Image vulnerability checking as part of the release pipeline.\n- Support sending emails via AWS SES SMTP.\n- A REST endpoint to invalidate all an identity's sessions.\n\nAs you can see, much has happened and we are grateful for all the great\ninteractions we have with you, every day!\n\nLet's take a look at some of the breaking changes. Even though much was added,\nlittle has changed in breaking ways! This is a testament that Ory Kratos'\ninternals and APIs are becoming more stable!\n\nThis release requires you to run SQL migrations. Please, as always, create a\nbackup of your database first!\n\nThe SDKs are now generated with tag v0alpha2 to reflect that some signatures\nhave changed in a breaking fashion. Please update your imports from `v0alpha1`\nto `v0alpha2`.\n\nThe SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP\nconnection types is now only supporting implicit TLS. For StartTLS and cleartext\nSMTP, please use the SMTP scheme instead.\n\nExample:\n\n- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true`\n- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` ->\n `smtp://foo:bar@my-mailserver:1234/`\n- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true`\n -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this\n next generation of Ory Kratos! The project is truly maturing and the community\n is getting larger by the hour.\n\nOn this special occasion, we would like to bring to your attention that the\n[**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage)\nYou will hear gripping talks from the Ory Community and Ory maintainers! And the\nbest part, tickets are free and we are covering multiple time zones!\n\nThis release is truly the best version of Ory Kratos to date and we want to give\nyou a tl;dr of the 345 commits and 1152 files changed, and what you can expect\nfrom this release:\n\n- Full multi-factor authentication with different enforcement policies\n (soft/hard MFA).\n- Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from\n fingerprints to hardware tokens every FIDO2 device is supported!\n- Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID\n Tokens an identity receives when performing social sign up. Optionally, these\n tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)!\n- Support for TOTP (Google Authenticator) two-factor\n verification/authentication.\n- Advanced two-factor recovery with lookup secrets.\n- [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui).\n- \"Native\" support for Single-Page App Single Sign-On.\n- Much improved single-page app and native app APIs for all self-service flows.\n- Support for PKBDF2 password hashing, which will help import user passwords\n from other systems in the future.\n- Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs.\n- ARM Docker Images.\n- Greatly improved internal e2e test pipeline using Cypress 8.x.\n- Improved functional tests with cupaloy snapshot testing.\n- Documentation on different error codes and message identifiers to easier\n translate messages in your own UI.\n- Better form decoding and ability to mark required JSON Schema fields as\n required in the UI.\n- Bug fixes that could result in users ending up in irrecoverable UI states.\n- Better support for `return_to` across flows (e.g. OIDC) and in custom UIs.\n- SBOM Software Supply Chain scanning & reporting.\n- Docker Image vulnerability checking as part of the release pipeline.\n- Support sending emails via AWS SES SMTP.\n- A REST endpoint to invalidate all an identity's sessions.\n\nAs you can see, much has happened and we are grateful for all the great\ninteractions we have with you, every day!\n\nLet's take a look at some of the breaking changes. Even though much was added,\nlittle has changed in breaking ways! This is a testament that Ory Kratos'\ninternals and APIs are becoming more stable!\n\nThis release requires you to run SQL migrations. Please, as always, create a\nbackup of your database first!\n\nThe SDKs are now generated with tag v0alpha2 to reflect that some signatures\nhave changed in a breaking fashion. Please update your imports from `v0alpha1`\nto `v0alpha2`.\n\nThe SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP\nconnection types is now only supporting implicit TLS. For StartTLS and cleartext\nSMTP, please use the SMTP scheme instead.\n\nExample:\n\n- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true`\n- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` ->\n `smtp://foo:bar@my-mailserver:1234/`\n- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true`\n -> `smtps://foo:bar@my-mailserver:1234/`\n\n## Breaking Changes\n\nThe location of the homebrew tap has changed from `ory/ory/kratos` to\n`ory/tap/kratos`.\n\nTo stay consistent with other query parameter's, the self-service login flow's\n`forced` key has been renamed to `refresh`.\n\nThe SDKs are now generated with tag v0alpha2 to reflect that some signatures\nhave changed in a breaking fashion. Please update your imports from `v0alpha1`\nto `v0alpha2`.\n\nTo support 2FA on non-browser (e.g. native mobile) apps we have added the Ory\nSession Token as a possible parameter to both\n`initializeSelfServiceLoginFlowWithoutBrowser` and `submitSelfServiceLoginFlow`.\nDepending on the SDK generator, the order of the arguments may have changed. In\nJavaScript:\n\n```patch\n- .submitSelfServiceLoginFlow(flow.id, payload)\n+ .submitSelfServiceLoginFlow(flow.id, sessionToken, payload)\n+ // or if the user has no session yet:\n+ .submitSelfServiceLoginFlow(flow.id, undefined, payload)\n```\n\nTo improve the overall API design we have changed the result of\n`POST /self-service/settings`. Instead of having flow be a key, the flow is now\nthe response. The updated identity payload stays the same!\n\n```patch\n {\n- \"flow\": {\n- \"id\": \"flow-id-...\"\n- ...\n- },\n+ \"id\": \"flow-id-...\"\n+ ...\n \"identity\": {\n \"id\": \"identity-id-...\"\n }\n }\n```\n\nThe SMTPS scheme used in courier config url with cleartext/StartTLS/TLS SMTP\nconnection types is now only supporting implicit TLS. For StartTLS and cleartext\nSMTP, please use the smtp scheme instead.\n\nExample:\n\n- SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true`\n- SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` ->\n `smtp://foo:bar@my-mailserver:1234/`\n- SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true`\n -> `smtps://foo:bar@my-mailserver:1234/`\n\nThis patch changes the naming and number of prometheus metrics (see:\nhttps://github.com/ory/x/pull/379). In short: all metrics will have now `http_`\nprefix to conform to Prometheus best practices.\n\n### Bug Fixes\n\n- Add error id\n ([1442784](https://github.com/ory/kratos/commit/1442784264d1f5032830a0646b853b925bb19c62))\n- Add mfa e2e test scenarios and resolve found issues\n ([436992d](https://github.com/ory/kratos/commit/436992ddf2ace68b247c708fc955fccb95cf6fd2))\n- Add middleware earlier [#1775](https://github.com/ory/kratos/issues/1775)\n ([#1776](https://github.com/ory/kratos/issues/1776))\n ([b9d253e](https://github.com/ory/kratos/commit/b9d253ef05ff7cd616111a817d03a17e39f8f4a8))\n- Allow refresh and aal upgrade at the same time\n ([2ec801f](https://github.com/ory/kratos/commit/2ec801f262cd8f6dcdf8121a20897257e3b74ad3))\n- API client leaks stack trace with an error\n ([#1772](https://github.com/ory/kratos/issues/1772))\n ([d3aff6d](https://github.com/ory/kratos/commit/d3aff6d3eb11942fbfd6f2de71f4399053075b62)),\n closes [#1771](https://github.com/ory/kratos/issues/1771)\n- Better const handling for internal context\n ([1e457e3](https://github.com/ory/kratos/commit/1e457e3b3dea9ea9a05c12740578af2d45902aba))\n- Correct swagger path for /identities/:id/session endpoint\n ([#1756](https://github.com/ory/kratos/issues/1756))\n ([d614f2a](https://github.com/ory/kratos/commit/d614f2a737eef90ad60a4bdedae248b74131ff35))\n- Decoder regression in registration\n ([febf75a](https://github.com/ory/kratos/commit/febf75ae959a2b67c19fcd1705b591f22ff5314b))\n- Deterministic clidoc dates\n ([e48d90a](https://github.com/ory/kratos/commit/e48d90ad5a178ab3317d89800526c516aad6e274))\n- Disable totp per default\n ([7278589](https://github.com/ory/kratos/commit/7278589ff2460a13302650b5e3fae01d774f9684))\n- Docs autogen should not use `time.Now`\n ([a830f5b](https://github.com/ory/kratos/commit/a830f5b3b535bc375e879c797626b6084b76776e))\n- Ensure correct error propagation\n ([77ce709](https://github.com/ory/kratos/commit/77ce709d53d88f70c892ab0892c13e16f5b761a5))\n- Ensure refresh issues a new session when the identity changes\n ([a10b385](https://github.com/ory/kratos/commit/a10b385510a0102ede5850f9be30b7deba810acf))\n- Ensure return_to works for OIDC flows\n ([d615734](https://github.com/ory/kratos/commit/d615734c312db6f7fa48fb8c7b4090a80c9e5ce7)),\n closes [#1773](https://github.com/ory/kratos/issues/1773)\n- Explicit validation for return to in new flows\n ([284cf29](https://github.com/ory/kratos/commit/284cf29a6be82530b55c24a15c465ec9f1b6a210))\n- Follow chrome webauthn best practice recommendation\n ([0a7c812](https://github.com/ory/kratos/commit/0a7c8128bb0b78f8dc236af06ca9be038b201829))\n- Githup-app name in config ([#1822](https://github.com/ory/kratos/issues/1822))\n ([1b50963](https://github.com/ory/kratos/commit/1b50963525ceaceea9afb8d1236d728de3107a8e))\n- Handle return errors on the frontend and break early\n ([0e8d481](https://github.com/ory/kratos/commit/0e8d481cc220777aa56faf2e716da15537fa27fc)):\n\n Closes https://github.com/ory-corp/cloud/issues/1426\n\n- Identity credential identifiers are now unique per method\n ([57fd99a](https://github.com/ory/kratos/commit/57fd99ac05d29fc0362f14e5910641944232d61e))\n- Improve schema validation error tracing\n ([f793fe5](https://github.com/ory/kratos/commit/f793fe56182f3f195a57fe5f4b54f7fcf8402c81))\n- Incorrect JSON response for browser flows\n ([1501f56](https://github.com/ory/kratos/commit/1501f5627ed12d2d149f1fcf49fcf326120e6b0b))\n- Kill modd as well\n ([e5a98e5](https://github.com/ory/kratos/commit/e5a98e54ec68f122615dd902df9ebac788fdb579))\n- **link:** Resolve incorrect response types when opening API recovery link in\n browser\n ([35ea8db](https://github.com/ory/kratos/commit/35ea8db300c2d3eeaf7d8f0e29c604ecc455cd2b))\n- **login:** Properly handle refresh\n ([8dc7059](https://github.com/ory/kratos/commit/8dc7059222fa12dd0bca0183f42306b5169addb6))\n- **lookup:** Ensure correct fields are set\n ([5ed4c55](https://github.com/ory/kratos/commit/5ed4c5572f9cbb35461e45dfc6b7c5eb4bce7434))\n- **lookup:** Resolve reuse scenarios\n ([dbfe475](https://github.com/ory/kratos/commit/dbfe475ba5f0d2b9d4b0b67d0d8e7cb99e89ad5d))\n- **lookup:** Set up codes correctly\n ([2f373f3](https://github.com/ory/kratos/commit/2f373f344326fbd5dbebf6233dbf5b56252b7e95))\n- OIDC provider field in spec\n ([#1809](https://github.com/ory/kratos/issues/1809))\n ([11b25de](https://github.com/ory/kratos/commit/11b25deb46b73c7d0ab95a77ff2ab60c032c1942))\n- **oidc:** Ensure nested keys work on login\n ([71583c5](https://github.com/ory/kratos/commit/71583c57f1334bee1e5c9be1fae6a1b241ea3d6d))\n- Omitempty for VerifiedAt and StateChangedAt\n ([#1736](https://github.com/ory/kratos/issues/1736))\n ([bf2ec6e](https://github.com/ory/kratos/commit/bf2ec6e6ae8d656ea6dcac037dedd3603ad12915)):\n\n Closes https://github.com/ory/sdk/issues/95\n\n- Only respect required modules for SDK\n ([4c5677f](https://github.com/ory/kratos/commit/4c5677f3ea48bd87e5d7a1f95e3807b7884a0b64))\n- Panic when recovering deactivated user\n ([0a49f27](https://github.com/ory/kratos/commit/0a49f2714991a3f397dc5c721fe22d11846d3db5)),\n closes [#1794](https://github.com/ory/kratos/issues/1794)\n [#1826](https://github.com/ory/kratos/issues/1826)\n- Potentially resolve hanging postgres connection closing\n ([693a928](https://github.com/ory/kratos/commit/693a9286b02c2329dcfd358a038857901193b459))\n- Properly encode aal error\n ([49b6288](https://github.com/ory/kratos/commit/49b6288c2345840a7517272e9616c2c20a254edb))\n- Properly open recovery endpoints in browser if flow was initiated via API\n ([23c12e5](https://github.com/ory/kratos/commit/23c12e55d24591ca69c9178017355a9262fa35eb))\n- Remove duplicate schema error\n ([4e69123](https://github.com/ory/kratos/commit/4e691238da3bf3ee8d9a92d4d9507b27fce20199))\n- Remove initial_value again as it was not useful outside of booleans\n ([0cc984b](https://github.com/ory/kratos/commit/0cc984b85baff3db500fb656bd541cfa0396df98))\n- Remove obsolete openapi patch\n ([11618ec](https://github.com/ory/kratos/commit/11618ecc6681a9108ee70a3e0d1ab3d21e33f9db))\n- Remove unnecessary cmd reference\n ([351760e](https://github.com/ory/kratos/commit/351760ece01d421687179b8e3f6f48a720247a1d))\n- Replace 302 with 303\n ([2e2b0f8](https://github.com/ory/kratos/commit/2e2b0f840450c6d23f3e51e5885d0908685ef3f6))\n- Resolve clidoc generation issue\n ([1aaaa03](https://github.com/ory/kratos/commit/1aaaa035f863852799575e1f65e9d9ed276a3160))\n- Resolve merge issues\n ([1dc7497](https://github.com/ory/kratos/commit/1dc74976c785afca8079379cd5060116b5f3d831))\n- Resolve openapi issues and regenerate clients\n ([f7d60c0](https://github.com/ory/kratos/commit/f7d60c02392d2ad664c73ee4ff6bb108a4cb04e2))\n- Resolve swagger regression\n ([02b9d47](https://github.com/ory/kratos/commit/02b9d470df012ae9818a8516a5549aee83c0963d))\n- Run format on ts files\n ([f55f6f6](https://github.com/ory/kratos/commit/f55f6f69bf0df88d001fda791b330bdcbf5d92b2))\n- Slow CLI start-up time\n ([ae20c17](https://github.com/ory/kratos/commit/ae20c17777eb57363f811b57d782db88b2de91ae)):\n\n Found a deeply nested dependency which was importing\n `https://github.com/markbates/pkger`, causing unreasonable CPU consumption and\n significant delay at start up time. With this patch, start up time was reduced\n from almost 3s to ~0.01s.\n\n ```\n $ time kratos\n kratos 2.55s user 2.46s system 508% cpu 0.986 total\n\n $ time ./kratos-patch\n ./kratos-patch 0.00s user 0.00s system 64% cpu 0.001 total\n ```\n\n- **test:** OIDC storategy test\n ([#1836](https://github.com/ory/kratos/issues/1836))\n ([b877dbe](https://github.com/ory/kratos/commit/b877dbecaf84e2d102bcceff4ad85c5b4efe18c5))\n- **totp:** Reorder QR\n ([d096df7](https://github.com/ory/kratos/commit/d096df734ba8cf7dcfb872af03a19550d320c8b7))\n- Try and reduce cookie flakyness\n ([e7ae8d6](https://github.com/ory/kratos/commit/e7ae8d63a16df69fd43afdf41691b9c1d3efe439))\n- Typo\n ([8c4d8a2](https://github.com/ory/kratos/commit/8c4d8a2284f7a52a2dca7e7fd5e686756d410647))\n- **ui:** Use correct type for anchor\n ([a6595e4](https://github.com/ory/kratos/commit/a6595e49c38a302f4a603dd46f5a0764680a24b1))\n- Update schema config location\n ([539ae73](https://github.com/ory/kratos/commit/539ae7303158f14ca42165c12f9d3e8ef9dcdbdf))\n- Use parallelism of 1 in go test\n ([8736334](https://github.com/ory/kratos/commit/8736334bf11fc9a742e2972aa97ee56c407c7c0c))\n- **webauthn:** Support react-based webauth\n ([b6123b4](https://github.com/ory/kratos/commit/b6123b4840547b295be44272e76454462a0f60c4))\n- X-session-token must not be mandatory\n ([05d73be](https://github.com/ory/kratos/commit/05d73beed26f1be31c6f2a62499c7c71d7d54bec))\n\n### Code Generation\n\n- Pin v0.8.0-alpha.1 release commit\n ([c2c902c](https://github.com/ory/kratos/commit/c2c902c1bd8d910843d747c25b99ee1bcc6f962d))\n\n### Code Refactoring\n\n- **courier:** Support SMTP schemes for implicit TLS, explicit StartTLS, and\n cleartext SMTP ([#1831](https://github.com/ory/kratos/issues/1831))\n ([4cb082c](https://github.com/ory/kratos/commit/4cb082ce1e15ddd1d992a2def9e7d6410142cc02)),\n closes [#1770](https://github.com/ory/kratos/issues/1770)\n [#1769](https://github.com/ory/kratos/issues/1769)\n- Homogenize error messages\n ([421a319](https://github.com/ory/kratos/commit/421a3190d1d4f6f5d96ef8ad87c3a2a667b57a28))\n- Improved prometheus metrics\n ([#1830](https://github.com/ory/kratos/issues/1830))\n ([0be993b](https://github.com/ory/kratos/commit/0be993bebeb9e50d90806ad13f60bb8d72c3b2d3)),\n closes [#1735](https://github.com/ory/kratos/issues/1735):\n\n This will add new prometheus metrics for Kratos that are more useful for\n alerting and increase overall observability.\n\n- Login flow `forced` renamed to `refresh`\n ([92087e5](https://github.com/ory/kratos/commit/92087e5f00b4fcce1706442c9edf1b466f9a23c9))\n- **login:** Rename forced -> refresh\n ([8d1e54b](https://github.com/ory/kratos/commit/8d1e54bd79cf617985602997f1121e168f58c389))\n- **login:** Support 2FA for non-browser SDKs\n ([df4846d](https://github.com/ory/kratos/commit/df4846d3867599f49e58b6b4d59b338916f37cbf))\n- Move expired error into top-level flow module\n ([01a2602](https://github.com/ory/kratos/commit/01a26025375f1d958a7e345c61fb6ba5e3403efe))\n- Move homebrew tap to ory/tap\n ([0ee67c3](https://github.com/ory/kratos/commit/0ee67c388a1fea8aa9633cbf684e1f62e16d61cc))\n- Move node identifiers to node package\n ([b0a86dc](https://github.com/ory/kratos/commit/b0a86dc6e5005017a9a0fa2120560f668ab2432f))\n- Revert decision to return 422 errors and streamline 401/403\n ([8aa5318](https://github.com/ory/kratos/commit/8aa53187f1e78d693463a47fcd9aedab30d1b55f))\n- Sdk API is no v0alpha2\n ([3f06738](https://github.com/ory/kratos/commit/3f067386e32ad3baeec48fd21dd51659a5725970))\n- **session:** CreateAndIssueCookie is now UpsertAndIssueCookie\n ([a6d134d](https://github.com/ory/kratos/commit/a6d134de7710c7e92e51f735f13b7757eb7011e5))\n- **session:** CreateSession is now UpsertSession\n ([3ec81a2](https://github.com/ory/kratos/commit/3ec81a2cc401ff18052abd2a9ba060e665f0baa2))\n- **settings:** Change settings success response\n ([12f98f2](https://github.com/ory/kratos/commit/12f98f2884294669bbb7eab7e8ed73a5372386f6))\n\n### Documentation\n\n- Add 2fa credentials\n ([f7899a7](https://github.com/ory/kratos/commit/f7899a761aaf59d2cfddc2c330a805456cfca947))\n- Add 2fa guide\n ([b4eed76](https://github.com/ory/kratos/commit/b4eed76305ecf1de3461525fd2ea748ec94da53c))\n- Add a commandline example for the logout\n ([#1753](https://github.com/ory/kratos/issues/1753))\n ([81ba264](https://github.com/ory/kratos/commit/81ba2647a66fca99b7ed2e56a67deec75ac06b89))\n- Add admin ui guide\n ([ac88060](https://github.com/ory/kratos/commit/ac88060ed7390f0a34db637880c1660b8c45b352))\n- Add advanced custom UI documentation\n ([5e3a2cd](https://github.com/ory/kratos/commit/5e3a2cdbedf0005c89db717d1136c56ab3304ede))\n- Add image assets\n ([6bc93ca](https://github.com/ory/kratos/commit/6bc93ca79283bd993b0176dda11ad9d5860a5e4f))\n- Add missing angle bracket ([#1799](https://github.com/ory/kratos/issues/1799))\n ([4270140](https://github.com/ory/kratos/commit/427014052ef905c2003e2cd0133d57bf83819776))\n- Add ory sessions as a concept\n ([626c0c9](https://github.com/ory/kratos/commit/626c0c90bd2d683048618452ba421e40be92f587))\n- Add powershell to deps ([#1853](https://github.com/ory/kratos/issues/1853))\n ([e945336](https://github.com/ory/kratos/commit/e94533690b658c4afba81e694a052579f0ffff42)),\n closes [#1848](https://github.com/ory/kratos/issues/1848)\n- **credentials:** Add AAL explanation\n ([c1f501e](https://github.com/ory/kratos/commit/c1f501e9ec3ba203fb252fbd56cb87843d667b17))\n- Enhance error return values\n ([3799c24](https://github.com/ory/kratos/commit/3799c24fbc0397876df4f1c530e325bd1212d750))\n- Fix invalid syntax ([#1819](https://github.com/ory/kratos/issues/1819))\n ([8cd6428](https://github.com/ory/kratos/commit/8cd6428e40610fa40b9c59414beb3d5c614dddaa))\n- Fix the flow links used for rendering\n ([#1752](https://github.com/ory/kratos/issues/1752))\n ([131d2c2](https://github.com/ory/kratos/commit/131d2c284d4191ee979077937ea3b48fce772f3c))\n- Fix the invalid links ([#1868](https://github.com/ory/kratos/issues/1868))\n ([6d621ec](https://github.com/ory/kratos/commit/6d621ec89d1a7c37daf4622b06a0ad94f2d77b31))\n- Remove obsolete file\n ([b7f9052](https://github.com/ory/kratos/commit/b7f905278edf4aed1e2984aa3d2d94a41368d6d8))\n- Update generated docs\n ([72afb81](https://github.com/ory/kratos/commit/72afb81be8bfaa36236087ec7715bca1804aa62c))\n- Update quickstart curl examples\n ([#1778](https://github.com/ory/kratos/issues/1778))\n ([6c677c4](https://github.com/ory/kratos/commit/6c677c49df8fa8d48e7c0bbf91bbd18874f4c514))\n- Use correct link\n ([f007919](https://github.com/ory/kratos/commit/f007919b7bd86c1d1b20b3625709e01b5f123302)),\n closes [#1793](https://github.com/ory/kratos/issues/1793)\n\n### Features\n\n- Add `intended_for_someone_else` error code\n ([572a131](https://github.com/ory/kratos/commit/572a1315aec7d1103c8d4fb9c128644ea2af6d3b))\n- Add aal fallback for existing sessions\n ([a5c7b11](https://github.com/ory/kratos/commit/a5c7b1143bca7029bf94fc42fe638534961a06bc))\n- Add authenticators after set up\n ([035c276](https://github.com/ory/kratos/commit/035c276152a22a2c9c7159b1cf89dbe7724728dd))\n- Add DeleteCredentialsType to identity struct including tests\n ([b12bf52](https://github.com/ory/kratos/commit/b12bf523e4213e49f545206c457a1739f493d385))\n- Add e2e tests for react native 2fa\n ([a3ac253](https://github.com/ory/kratos/commit/a3ac253bdb9c42df6dce9288a2e7c2dada24d255))\n- Add error ids for csrf-related errors\n ([dc2adbf](https://github.com/ory/kratos/commit/dc2adbf52f7ee845778ee5c3c943b9e10c41e181))\n- Add error ids for redirect-related errors\n ([246a045](https://github.com/ory/kratos/commit/246a0453e65e70635331c95ff02ec9133ae81e46))\n- Add error ids for session-related errors\n ([087d907](https://github.com/ory/kratos/commit/087d90731185b71cd88cc6451ce360d6c1dada34))\n- Add explicit return_to to flow objects and API parameters\n ([50d04ea](https://github.com/ory/kratos/commit/50d04eaa455932a9a5cc31f812f66518e1d4ad3b)),\n closes [#1605](https://github.com/ory/kratos/issues/1605)\n [#1121](https://github.com/ory/kratos/issues/1121):\n\n This patch adds a `return_to` field to the flow objects which contains the\n original `?return_to=...` value. It uses the Flow's `request_url` for that\n purpose.\n\n- Add ids for user-facing errors for login, registration, settings\n ([787558b](https://github.com/ory/kratos/commit/787558b48fd7405ac61a48d3c18c7252ac1aaf19)):\n\n This patch adds a new field `id` to JSON error payloads. This helps\n tremendously in implementing better client-side (native / SPA) apps as the API\n now returns error IDs like `no_active_session`, `orbidden_return_to`,\n `no_verified_address` and more. UIs can use these IDs to decide what to do\n next in the application - for example redirecting to a particular endpoint or\n showing an error message.\n\n- Add initial value to bool checkboxes\n ([63dba73](https://github.com/ory/kratos/commit/63dba737376dbe2f15c5afb5df22c593328c6483))\n- Add internal context to login and registration\n ([723e6ee](https://github.com/ory/kratos/commit/723e6eee731d34f85bc4346a1040f2f121662ae9))\n- Add internal context to settings flow\n ([afb6895](https://github.com/ory/kratos/commit/afb6895daa8743edbf4fca957b2a156e676ef63a))\n- Add lookup node to disable lookup\n ([d0836be](https://github.com/ory/kratos/commit/d0836beb53709c88eb9ed78df39e95a3204c7cec)):\n\n See https://github.com/ory/cloud/issues/12\n\n- Add lookup to config\n ([14119b6](https://github.com/ory/kratos/commit/14119b623941b6f5e795ef0d369ee9e3adb73207))\n- Add lookup to identity\n ([ead3833](https://github.com/ory/kratos/commit/ead3833e254b4939f2b86b34e954580960cc7ea1))\n- Add lookup to migrations\n ([dac4f75](https://github.com/ory/kratos/commit/dac4f759a0b92c1eebca177c3c931fb3146e7dee))\n- Add MFA enforcment option to whoami and settings\n ([554d725](https://github.com/ory/kratos/commit/554d72552702818c8f1fc45fd1daf9d93c0d2cad))\n- Add mfa for non-browser\n ([4096fd3](https://github.com/ory/kratos/commit/4096fd3fbdb430fd325b38fe9102defa31dd1b6d))\n- Add missing migrations\n ([ccc64d8](https://github.com/ory/kratos/commit/ccc64d87935c6b5ad506dce6a5f903d56541f864))\n- Add option to disable recovery codes\n ([9d3daa6](https://github.com/ory/kratos/commit/9d3daa656a5361ef8a90fe3511f9c1a6e9015969)):\n\n Closes https://github.com/ory/cloud/issues/12\n\n- Add ory cli config\n ([5b959be](https://github.com/ory/kratos/commit/5b959beaba4d03e143f7701c30bc30e25f2c51cc))\n- Add schema patch for new initial_value field\n ([131e380](https://github.com/ory/kratos/commit/131e3803ff6d04af9ec668286c8e6fcf88467214)):\n\n The field sets a node input's initial value. This is primarily used for fields\n which are e.g. checkboxes or buttons (active/inactive). If this field is set\n on a button, it implies that clicking the button should trigger the \"value\" to\n be set.\n\n- Add script type and discriminator for attributes\n ([de0af95](https://github.com/ory/kratos/commit/de0af955904894d97997cf598686b6d33cd88bd4)):\n\n See https://github.com/ory/sdk/issues/72\n\n- Add smtp headers config option\n ([#1747](https://github.com/ory/kratos/issues/1747))\n ([7ffe0e9](https://github.com/ory/kratos/commit/7ffe0e9766e930615dbb6833e650b73a8975a544)),\n closes [#1725](https://github.com/ory/kratos/issues/1725)\n- Add support for onclick javascript in ui nodes\n ([7cc7efa](https://github.com/ory/kratos/commit/7cc7efa00ff0e8107f1369573bfdf766fcfc0e93))\n- Add totp strategy for settings flow\n ([d1d6617](https://github.com/ory/kratos/commit/d1d6617013fbcc37eaf48cf19061b86955fc5d5e)):\n\n This patch allows adding a TOTP device in the settings, and also removing it\n when no longer needed.\n\n- Add webauthn identity credential\n ([f8b9582](https://github.com/ory/kratos/commit/f8b95828ea41d29c7f3577cc7772168135bc5514))\n- Adding Dockle Container Linter\n ([#1852](https://github.com/ory/kratos/issues/1852))\n ([3c0d519](https://github.com/ory/kratos/commit/3c0d519dd47657c6adca3d64bca8b3ed02cb7a8f))\n- Adjust to new aal error handling\n ([b8956bc](https://github.com/ory/kratos/commit/b8956bc0fc8a45e88dd51f79608f9d6c34e2b6f3))\n- API to return access, refresh, id tokens from social sign in\n ([#1818](https://github.com/ory/kratos/issues/1818))\n ([198991a](https://github.com/ory/kratos/commit/198991a9ce25fbaccc927be3bd3f6b1593771bec)),\n closes [#1518](https://github.com/ory/kratos/issues/1518)\n [#397](https://github.com/ory/kratos/issues/397):\n\n This patch introduces the new `include_credential` query parameter to the\n `GET /identities` endpoint which allows administrators to receive the initial\n access, refresh, and ID tokens from Social Sign In (OpenID Connect / OAuth\n 2.0) flows.\n\n These tokens can be stored in an encrypted format (XChaCha20Poly1305 or\n AES-GCM) in the database if an appropriate encryption secret is set. To get\n started easily these values are not encrypted per default.\n\n For more information head\n [over to the docs](https://kratos/docs/guides/retrieve-social-sign-in-access-refresh-id-token).\n\n- Auto-generate list of messages\n ([cf46339](https://github.com/ory/kratos/commit/cf46339b9a07cd72b4d01e40c2df72e6c8104e9b)),\n closes [#1784](https://github.com/ory/kratos/issues/1784)\n- Endpoint to list all identity schemas\n ([#1703](https://github.com/ory/kratos/issues/1703))\n ([aa23d5d](https://github.com/ory/kratos/commit/aa23d5d5af28d8a7789b4a0c7e97197c7758ad98)),\n closes [#1699](https://github.com/ory/kratos/issues/1699)\n- Generate sdks and update versions\n ([c9d22d9](https://github.com/ory/kratos/commit/c9d22d91f5fe49b5f2818160ade58bfd265f03e5))\n- **hash:** PBKDF2 password hash verification\n ([#1774](https://github.com/ory/kratos/issues/1774))\n ([33cc7e0](https://github.com/ory/kratos/commit/33cc7e02d9bcc24ae1de438102660cc89fd008d6)),\n closes [#1659](https://github.com/ory/kratos/issues/1659)\n- Identity schema validation on startup\n ([#1779](https://github.com/ory/kratos/issues/1779))\n ([99db3f0](https://github.com/ory/kratos/commit/99db3f03afd4b2525cbce54133a1abd1d49d2886)),\n closes [#701](https://github.com/ory/kratos/issues/701)\n- **identity:** Add AAL constants\n ([882573d](https://github.com/ory/kratos/commit/882573df5621446e799b17ca0ab09d3934e44437))\n- Implement AAL for login and sessions\n ([45467e0](https://github.com/ory/kratos/commit/45467e0caba7ed31e2ebde71a8b32ecd5f8db7c2))\n- Implement endpoint for invalidating all sessions for a given identity\n ([#1740](https://github.com/ory/kratos/issues/1740))\n ([dbd1689](https://github.com/ory/kratos/commit/dbd1689c11fd0a3d999ea09b553dd4a14a7a6972)),\n closes [#655](https://github.com/ory/kratos/issues/655):\n\n This PR introduces endpoint to destroy all sessions for a given identity which\n effectively logouts user from all devices/sessions. This is useful when for\n some security concern we want to make sure there are no \"old\" sessions active\n or other \"staff\" related actions (such as force logout after password change\n etc.).\n\n- Implement lookup code settings and login\n ([8f3ce7b](https://github.com/ory/kratos/commit/8f3ce7b33390fcae85e605193806364ca9d099c9))\n- Improve detection of AAL errors and return 422 instead of 403\n ([e2bfbea](https://github.com/ory/kratos/commit/e2bfbea1541aca983eb835d3da2b5fe70ac4b7a5))\n- Improve labels for totp and lookup\n ([b92e00e](https://github.com/ory/kratos/commit/b92e00e345da1f8ab76750e3f0ae1301977bbae0))\n- Improve session device annotations\n ([87907b8](https://github.com/ory/kratos/commit/87907b8d29dc9cd7140535e81ea62c2d7f8e41c3))\n- In docker debug support with delve\n ([#1789](https://github.com/ory/kratos/issues/1789))\n ([37325a1](https://github.com/ory/kratos/commit/37325a18d9430130d0062674433fa0d3f9a59eb3))\n- Introduce cve scanning ([#1798](https://github.com/ory/kratos/issues/1798))\n ([ade13ea](https://github.com/ory/kratos/commit/ade13ea082ee11e9c1005de3ccb3ae6b5f02bb49))\n- **logout:** Add logout token to browser response\n ([#1758](https://github.com/ory/kratos/issues/1758))\n ([d3f1177](https://github.com/ory/kratos/commit/d3f1177a9a82dc2c4f930f15c6ec87c3ec5a1d53))\n- Mark recovery email address verified\n ([#1665](https://github.com/ory/kratos/issues/1665))\n ([e3efc5d](https://github.com/ory/kratos/commit/e3efc5d0673106115a236e38b5d76d6672d64d20)),\n closes [#1662](https://github.com/ory/kratos/issues/1662)\n- Mark required fiels as required\n ([34cd5e8](https://github.com/ory/kratos/commit/34cd5e8e638be3d48ed8174112417bc36400e8cb)):\n\n Closes https://github.com/ory-corp/cloud/issues/1328 Closes\n https://github.com/ory/kratos/issues/400 Closes\n https://github.com/ory/kratos/issues/1058 See\n https://ory-community.slack.com/archives/C012RJ2MQ1H/p1631825476159000\n\n- Natively support social sign in for single-page apps\n ([1a1a350](https://github.com/ory/kratos/commit/1a1a350a9f0df85195505690fc52086eddf78371))\n- **persistence:** Add new columns for mfa\n ([6184fe3](https://github.com/ory/kratos/commit/6184fe385cf87b260117290089b06445e5b6b205))\n- Potentially add arm64 docker support\n ([68112de](https://github.com/ory/kratos/commit/68112defb97db1c6f4b8bf65e2e522b22e27d280))\n- Proper enum and type assertions for openapi\n ([c4d8516](https://github.com/ory/kratos/commit/c4d8516fb93c2127c6d0c28a914ed7b8f8646832))\n- Publish webauthn as loadable script instead of eval\n ([2717c59](https://github.com/ory/kratos/commit/2717c5958ab3f088821fdf96fdf6d44d48fea310))\n- Redirect on login if session aal is not matched\n ([8feff8d](https://github.com/ory/kratos/commit/8feff8daaf4ac744fab22627d9bdab45740570d5))\n- Respect webauthn in session aal\n ([869b4a5](https://github.com/ory/kratos/commit/869b4a5a812b840196eaf1e591aeb685d7f0e904))\n- **session:** Respect 2fa enforcement in whoami\n ([3a82c88](https://github.com/ory/kratos/commit/3a82c8806931a2b4cd05142a6dae8040a76658bc))\n- Sign in with apple ([#1833](https://github.com/ory/kratos/issues/1833))\n ([16ed123](https://github.com/ory/kratos/commit/16ed123adba06167f70eb952ae3877d4476f8c71)),\n closes [#1782](https://github.com/ory/kratos/issues/1782):\n\n Adds an adapter and configuration options for enabling Social Sign In with\n Apple.\n\n- Sort totp nodes\n ([5c9a494](https://github.com/ory/kratos/commit/5c9a49487f45af5b7edf069edf9c3d37ef293cd5))\n- Stubable time in text package\n ([22e4ed1](https://github.com/ory/kratos/commit/22e4ed15e2eecb51b393762077872b19f6f2acd2))\n- Support apple m1\n ([54b4fb6](https://github.com/ory/kratos/commit/54b4fb698c6a087afef8821fa8300798e484ae18))\n- Support setting the identity state via the admin API\n ([#1805](https://github.com/ory/kratos/issues/1805))\n ([29c060b](https://github.com/ory/kratos/commit/29c060bd348733eeafee98d5f255c737a8cbcad0)),\n closes [#1767](https://github.com/ory/kratos/issues/1767)\n- Support strategy return to ui for settings\n ([74670bb](https://github.com/ory/kratos/commit/74670bb4b0cc45626537e5ac63283fd14f05dee1))\n- Support webauthn for mfa\n ([e8f4d3c](https://github.com/ory/kratos/commit/e8f4d3cb899d44c777b094f2ae4d84ff68532bf9))\n- **totp:** Add width and height to QR code\n ([a648ba3](https://github.com/ory/kratos/commit/a648ba3de9a0ba707ce39c37fa5d5e38c4da74d3))\n- **totp:** Support account name setting from schema\n ([19a6bcc](https://github.com/ory/kratos/commit/19a6bcc9d8940acb2a5f0eb4a6cc7f28801a2f92))\n- Treat lookup as aal2 in session\n ([3269028](https://github.com/ory/kratos/commit/3269028d46d0ef23de3f905c325d514f24db43b8))\n- Use discriminators for ui node types in spec\n ([59e808e](https://github.com/ory/kratos/commit/59e808e8dc6339da59bbe08ebbcf7b840e3fdd50))\n- Use initial_value in lookup strategy\n ([efe272f](https://github.com/ory/kratos/commit/efe272f06966edc4858602d94740b6ed36c12e57))\n\n### Reverts\n\n- 3745014\n ([d493d10](https://github.com/ory/kratos/commit/d493d1049f90ca6ee7b85931e3652aa9fdeb0254))\n\n### Tests\n\n- Aal in login.NewFlow\n ([5986e38](https://github.com/ory/kratos/commit/5986e38e6ab9eec1761e4c723c807dc0ef2a3dfa))\n- AcceptToRedirectOrJSON\n ([2ca153f](https://github.com/ory/kratos/commit/2ca153f027599c18583ce0ebacb5ed577b56ddf3))\n- Add credentials test\n ([58b388c](https://github.com/ory/kratos/commit/58b388c70d5ff32822e8ac5f3a394e683273ac6a))\n- Add expired test to login handler\n ([3bdb8ab](https://github.com/ory/kratos/commit/3bdb8abb558c0f8c4b33f712678f5da02d0ef4ee))\n- Add identity change test to settings submit\n ([5eb090b](https://github.com/ory/kratos/commit/5eb090b2564192deb77e64dd74a07b96c381391d))\n- Add initial spa e2e test\n ([20617f6](https://github.com/ory/kratos/commit/20617f628ac84981c3b47ce9e9ab193b8ff426d0))\n- Add initial totp integration tests\n ([c9d456b](https://github.com/ory/kratos/commit/c9d456bf03cb33baf0745fe9a511f84b4c9427e3))\n- Add login tests\n ([a71cadd](https://github.com/ory/kratos/commit/a71cadde91bdaf960caf30dcfa957a2646da86a2))\n- Add migrations tests for new tables\n ([3c96ab0](https://github.com/ory/kratos/commit/3c96ab059af9bf6002b341c5db51d1b3ca5da655))\n- Add react app to e2e tests\n ([1214eee](https://github.com/ory/kratos/commit/1214eeee24b06e6e72c55cfed2176860ecbf3c13))\n- Add schema test for totp config\n ([c4f05ba](https://github.com/ory/kratos/commit/c4f05ba60af1d7ca31b4cf54097cbefa88085704))\n- Add session amr test\n ([eedb60b](https://github.com/ory/kratos/commit/eedb60bec9bebfb0a4ffb67dd484d2e6b466e776))\n- Add settings tests\n ([6959565](https://github.com/ory/kratos/commit/6959565212dc5e7296aad7f1365a944379dd5d6d))\n- Add test for TOTPIssuer\n ([14731c4](https://github.com/ory/kratos/commit/14731c4e7809c2202c9298422c005358b7b26fc3))\n- Add test for ui error page\n ([3977a9c](https://github.com/ory/kratos/commit/3977a9c4d6f98ef6d8f7f4c88d55b46579401ba8))\n- Add TestEnsureInternalContext\n ([152bfc7](https://github.com/ory/kratos/commit/152bfc7294078081ca9f8fc6dd194db6d2e699ad))\n- Add totp registry tests\n ([817e3ec](https://github.com/ory/kratos/commit/817e3ecb213454e4ce3f987ce8a8714301ee8165))\n- Add totp settings tests\n ([c5a0d0f](https://github.com/ory/kratos/commit/c5a0d0f8435690786eaf719bb1376f7da15a6203))\n- Add TOTP to profile\n ([7431e9f](https://github.com/ory/kratos/commit/7431e9fcf4e9c9853ec4d378221c7a3744b3b239))\n- Add update session test\n ([47bd057](https://github.com/ory/kratos/commit/47bd057da0fbf849d643c27c6eb75ef09c5075fb))\n- Additional checks for flow hydration\n ([a40d7fe](https://github.com/ory/kratos/commit/a40d7fe4340ff61c3fa9ac0a70dc5f7e4641a15e))\n- Amr persistence\n ([b0b2d81](https://github.com/ory/kratos/commit/b0b2d8174ca46e066e8eb912a24d9e6efeea0ce8))\n- Check if internal context is validated in store\n ([a23d851](https://github.com/ory/kratos/commit/a23d8518fc65f645cae9c196ff70df4efca67266))\n- CheckAAL\n ([03b37e7](https://github.com/ory/kratos/commit/03b37e7675e369817d2bb226047ec9f26b18a456))\n- Complete TOTP login integration tests\n ([6e503cf](https://github.com/ory/kratos/commit/6e503cff28428e707b3812cd2bf8e44ccc487b89))\n- **e2e:** Add baseurl\n ([159b25f](https://github.com/ory/kratos/commit/159b25f7ab0ac659033d861868f472183b852167))\n- **e2e:** Add checkboxes to schemas\n ([0c91f0c](https://github.com/ory/kratos/commit/0c91f0c89081726e7451d5411a6adeb631ae2edb))\n- **e2e:** Add config for proxy to simplify cy.visit logic\n ([7d87985](https://github.com/ory/kratos/commit/7d8798560947227d64a35d2dd69623bc1a1ddc8f))\n- **e2e:** Add mfa profile\n ([a60d157](https://github.com/ory/kratos/commit/a60d157bfeb79cb527bf73b3fc38e1ba5388cbed))\n- **e2e:** Add modd to build\n ([48cd8ae](https://github.com/ory/kratos/commit/48cd8aeb851d02e2fd31e73e044befb45242e953))\n- **e2e:** Add more helpers and ts defs\n ([21b35b0](https://github.com/ory/kratos/commit/21b35b025a21b1f6ab3ac8be79339f1734b3033a))\n- **e2e:** Add more helpers for various flows and proxy settings\n ([755ac60](https://github.com/ory/kratos/commit/755ac60cb1a54cd188ab07d9448598d738c5e866))\n- **e2e:** Add more routes to registry\n ([30423c9](https://github.com/ory/kratos/commit/30423c92ba27709e003e88e58072b78ef3e2aa04))\n- **e2e:** Add more typings for cypress helpers\n ([60bd63f](https://github.com/ory/kratos/commit/60bd63f31d6b639af19048cc3d1e392b885213e0))\n- **e2e:** Add plugin for using got\n ([8fafc40](https://github.com/ory/kratos/commit/8fafc40dff8a0d9d5d678b59ecf4c13755906a4f))\n- **e2e:** Add proxy capabilities for react native app\n ([b5668df](https://github.com/ory/kratos/commit/b5668df755e186f12c0e543715bc2e16011583a6))\n- **e2e:** Add recovery tests for SPA\n ([b6014ee](https://github.com/ory/kratos/commit/b6014eee8b507abf6e3b4324097b3015f722cbe3))\n- **e2e:** Add spa as allowed redirect url\n ([2625d16](https://github.com/ory/kratos/commit/2625d1689d47fb1cdbe34708be27f2317cdc7bea))\n- **e2e:** Add SPA tests for login and refactor tests to typescript\n ([d9a25df](https://github.com/ory/kratos/commit/d9a25df1ba34cbefd416dccfdb2f5fc93e0290b9))\n- **e2e:** Add SPA tests for logout and refactor tests to typescript\n ([b0c6776](https://github.com/ory/kratos/commit/b0c67769e4afcdbc05d2c1966e38faa18404a5db))\n- **e2e:** Add SPA tests for registration and refactor tests to typescript\n ([a61ed1e](https://github.com/ory/kratos/commit/a61ed1edb41df64f58e23f8c88894fb742fd275d))\n- **e2e:** Add support functions and type definitions\n ([c82d68d](https://github.com/ory/kratos/commit/c82d68db36563b16623a63be9efaf6b25322f855))\n- **e2e:** Clean up helper\n ([4806add](https://github.com/ory/kratos/commit/4806add17a5dd0ea8c8fded644a6c240b17861b3))\n- **e2e:** Complete SPA tests for all mfa flows\n ([2196129](https://github.com/ory/kratos/commit/219612903bd4dce208e2074e4595980c1cb60711))\n- **e2e:** Default and empty values and required fields\n ([72f2c5f](https://github.com/ory/kratos/commit/72f2c5fbd8227e19d62f26aeddfb1bd14d7c768b))\n- **e2e:** Ensure advanced types work in forms also\n ([287269c](https://github.com/ory/kratos/commit/287269c9992390b52ff380b31eda3bb7ad205f09))\n- **e2e:** Ensure correct app\n ([a9ff545](https://github.com/ory/kratos/commit/a9ff5457cb48a90668b62e54d0b08cb1e9108994))\n- **e2e:** Finalize mobile tests\n ([acf5c3d](https://github.com/ory/kratos/commit/acf5c3d649e51edfd9e1e3755222d9c7161a92e7))\n- **e2e:** Force port\n ([a49eda8](https://github.com/ory/kratos/commit/a49eda8e0405954d62058d8c1410a62f72bfb7ae))\n- **e2e:** Homogenize profiles\n ([7798e19](https://github.com/ory/kratos/commit/7798e193aa3cce0347e5ca018e09685b6fda0ba2))\n- **e2e:** Hot reload ory kratos on changes\n ([841da09](https://github.com/ory/kratos/commit/841da091689f9a3fceb5509490d7a2f4828b926f))\n- **e2e:** Implement recovery tests for SPA\n ([3dea57f](https://github.com/ory/kratos/commit/3dea57ff986702b9a31621198794e1cc94e4881e))\n- **e2e:** Implement required verification tests for SPA\n ([fb55f34](https://github.com/ory/kratos/commit/fb55f3475f25ab3aa6f7b1765ec5b9f13ef72b15))\n- **e2e:** Improve stability for login tests\n ([43df22b](https://github.com/ory/kratos/commit/43df22bdd52305b2b5d98a0db1c09751bd3ebb4f))\n- **e2e:** Improve stability for registration tests\n ([a1c59a3](https://github.com/ory/kratos/commit/a1c59a349cab3819e5f869dc89eba3c05100f1b8))\n- **e2e:** Improve test reliability\n ([061a7e3](https://github.com/ory/kratos/commit/061a7e340c86b580abde02de3cb521dda7c23efb))\n- **e2e:** Migrate email tests to new proxy set up\n ([54d8cd6](https://github.com/ory/kratos/commit/54d8cd65b8b19f7a643bf9d4060906b818fc91d6))\n- **e2e:** Migrate settings tests to typescript and add SPA tests\n ([566336d](https://github.com/ory/kratos/commit/566336d910f0b3deb4675e1413bfd0182bde6a79))\n- **e2e:** Move config to lower level and publish as package\n ([c21fa26](https://github.com/ory/kratos/commit/c21fa2688e560bb9c714d2078dbc9a72a1da125f))\n- **e2e:** Move registration tests to new proxy set up\n ([eddeb85](https://github.com/ory/kratos/commit/eddeb8510ca4cb13d0644d7083d436778828d0bd))\n- **e2e:** Port mobile test to typescript\n ([db42346](https://github.com/ory/kratos/commit/db4234694723b7dc965c9e2cf4ba792bad0374e9))\n- **e2e:** Port remaining e2e tests to typescript\n ([5853d1a](https://github.com/ory/kratos/commit/5853d1a64b3f7b20af79cc6ebbc381de0d213139))\n- **e2e:** Potentially resolve flaky login test\n ([e237d66](https://github.com/ory/kratos/commit/e237d66adbc3cce972d8e4689a88d02b9a925354))\n- **e2e:** Potentially resolve webauthn startup issues\n ([eae6f5d](https://github.com/ory/kratos/commit/eae6f5d1e9dc08dc8f7152a9c441e029dd4351f3))\n- **e2e:** Prototype typescript implementation\n ([2e869cf](https://github.com/ory/kratos/commit/2e869cff7b1cb87e15013a86b54fda16a01e0267))\n- **e2e:** Recreate identities per flow\n ([1a560a3](https://github.com/ory/kratos/commit/1a560a37c13240d9ae16d34188a6221f589ebbbc))\n- **e2e:** Reduce flaky tests\n ([cae86e7](https://github.com/ory/kratos/commit/cae86e7f6a4fcc9e1433b9c063efe3745273f2dc))\n- **e2e:** Reduce test flakes in lookup codes\n ([bfea354](https://github.com/ory/kratos/commit/bfea354f45858e5be0a588840f6e8125819a244c))\n- **e2e:** Refactor and add support for SPA app\n ([7609219](https://github.com/ory/kratos/commit/7609219448effde35844675533e71583babe1d14))\n- **e2e:** Remove wait condition\n ([af10b03](https://github.com/ory/kratos/commit/af10b03ebca03cdb5654c116efbd3c23b47c7594))\n- **e2e:** Resolve broken test\n ([c7cf134](https://github.com/ory/kratos/commit/c7cf134fbfbbb59b276aa00d02bbad3886f78dee))\n- **e2e:** Resolve flaky test\n ([de7cc59](https://github.com/ory/kratos/commit/de7cc59f07a6b77e3bbf3d98a7b2104b60ce708c))\n- **e2e:** Resolve flaky test issues\n ([1627745](https://github.com/ory/kratos/commit/162774567d44336c8999ee0c1362adb191855d0c))\n- **e2e:** Resolve next not starting\n ([2a2a3cb](https://github.com/ory/kratos/commit/2a2a3cb016e820f651f3cf6cd33123672e5977cb))\n- **e2e:** Resolve regression\n ([d62f0c0](https://github.com/ory/kratos/commit/d62f0c02315702f55b998d4c48d4ca8c6a41827f))\n- **e2e:** Resolve regressions\n ([aaff34e](https://github.com/ory/kratos/commit/aaff34ed66165f787103292ac0a034a0cdaf1308))\n- **e2e:** Resolve regressions\n ([af9aedc](https://github.com/ory/kratos/commit/af9aedc8d29678f480b1b6bad128aefbacd6a373))\n- **e2e:** Revert proxy changes\n ([293d920](https://github.com/ory/kratos/commit/293d92084a7614ae0cd7d5326dc82a209a0841be))\n- **e2e:** Stabilize e2e tests\n ([a5dca28](https://github.com/ory/kratos/commit/a5dca2839ef66217b0046262a7e1fc886276509f))\n- **e2e:** Temporarily add totp to default profile\n ([8ffac9d](https://github.com/ory/kratos/commit/8ffac9d138656eb2322913992b350cea31ed7e87))\n- **e2e:** Update e2e profiles to new proxy set up\n ([a3204cf](https://github.com/ory/kratos/commit/a3204cf9b85e274441c02592288a4f322481e894))\n- **e2e:** Use 127.0.0.1 to prevent ipv6 issues\n ([6f4b534](https://github.com/ory/kratos/commit/6f4b5340d33b31a5e4582858b544beb9c82181c7))\n- **e2e:** Wait for oidc to trigger\n ([9c67c49](https://github.com/ory/kratos/commit/9c67c49235a562430da7ae60426d60cfd6120fca))\n- Enable cookie debug\n ([81c3064](https://github.com/ory/kratos/commit/81c3064d69f8a233b8e0b78e103f2a23ae63cb63))\n- Ensure aal and amr is set on recovery\n ([5cbab54](https://github.com/ory/kratos/commit/5cbab54fe5780689f0b64700567ac4632eb04c0b)),\n closes [#1322](https://github.com/ory/kratos/issues/1322)\n- Ensure aal2 can not be used for oidc\n ([cbbcdd2](https://github.com/ory/kratos/commit/cbbcdd2e86c2d4da14c478637105eb8a36ae06c0))\n- Ensure aal2 can not be used for password\n ([d9d39f0](https://github.com/ory/kratos/commit/d9d39f0bdda0725989a0a8261a449cf1a71afb6b))\n- Ensure authenticated_at after all upgrade\n ([80408b4](https://github.com/ory/kratos/commit/80408b4c90229c61138411be8534fc577b8f0f33))\n- Ensure redirect_url in password strategy\n ([9eafc10](https://github.com/ory/kratos/commit/9eafc10189ca88724fa6d75748299c2dd2c470b1))\n- ErrStrategyAsksToReturnToUI behavior\n ([f739018](https://github.com/ory/kratos/commit/f7390184b02d526bb6e3ff496abc4522afc39d5a))\n- Finalize webauthn tests\n ([97e59e6](https://github.com/ory/kratos/commit/97e59e61ee8be263199c3749e27dd81344777166))\n- Fix regressions in the tests\n ([246c580](https://github.com/ory/kratos/commit/246c580222acd193eea784a6cbfd1e75181a484f))\n- Fix tests in cmd/serve ([#1755](https://github.com/ory/kratos/issues/1755))\n ([b704d08](https://github.com/ory/kratos/commit/b704d08382a9059157c2a649872e88943d66a99f))\n- ID methods of node attributes\n ([ff9ff04](https://github.com/ory/kratos/commit/ff9ff048ddfa13ae73571064a36b33a867727392))\n- Login form submission with AAL\n ([4d54fbb](https://github.com/ory/kratos/commit/4d54fbb37349126418274de8e21473c2ff81f785))\n- **lookup:** Add secret_disable to snapshots\n ([68d6a87](https://github.com/ory/kratos/commit/68d6a876a4f1a0fd74789798397bd325a68d71d6))\n- **lookup:** Ensure context is cleaned up after use\n ([8a210c4](https://github.com/ory/kratos/commit/8a210c41696d1865cce4c589a7cb3e52283fe24d))\n- **lookup:** Refresh and reuse scenarios\n ([89736ed](https://github.com/ory/kratos/commit/89736ed9ba8667314313ca549a6377faddcc3d80))\n- **migration:** Resolve mysql migration issue with empty array\n ([71a5649](https://github.com/ory/kratos/commit/71a5649a52036e29b351b6b4ee220ec7ce3aed05))\n- Move to cupaloy for snapshots\n ([0cce70f](https://github.com/ory/kratos/commit/0cce70f47712da44d891c6d2890e818da6d9971b))\n- Properly refresh mobile session\n ([c31915d](https://github.com/ory/kratos/commit/c31915de32e4b3db4af8ca8f3b5ecb0adf01a510))\n- Registry regression\n ([25c88b5](https://github.com/ory/kratos/commit/25c88b55577b016aa77d2df3c595410633d0eefe))\n- Remove todo items\n ([f60050e](https://github.com/ory/kratos/commit/f60050e0e30b1bf5441c95ada5777743719d65f1))\n- Resolve flaky config test\n ([147c670](https://github.com/ory/kratos/commit/147c6704a9d38b5687eb8aba5661f24f99e577e3))\n- Resolve flaky config test ([#1832](https://github.com/ory/kratos/issues/1832))\n ([db98d01](https://github.com/ory/kratos/commit/db98d010639bfc387ef927c4f80ff6cd0ebc9588))\n- Resolve flaky example tests\n ([#1817](https://github.com/ory/kratos/issues/1817))\n ([0e700d8](https://github.com/ory/kratos/commit/0e700d89c0aaa99b9eec7ce070b7974373377f03))\n- Resolve flaky tests\n ([2bd9100](https://github.com/ory/kratos/commit/2bd910037efd20ab1829784ee087c533e5e8b177))\n- Resolve migratest regressions\n ([e9a1ed1](https://github.com/ory/kratos/commit/e9a1ed188a8f2556e1f60d1c171506dc0dd931d4))\n- Resolve regressions\n ([1502ca1](https://github.com/ory/kratos/commit/1502ca1eb6c2e7ab698dc94675a50db63c326a41))\n- Resolve regressions\n ([1a93b2f](https://github.com/ory/kratos/commit/1a93b2fba1fc41a6ba314253387af9770fd36f5a))\n- Resolve regressions\n ([64850ed](https://github.com/ory/kratos/commit/64850ed3277185ebf68b50449721c903c01eab89))\n- Resolve remaining regressions\n ([f02804c](https://github.com/ory/kratos/commit/f02804c567a532a30eaa228b0ba784b7f7fb0d9a))\n- Resolve remaining regressions\n ([0224c22](https://github.com/ory/kratos/commit/0224c22ebda566c69363ae09dea9d42368c86f48))\n- Resolve remaining regressions\n ([1fa2aa5](https://github.com/ory/kratos/commit/1fa2aa5b60d0b81e2035ae18c60d199b060a4c1f))\n- Resolve time locality issues\n ([53b8b2a](https://github.com/ory/kratos/commit/53b8b2a22e5bad12dabf90c7bcbaf05b13a73a55))\n- Restructure session struct tests\n ([50d3f66](https://github.com/ory/kratos/commit/50d3f66f82cb4e85a213fd86dc20bfadafefae23))\n- Session AAL handling\n ([6fea3e5](https://github.com/ory/kratos/commit/6fea3e5aec6556697092c9a9d12295ed7e4d408b))\n- Session activate\n ([c86fa03](https://github.com/ory/kratos/commit/c86fa03d3b2390403dcb14ef93307adc61ac7c79))\n- **sql:** Fix incorrect UUID\n ([ea2894e](https://github.com/ory/kratos/commit/ea2894ed0f12de011fd5ce304dd614579ea5e96c))\n- Temporarily enable lookup globally\n ([458f559](https://github.com/ory/kratos/commit/458f559ec816e64c6c9f53ecacdb4ae30fc9f8f7))\n- **totp:** Ensure context is cleaned up after use\n ([1905883](https://github.com/ory/kratos/commit/19058830c0541f717360d3f599760b2a5cf47c4e))\n- Upgrade cypress to 8.x\n ([c8a1dfc](https://github.com/ory/kratos/commit/c8a1dfcae3d42555b1215ad7eaa03a521bdcb1da))\n- Use different return handler\n ([e489a43](https://github.com/ory/kratos/commit/e489a439e56dcd4218cf81284beaca0ef2ecd35e))\n- Various aal combinations for newflow\n ([b095b99](https://github.com/ory/kratos/commit/b095b990224cbbd5ffa272b8f443b3345634d353))\n- Webauth settings flow\n ([4c82772](https://github.com/ory/kratos/commit/4c82772ae28643ce69a5778c37f3c67644ef6f4c))\n- Webauthn aal2 login\n ([60ace8b](https://github.com/ory/kratos/commit/60ace8b36c033ac4f9cd7e8cd929921e2e882946))\n- Webauthn credentials\n ([c3e1184](https://github.com/ory/kratos/commit/c3e1184e719cd2041df8894edd4bd921bf2c3b00))\n- Webauthn credentials counter\n ([f7701f6](https://github.com/ory/kratos/commit/f7701f629d5553e229546b00d3c345a8d74dd627))\n- **webauthn:** Ensure context is cleaned up after use\n ([7a8055b](https://github.com/ory/kratos/commit/7a8055be357a64a1f4074fe28b249fbaf05cf519))\n\n### Unclassified\n\n- test(e2e) improve reliability\n ([763dd00](https://github.com/ory/kratos/commit/763dd0063f3166fad323b25a1b0e7bdf9850e519))\n- Correct session godoc\n ([7108e65](https://github.com/ory/kratos/commit/7108e65447c37cc6f2937083a2a61442e0a43cb8))\n\n# [0.7.6-alpha.1](https://github.com/ory/kratos/compare/v0.7.5-alpha.1...v0.7.6-alpha.1) (2021-09-12)\n\nResolves further issues in the SDK and release pipeline.\n\n### Code Generation\n\n- Pin v0.7.6-alpha.1 release commit\n ([8b0d1ee](https://github.com/ory/kratos/commit/8b0d1ee66f1ee2b9f37cd178ac2bcbd8980d6f1d))\n\n# [0.7.5-alpha.1](https://github.com/ory/kratos/compare/v0.7.4-alpha.1...v0.7.5-alpha.1) (2021-09-11)\n\nPrimarily resolves issues in the SDK pipeline.\n\n### Code Generation\n\n- Pin v0.7.5-alpha.1 release commit\n ([3a741a5](https://github.com/ory/kratos/commit/3a741a5ed5cff78e0e060bc98f8526537e8719d7))\n\n# [0.7.4-alpha.1](https://github.com/ory/kratos/compare/v0.7.3-alpha.1...v0.7.4-alpha.1) (2021-09-09)\n\nThis release adds the GitHub-app provider, improves SQL instrumentation,\nresolves an expired flow bug, and resolves documentation issues.\n\n### Bug Fixes\n\n- Corret sdk annotations for enums\n ([6152363](https://github.com/ory/kratos/commit/6152363cda20992a9b894e618c3a438f30808a97))\n- Do not panic if cookiemanager returns a nil cookie\n ([6ea5678](https://github.com/ory/kratos/commit/6ea56785fa0354d8d9479a699304a4b933d6c294)),\n closes [#1695](https://github.com/ory/kratos/issues/1695)\n- Respect return_to in expired flows\n ([#1697](https://github.com/ory/kratos/issues/1697))\n ([394a8de](https://github.com/ory/kratos/commit/394a8de9c0cdd33df91d56008eac12510ff14e07)),\n closes [#1251](https://github.com/ory/kratos/issues/1251)\n\n### Code Generation\n\n- Pin v0.7.4-alpha.1 release commit\n ([67ff8a9](https://github.com/ory/kratos/commit/67ff8a947b5b339648aeb4c22aba89205c61382b))\n\n### Documentation\n\n- Add e2e quickstart\n ([2b749d3](https://github.com/ory/kratos/commit/2b749d39fcb0d320d193290966a558ee2c5734d1))\n- Browser redirects ([#1700](https://github.com/ory/kratos/issues/1700))\n ([a44089a](https://github.com/ory/kratos/commit/a44089a506f5ea9daa406fcb862ad707f569c2bb))\n- Mark logout_url always available\n ([9021805](https://github.com/ory/kratos/commit/9021805c4399beb73f234726f8f5f3bfd312482c))\n- Minor improvements ([#1707](https://github.com/ory/kratos/issues/1707))\n ([79c132c](https://github.com/ory/kratos/commit/79c132c5a0737ea1632655d8aea0af63c4200d37))\n\n### Features\n\n- Making use of the updated instrumentedsql version\n ([#1723](https://github.com/ory/kratos/issues/1723))\n ([9e6fbdd](https://github.com/ory/kratos/commit/9e6fbdd06a75d7207b4801d1148267b3a1a0a0c7))\n- **oidc:** Github-app provider\n ([#1711](https://github.com/ory/kratos/issues/1711))\n ([fb1fe8c](https://github.com/ory/kratos/commit/fb1fe8c468bb6f8275618b84c5fa157a314c345f))\n\n### Tests\n\n- **session:** Resolve incorrect assertion\n ([0531220](https://github.com/ory/kratos/commit/05312203ab12eec44e59dcd9210160f2781a69b4))\n\n# [0.7.3-alpha.1](https://github.com/ory/kratos/compare/v0.7.1-alpha.1...v0.7.3-alpha.1) (2021-08-28)\n\nThis patch resolves a regression issue with Facebook login, a memory leak issue\nintroduced by an external dependency, adds a \"requires verification\" login hook,\nand improves performance for some endpoints.\n\nAlso, Ory Kratos SDKs are now published in individual\n[GitHub repositories for every language](https://github.com/ory?q=kratos-client).\n\n### Bug Fixes\n\n- Add new message when refresh parameter is true\n ([#1560](https://github.com/ory/kratos/issues/1560))\n ([0525623](https://github.com/ory/kratos/commit/05256232bf85d68e068eece6c883f46a447ba5bd)),\n closes [#1117](https://github.com/ory/kratos/issues/1117)\n- Add session in spa registration if session cook is configured\n ([#1657](https://github.com/ory/kratos/issues/1657))\n ([639a7dd](https://github.com/ory/kratos/commit/639a7dd52d43c57e9708ed3e7360c17d6efde6a5)),\n closes [#1604](https://github.com/ory/kratos/issues/1604)\n- **docs:** Ensure config reference is updated\n ([f6b3aa4](https://github.com/ory/kratos/commit/f6b3aa45b1f39ca5e9ee7ef4cd96de1970b2ed71)),\n closes [#1597](https://github.com/ory/kratos/issues/1597)\n- Facebook sign in regression\n ([#1689](https://github.com/ory/kratos/issues/1689))\n ([85337bf](https://github.com/ory/kratos/commit/85337bf65af767d7296b14e8fd21bab5c64d23e2)),\n closes [#1687](https://github.com/ory/kratos/issues/1687)\n [#1686](https://github.com/ory/kratos/issues/1686)\n- Http context memory leak\n ([b21bd22](https://github.com/ory/kratos/commit/b21bd224059e8a42da9814237572a118297c5210)):\n\n Ory Kratos was using `gorilla/sessions` prior to version v1.2 which had a\n dependency on `gorilla/context`, a deprecated library with known memory\n management issues. Even though we used `gorilla/context`'s clean up\n middleware, it appears that `r.Context()` was not properly cleaned up, causing\n memory leaks.\n\n On average, the memory leak is pretty small, but depending on what gets added\n to `r.Context()` it could significantly increase the memory leak.\n\n By replacing `gorilla/sessions` with v1.2.1 we:\n 1. Increased the HTTP API throughput by an estimate of 4 times;\n 2. Brought average memory use back down to about 12MB;\n\n Closes https://github.com/ory-corp/cloud/issues/1292\n\n- Outdated label ([#1681](https://github.com/ory/kratos/issues/1681))\n ([149101e](https://github.com/ory/kratos/commit/149101ed145dae2b75e5150013efc478f5fd0cc3))\n- Register argon2 CLI commands properly\n ([#1592](https://github.com/ory/kratos/issues/1592))\n ([45c28d9](https://github.com/ory/kratos/commit/45c28d99064baf8051521a1078ac2b59bb3206ec))\n- Remove session cookie on logout\n ([#1587](https://github.com/ory/kratos/issues/1587))\n ([cdb30bb](https://github.com/ory/kratos/commit/cdb30bb65ac932a17e4924b4efc8952113452513)),\n closes [#1584](https://github.com/ory/kratos/issues/1584):\n\n Before, the logout endpoint would invalidate the session cookie, but not\n remove it. This was a regression introduced in 0.7.0. This patch resolves that\n issue.\n\n- **sdk:** Use proper annotation for genericError\n ([#1611](https://github.com/ory/kratos/issues/1611))\n ([da214b2](https://github.com/ory/kratos/commit/da214b2933ae2a91d8c5bf6aa8eea613a2078b9d)),\n closes [#1609](https://github.com/ory/kratos/issues/1609)\n- Skip prompt on discord authorization by default\n ([#1594](https://github.com/ory/kratos/issues/1594))\n ([a667255](https://github.com/ory/kratos/commit/a6672554b02378eb2dac7b1af99ea2915395867b)):\n\n When a value for prompt is not provided, Discord defaults to\n `prompt=\"consent\"`. This change makes it so that if the request is not forced,\n prompt is explicitly set to \"none\".\n\n- Static parameter for warning message in config.baseURL(...)\n ([#1673](https://github.com/ory/kratos/issues/1673))\n ([db54a1b](https://github.com/ory/kratos/commit/db54a1bd0c93d7a5845ee09d0a16cbc3b8f26a4a)),\n closes [#1672](https://github.com/ory/kratos/issues/1672)\n- Update csrf token cookie name\n ([#1601](https://github.com/ory/kratos/issues/1601))\n ([64c90bf](https://github.com/ory/kratos/commit/64c90bf5e5cec6545a81f88ad5fabb29e9e80850)):\n\n See https://github.com/ory-corp/cloud/issues/1252\n\n- Use eager preloading for list identites endpoint\n ([#1588](https://github.com/ory/kratos/issues/1588))\n ([de5fb3e](https://github.com/ory/kratos/commit/de5fb3e52af9f2d0f1209eed217403a5d7d1ae2d))\n\n### Code Generation\n\n- Pin v0.7.3-alpha.1 release commit\n ([b5ad53e](https://github.com/ory/kratos/commit/b5ad53eca933438126eda3c6c647d99e05e37695))\n\n### Documentation\n\n- Change model to schema ([#1639](https://github.com/ory/kratos/issues/1639))\n ([09c403e](https://github.com/ory/kratos/commit/09c403e55482e91a5bfe9a253e514b7a90826709))\n- Fix func naming for Logout flow\n ([#1676](https://github.com/ory/kratos/issues/1676))\n ([bbeb613](https://github.com/ory/kratos/commit/bbeb6132ba82e28057bc14bf35ea99b70f0c4118)):\n\n rename createSelfServiceLogoutUrlForBrowsers to\n createSelfServiceLogoutFlowUrlForBrowsers\n\n- Fix stub error example ([#1642](https://github.com/ory/kratos/issues/1642))\n ([9bc2fd0](https://github.com/ory/kratos/commit/9bc2fd088ed9b3e7334713e63bae3c7bbcb922db)),\n closes [#1568](https://github.com/ory/kratos/issues/1568)\n- Fixes incorrect yaml identation\n ([#1641](https://github.com/ory/kratos/issues/1641))\n ([6b58278](https://github.com/ory/kratos/commit/6b582784b49c1d103bbf7a6843cdf197fbd93931))\n- Identity traits are visible to user\n ([#1621](https://github.com/ory/kratos/issues/1621))\n ([641eba6](https://github.com/ory/kratos/commit/641eba675bdc583661565a6378776bfad26067c6))\n- Make qickstart URLs consistent (playground vs. localhost)\n ([#1626](https://github.com/ory/kratos/issues/1626))\n ([bae1847](https://github.com/ory/kratos/commit/bae1847eba0d925f28a010876e35e3c2093bc8c6)):\n\n Since the quick-start describes how to run Kratos locally the actual location\n of the redirect is `http://127.0.0.1:4433/self-service/login/browser`.\n\n- Update docker.md - Outdated information\n ([#1627](https://github.com/ory/kratos/issues/1627))\n ([dc32720](https://github.com/ory/kratos/commit/dc32720de25f52b7deb3e32f7530c7827a6ce5df)),\n closes [#1619](https://github.com/ory/kratos/issues/1619):\n\n Kratos does not automatically use a config file that exists at\n `$HOME/.kratos.yaml`, or any other similar pattern. The documentation in the\n Docker Images section of the guides could lead developers to believe that the\n --config flag is unnecessary if they are binding the directory the\n configuration file is in to $HOME or using a custom docker image to provide\n the file.\n\n### Features\n\n- Allow multiple webhook body sources\n ([#1606](https://github.com/ory/kratos/issues/1606))\n ([51b1311](https://github.com/ory/kratos/commit/51b131177c9e0db018eced939fef43742c9e86cf)):\n\n This patch adds support for loading webhooks from the local filesystem, base64\n encoded inline string, and remote (http/https) sources. Please note that\n support for relative/absolute paths without an URI scheme are deprecated and\n will eventually be removed.\n\n- Require verified address ([#1355](https://github.com/ory/kratos/issues/1355))\n ([1cf61cd](https://github.com/ory/kratos/commit/1cf61cdeedbd8bf5b66310793249681ff976baab)),\n closes [#1328](https://github.com/ory/kratos/issues/1328)\n\n# [0.7.1-alpha.1](https://github.com/ory/kratos/compare/v0.7.0-alpha.1...v0.7.1-alpha.1) (2021-07-22)\n\nThis release addresses regressions introduced in Ory Kratos v0.7.0 and resolves\nsome bugs and documentation inconsistencies.\n\n### Bug Fixes\n\n- Automatic tagging for node ui\n ([fe5056e](https://github.com/ory/kratos/commit/fe5056e11d1f8e4355cafa72ed1ff953077181cc)),\n closes [#1537](https://github.com/ory/kratos/issues/1537)\n- Bump kratos ui image for quickstart\n ([aedbb5a](https://github.com/ory/kratos/commit/aedbb5a259ea8ee63fb06c36fb1c7af78bb63ffc)),\n closes [#1537](https://github.com/ory/kratos/issues/1537)\n- Cleanup lint errors and add doc to x\n ([#1545](https://github.com/ory/kratos/issues/1545))\n ([3cfd784](https://github.com/ory/kratos/commit/3cfd7845730685a4493c2b5d1974b79d873eea86))\n- Correct meta schema\n ([8d4f3ff](https://github.com/ory/kratos/commit/8d4f3ff22d4ade6ae3f923c33303002e5f534cff))\n- Do not reset link method ([#1573](https://github.com/ory/kratos/issues/1573))\n ([835fb31](https://github.com/ory/kratos/commit/835fb3127bc10b1642b4a7573722e5dce63fedc7))\n- Do not set csrf cookies on /sessions/whoami\n ([#1580](https://github.com/ory/kratos/issues/1580))\n ([36bbd43](https://github.com/ory/kratos/commit/36bbd434114d120006d49785787a3c94c7f103f9))\n- Export extensionschemas ([#1553](https://github.com/ory/kratos/issues/1553))\n ([6af7638](https://github.com/ory/kratos/commit/6af76387caf37160ded75d83dc09ba0bc177a895))\n- Generate CSRF token on validation creation\n ([#1549](https://github.com/ory/kratos/issues/1549))\n ([6612c5f](https://github.com/ory/kratos/commit/6612c5f62e5cc242a808032def5714715ce49d11)),\n closes [#1547](https://github.com/ory/kratos/issues/1547)\n- Identity extension meta schema\n ([#1554](https://github.com/ory/kratos/issues/1554))\n ([ba5ca64](https://github.com/ory/kratos/commit/ba5ca642d01917b43d49e009bf140ae13b4f1313)):\n\n Up until now the extension meta schema was only applied to top level keys.\n This fix now recursively checks the extension schema on any depth.\n\n- Remove domain alias config constraint\n ([#1542](https://github.com/ory/kratos/issues/1542))\n ([c6145db](https://github.com/ory/kratos/commit/c6145dbfb278369c8e3ad6eae7e8574ed49ba193))\n- Resolve wrong openapi types\n ([b07927c](https://github.com/ory/kratos/commit/b07927cd23cbfce23f3b0676303a2d0ca564143b))\n- Update identity state openapi spec\n ([0217737](https://github.com/ory/kratos/commit/0217737f5a2860e299ccec4387a2cc83aaac1557))\n- Use legacy ssl in quickstart config\n ([6c13c2b](https://github.com/ory/kratos/commit/6c13c2bedd45c10713907e24976658d4a4b88de6)),\n closes [#1569](https://github.com/ory/kratos/issues/1569)\n\n### Code Generation\n\n- Pin v0.7.1-alpha.1 release commit\n ([4fe76af](https://github.com/ory/kratos/commit/4fe76af1302d45ddf4cf3c2c5949311c9cf1f8b8))\n\n### Documentation\n\n- Add instruction for creating user\n ([#1541](https://github.com/ory/kratos/issues/1541))\n ([c2a1b6d](https://github.com/ory/kratos/commit/c2a1b6df95bcb5dfe2b238be5903f483b9e701b5)),\n closes [#1530](https://github.com/ory/kratos/issues/1530)\n- Clarify flags in schema which are not available in config file\n ([e5ea5fe](https://github.com/ory/kratos/commit/e5ea5fee31eb2f70dc7c33565f791da9e2e87cc2)),\n closes [#1514](https://github.com/ory/kratos/issues/1514)\n- Fix formatting of Email and Phone Verification Flow tab content\n ([#1536](https://github.com/ory/kratos/issues/1536))\n ([0bfac67](https://github.com/ory/kratos/commit/0bfac67a06ef0d96ffd6a487c90edb44d3a40710))\n- Fix typo ([#1543](https://github.com/ory/kratos/issues/1543))\n ([b25bae7](https://github.com/ory/kratos/commit/b25bae7f2cdcbb60384808041744edd718a2a814))\n- Fix typo ([#1544](https://github.com/ory/kratos/issues/1544))\n ([547788d](https://github.com/ory/kratos/commit/547788de74794a1dcf43e5190cdfc9d2e1a2dc92))\n- Update csrf pitfall flow section\n ([#1558](https://github.com/ory/kratos/issues/1558))\n ([cc7ed4b](https://github.com/ory/kratos/commit/cc7ed4b5f65d2971a45d5d0ec6188908d070d915)),\n closes [#1557](https://github.com/ory/kratos/issues/1557)\n\n### Tests\n\n- Longer wait time for e2e boot\n ([3a85a33](https://github.com/ory/kratos/commit/3a85a33ad8a8eec2ebf57d5a47937499141b6bc0))\n\n# [0.7.0-alpha.1](https://github.com/ory/kratos/compare/v0.6.3-alpha.1...v0.7.0-alpha.1) (2021-07-13)\n\nAbout two months ago we released Ory Kratos v0.6. Today, we are excited to\nannounce the next iteration of Ory Kratos v0.7! This release includes 215\ncommits from 24 contributors with over 770 files and more than 100.000 lines of\ncode changed!\n\nOry Kratos v0.7 brings massive developer experience improvements:\n\n- A reworked, tested, and standardized SDK based on OpenAPI 3.0.3\n ([#1477](https://github.com/ory/kratos/pull/1477),\n [#1424](https://github.com/ory/kratos/issues/1424));\n- Native support of Single-Page-Apps (ReactJS, AngularJS, ...) for all\n self-service flows ([#1367](https://github.com/ory/kratos/pull/1367));\n- Sign in with Yandex, VK, Auth0, Slack;\n- An all-new, secure logout flow\n ([#1433](https://github.com/ory/kratos/pull/1433));\n- Important security updates to the self-service GET APIs\n ([#1458](https://github.com/ory/kratos/pull/1458),\n [#1282](https://github.com/ory/kratos/issues/1282));\n- Built-in support for TLS ([#1466](https://github.com/ory/kratos/pull/1466));\n- Improved documentation and Go Module structure;\n- Resolving a case-sensitivity bug in self-service recovery and verification\n flows;\n- Improved performance for listing identities;\n- Support for Instant tracing\n ([#1429](https://github.com/ory/kratos/pull/1429));\n- Improved control for SMTPS, supporting SSL and STARTTLS\n ([#1430](https://github.com/ory/kratos/pull/1430));\n- Ability to run Ory Kratos in networks without outbound requests\n ([#1445](https://github.com/ory/kratos/pull/1445));\n- Improved control over HTTP Cookie behavior\n ([#1531](https://github.com/ory/kratos/pull/1531));\n- Several smaller user experience improvements and bug fixes;\n- Improved e2e test pipeline.\n\nIn the next iteration of Ory Kratos, we will focus on providing a NextJS example\napplication for the SPA integration as well as the long-awaited MFA flows!\n\nPlease be aware that upgrading to Ory Kratos 0.7 requires you to apply SQL\nmigrations. Make sure to back up your database before migration!\n\nFor more details on breaking changes and patch notes, see below.\n\n## Breaking Changes\n\nPrior to this change it was not possible to specify the verification/recovery\nlink lifetime. Instead, it was bound to the flow expiry. This patch changes that\nand adds the ability to configure the lifespan of the link individually:\n\n```patch\n selfservice:\n methods:\n link:\n enabled: true\n config:\n+ # Defines how long a recovery link is valid for (default 1h)\n+ lifespan: 15m\n```\n\nThis is a breaking change because the link strategy no longer respects the\nrecovery / verification flow expiry time and, unless set, will default to one\nhour.\n\nThis change introduces a better SDK. As part of this change, several breaking\nchanges with regards to the SDK have been introduced. We recommend reading this\nsection carefully to understand the changes and how they might affect you.\n\nBefore, the SDK was structured into tags `public` and `admin`. This stems from\nthe fact that we have two ports in Ory Kratos - one administrative and one\npublic port.\n\nWhile serves as a good overview when working with Ory Kratos, it does not\nexpress:\n\n- What module the API belongs to (e.g. self-service, identity, ...)\n- What maturity the API has (e.g. experimental, alpha, beta, ...)\n- What version the API has (e.g. v0alpha0, v1beta0, ...)\n\nThis patch replaces the current `admin` and `public` tags with a versioned\napproach indicating the maturity of the API used. For example,\n`initializeSelfServiceSettingsForBrowsers` would no longer be under the `public`\ntag but instead under the `v0alpha1` tag:\n\n```patch\nimport {\n Configuration,\n- PublicApi\n+ V0Alpha1\n} from '@ory/kratos-client';\n\n- const kratos = new PublicApi(new Configuration({ basePath: config.kratos.public }));\n+ const kratos = new V0Alpha1(new Configuration({ basePath: config.kratos.public }));\n```\n\nTo avoid confusion when setting up the SDK, and potentially using the wrong\nendpoints in your codebase and ending up with strange 404 errors, Ory Kratos now\nredirects you to the correct port, given that `serve.(public|admin).base_url`\nare configured correctly. This is a significant improvement towards a more\nrobust API experience!\n\nFurther, all administrative functions require, in the Ory SaaS, authorization\nusing e.g. an Ory Personal Access Token. In the open source, we do not know what\ndevelopers use to protect their APIs. As such, we believe that it is ok to have\nadmin and public functions under one common API and differentiate with an\n`admin` prefix. Therefore, the following patches should be made in your\ncodebase:\n\n```patch\nimport {\n- AdminApi,\n+ V0Alpha1,\n Configuration\n} from '@ory/kratos-client';\n\n-const kratos = new AdminApi(new Configuration({ basePath: config.kratos.admin }));\n+const kratos = new V0Alpha1(new Configuration({ basePath: config.kratos.admin }));\n\n-kratos.createIdentity({\n+kratos.adminCreateIdentity({\n schema_id: 'default',\n traits: { /* ... */ }\n})\n```\n\nFurther, we have introduced a\n[style guide for writing SDKs annotations](https://www.ory.sh/docs/ecosystem/contributing#openapi-spec-and-go-swagger)\ngoverning how naming conventions should be chosen.\n\nWe also streamlined how credentials are used. We now differentiate between:\n\n- Per-request credentials such as the Ory Session Token / Cookie\n ```\n - public getSelfServiceRegistrationFlow(id: string, cookie?: string, options?: any) {}\n + public getSelfServiceSettingsFlow(id: string, xSessionToken?: string, cookie?: string, options?: any) {}\n ```\n- Global credentials such as the Ory (SaaS) Personal Access Token.\n\n ```typescript\n const kratos = new V0Alpha0(\n new Configuration({\n basePath: config.kratos.admin,\n accessToken: \"some-token\",\n }),\n )\n\n kratosAdmin.adminCreateIdentity({\n schema_id: \"default\",\n traits: {\n /* ... */\n },\n })\n ```\n\nWe hope you enjoy the vastly improved experience! There are still many things\nthat we want to iterate on. For full context, we recommend reading the proposal\nand discussion around these changes at\n[kratos#1424](https://github.com/ory/kratos/issues/1424).\n\nAdditionally, the Self-Service Error endpoint was updated. First, the endpoint\n`/self-service/errors` is now located at the public port only with the admin\nport redirecting to it. Second, the parameter `?error` was renamed to `?id` for\nbetter SDK compatibility. Parameter `?error` is still working but will be\ndeprecated at some point. Third, the response no longer contains an error array\nin `errors` but instead just a single error under `error`:\n\n```patch\n{\n \"id\": \"60208346-3a61-4880-96ae-0419cde8fca8\",\n- \"errors\": [{\n+ \"error\": {\n \"code\": 404,\n \"status\": \"Not Found\",\n \"reason\": \"foobar\",\n \"message\": \"The requested resource could not be found\"\n- }],\n+ },\n \"created_at\": \"2021-07-07T11:20:15.310506+02:00\",\n \"updated_at\": \"2021-07-07T11:20:15.310506+02:00\"\n}\n```\n\nThis patch introduces CSRF countermeasures for fetching all self-service flows.\nThis ensures that users can not accidentally leak sensitive information when\ncopy/pasting e.g. login URLs (see #1282). If a self-service flow for browsers is\nrequested, the CSRF cookie must be included in the call, regardless if it is a\nclient-side browser app or a server-side browser app calling. This **does not\napply** for API-based flows.\n\nAs part of this change, the following endpoints have been removed:\n\n- `GET /self-service/login/flows`;\n- `GET /self-service/registration/flows`;\n- `GET /self-service/verification/flows`;\n- `GET /self-service/recovery/flows`;\n- `GET /self-service/settings/flows`.\n\nPlease ensure that your server-side applications use the public port (e.g.\n`GET /self-service/login/flows`) for fetching self-service\nflows going forward.\n\nIf you use the SDKs, upgrading is easy by adding the `cookie` header when\nfetching the flows. This is only required when **using browser flows on the\nserver side**.\n\nThe following example illustrates a ExpressJS (NodeJS) server-side application\nfetching the self-service flows.\n\n```patch\napp.get('some-route', (req: Request, res: Response) => {\n- kratos.getSelfServiceLoginFlow(flow).then((flow) => /* ... */ )\n+ kratos.getSelfServiceLoginFlow(flow, req.header('cookie')).then((flow) => /* ... */ )\n\n- kratos.getSelfServiceRecoveryFlow(flow).then((flow) => /* ... */ )\n+ kratos.getSelfServiceRecoveryFlow(flow, req.header('cookie')).then((flow) => /* ... */ )\n\n- kratos.getSelfServiceRegistrationFlow(flow).then((flow) => /* ... */ )\n+ kratos.getSelfServiceRegistrationFlow(flow, req.header('cookie')).then((flow) => /* ... */ )\n\n- kratos.getSelfServiceVerificationFlow(flow).then((flow) => /* ... */ )\n+ kratos.getSelfServiceVerificationFlow(flow, req.header('cookie')).then((flow) => /* ... */ )\n\n- kratos.getSelfServiceSettingsFlow(flow).then((flow) => /* ... */ )\n+ kratos.getSelfServiceSettingsFlow(flow, undefined, req.header('cookie')).then((flow) => /* ... */ )\n})\n```\n\nFor concrete details, check out\n[the changes in the NodeJS app](https://github.com/ory/kratos-selfservice-ui-node/commit/e7fa292968111e06401fcfc9b1dd0e8e285a4d87).\n\nThis patch refactors the logout functionality for browsers and APIs. It adds\nincreased security and DoS-defenses to the logout flow.\n\nPreviously, calling `GET /self-service/browser/flows/logout` would remove the\nsession cookie and redirect the user to the logout endpoint. Now you have to\nmake a call to `GET /self-service/logout/browser` which returns a JSON response\nincluding a `logout_url` URL to be used for logout. The call to\n`/self-service/logout/browser` must be made using AJAX with cookies enabled or\nby including the Ory Session Cookie in the `X-Session-Cookie` HTTP Header. You\nmay also use the SDK method `createSelfServiceLogoutUrlForBrowsers` to do that.\n\nAdditionally, the endpoint `DELETE /sessions` has been moved to\n`DELETE /self-service/logout/api`. Payloads and responses stay equal. The SDK\nmethod `revokeSession` has been renamed to\n`submitSelfServiceLogoutFlowWithoutBrowser`.\n\nWe listened to your feedback and have improved the naming of the SDK method\n`initializeSelfServiceRecoveryForNativeApps` to better match what it does:\n`initializeSelfServiceRecoveryWithoutBrowser`. As in the previous release you\nmay still use the old SDK if you do not want to deal with the SDK breaking\nchanges for now.\n\nWe listened to your feedback and have improved the naming of the SDK method\n`initializeSelfServiceVerificationForNativeApps` to better match what it does:\n`initializeSelfServiceVerificationWithoutBrowser`. As in the previous release\nyou may still use the old SDK if you do not want to deal with the SDK breaking\nchanges for now.\n\nWe listened to your feedback and have improved the naming of the SDK method\n`initializeSelfServiceSettingsForNativeApps` to better match what it does:\n`initializeSelfServiceSettingsWithoutBrowser`. As in the previous release you\nmay still use the old SDK if you do not want to deal with the SDK breaking\nchanges for now.\n\nWe listened to your feedback and have improved the naming of the SDK method\n`initializeSelfServiceregistrationForNativeApps` to better match what it does:\n`initializeSelfServiceregistrationWithoutBrowser`. As in the previous release\nyou may still use the old SDK if you do not want to deal with the SDK breaking\nchanges for now.\n\nWe listened to your feedback and have improved the naming of the SDK method\n`initializeSelfServiceLoginForNativeApps` to better match what it does:\n`initializeSelfServiceLoginWithoutBrowser`. As in the previous release you may\nstill use the old SDK if you do not want to deal with the SDK breaking changes\nfor now.\n\n### Bug Fixes\n\n- Add json detection to setting error subbranches\n ([fb83dcb](https://github.com/ory/kratos/commit/fb83dcb8ae7463079ddb33c04673cf4556f6058c))\n- Add verification success message\n ([#1526](https://github.com/ory/kratos/issues/1526))\n ([126698c](https://github.com/ory/kratos/commit/126698c0b531ca304bb323c825cbeb86b5814f31)),\n closes [#1450](https://github.com/ory/kratos/issues/1450)\n- Cache migration status\n ([5be2f14](https://github.com/ory/kratos/commit/5be2f149cd79ddfbe8496eccf5d5aacb6a9a0b8e)),\n closes [#1337](https://github.com/ory/kratos/issues/1337)\n- Change SMTP config validation from URI to a Regex pattern\n ([#1436](https://github.com/ory/kratos/issues/1436))\n ([5ab1e8f](https://github.com/ory/kratos/commit/5ab1e8f17bcbc229fada2c584b2c1f576b819761)),\n closes [#1435](https://github.com/ory/kratos/issues/1435)\n- Check filesystem before fallback to bundled templates\n ([#1401](https://github.com/ory/kratos/issues/1401))\n ([22d999e](https://github.com/ory/kratos/commit/22d999e78eb4f67d2f3ba07e62fd28ffb3331d6d))\n- Continue button for oidc registration step\n ([2aad5ac](https://github.com/ory/kratos/commit/2aad5ac8f7055f39f4f434d26fbca74cdbe75337)),\n closes [#1422](https://github.com/ory/kratos/issues/1422)\n [#1320](https://github.com/ory/kratos/issues/1320):\n\n When signing up with an OIDC provider and the traits model is missing some\n fields, the submit button shows all OIDC options. Instead, it should show just\n one option called \"Continue\".\n\n- Deprecate sessionCookie ([#1428](https://github.com/ory/kratos/issues/1428))\n ([eccad74](https://github.com/ory/kratos/commit/eccad741a1702181d4b207aad954a950906a808b)),\n closes [#1426](https://github.com/ory/kratos/issues/1426)\n- Do not cache incomplete migrations\n ([#1434](https://github.com/ory/kratos/issues/1434))\n ([154c26f](https://github.com/ory/kratos/commit/154c26f6da4bb7040deabdc352c90cdae42c69fe))\n- Do not run network migrations when booting\n ([12bbab9](https://github.com/ory/kratos/commit/12bbab9d3cf788998cd4a9be50ac8c7a9d2232bd)),\n closes [#1399](https://github.com/ory/kratos/issues/1399)\n- Format test files\n ([0468aa1](https://github.com/ory/kratos/commit/0468aa19ebfb0f68de5d9d1e59180d953f197cc0))\n- Improve identity list performance\n ([f76886f](https://github.com/ory/kratos/commit/f76886fe7436f71fbef00081888a2f8d0106ba98)),\n closes [#1412](https://github.com/ory/kratos/issues/1412)\n- Incorrect openapi specification for verification submission\n ([#1431](https://github.com/ory/kratos/issues/1431))\n ([ecb0a01](https://github.com/ory/kratos/commit/ecb0a01f61441aa97751943b5e9ddcc28f783d91)),\n closes [#1368](https://github.com/ory/kratos/issues/1368)\n- Link t docker guide\n ([953c6d6](https://github.com/ory/kratos/commit/953c6d60f6b6d82ac1406e84c2d87119e63dac48))\n- Mark ui node message as optional\n ([#1365](https://github.com/ory/kratos/issues/1365))\n ([7b8d59f](https://github.com/ory/kratos/commit/7b8d59f48ed14a6d0672238645d8675d4bf7fd77)),\n closes [#1361](https://github.com/ory/kratos/issues/1361)\n [#1362](https://github.com/ory/kratos/issues/1362)\n- Mark verified_at as omitempty\n ([77b258e](https://github.com/ory/kratos/commit/77b258e57a3d53fe437838a5e9c57805e9c970aa)):\n\n Closes https://github.com/ory/sdk/issues/46\n\n- Panic if contextualizer is not set\n ([760035a](https://github.com/ory/kratos/commit/760035a6c5efa08561b93daff57ebb4655032b2a))\n- Panic on error in issue session\n ([5fbd855](https://github.com/ory/kratos/commit/5fbd8557e1f907dd400bfcd26c187db16dc344ba)),\n closes [#1384](https://github.com/ory/kratos/issues/1384)\n- Prometheus metrics fix ([#1299](https://github.com/ory/kratos/issues/1299))\n ([ac5d00d](https://github.com/ory/kratos/commit/ac5d00d472a87ab51e7c6834e2cb59f107fc3b3b))\n- Recovery email case sensitive\n ([#1357](https://github.com/ory/kratos/issues/1357))\n ([bce14c4](https://github.com/ory/kratos/commit/bce14c487450bd668859f362b98704644fa4c72a)),\n closes [#1329](https://github.com/ory/kratos/issues/1329)\n- Remove changelog\n ([7affb7a](https://github.com/ory/kratos/commit/7affb7a25bc84082e0ad8096e6c0e4b3933ac5f6))\n- Remove obsolete ADD for corp module\n ([#1455](https://github.com/ory/kratos/issues/1455))\n ([0fa3a53](https://github.com/ory/kratos/commit/0fa3a539fbe1ae498434b200c3b636de10d73a7c))\n- Remove typing from node.attribute.value\n ([63a5e08](https://github.com/ory/kratos/commit/63a5e08afab76dafbfe13e6126e165af28492aad)):\n\n Closes https://github.com/ory/sdk/issues/75 Closes\n https://github.com/ory/sdk/issues/74 Closes\n https://github.com/ory/sdk/issues/72\n\n- Rename client package for external consumption\n ([cba8b00](https://github.com/ory/kratos/commit/cba8b00c8b755cc0bdc7818bc9d7390ff3532ce1))\n- Resolve build issues on release\n ([7c265a8](https://github.com/ory/kratos/commit/7c265a8b909dcc07ceeeda546a748ad28ab0c746))\n- Resolve driver issues\n ([47b1c8d](https://github.com/ory/kratos/commit/47b1c8dce57a023e89a2b178bc8a033496ef4ff2))\n- Resolve network regression\n ([8f96b1f](https://github.com/ory/kratos/commit/8f96b1fe4d0846a3ad97a45bc972ece04109289d))\n- Resolve network regressions\n ([8fc52c0](https://github.com/ory/kratos/commit/8fc52c034ed9978c2a04cc66bccc9b795c9bbefa))\n- Testhelper regressions\n ([bf3b04f](https://github.com/ory/kratos/commit/bf3b04fd2c7f9162073cb584d6fb0d59e868ecbf))\n- Use correct url in submitSelfServiceVerificationFlow\n ([ab8a600](https://github.com/ory/kratos/commit/ab8a600080ac0d6a6235806b74c5b9e3dc1c2d60))\n- Use local schema URL for sorting UI nodes\n ([#1449](https://github.com/ory/kratos/issues/1449))\n ([a003885](https://github.com/ory/kratos/commit/a0038853f30cd7d139d42d1d4601c8cf49d03934))\n- Use session cookie path settings for csrf cookie\n ([#1493](https://github.com/ory/kratos/issues/1493))\n ([c6d08ed](https://github.com/ory/kratos/commit/c6d08edae32fd94877fb58355d3c711460c7d1a2)),\n closes [#1292](https://github.com/ory/kratos/issues/1292):\n\n This PR adds configuration option for CSRF cookies and improves the domain\n alias logic as well as adding tests for it.\n\n- Use STARTTLS for smtps connections\n ([#1430](https://github.com/ory/kratos/issues/1430))\n ([c21bb80](https://github.com/ory/kratos/commit/c21bb80a749df7b224a8ac3f15fa62523a78d805)),\n closes [#781](https://github.com/ory/kratos/issues/781)\n- Version schema ([#1359](https://github.com/ory/kratos/issues/1359))\n ([8c4bac7](https://github.com/ory/kratos/commit/8c4bac71674e45e440d916c6c947ed018a8ea29a)),\n closes [#1331](https://github.com/ory/kratos/issues/1331)\n [#1101](https://github.com/ory/kratos/issues/1101)\n [ory/hydra#2427](https://github.com/ory/hydra/issues/2427)\n\n### Code Generation\n\n- Pin v0.7.0-alpha.1 release commit\n ([53a0e38](https://github.com/ory/kratos/commit/53a0e38c2b5d7003786a8386a9c4cf129acc06aa))\n\n### Code Refactoring\n\n- Corp package ([#1402](https://github.com/ory/kratos/issues/1402))\n ([0202dc5](https://github.com/ory/kratos/commit/0202dc57aacc0d48e4c1ee4e68c91654451f63fa))\n- Finalize SDK refactoring\n ([e772641](https://github.com/ory/kratos/commit/e772641f9bcfa462aa5111cf1329a479e3cdff99)),\n closes [#1424](https://github.com/ory/kratos/issues/1424)\n- Identity SDKs\n ([d8658dc](https://github.com/ory/kratos/commit/d8658dc887a76d82e3cf23386c03b5ebf7053189)),\n closes [#1477](https://github.com/ory/kratos/issues/1477)\n- Improve session sdk\n ([7207af4](https://github.com/ory/kratos/commit/7207af4cdf6c78dd3f0fd42b6727d7e320d252e6))\n- Introduce DefaultContextualizer in corp package\n ([#1390](https://github.com/ory/kratos/issues/1390))\n ([944d045](https://github.com/ory/kratos/commit/944d045aa7fc59eadfdd18951f0d4937b1ea79df)),\n closes [#1363](https://github.com/ory/kratos/issues/1363)\n- Move cleansql to separate package\n ([7c203dc](https://github.com/ory/kratos/commit/7c203dc8219afe07f180143f832158615b51f60a))\n- Openapi.json -> api.json\n ([6df0de5](https://github.com/ory/kratos/commit/6df0de5d0b4c952576bf9e14c18d521934edd9bb))\n- Self-service error APIs\n ([65c482f](https://github.com/ory/kratos/commit/65c482fba62c2782b03a3b840124eac062499266))\n\n### Documentation\n\n- Add docs for registration SPA flow\n ([84458f1](https://github.com/ory/kratos/commit/84458f1a9dfe8be6a97bddd832fcc508b60b8498))\n- Add go sdk examples\n ([e948fad](https://github.com/ory/kratos/commit/e948faddce3a1f52df964c701f6ba2a28f5dfe03))\n- Add kratos quickstart config notes\n ([#1490](https://github.com/ory/kratos/issues/1490))\n ([2f8094c](https://github.com/ory/kratos/commit/2f8094c50eaf7e1cd964067172adcad407713764))\n- Add replit instructions\n ([8ab8607](https://github.com/ory/kratos/commit/8ab8607dee433f6e708ade296a6c26d0a87d0aae))\n- Add tested and running go sdk examples\n ([3b56bb5](https://github.com/ory/kratos/commit/3b56bb5fd37d0e7d4479967aa0b5721a68a267f2))\n- Correct CII badge ([#1447](https://github.com/ory/kratos/issues/1447))\n ([048aec3](https://github.com/ory/kratos/commit/048aec39295f0a3534df5e43e3cd7684d4fbd758))\n- Fix broken link\n ([9eaf764](https://github.com/ory/kratos/commit/9eaf764b28f3ca1dae2816d4c0a985c4866c409b))\n- Fix building from source ([#1473](https://github.com/ory/kratos/issues/1473))\n ([af54d5b](https://github.com/ory/kratos/commit/af54d5bb9e36f90d272d293817f0d6d7eb2e79a8))\n- Fix typo in \"Sign in/up with ID & assword\"\n ([#1383](https://github.com/ory/kratos/issues/1383))\n ([f39739d](https://github.com/ory/kratos/commit/f39739d94e97f20b94630b957371d11294dc8300))\n- Mark login endpoints as experimental\n ([6faf0f6](https://github.com/ory/kratos/commit/6faf0f65bb05bbafdee6b1274a719695fd5b4173))\n- Refactor documentation and adopt changes for\n [#1477](https://github.com/ory/kratos/issues/1477)\n ([f5e96cd](https://github.com/ory/kratos/commit/f5e96cd5054e734c319ed32992357fcd73ac44a1)),\n closes [#1472](https://github.com/ory/kratos/issues/1472)\n- Remove changelog from docs folder\n ([5a7e3d8](https://github.com/ory/kratos/commit/5a7e3d83a5fb7f3e6945f37d42abca14d2982e72))\n- Resolve build issues\n ([b51bb55](https://github.com/ory/kratos/commit/b51bb555d829ab020e593a764cbce4c5ba4885a2))\n- Resolve typos and docs react issues\n ([2d640e4](https://github.com/ory/kratos/commit/2d640e4b9b556fd866c29c83564cb1c7702ab9ff))\n- Update docs for all flows\n ([d29ea69](https://github.com/ory/kratos/commit/d29ea69f6bb908b529502030942b1ced52227372))\n- Update documentation for plaintext templates\n ([#1369](https://github.com/ory/kratos/issues/1369))\n ([419784d](https://github.com/ory/kratos/commit/419784dd0d4ddc338830ed0d77a7d99f8f440777)),\n closes [#1351](https://github.com/ory/kratos/issues/1351)\n- Update error documentation\n ([7d83609](https://github.com/ory/kratos/commit/7d8360973a3359bec321a60f4f3a4202ac7d2430))\n- Update login flow documentation\n ([a27de91](https://github.com/ory/kratos/commit/a27de91e9e06f8501ae9cb70446ed0aae5a39f71))\n- Update path\n ([f0384d9](https://github.com/ory/kratos/commit/f0384d9c11085230fd16290c524d22fac6002870))\n- Update README.md Go instructions\n ([#1464](https://github.com/ory/kratos/issues/1464))\n ([8db4b4a](https://github.com/ory/kratos/commit/8db4b4a966c5c418cf9d9169b66d7dacff256113))\n- Update remaining self service documentation\n ([bcc6284](https://github.com/ory/kratos/commit/bcc62846297a67216e01e8c31d375d376c1b7cef))\n- Update sdk use\n ([bcb8c06](https://github.com/ory/kratos/commit/bcb8c06ee324c639e548fc06315d9e952f470582))\n- Update settings documentation\n ([258ceaf](https://github.com/ory/kratos/commit/258ceaf84e6ee15b8eee2f203f456f73e7d406d5))\n- Use correct path ([#1333](https://github.com/ory/kratos/issues/1333))\n ([e401135](https://github.com/ory/kratos/commit/e401135cf415d7e3e6a8ca463dd47e46fe399b33))\n\n### Features\n\n- Add examples for usage of go sdk\n ([870c2bd](https://github.com/ory/kratos/commit/870c2bd316a3e5b7ce9d526ebf369e41dbea2630))\n- Add GetContextualizer\n ([ac32717](https://github.com/ory/kratos/commit/ac3271742c9c2b968b08dd2b35a5d120c5befcd9))\n- Add helper for starting kratos e2e\n ([#1469](https://github.com/ory/kratos/issues/1469))\n ([b9c7674](https://github.com/ory/kratos/commit/b9c7674c30df8200bcd7223c2fa6b058e833bb8a))\n- Add instana as possible tracing provider\n ([#1429](https://github.com/ory/kratos/issues/1429))\n ([abe48a9](https://github.com/ory/kratos/commit/abe48a97ee75567979a70f00dd73ff698efcc75d)),\n closes [#1385](https://github.com/ory/kratos/issues/1385)\n- Add redoc ([#1502](https://github.com/ory/kratos/issues/1502))\n ([492266d](https://github.com/ory/kratos/commit/492266de9c9b7b775a7b21b5890361380d911da4))\n- Add vk and yandex providers to oidc providers and documentation\n ([#1339](https://github.com/ory/kratos/issues/1339))\n ([22a3ef9](https://github.com/ory/kratos/commit/22a3ef98181eb5922cc0f1c016d42ce46732d0a2)),\n closes [#1234](https://github.com/ory/kratos/issues/1234)\n- Anti-CSRF measures when fetching flows\n ([#1458](https://github.com/ory/kratos/issues/1458))\n ([5171557](https://github.com/ory/kratos/commit/51715572ea08f654d1e97d760b9c3d3a9113aa3d)),\n closes [#1282](https://github.com/ory/kratos/issues/1282)\n- Configurable recovery/verification link lifetime\n ([f80d4e3](https://github.com/ory/kratos/commit/f80d4e3bf7df603b73589dbc6805c69d049921e0))\n- Disable HaveIBeenPwned validation when HaveIBeenPwnedEnabled is set to false\n ([#1445](https://github.com/ory/kratos/issues/1445))\n ([44002f4](https://github.com/ory/kratos/commit/44002f4fa93b40a6bb18f1e759bb416d082cec08)),\n closes [#316](https://github.com/ory/kratos/issues/316):\n\n This patch introduces an option to disable HaveIBeenPwned checks in\n environments where outbound network calls are disabled.\n\n- **identities:** Add a state to identities\n ([#1312](https://github.com/ory/kratos/issues/1312))\n ([d22954e](https://github.com/ory/kratos/commit/d22954e2fdb7b2dd5206651b6dd5cf96185a33ba)),\n closes [#598](https://github.com/ory/kratos/issues/598)\n- Improve contextualization in serve/daemon\n ([f83cd35](https://github.com/ory/kratos/commit/f83cd355422fb4b422f703406473bda914d8419c))\n- Include Credentials Metadata in admin api\n ([#1274](https://github.com/ory/kratos/issues/1274))\n ([c8b6219](https://github.com/ory/kratos/commit/c8b62190fca53db4e1b3a4ddb5253fbd2fd46002)),\n closes [#820](https://github.com/ory/kratos/issues/820)\n- Include Credentials Metadata in admin api Missing changes in handler\n ([#1366](https://github.com/ory/kratos/issues/1366))\n ([a71c220](https://github.com/ory/kratos/commit/a71c2208dedac45d32dab578e62a5e3105c8dee0))\n- Natively support SPA for login flows\n ([6ff67af](https://github.com/ory/kratos/commit/6ff67afa8b0fc0a95cec44d3dda2cbc1987b51dd)),\n closes [#1138](https://github.com/ory/kratos/issues/1138)\n [#668](https://github.com/ory/kratos/issues/668):\n\n This patch adds the long-awaited capabilities for natively working with SPAs\n and AJAX requests. Previously, requests to the `/self-service/login/browser`\n endpoint would always end up in a redirect. Now, if the `Accept` header is set\n to `application/json`, the login flow will be returned as JSON instead.\n Accordingly, changes to the error and submission flow have been made to\n support `application/json` content types and SPA / AJAX requests.\n\n- Natively support SPA for recovery flows\n ([5461244](https://github.com/ory/kratos/commit/5461244943286081e13c304a3b38413b8ee6fdf2)):\n\n This patch adds the long-awaited capabilities for natively working with SPAs\n and AJAX requests. Previously, requests to the\n `/self-service/recovery/browser` endpoint would always end up in a redirect.\n Now, if the `Accept` header is set to `application/json`, the registration\n flow will be returned as JSON instead. Accordingly, changes to the error and\n submission flow have been made to support `application/json` content types and\n SPA / AJAX requests.\n\n- Natively support SPA for registration flows\n ([57d3c57](https://github.com/ory/kratos/commit/57d3c5786a88f0648e7fa57f181f060a057ec19f)),\n closes [#1138](https://github.com/ory/kratos/issues/1138)\n [#668](https://github.com/ory/kratos/issues/668):\n\n This patch adds the long-awaited capabilities for natively working with SPAs\n and AJAX requests. Previously, requests to the\n `/self-service/registration/browser` endpoint would always end up in a\n redirect. Now, if the `Accept` header is set to `application/json`, the\n registration flow will be returned as JSON instead. Accordingly, changes to\n the error and submission flow have been made to support `application/json`\n content types and SPA / AJAX requests.\n\n- Natively support SPA for settings flows\n ([ea4395e](https://github.com/ory/kratos/commit/ea4395ed25d5668e4ce365336cd7a5e13e0ba1cc)):\n\n This patch adds the long-awaited capabilities for natively working with SPAs\n and AJAX requests. Previously, requests to the\n `/self-service/settings/browser` endpoint would always end up in a redirect.\n Now, if the `Accept` header is set to `application/json`, the registration\n flow will be returned as JSON instead. Accordingly, changes to the error and\n submission flow have been made to support `application/json` content types and\n SPA / AJAX requests.\n\n- Natively support SPA for verification flows\n ([c151500](https://github.com/ory/kratos/commit/c1515009dcd1b5946a93733feedb01753de91c3d)):\n\n This patch adds the long-awaited capabilities for natively working with SPAs\n and AJAX requests. Previously, requests to the\n `/self-service/verification/browser` endpoint would always end up in a\n redirect. Now, if the `Accept` header is set to `application/json`, the\n registration flow will be returned as JSON instead. Accordingly, changes to\n the error and submission flow have been made to support `application/json`\n content types and SPA / AJAX requests.\n\n- Protect logout against CSRF\n ([#1433](https://github.com/ory/kratos/issues/1433))\n ([1a7a74c](https://github.com/ory/kratos/commit/1a7a74c3fe425f139a87bb68fbc07f8862c00e58)),\n closes [#142](https://github.com/ory/kratos/issues/142)\n- Sign in with Auth0 ([#1352](https://github.com/ory/kratos/issues/1352))\n ([f618a53](https://github.com/ory/kratos/commit/f618a53fb971ad16121aa8728cfec54253bb3f44)),\n closes [#609](https://github.com/ory/kratos/issues/609)\n- Support api in settings error\n ([23105db](https://github.com/ory/kratos/commit/23105dbb836d920b8766536b65de58932f53d6f6))\n- Support reading session token from X-Session-Token HTTP header\n ([dcaefd9](https://github.com/ory/kratos/commit/dcaefd94a0b2cf819424f2e10b3bdae63b256726))\n- Team id in slack oidc ([#1409](https://github.com/ory/kratos/issues/1409))\n ([e4d021a](https://github.com/ory/kratos/commit/e4d021a037a6b44f8bd66372e9c260c640e87b9d)),\n closes [#1408](https://github.com/ory/kratos/issues/1408)\n- TLS support for public and admin endpoints\n ([#1466](https://github.com/ory/kratos/issues/1466))\n ([7f44f81](https://github.com/ory/kratos/commit/7f44f819a5989a699e403e02c69541369573078f)),\n closes [#791](https://github.com/ory/kratos/issues/791)\n- Update openapi specs and regenerate\n ([cac507e](https://github.com/ory/kratos/commit/cac507eb5b1f39d003d72e57912dbbfe6f92deb1))\n\n### Tests\n\n- Add tests for cookie behavior of API and browser endpoints\n ([d1b1521](https://github.com/ory/kratos/commit/d1b15217867cfb92a615c793b26fad288f5e5742))\n- **e2e:** Greatly improve test performance\n ([#1421](https://github.com/ory/kratos/issues/1421))\n ([2ffad9e](https://github.com/ory/kratos/commit/2ffad9ee751471451e2151719a2e70d5f89437b0)):\n\n Instead of running the individual profiles as separate Cypress instances, we\n now use one singular instance which updates the Ory Kratos configuration\n depending on the test context. This ensures that hot-reloading is properly\n working while also signficantly reducing the amount of time spent on booting\n up the service dependencies.\n\n- **e2e:** Resolve flaky test issues related to timeouts and speed\n ([b083791](https://github.com/ory/kratos/commit/b083791858bc26a02250d7f5a4e8883cd7392a58))\n- **e2e:** Resolve recovery regression\n ([72c47d6](https://github.com/ory/kratos/commit/72c47d65415efbb53d5d680bd9d78156d577b67f))\n- **e2e:** Resolve test config regressions\n ([eb9c4f9](https://github.com/ory/kratos/commit/eb9c4f98f2e30ac420ed1e3f18a3f0d9ff23846e))\n- Remove obsolete console.log\n ([3ecc869](https://github.com/ory/kratos/commit/3ecc869ebfef5c97334ae4334fb4af98ca9baf97))\n- Resolve e2e regressions\n ([b0d3b82](https://github.com/ory/kratos/commit/b0d3b82f301942bebe3c0027c8b3160749f907af))\n- Resolve migratest panic\n ([89d05ae](https://github.com/ory/kratos/commit/89d05ae0c376c4ea1f23708cccf95c9754a29c94))\n- Resolve mobile regressions\n ([868e82e](https://github.com/ory/kratos/commit/868e82e3d7aec4cde80d7c1d0ce4601e40695f27))\n- Resolve oidc regressions\n ([2403082](https://github.com/ory/kratos/commit/2403082701ac5d667706afd893a6d406496f67fa))\n\n### Unclassified\n\n- add CoC shield (#1439)\n ([826ed1a](https://github.com/ory/kratos/commit/826ed1a6deafdc2631a5c72f0bfacc91b06a3435)),\n closes [#1439](https://github.com/ory/kratos/issues/1439)\n- u\n ([b03549b](https://github.com/ory/kratos/commit/b03549b6340ec0bf4f9d741ce145ca90bbc09968))\n- u\n ([318a31d](https://github.com/ory/kratos/commit/318a31d400b97653b4f377c67df4ae0afea189d9))\n- Format\n ([eca7aff](https://github.com/ory/kratos/commit/eca7aff2be96c673dd6be5dc36ab1f4850cc44f0))\n- Format\n ([5cc9fc3](https://github.com/ory/kratos/commit/5cc9fc3a6e91a96225d016d60c8da5cef647ac18))\n- Format\n ([e525805](https://github.com/ory/kratos/commit/e525805246431075d26c3f47596ae93f6580d8ee))\n- Format\n ([4a692ac](https://github.com/ory/kratos/commit/4a692acc7db160068ed7d81461b173bc957e4736))\n- Format\n ([169c0cd](https://github.com/ory/kratos/commit/169c0cd8d424babef69a52ddf65e2b75ded09a46))\n\n# [0.6.3-alpha.1](https://github.com/ory/kratos/compare/v0.6.2-alpha.1...v0.6.3-alpha.1) (2021-05-17)\n\nThis release addresses some minor bugs and improves the SDK experience. Please\nbe aware that the Ory Kratos SDK v0.6.3+ have breaking changes compared to Ory\nKratos SDK v0.6.2. If you do not wish to update your code, you can keep using\nthe Ory Kratos v0.6.2 SDK and upgrade to v0.6.3+ SDKs at a later stage, as only\nnaming conventions have changed!\n\n## Breaking Changes\n\nUnfortunately, some method signatures have changed in the SDKs. Below is a list\nof changed entries:\n\n- Error `genericError` was renamed to `jsonError` and now includes more\n information and better typing for errors;\n- The following functions have been renamed:\n - `initializeSelfServiceLoginViaAPIFlow` ->\n `initializeSelfServiceLoginForNativeApps`\n - `initializeSelfServiceLoginViaBrowserFlow` ->\n `initializeSelfServiceLoginForBrowsers`\n - `initializeSelfServiceRegistrationViaAPIFlow` ->\n `initializeSelfServiceRegistrationForNativeApps`\n - `initializeSelfServiceRegistrationViaBrowserFlow` ->\n `initializeSelfServiceRegistrationForBrowsers`\n - `initializeSelfServiceSettingsViaAPIFlow` ->\n `initializeSelfServiceSettingsForNativeApps`\n - `initializeSelfServiceSettingsViaBrowserFlow` ->\n `initializeSelfServiceSettingsForBrowsers`\n - `initializeSelfServiceRecoveryViaAPIFlow` ->\n `initializeSelfServiceRecoveryForNativeApps`\n - `initializeSelfServiceRecoveryViaBrowserFlow` ->\n `initializeSelfServiceRecoveryForBrowsers`\n - `initializeSelfServiceVerificationViaAPIFlow` ->\n `initializeSelfServiceVerificationForNativeApps`\n - `initializeSelfServiceVerificationViaBrowserFlow` ->\n `initializeSelfServiceVerificationForBrowsers`\n- Some type names have changed, for example `traits` -> `identityTraits`.\n\n### Bug Fixes\n\n- Improve settings oas definition\n ([867abfc](https://github.com/ory/kratos/commit/867abfc813b08142786f71bfe28e373d4754c959))\n- Properly handle CSRF for API flows in recovery and verification strategies\n ([461c829](https://github.com/ory/kratos/commit/461c829dc4d7f7b70620abee2263efba78ce463a)),\n closes [#1141](https://github.com/ory/kratos/issues/1141)\n- **session:** Use specific headers before bearer use\n ([82c0b54](https://github.com/ory/kratos/commit/82c0b545b29b30fcf3521d9621ec5c5f1a23dc96))\n- Use correct api spec path\n ([5f41f87](https://github.com/ory/kratos/commit/5f41f87bea2919cdf4e9f55c6ad938c5bc08b619))\n- Use correct openapi path for validation\n ([#1340](https://github.com/ory/kratos/issues/1340))\n ([a0f5673](https://github.com/ory/kratos/commit/a0f5673d6aa4e60bab06ef699dce231f0bf4aeff))\n\n### Code Generation\n\n- Pin v0.6.3-alpha.1 release commit\n ([5edf952](https://github.com/ory/kratos/commit/5edf9524d812795ac5712e4a9541b34359234724))\n\n### Code Refactoring\n\n- Improve SDK experience\n ([71b8511](https://github.com/ory/kratos/commit/71b8511ae1f6f77b2996a01a55accc99d171cfaf)):\n\n This patch resolves UX issues in the auto-generated SDKs by using consistent\n naming and introducing a test suite for the Ory SaaS.\n\n# [0.6.2-alpha.1](https://github.com/ory/kratos/compare/v0.6.1-alpha.1...v0.6.2-alpha.1) (2021-05-14)\n\nResolves an issue in the Go SDK.\n\n### Code Generation\n\n- Pin v0.6.2-alpha.1 release commit\n ([99c1b1d](https://github.com/ory/kratos/commit/99c1b1d674df3bd8263f7cbf1ed2bdfae6281f69))\n\n### Documentation\n\n- Update link to example email template.\n ([#1326](https://github.com/ory/kratos/issues/1326))\n ([28a1723](https://github.com/ory/kratos/commit/28a17234b557cabf17b592ee68041aec695f6d20))\n\n# [0.6.1-alpha.1](https://github.com/ory/kratos/compare/v0.6.0-alpha.2...v0.6.1-alpha.1) (2021-05-11)\n\nThis release primarily addresses issues in the SDK CI pipeline.\n\n### Code Generation\n\n- Pin v0.6.1-alpha.1 release commit\n ([1df82da](https://github.com/ory/kratos/commit/1df82daaf3f9cfd3a470d7c9bf8d96abbd52b872))\n\n### Features\n\n- Allow changing password validation API DNS name\n ([#1009](https://github.com/ory/kratos/issues/1009))\n ([ced85e8](https://github.com/ory/kratos/commit/ced85e8091b06d864cc55c9975f8b006f6be1ce4))\n\n# [0.6.0-alpha.2](https://github.com/ory/kratos/compare/v0.6.0-alpha.1...v0.6.0-alpha.2) (2021-05-07)\n\nThis release addresses issues with the SDK pipeline and also closes a bug\nrelated to email sending.\n\n### Bug Fixes\n\n- Update node image\n ([eef307e](https://github.com/ory/kratos/commit/eef307e6bc33c9ec36ed9138f99c19f72c7be575))\n\n### Code Generation\n\n- Pin v0.6.0-alpha.2 release commit\n ([a3658ba](https://github.com/ory/kratos/commit/a3658badb848656b61d54b3ee35114972afc1f35))\n\n### Features\n\n- Fix unexpected emails when update profile\n ([#1300](https://github.com/ory/kratos/issues/1300))\n ([7b24485](https://github.com/ory/kratos/commit/7b2448566f82e69d555997654ee410f9b4ff3939)),\n closes [#1221](https://github.com/ory/kratos/issues/1221)\n\n# [0.6.0-alpha.1](https://github.com/ory/kratos/compare/v0.5.5-alpha.1...v0.6.0-alpha.1) (2021-05-05)\n\nToday Ory Kratos v0.6 has been released! We are extremely happy with this\nrelease where we made many changes that pave the path for exciting future\nadditions such as integrating 2FA more easily! We would like to thank the\nawesome community for the many contributions.\n\nKratos v0.6 includes an insane amount of work spread over the last five months -\n480 commits and over 4200 files changed. The team at Ory would like to thank all\nthe amazing contributors that made this release possible!\n\nHere is a summary of the most important changes:\n\n- Ory Kratos now support highly customizable web hooks - contributed by\n [@dadrus](https://github.com/dadrus) and\n [@martinei](https://github.com/martinei);\n- Ory Kratos Courier can now be run as a standalone task using\n `kratos courier watch -c your/config.yaml`. To use the mail courier as a\n background task of the server run `kratos serve --watch-courier` - contributed\n by [@mattbonnell](https://github.com/mattbonnell);\n- Reworked migrations to ensure stable migrations in production systems -\n backward compatibility is ensured and tested;\n- Upgraded to Go 1.16 and removed all static file packers, greatly improving\n build time;\n- Refactored our SDK pipeline from Swagger 2.0 to OpenAPI Spec 3.0. Ory's SDKs\n are now properly typed and bugs can easily be addressed using a patch process.\n Due to this, we had to move away from go-swagger client generation for the Go\n SDK and replace it with openapi-generator. This, unfortunately, introduced\n breaking changes in the Go SDK APIs. If you have problems migrating, or have a\n tutorial on how to migrate, please share it with the community on GitHub!\n- Created reliable health and status checks by ensuring that e.g. migrations\n have completed;\n- Made resilient CLI client commands e.g. kratos identities list;\n- Better support for cookies in multi-domain setups called\n [domain aliasing](https://www.ory.sh/kratos/docs/guides/configuring-cookies);\n- A new, [dynamically generated FAQ](https://www.ory.sh/kratos/docs/next/faq);\n- Enhanced GitHub and Google claims parsing;\n- Faster and more resilient CI/CD pipeline;\n- Improvements for running Ory Kratos in secure Kubernetes environments;\n- Better Helm Charts for Ory Kratos;\n- Support for BCrypt hashing, which is now the default hashing implementation.\n Existing Argon2id hashes will be automatically translated to BCrypt hashes\n when the user signs in the next time. We recommend using Argon2id in use cases\n where password hashing is required to take at least 2 seconds. For regular web\n workloads (200ms) BCrypt is recommended - contributed by\n [@seremenko-wish](https://github.com/seremenko-wish);\n- The Argon2 memory configuration is now human readable:\n `hashers.argon2.memory: 131072` -> `hashers.argon2.memory: 131072B` (supports\n kb, mb, kib, mib, ...).\n- Add possibility to keep track of the return_to URLs for verification_flows\n after sign up using the new `after_verification_return_to` query parameter\n (e.g.\n `http://foo.com/registration?after_verification_return_to=verification_callback`) -\n contributed by [@mattbonnell](https://github.com/mattbonnell);\n- Emails are now populated at delivery time, offering more flexibility in terms\n of templating;\n- Emails contain a plaintext variant for email clients that do not display HTML\n emails - contributed by [@mattbonnell](https://github.com/mattbonnell);\n- Mitigation for password hash timing attacks by adding a random delay to login\n attempts where the user does not exist;\n- Resolving SDKs issues for whoami requests;\n- Simplified database schema for faster processing, significantly reducing the\n amount of data stored and latency as several JOINS have been removed;\n- Support for binding the HTTP server on UNIX sockets - contributed by\n [@sloonz](https://github.com/sloonz);\n\nThere are even more contributions by [@NickUfer](https://github.com/NickUfer)\nand [harnash](https://github.com/harnash). In total,\n[33 people contributed to this release](https://github.com/ory/kratos/graphs/contributors?from=2020-12-09&to=2021-05-04&type=c)!\nThank you all!\n\n_IMPORTANT:_ Please be aware that the database schema has changed significantly.\nApplying migrations might, depending on the size of your tables, take a long\ntime. If your database does not support online schema migrations, you will\nexperience downtimes. Please test the migration process before applying it to\nproduction!\n\nThe probably biggest and most significant change is the refactoring of how\nself-service flows work and what their payloads look like. This took the most\namount of time and introduces the biggest breaking changes in our APIs. We did\nthis refactoring to support several flows planned for Ory Kratos 0.7:\n\n1. Displaying QR codes (images) in login, registration, settings flows -\n necessary for TOTP 2FA;\n2. Asking the login/registration/... UI to render JavaScript - necessary for\n CAPTCHA, WebAuthN, and more;\n3. Refactoring the form submission API to use one endpoint per flow instead of\n one endpoint per flow per method. This allows us to process several\n registration/settings/login/... methods such as password + 2FA in one Go.\n\n[Check out how we migrated the NodeJS app](https://github.com/ory/kratos-selfservice-ui-node/commit/53ad90b6c82cde48994feebcc75d754ba74929ec)\nfrom the Ory Kratos 0.5 to Ory Kratos 0.6 SDK.\n\nLet's take a look into how these payloads have changed (the flows have identical\nconfiguration):\n\n**Ory Kratos v0.5**\n\n_Login_\n\n```json\n{\n \"id\": \"ee6e1565-d3c3-4f3a-a6ff-0ba6b3a6481b\",\n \"type\": \"browser\",\n \"expires_at\": \"2020-09-13T10:49:54.8295242Z\",\n \"issued_at\": \"2020-09-13T10:39:54.8295242Z\",\n \"request_url\": \"http://127.0.0.1:4433/self-service/login/browser\",\n \"methods\": {\n \"password\": {\n \"method\": \"password\",\n \"config\": {\n \"action\": \"http://127.0.0.1:4433/self-service/login/methods/password?flow=ee6e1565-d3c3-4f3a-a6ff-0ba6b3a6481b\",\n \"method\": \"POST\",\n \"fields\": [\n {\n \"name\": \"identifier\",\n \"type\": \"text\",\n \"required\": true,\n \"value\": \"\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"required\": true\n },\n {\n \"name\": \"csrf_token\",\n \"type\": \"hidden\",\n \"required\": true,\n \"value\": \"lNrB8sW2fZY6xnnA91V7ISYrUVcJbmRCOoGHjsnsfI7MsIL5RTbuWFm5TRv1azQW+7IRCfnt2Ch6pC42/45sJQ==\"\n }\n ]\n }\n }\n },\n \"forced\": false\n}\n```\n\n_Registration_\n\n```json\n{\n \"id\": \"2b1f8c5d-e830-4068-97b8-35f776df9217\",\n \"type\": \"browser\",\n \"expires_at\": \"2020-09-13T10:53:15.1774019Z\",\n \"issued_at\": \"2020-09-13T10:43:15.1774019Z\",\n \"request_url\": \"http://127.0.0.1:4433/self-service/registration/browser\",\n \"active\": \"password\",\n \"messages\": null,\n \"methods\": {\n \"password\": {\n \"method\": \"password\",\n \"config\": {\n \"action\": \"http://127.0.0.1:4433/self-service/registration/methods/password?flow=2b1f8c5d-e830-4068-97b8-35f776df9217\",\n \"method\": \"POST\",\n \"fields\": [\n {\n \"name\": \"csrf_token\",\n \"type\": \"hidden\",\n \"required\": true,\n \"value\": \"1IlHWNjkAZxuYhO82WPgNTgujKsUSaW87j6og/20i2uM4wRTWGSSUg0dJ2fbXa8C5bfM9eTKGdauGwE7y9abwA==\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"required\": true,\n \"messages\": [\n {\n \"id\": 4000005,\n \"text\": \"The password can not be used because the password has been found in at least 23597311 data breaches and must no longer be used..\",\n \"type\": \"error\",\n \"context\": {\n \"reason\": \"the password has been found in at least 23597311 data breaches and must no longer be used.\"\n }\n }\n ]\n },\n {\n \"name\": \"traits.email\",\n \"type\": \"text\",\n \"value\": \"foo@ory.sh\"\n },\n {\n \"name\": \"traits.name.first\",\n \"type\": \"text\",\n \"value\": \"Ory\"\n },\n {\n \"name\": \"traits.name.last\",\n \"type\": \"text\",\n \"value\": \"Corp\"\n }\n ]\n }\n }\n }\n}\n```\n\n**Ory Kratos v0.6**\n\n_Login_\n\nAs you can see below, the input name `identifier` has changed to\n`password_identifier`.\n\n```json\n{\n \"id\": \"07016811-917d-4788-bb9c-fc297897af6c\",\n \"type\": \"browser\",\n \"expires_at\": \"2021-04-28T08:37:53.924337873Z\",\n \"issued_at\": \"2021-04-28T08:27:53.924337873Z\",\n \"request_url\": \"http://127.0.0.1:4433/self-service/login/browser\",\n \"ui\": {\n \"action\": \"http://127.0.0.1:4433/self-service/login?flow=07016811-917d-4788-bb9c-fc297897af6c\",\n \"method\": \"POST\",\n \"nodes\": [\n {\n \"type\": \"input\",\n \"group\": \"default\",\n \"attributes\": {\n \"name\": \"csrf_token\",\n \"type\": \"hidden\",\n \"value\": \"IuiHo8fajl6Nwi2CfR33bmC7ZI+geYY44oinK/npkS9gaeV6DlkzS0voYZuyGawsCruvlawFl/pY6/Ph6d9JVg==\",\n \"required\": true,\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {}\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"password_identifier\",\n \"type\": \"text\",\n \"value\": \"\",\n \"required\": true,\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1070004,\n \"text\": \"ID\",\n \"type\": \"info\"\n }\n }\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"password\",\n \"type\": \"password\",\n \"required\": true,\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1070001,\n \"text\": \"Password\",\n \"type\": \"info\"\n }\n }\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"method\",\n \"type\": \"submit\",\n \"value\": \"password\",\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1010001,\n \"text\": \"Sign in\",\n \"type\": \"info\",\n \"context\": {}\n }\n }\n }\n ]\n },\n \"forced\": false\n}\n```\n\n_Registration_\n\n```json\n{\n \"id\": \"f0c0830a-f5b2-4c2d-a37f-2e70152a4f7c\",\n \"type\": \"browser\",\n \"expires_at\": \"2021-04-28T08:54:12.951178972Z\",\n \"issued_at\": \"2021-04-28T08:44:12.951178972Z\",\n \"request_url\": \"http://127.0.0.1:4433/self-service/registration/browser\",\n \"ui\": {\n \"action\": \"http://127.0.0.1:4433/self-service/registration?flow=f0c0830a-f5b2-4c2d-a37f-2e70152a4f7c\",\n \"method\": \"POST\",\n \"nodes\": [\n {\n \"type\": \"input\",\n \"group\": \"default\",\n \"attributes\": {\n \"name\": \"csrf_token\",\n \"type\": \"hidden\",\n \"value\": \"408SIAOvpKxW/WbcYfKue26MlLTMbON7T7JT1yhiSemhznD5yiwZuZDXKsWu9vU5BIxfrsAQ8rn10QcdOFSRkA==\",\n \"required\": true,\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {}\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"traits.email\",\n \"type\": \"email\",\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1070002,\n \"text\": \"E-Mail\",\n \"type\": \"info\"\n }\n }\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"password\",\n \"type\": \"password\",\n \"required\": true,\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1070001,\n \"text\": \"Password\",\n \"type\": \"info\"\n }\n }\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"traits.name.first\",\n \"type\": \"text\",\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1070002,\n \"text\": \"First Name\",\n \"type\": \"info\"\n }\n }\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"traits.name.last\",\n \"type\": \"text\",\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1070002,\n \"text\": \"Last Name\",\n \"type\": \"info\"\n }\n }\n },\n {\n \"type\": \"input\",\n \"group\": \"password\",\n \"attributes\": {\n \"name\": \"method\",\n \"type\": \"submit\",\n \"value\": \"password\",\n \"disabled\": false\n },\n \"messages\": null,\n \"meta\": {\n \"label\": {\n \"id\": 1040001,\n \"text\": \"Sign up\",\n \"type\": \"info\",\n \"context\": {}\n }\n }\n }\n ]\n }\n}\n```\n\nThese changes are analogous to settings, recovery, verification as well!\n\nWe hope you enjoy these new features as much as we do, even if we were not able\nto deliver 2FA in time for 0.6!\n\nOn the last note, Ory Platform, a SaaS is launching in May as early access. It\nincludes Ory Kratos as a managed service and we plan on adding all the other Ory\nopen source technology soon. In our view, Ory is a 10x improvement to the\nexisting \"IAM\" ecosystem:\n\n1. The major components of Ory Platform are and will remain Apache 2.0 licensed\n open source. We are _not changing our approach or commitment to open source_.\n The SaaS model allows us to keep commercialization and open source in\n harmony;\n2. Affordable pricing - Ory does not charge on a per identity basis;\n3. Supporting migrations from the Ory Platform (SaaS) to the open-source and\n vice versa;\n4. Offering a planet-scale service with ultra-low latencies no matter where your\n users are;\n5. The largest set of features and APIs of any Identity Product, including\n Identity and Credentials Management (Ory Kratos), Permissions and Access\n Control (Ory Keto), Zero-Trust Networking (Ory Oathkeeper), OAuth2, and\n OpenID Connect (Ory Hydra) plus integrations with Stripe, Mailchimp,\n Salesforce, and much more.\n6. Data aggregation for threat mitigation, auditing, and other use cases (e.g.\n integration with Snowflake, AWS RedShift, GCP BigQuery, ...)\n7. All the advantages of the open source projects - headless, fully\n customizable, strong security, built with a community; If you wish to become\n a part of the preview, please write a short email to\n [sales@ory.sh](mailto:sales@ory.sh). Early access adopters are also eligible\n for Ory Hypercare - helping you integrate with Ory fast and designing your\n security architecture following industry best practices.\n\nThank you for being a part of our community!\n\n## Breaking Changes\n\nBCrypt is now the default hashing alogrithm. If you wish to continue using\nArgon2id please set `hashers.algorithm` to `argon2`.\n\nThis implies a significant breaking change in the verification flow payload.\nPlease consult the new ui documentation. In essence, the login flow's `methods`\nkey was replaced with a generic `ui` key which provides information for the UI\nthat needs to be rendered.\n\nTo apply this patch you must apply SQL migrations. These migrations will drop\nthe flow method table implying that all verification flows that are ongoing will\nbecome invalid. We recommend purging the flow table manually as well after this\nmigration has been applied, if you have users doing at least one self-service\nflow per minute.\n\nThis implies a significant breaking change in the recovery flow payload. Please\nconsult the new ui documentation. In essence, the login flow's `methods` key was\nreplaced with a generic `ui` key which provides information for the UI that\nneeds to be rendered.\n\nTo apply this patch you must apply SQL migrations. These migrations will drop\nthe flow method table implying that all recovery flows that are ongoing will\nbecome invalid. We recommend purging the flow table manually as well after this\nmigration has been applied, if you have users doing at least one self-service\nflow per minute.\n\nThis implies a significant breaking change in the settings flow payload. Please\nconsult the new ui documentation. In essence, the login flow's `methods` key was\nreplaced with a generic `ui` key which provides information for the UI that\nneeds to be rendered.\n\nTo apply this patch you must apply SQL migrations. These migrations will drop\nthe flow method table implying that all settings flows that are ongoing will\nbecome invalid. We recommend purging the flow table manually as well after this\nmigration has been applied, if you have users doing at least one self-service\nflow per minute.\n\nThis implies a significant breaking change in the registration flow payload.\nPlease consult the new ui documentation. In essence, the login flow's `methods`\nkey was replaced with a generic `ui` key which provides information for the UI\nthat needs to be rendered.\n\nTo apply this patch you must apply SQL migrations. These migrations will drop\nthe flow method table implying that all registration flows that are ongoing will\nbecome invalid. We recommend purging the flow table manually as well after this\nmigration has been applied, if you have users doing at least one self-service\nflow per minute.\n\nThis implies a significant breaking change in the login flow payload. Please\nconsult the new ui documentation. In essence, the login flow's `methods` key was\nreplaced with a generic `ui` key which provides information for the UI that\nneeds to be rendered.\n\nTo apply this patch you must apply SQL migrations. These migrations will drop\nthe flow method table implying that all login flows that are ongoing will become\ninvalid. We recommend purging the flow table manually as well after this\nmigration has been applied, if you have users doing at least one self-service\nflow per minute.\n\nThis change introduces a new feature: UI Nodes. Previously, all self-service\nflows (login, registration, ...) included form fields (e.g.\n`methods.password.config.fields`). However, these form fields lacked support for\nother types of UI elements such as links (for e.g. \"Sign in with Google\"),\nimages (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery\ncodes). With this patch, these new features have been introduced. Please be\naware that this introduces significant breaking changes which you will need to\nadopt to in your UI. Please refer to the most recent documentation to see what\nhas changed. Conceptionally, most things stayed the same - you do however need\nto update how you access and render the form fields.\n\nPlease be also aware that this patch includes SQL migrations which **purge\nexisting self-service forms** from the database. This means that users will need\nto re-start the login/registration/... flow after the SQL migrations have been\napplied! If you wish to keep these records, make a back up of your database\nprior!\n\nThis change introduces a new feature: UI Nodes. Previously, all self-service\nflows (login, registration, ...) included form fields (e.g.\n`methods.password.config.fields`). However, these form fields lacked support for\nother types of UI elements such as links (for e.g. \"Sign in with Google\"),\nimages (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery\ncodes). With this patch, these new features have been introduced. Please be\naware that this introduces significant breaking changes which you will need to\nadopt to in your UI. Please refer to the most recent documentation to see what\nhas changed. Conceptionally, most things stayed the same - you do however need\nto update how you access and render the form fields.\n\nPlease be also aware that this patch includes SQL migrations which **purge\nexisting self-service forms** from the database. This means that users will need\nto re-start the login/registration/... flow after the SQL migrations have been\napplied! If you wish to keep these records, make a back up of your database\nprior!\n\nThe configuration value for `hashers.argon2.memory` is now a string\nrepresentation of the memory amount including the unit of measurement. To\nconvert the value divide your current setting (KB) by 1024 to get a result in MB\nor 1048576 to get a result in GB. Example: `131072` would now become `128MB`.\n\nCo-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com>\nCo-authored-by: aeneasr \n\nPlease run SQL migrations when applying this patch.\n\nThe following configuration keys were updated:\n\n```patch\nselfservice.methods.password.config.max_breaches\n```\n\n- `password.max_breaches` -> `selfservice.methods.password.config.max_breaches`\n- `password.ignore_network_errors` ->\n `selfservice.methods.password.config.ignore_network_errors`\n\nAfter battling with [spf13/viper](https://github.com/spf13/viper) for several\nyears we finally found a viable alternative with\n[knadh/koanf](https://github.com/knadh/koanf). The complete internal\nconfiguration infrastructure has changed, with several highlights:\n\n1. Configuration sourcing works from all sources (file, env, cli flags) with\n validation against the configuration schema, greatly improving developer\n experience when changing or updating configuration.\n2. Configuration reloading has improved significantly and works flawlessly on\n Kubernetes.\n3. Performance increased dramatically, completely removing the need for a cache\n layer between the configuration system and ORY Hydra.\n4. It is now possible to load several config files using the `--config` flag.\n5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is\n enabled.\n\nPlease be aware that ORY Kratos might complain about an invalid configuration,\nbecause the validation process has improved significantly.\n\n### Bug Fixes\n\n- Add include stub go files\n ([6d725b1](https://github.com/ory/kratos/commit/6d725b1461a26d99c8b179be8ca219ba83ba0f17))\n- Add index to migration status\n ([8c6ec27](https://github.com/ory/kratos/commit/8c6ec2741535c090aae16f02a744f56c15923e2b))\n- Add node_modules to format tasks\n ([e5f6b36](https://github.com/ory/kratos/commit/e5f6b36caeff080905d15566cf55f8fe4905dbc0))\n- Add titles to identity schema\n ([73c15d2](https://github.com/ory/kratos/commit/73c15d23840aa83d2c99c013cad52ad7df285f18))\n- Adopt to new go-swagger changes\n ([5c45bd9](https://github.com/ory/kratos/commit/5c45bd9f354bfe19b8cbcd7eb4eaebf22c441f42))\n- Allow absolute file URLs as config values\n ([#1069](https://github.com/ory/kratos/issues/1069))\n ([4bb4f67](https://github.com/ory/kratos/commit/4bb4f679d1fe0a49edb0c0189bb7a2188d4f850d))\n- Allow hashtag in ui urls ([#1040](https://github.com/ory/kratos/issues/1040))\n ([7591f07](https://github.com/ory/kratos/commit/7591f07f7d48376a03e9eacfdb6f4a93fd26c0d5))\n- Avoid unicode-escaping ampersand in recovery URL query string\n ([#1212](https://github.com/ory/kratos/issues/1212))\n ([d172368](https://github.com/ory/kratos/commit/d17236870af490f043d87e220179b35c9eb2dd4e))\n- Bcrypt regression in credentials counting\n ([23fc13b](https://github.com/ory/kratos/commit/23fc13ba778e0045ca30c00d673ebd6c2f2b7fb7))\n- Broken make quickstart-dev task\n ([#980](https://github.com/ory/kratos/issues/980))\n ([999828a](https://github.com/ory/kratos/commit/999828ae036f20bde6d12fe89851e1fde9bdaca6)),\n closes [#965](https://github.com/ory/kratos/issues/965)\n- Broken make sdk task ([#977](https://github.com/ory/kratos/issues/977))\n ([5b01c7a](https://github.com/ory/kratos/commit/5b01c7a368c5bcfaa3af218d42f15288f51ab3e4)),\n closes [#950](https://github.com/ory/kratos/issues/950)\n- Call contextualized test helpers\n ([e1f3f78](https://github.com/ory/kratos/commit/e1f3f7835696b039409c9d05f63665aba7a179ae))\n- **cmd:** Make HTTP calls resilient\n ([e8ed61f](https://github.com/ory/kratos/commit/e8ed61fc3e806453f78b8fa629e96ff7b320bf95))\n- Code integer parsing bit size\n ([#1178](https://github.com/ory/kratos/issues/1178))\n ([31e9632](https://github.com/ory/kratos/commit/31e9632bcd6ec3bdeabe862a4cce89021c6dd361)):\n\n In some cases we had a wrong bitsize of `64`, while the var was later cast to\n `int`. Replaced with a bitsize of `0`, which is the value to cast to `int`.\n\n- Contextualize identity persister\n ([f8640c0](https://github.com/ory/kratos/commit/f8640c04f0c5873c39c8af4652d16bfbd347b79e))\n- Convert all identifiers to lower case on login\n ([#815](https://github.com/ory/kratos/issues/815))\n ([d64b575](https://github.com/ory/kratos/commit/d64b5757c710c436d6789dbdb33ed04dc11cbdf9)),\n closes [#814](https://github.com/ory/kratos/issues/814)\n- Courier adress ([#1198](https://github.com/ory/kratos/issues/1198))\n ([ebe4e64](https://github.com/ory/kratos/commit/ebe4e643150f7603a1e3a3cf6f909135097b3f49)),\n closes [#1194](https://github.com/ory/kratos/issues/1194)\n- Courier message dequeue race condition\n ([#1024](https://github.com/ory/kratos/issues/1024))\n ([5396a82](https://github.com/ory/kratos/commit/5396a82c34eef5d42444b5c4371bd4f820fe3eb0)),\n closes [#652](https://github.com/ory/kratos/issues/652)\n [#732](https://github.com/ory/kratos/issues/732):\n\n Fixes the courier message dequeuing race condition by modifying\n `*sql.Persister.NextMessages(ctx context.Context, limit uint8)` to retrieve\n only messages with status `MessageStatusQueued` and update the status of the\n retrieved messages to `MessageStatusProcessing` within a transaction. On\n message send failure, the message's status is reset to `MessageStatusQueued`,\n so that the message can be dequeued in a subsequent `NextMessages` call. On\n message send success, the status is updated to `MessageStatusSent` (no change\n there).\n\n- Define credentials types as sql template and resolve crdb issue\n ([a2d6eeb](https://github.com/ory/kratos/commit/a2d6eeb2928c9750741237f559197fd80494310d))\n- Dereference pointer types from new flow structures\n ([#1019](https://github.com/ory/kratos/issues/1019))\n ([efedc92](https://github.com/ory/kratos/commit/efedc920e592bd6e963726e6b123ddc40df93a59))\n- Do not include smtp in tracing\n ([#1268](https://github.com/ory/kratos/issues/1268))\n ([bbfcbf9](https://github.com/ory/kratos/commit/bbfcbf9ce595d842a53a3ea21c286d5899eeb28f))\n- Do not publish version at public endpoint\n ([3726ed4](https://github.com/ory/kratos/commit/3726ed4d145a949b25f5b5da5f58d4f448a2a90f))\n- Do not reset registration method\n ([554bb0b](https://github.com/ory/kratos/commit/554bb0b4e62e4ac2a321fa4dbf89ffdf37b188df))\n- Do not return system errors for missing identifiers\n ([1fcc855](https://github.com/ory/kratos/commit/1fcc8557bfee0f7ba562a635670b61dc9acb3530)),\n closes [#1286](https://github.com/ory/kratos/issues/1286)\n- Export mailhog dockertest runner\n ([1384148](https://github.com/ory/kratos/commit/138414873ad319c6c32c6cc64a73547540dffc74))\n- Fix random delay norm distribution math\n ([#1131](https://github.com/ory/kratos/issues/1131))\n ([bd9d28f](https://github.com/ory/kratos/commit/bd9d28fe354710957f4ebaf71d1fffeae3968364))\n- Fork audit logger from root logger\n ([68a09e7](https://github.com/ory/kratos/commit/68a09e7f3dc3ded9a477bb309c68ac8c4e2c2836))\n- Gitlab oidc flow ([#1159](https://github.com/ory/kratos/issues/1159))\n ([0bb3eb6](https://github.com/ory/kratos/commit/0bb3eb6db1144a09f4ac356cc45e1644d862bb70)),\n closes [#1157](https://github.com/ory/kratos/issues/1157)\n- Give specific message instead of only 404 when method is disabled\n ([#1025](https://github.com/ory/kratos/issues/1025))\n ([2f62041](https://github.com/ory/kratos/commit/2f62041a62588f5b3b062092c57053facb858e62)):\n\n Enabled strategies are not only used for handlers but also in other areas\n (e.g. populating the flow methods). So we should keep the logic to get enabled\n strategies and add new functions for getting all strategies.\n\n- **hashing:** Make bcrypt default hashing algorithm\n ([04abe77](https://github.com/ory/kratos/commit/04abe774ada1ef4bf318658fcf84c1d39a2a922d))\n- Ignore unset domain aliases\n ([ada6997](https://github.com/ory/kratos/commit/ada6997ff3dc7e48fd098e40267db5f231a5201f))\n- Improve cli error output\n ([43e9678](https://github.com/ory/kratos/commit/43e967887280b57639565dabd92a07f02fbddeb5))\n- Improve error stack trace\n ([4351773](https://github.com/ory/kratos/commit/43517737109088eda3b1d7f5b42f78bd5eb701d2))\n- Improve error tracing ([#1005](https://github.com/ory/kratos/issues/1005))\n ([456fd25](https://github.com/ory/kratos/commit/456fd254485fc80b9ae02dfca672a9fea8ae0134))\n- Improve test contextualization\n ([2f92a70](https://github.com/ory/kratos/commit/2f92a7066d72535d32146a98207996fda45e0b96))\n- Initialize randomdelay with seeded source\n ([9896289](https://github.com/ory/kratos/commit/9896289216f10b808a8c78b86d9c27b8d74379de))\n- Insert credentials type constants as part of migrations\n ([#865](https://github.com/ory/kratos/issues/865))\n ([92b79b8](https://github.com/ory/kratos/commit/92b79b86762edddf2ad6529b98b3383b641148d5)),\n closes [#861](https://github.com/ory/kratos/issues/861)\n- Linking a connection may result in system error\n ([#990](https://github.com/ory/kratos/issues/990))\n ([be02a70](https://github.com/ory/kratos/commit/be02a70c3cd60adbcc13559e1cb5dc01a8572da4)),\n closes [#694](https://github.com/ory/kratos/issues/694)\n- Marking whoami auhorization parameter as 'in header'\n ([#1244](https://github.com/ory/kratos/issues/1244))\n ([62d8b85](https://github.com/ory/kratos/commit/62d8b85223a0535b07620b08d35c6c3f6b127642)),\n closes [#1215](https://github.com/ory/kratos/issues/1215)\n- Move schema loaders to correct file\n ([029781f](https://github.com/ory/kratos/commit/029781f69448e8abc85607a03b4bd2055158cf2c))\n- Move to new transaction-safe migrations\n ([#1063](https://github.com/ory/kratos/issues/1063))\n ([2588fb4](https://github.com/ory/kratos/commit/2588fb489d76939aeec2986d30fde9075b373831)):\n\n This patch introduces a new SQL transaction model for running SQL migrations.\n This fix is particularly targeted at CockroachDB which has limited support for\n mixing DDL and DML statements.\n\n Previously it could happen that migrations failure needed manual intervention.\n This has now been resolved. The new migration model is compatible with the old\n one and should work without a problem.\n\n- Pass down context to registry\n ([0879446](https://github.com/ory/kratos/commit/08794461ed95965a9e5460ded2b4c04ab0f5e2e8))\n- Re-enable SDK generation\n ([1d5854d](https://github.com/ory/kratos/commit/1d5854d6298e3d21f85a8fa01d3004166c4b3f50))\n- Record cypress runs\n ([db35d8f](https://github.com/ory/kratos/commit/db35d8ff6bb44dc9e9acf131cb0a14a7f4a7d160))\n- Rehydrate settings form on successful submission\n ([3457e1a](https://github.com/ory/kratos/commit/3457e1a46f48ed79eabff76f8af08b82f12ecc89)),\n closes [#1305](https://github.com/ory/kratos/issues/1305)\n- Remove absolete 'make pack' from Dockerfile\n ([#1172](https://github.com/ory/kratos/issues/1172))\n ([b8eb908](https://github.com/ory/kratos/commit/b8eb908529cc72a3147ad28e4eeee71850a8e431))\n- Remove continuity cookies on errors\n ([85eea67](https://github.com/ory/kratos/commit/85eea6748be6ae8cdfc10cabaa6b677e4efd63eb))\n- Remove include stubs\n ([1764e3a](https://github.com/ory/kratos/commit/1764e3a08a24db82dc391a77fdea09a91faffb5f))\n- Remove obsolete clihelpers\n ([230fd13](https://github.com/ory/kratos/commit/230fd138d1bc7ec57647ea8eeca8e17baaacce0a))\n- Remove record from bash script\n ([84a9315](https://github.com/ory/kratos/commit/84a9315a824cacd29d30b98b65725343af22732d))\n- Remove stray non-ctx configs\n ([#1053](https://github.com/ory/kratos/issues/1053))\n ([1fe137e](https://github.com/ory/kratos/commit/1fe137e0d6314bd0af47a29c00e2f72564e71cef))\n- Remove trailing double-dot from error\n ([59581e3](https://github.com/ory/kratos/commit/59581e3fede0fd43028a5f064c350c3cc833b5b0))\n- Remove unused sql migration\n ([1445d1d](https://github.com/ory/kratos/commit/1445d1d1b4b0b5e8ef3426a98ced9573063d8646))\n- Remove unused var\n ([30a8cee](https://github.com/ory/kratos/commit/30a8cee22238d9f400e6d315a9bc99f710945f81))\n- Remove verify hook\n ([98cfec6](https://github.com/ory/kratos/commit/98cfec6d72c2e7bf2db2e8dd6f8875e885923ba8)),\n closes [#1302](https://github.com/ory/kratos/issues/1302):\n\n The verify hook is automatically used when verification is enabled and has\n been removed as a configuration option.\n\n- Replace jwt module ([#1254](https://github.com/ory/kratos/issues/1254))\n ([3803c8c](https://github.com/ory/kratos/commit/3803c8ce43e35c51a9c1d7ab55bc662c398cf0d8)),\n closes [#1250](https://github.com/ory/kratos/issues/1250)\n- Resolve build and release issues\n ([fb582aa](https://github.com/ory/kratos/commit/fb582aa06ad55ca3fd4e2b083e1e9bbb4ba7c715))\n- Resolve clidoc issues\n ([599e9f7](https://github.com/ory/kratos/commit/599e9f773a743f811329cc57cea2748831105e58))\n- Resolve compile issues\n ([63063c1](https://github.com/ory/kratos/commit/63063c15c17f4d3aca96b106275a3478a8ed717e))\n- Resolve contextualized table issues\n ([5a4f0d9](https://github.com/ory/kratos/commit/5a4f0d92800df7fb5ca0df18203a6d73416814e1))\n- Resolve crdb migration issue\n ([9f6edfd](https://github.com/ory/kratos/commit/9f6edfd1f544d5f85e5f5558a08672f40e928136))\n- Resolve double hook invokation for registration\n ([032322c](https://github.com/ory/kratos/commit/032322c66fb6925d8f1473746cb4bfd800d60590))\n- Resolve incorrect field types on oidc sign up completion\n ([f88b6ab](https://github.com/ory/kratos/commit/f88b6abe202605739092a8230fbdebaebcd4407a))\n- Resolve lint issues\n ([0348825](https://github.com/ory/kratos/commit/03488250bcdbfda6ef6a536b4de6117fa8924dc8))\n- Resolve lint issues\n ([75a995b](https://github.com/ory/kratos/commit/75a995b3f69778655611929b65ae22bd77c5370b))\n- Resolve linting issues and disable nancy\n ([c8396f6](https://github.com/ory/kratos/commit/c8396f6007831240d83f77433876c5971a2191ef))\n- Resolve mail queue issues\n ([b968bc4](https://github.com/ory/kratos/commit/b968bc4ed8962d421175adbcaa2dba6eaeea2245))\n- Resolve merge regressions\n ([9862ac7](https://github.com/ory/kratos/commit/9862ac72e0877df4cf17c93e140c354e1ddbd0e7))\n- Resolve oidc e2e regressions\n ([f28087a](https://github.com/ory/kratos/commit/f28087aaf133c116a81213f787dc6f2e982564c0))\n- Resolve oidc regressions and e2e tests\n ([f5091fa](https://github.com/ory/kratos/commit/f5091fac161db0b1401b340a002278bc26891251))\n- Resolve potential fsnotify leaks\n ([3159c0a](https://github.com/ory/kratos/commit/3159c0abe109ea4e3832770278c4e9bc4ca3b3e1))\n- Resolve regressions and test failures\n ([8bae356](https://github.com/ory/kratos/commit/8bae3565ea5410b60c3e638a49f5454fac8e63d3))\n- Resolve regressions in cookies and payloads\n ([9e34bf2](https://github.com/ory/kratos/commit/9e34bf2f6a2f3b007069a5415643c448798207a6))\n- Resolve settings sudo regressions\n ([4b611f3](https://github.com/ory/kratos/commit/4b611f34755369eafcbafa2fc16da13ea3b82370))\n- Resolve test regressions\n ([e3fb028](https://github.com/ory/kratos/commit/e3fb0281dd9be123271d11f2934cfb08fdc470b7))\n- Resolve ui issues with nested form objects\n ([8e744b9](https://github.com/ory/kratos/commit/8e744b931954283cf5f5cbf3ebaca3fa94e035ed))\n- Resolve update regression\n ([d0d661a](https://github.com/ory/kratos/commit/d0d661aaffcba8b039738b773c891ee6e8f6449e))\n- Return delay instead of sleeping to improve tests\n ([27b977e](https://github.com/ory/kratos/commit/27b977ebbaa25b95caa7e3e4536a09ea0bfa61c3))\n- Revert generator changes\n ([c18b97f](https://github.com/ory/kratos/commit/c18b97f333a638d4b4495678013c55faca4b04d0))\n- Run correct error handler for registration hooks\n ([0d80447](https://github.com/ory/kratos/commit/0d80447102d5092e310ca728012f083147c0c5c9))\n- Simplify data breaches password error reason\n ([#1136](https://github.com/ory/kratos/issues/1136))\n ([33d29bf](https://github.com/ory/kratos/commit/33d29bf72af03aea77f1d318c19f5087a506719f)):\n\n This PR simplifies the error reason given when a password has appeared in data\n breaches to not include the actual number and rather just show \"this password\n has appeared in data breaches and must not be used\".\n\n- Support form and json formats in decoder\n ([d420fe6](https://github.com/ory/kratos/commit/d420fe6e8a491b20063d4bfeaa0a841058087d32))\n- Update openapi definitions for signup\n ([eb0b69d](https://github.com/ory/kratos/commit/eb0b69d50ce834b170186a39bbc9cda4d3366c36))\n- Update quickstart node image\n ([c19b2f4](https://github.com/ory/kratos/commit/c19b2f4c57307e27ce289d44eff34f5aec1341da)):\n\n See https://github.com/ory/kratos/discussions/1301\n\n- Update to new goreleaser config\n ([4c2a1b7](https://github.com/ory/kratos/commit/4c2a1b7f5a0059a6e0c28779808ffb27e8910553))\n- Update to new healthx\n ([6ec987a](https://github.com/ory/kratos/commit/6ec987ae81ef0c05f2c4d1eb836c40f9d15950b2))\n- Use equalfold\n ([1c0e52e](https://github.com/ory/kratos/commit/1c0e52ec36ff95b53e3537c5ef457f1c818d7f6b))\n- Use new TB interface\n ([d75a378](https://github.com/ory/kratos/commit/d75a378e700a206753f2cb17032315f2981960e7))\n- Use numerical User ID instead of name to avoid k8s security warnings\n ([#1151](https://github.com/ory/kratos/issues/1151))\n ([468a12e](https://github.com/ory/kratos/commit/468a12e56f22cfdf7bd05d68159cc735e75211b2)):\n\n Our docker image scanner does not allow running processes inside container\n using non-numeric User spec (to determine if we are trying to run docker image\n as root).\n\n- Use remote dependencies\n ([1e56457](https://github.com/ory/kratos/commit/1e56457d49e1cde69baa41e3111ca113aa49ee3c))\n\n### Code Generation\n\n- Pin v0.6.0-alpha.1 release commit\n ([507d13a](https://github.com/ory/kratos/commit/507d13a8ec9cd89c9933fc8814a8a99921da69fb))\n\n### Code Refactoring\n\n- Adapt new sdk in testhelpers\n ([6e15f6f](https://github.com/ory/kratos/commit/6e15f6f86c0f146e846a384ffd6eac78406178bc))\n- Add nid everywhere\n ([407fd95](https://github.com/ory/kratos/commit/407fd95889f416f0d76d6f3f43644a6fafa13b44))\n- Contextualize everything\n ([7ebc3a9](https://github.com/ory/kratos/commit/7ebc3a9a1a2cd85d28c5a9adf2c0c8c10cbd072e)):\n\n This patch contextualizes all configuration and DBAL models.\n\n- Do not use prefixed node names\n ([fc42ece](https://github.com/ory/kratos/commit/fc42ece24107dcb6e6a416cc54a2fb5de524fd94))\n- Improve Argon2 tooling ([#961](https://github.com/ory/kratos/issues/961))\n ([3151187](https://github.com/ory/kratos/commit/315118720419194be8baf5e5e64d7bf190179568)),\n closes [#955](https://github.com/ory/kratos/issues/955):\n\n This adds a load testing CLI that allows to adjust the hasher parameters under\n simulated load.\n\n- Move faker to exportable module\n ([09f8ae5](https://github.com/ory/kratos/commit/09f8ae5755c9978574e91676bf5df6a23a2feb78))\n- Move migratest helpers to ory/x\n ([7eca67e](https://github.com/ory/kratos/commit/7eca67eb9ec3e4ab065af7221911a74ed16c7c48))\n- Move password config to selfservice\n ([cd0e0eb](https://github.com/ory/kratos/commit/cd0e0ebb0de372ff31c982ef023fe1979addb05a))\n- Move to go 1.16 embed\n ([43c4a13](https://github.com/ory/kratos/commit/43c4a13c25be4a3a23a1ffdbecfaa0f9eda1a11d)):\n\n This patch replaces packr and pkged with the Go 1.16 embed feature.\n\n- Remove password node attribute prefix\n ([e27fae4](https://github.com/ory/kratos/commit/e27fae4b0d7a91ff3964804963d4885178b80803))\n- Remove profile node attribute prefix\n ([a3ff6f7](https://github.com/ory/kratos/commit/a3ff6f7eec45b1a9a1e7eb8569793fbc6a047d4f))\n- Rename config structs and interfaces\n ([4a2f419](https://github.com/ory/kratos/commit/4a2f41977439354415118df3e37dd0cde8dac1aa))\n- Rename form to container\n ([5da155a](https://github.com/ory/kratos/commit/5da155a07d3737cefabaf98c4ff650115f662480))\n- Replace flow's forms with new ui node module\n ([647eb1e](https://github.com/ory/kratos/commit/647eb1e66850c67e539d0338cca6cb8ae476ee55))\n- Replace flow's forms with new ui node module\n ([f74a5c2](https://github.com/ory/kratos/commit/f74a5c25af60936b59caee0866a21637a5c0ae6f))\n- Replace login flow methods with ui container\n ([d4ca364](https://github.com/ory/kratos/commit/d4ca364fd8905cfb205ee047a9cb831064a6b9d0))\n- Replace recovery flow methods with ui container\n ([cac0456](https://github.com/ory/kratos/commit/cac04562f2e4e77875275fcfd82c039d787607fb))\n- Replace registration flow methods with ui container\n ([3f6388d](https://github.com/ory/kratos/commit/3f6388d03f91cfad17bd74ebca4d924b4b546668))\n- Replace settings flow methods with ui container\n ([0efd17e](https://github.com/ory/kratos/commit/0efd17e76ba0a0cbd46916a7644b7bdf19bd4ab4))\n- Replace verification flow methods with ui container\n ([dbf2668](https://github.com/ory/kratos/commit/dbf2668747922c93dd967961cd843354afbecfde))\n- Replace viper with koanf config management\n ([5eb1bc0](https://github.com/ory/kratos/commit/5eb1bc0bff7c5d0f83c604484b8e845701112cad))\n- Update RegisterFakes calls\n ([6268310](https://github.com/ory/kratos/commit/626831069ab4f971094ba0bc0b43ac9ff618d91d))\n- Use underscore in webhook auth types\n ([26829d2](https://github.com/ory/kratos/commit/26829d21911cccd4a87c8693b6089af661c1bfe3))\n\n### Documentation\n\n- Add docker to docs main\n ([8ce8b78](https://github.com/ory/kratos/commit/8ce8b785e2246557253420ea97cf6b7d5ee75d58))\n- Add docker to sidebar\n ([ed38c88](https://github.com/ory/kratos/commit/ed38c88bdbadcdcd2527a2b5270390251742bbe4))\n- Add dotnet sdk ([#1183](https://github.com/ory/kratos/issues/1183))\n ([32d874a](https://github.com/ory/kratos/commit/32d874a04bb384259aeb544a3fcd6b3a8b23acdd))\n- Add faq sidebar ([#1105](https://github.com/ory/kratos/issues/1105))\n ([10697aa](https://github.com/ory/kratos/commit/10697aa4ab5dc3e2ab90d1c037dfbe3492bf2bdf))\n- Add log docs to schema config\n ([4967f11](https://github.com/ory/kratos/commit/4967f11d8df177ebdae855eb745e90d21ce38e9f))\n- Add more HA docs\n ([cbb2e27](https://github.com/ory/kratos/commit/cbb2e27f8919a8991c4797a3f1c192ec364f0dd3))\n- Add Rust and Dart SDKs\n ([6d96952](https://github.com/ory/kratos/commit/6d969528e13350ef099669510d3d37df1c007c82)):\n\n We now support for Rust and Dart SDKs!\n\n- Add SameSite help\n ([2df6729](https://github.com/ory/kratos/commit/2df6729b4acc70532024658e8874682de64b06b3))\n- Add shell-session language\n ([d16db87](https://github.com/ory/kratos/commit/d16db87802ae2f230a02e4deed189f473588552c))\n- Add ui node docs\n ([e48a07d](https://github.com/ory/kratos/commit/e48a07d03c19a0677d3a56f9e57294b358f24501))\n- Adding double colons ([#1187](https://github.com/ory/kratos/issues/1187))\n ([fc712f4](https://github.com/ory/kratos/commit/fc712f4530066c429242491c19d1534ffb267b0c))\n- Bcrypt is default and add 72 char warning\n ([29ae53a](https://github.com/ory/kratos/commit/29ae53a96b4472ff549b34241894d72d439c8ea1))\n- Better import identities examples\n ([#997](https://github.com/ory/kratos/issues/997))\n ([2e2880a](https://github.com/ory/kratos/commit/2e2880ac057b5c98cd69481c4f6f36b564b5871d))\n- Change forum to discussions readme\n ([#1220](https://github.com/ory/kratos/issues/1220))\n ([ae39956](https://github.com/ory/kratos/commit/ae399561ea6ed89aaadd4128bc564254984520e8))\n- Describe more about Kratos login/browser flow on quickstart doc\n ([#1047](https://github.com/ory/kratos/issues/1047))\n ([fe725ad](https://github.com/ory/kratos/commit/fe725ad12b5aed5faa8f95bec24ed3aa82512de8))\n- Docker file links ([#1182](https://github.com/ory/kratos/issues/1182))\n ([4d9b6a3](https://github.com/ory/kratos/commit/4d9b6a3fd5de81310016a811126e40a263ecd27c))\n- Document hash timing attack mitigation\n ([ec86993](https://github.com/ory/kratos/commit/ec869930a9c0e6f6f56c2614835894e0a6a3eaab))\n- Explain how to use `after_verification_return_to`\n ([7e1546b](https://github.com/ory/kratos/commit/7e1546be1fd20baca10507d642d4f209eb88dcbc))\n- FAQ improvements ([#1135](https://github.com/ory/kratos/issues/1135))\n ([44d0bc9](https://github.com/ory/kratos/commit/44d0bc968a7c0ba5c0793b2349820fa8133bada3))\n- FAQ item & minor changes ([#1174](https://github.com/ory/kratos/issues/1174))\n ([11cf630](https://github.com/ory/kratos/commit/11cf630082b56c80d12f5915f8e34aa03a7e8c54))\n- Fix broken link ([#1037](https://github.com/ory/kratos/issues/1037))\n ([6b9aae8](https://github.com/ory/kratos/commit/6b9aae8af5aa3bd614c99b32e341fbd533caf116))\n- Fix failing build\n ([0de328f](https://github.com/ory/kratos/commit/0de328ff0053605e6bded589a79d3ab938d55b31))\n- Fix formatting ([#966](https://github.com/ory/kratos/issues/966))\n ([687251a](https://github.com/ory/kratos/commit/687251a24e796322b43f8aed6b1fb3d7900e3271))\n- Fix identity state bullets\n ([#1095](https://github.com/ory/kratos/issues/1095))\n ([f476334](https://github.com/ory/kratos/commit/f476334c4693277656ad88e768f66b59cbcba126))\n- Fix known/unknown email account recovery\n ([#1211](https://github.com/ory/kratos/issues/1211))\n ([e208ca5](https://github.com/ory/kratos/commit/e208ca50ba4f03d5410c9644aaa3b04bdf1b8dbd))\n- Fix link\n ([7f6d7f5](https://github.com/ory/kratos/commit/7f6d7f501d7118dfe6868c9d923fb5ecc5eded48))\n- Fix link ([#1128](https://github.com/ory/kratos/issues/1128))\n ([e7043e9](https://github.com/ory/kratos/commit/e7043e9b99260eaff2b48ca6f457af46a1521654))\n- Fix link to blogpost ([#949](https://github.com/ory/kratos/issues/949))\n ([4622e32](https://github.com/ory/kratos/commit/4622e3228fb12231222c7e6b602458111f35f727)),\n closes [#945](https://github.com/ory/kratos/issues/945)\n- Fix link to self-service flows overview\n ([#995](https://github.com/ory/kratos/issues/995))\n ([2be8778](https://github.com/ory/kratos/commit/2be877847644a3df2645ac3be4bbd7704db30b17))\n- Fix note block in third party login guide\n ([#920](https://github.com/ory/kratos/issues/920))\n ([745cea0](https://github.com/ory/kratos/commit/745cea02d0e9940f689e668bbd814b29fd53bf37)):\n\n Allows the document to render properly\n\n- Fix npm links ([#991](https://github.com/ory/kratos/issues/991))\n ([4ce4468](https://github.com/ory/kratos/commit/4ce4468132dde21c1692e3a834ad7780bee12b90))\n- Fix self-service code flows labels\n ([#1253](https://github.com/ory/kratos/issues/1253))\n ([f2ed424](https://github.com/ory/kratos/commit/f2ed424289cdd2a0edc1736888dd15be6df65f11))\n- Fix typo in README ([#1122](https://github.com/ory/kratos/issues/1122))\n ([e500707](https://github.com/ory/kratos/commit/e5007078c3cd597cea669827b96c7e6f205f2f32))\n- Link to argon2 blogpost and add cross-references\n ([#1038](https://github.com/ory/kratos/issues/1038))\n ([9ab7c3d](https://github.com/ory/kratos/commit/9ab7c3df59ecd94a74a7bf18af9c0ded5305e042))\n- Make explicit the ID of the default schema\n ([#1173](https://github.com/ory/kratos/issues/1173))\n ([cc6e9ff](https://github.com/ory/kratos/commit/cc6e9ffbac7118436d85078720cde2de98a68044))\n- Minor cosmetics ([#1050](https://github.com/ory/kratos/issues/1050))\n ([34db06f](https://github.com/ory/kratos/commit/34db06fd4f83d415c09109b06dfd3b82ce03705e))\n- Minor improvements ([#1052](https://github.com/ory/kratos/issues/1052))\n ([f0672b5](https://github.com/ory/kratos/commit/f0672b5cb8cca41fa914db21798d20f00a5699f9))\n- ORY -> Ory\n ([ea30979](https://github.com/ory/kratos/commit/ea309797bf59f3da5c5cd184e45f2e585144be56))\n- **prometheus:** Update codedoc\n ([47146ea](https://github.com/ory/kratos/commit/47146ea8ce169ee908aa4d33b59a01e9df4bae10))\n- Reformat settings code samples\n ([cdbbf4d](https://github.com/ory/kratos/commit/cdbbf4df5fa3fa667a78d5cf682bc7fa36693e9d))\n- Remove unnecessary and wrong docker pull commands\n ([#1203](https://github.com/ory/kratos/issues/1203))\n ([2b0342a](https://github.com/ory/kratos/commit/2b0342ad7607d705bcebfafd5a78e4e09e57a940))\n- Resolve duplication error\n ([a3d8284](https://github.com/ory/kratos/commit/a3d8284ab20ae76bccba361601b7290af20bdde6))\n- Update build from source\n ([9b5754f](https://github.com/ory/kratos/commit/9b5754f36661f6de9c95f30c06f28164fe5be48b)),\n closes [#979](https://github.com/ory/kratos/issues/979)\n- Update email template docs\n ([1778cb9](https://github.com/ory/kratos/commit/1778cb9a293feb2c91c0b1921ab78a0395cdca98)),\n closes [#897](https://github.com/ory/kratos/issues/897)\n- Update identity-data-model links\n ([b5fd9a3](https://github.com/ory/kratos/commit/b5fd9a3a0821215f94da168c9c6f87dceba8c8f4))\n- Update identity.ID field documentation\n ([4624f03](https://github.com/ory/kratos/commit/4624f03a5e9249a5449992a1f0b7ec80dc3499fd)):\n\n See https://github.com/ory/kratos/discussions/956\n\n- Update kratos video link ([#1073](https://github.com/ory/kratos/issues/1073))\n ([e86178f](https://github.com/ory/kratos/commit/e86178f4ee66e5053e0da2fab2c21ecb2e730ada))\n- Update login code samples\n ([695a30f](https://github.com/ory/kratos/commit/695a30f6c80f277676bf04b4665efeb7ea4db618))\n- Update login code samples\n ([ce6c755](https://github.com/ory/kratos/commit/ce6c75587bea80ef83855d764fed79a9d6c948d3))\n- Update quickstart samples\n ([c3fcaba](https://github.com/ory/kratos/commit/c3fcaba65899d9d46a08ca8b60ec0c010f70b16c))\n- Update recovery code samples\n ([d9fbb62](https://github.com/ory/kratos/commit/d9fbb62faff5144f587136935f15d24b6399f29c))\n- Update registration code samples\n ([317810f](https://github.com/ory/kratos/commit/317810ffd8ba6faf87f2248263b6c82cf4e9ffd8))\n- Update self-service code samples\n ([6415011](https://github.com/ory/kratos/commit/6415011ab83a19972c6f52467055fbdcef23a0cc))\n- Update settings code samples\n ([bbd6266](https://github.com/ory/kratos/commit/bbd6266c22097fae195654957cbab589d04892c7))\n- Update verification code samples\n ([4285dec](https://github.com/ory/kratos/commit/4285dec59a8fc31fa3416b594c765f5da9a9de1c))\n- Use correct extension for identity-data-model\n ([acab3e8](https://github.com/ory/kratos/commit/acab3e8b489d9865e4bf0805895f0b7ae9e6f1b8)):\n\n See https://github.com/ory/kratos/pull/1197#issuecomment-819455322\n\n### Features\n\n- Add email template specification in doc\n ([#898](https://github.com/ory/kratos/issues/898))\n ([4230d9e](https://github.com/ory/kratos/commit/4230d9e0fc35c651b0d2cbdbbf9e1f1c514743f8))\n- Add error for when no login strategy was found\n ([6bae66c](https://github.com/ory/kratos/commit/6bae66cde362c4e2995c9d06a0d3ffee403feb74))\n- Add facebook provider to oidc providers and documentation\n ([#1035](https://github.com/ory/kratos/issues/1035))\n ([905bb03](https://github.com/ory/kratos/commit/905bb032520189212bd88f29641903945ae03608)),\n closes [#1034](https://github.com/ory/kratos/issues/1034)\n- Add FAQ to docs ([#1096](https://github.com/ory/kratos/issues/1096))\n ([9c6b68c](https://github.com/ory/kratos/commit/9c6b68c454f472b26c34e1975b6a67b24b218f47))\n- Add gh login to claims\n ([49deb2e](https://github.com/ory/kratos/commit/49deb2e166362a5d051bc08523ef44425f144bdd))\n- Add login strategy text message\n ([7468c83](https://github.com/ory/kratos/commit/7468c835d4800c207035897fc9962860d8ab7803))\n- Add more tests for multi domain args\n ([e99803b](https://github.com/ory/kratos/commit/e99803b62a847bcee52bcd87fa8088124b4deae2))\n- Add Prometheus monitoring to Public APIs\n ([#1022](https://github.com/ory/kratos/issues/1022))\n ([75a4f1a](https://github.com/ory/kratos/commit/75a4f1a5472ffd780fed43a7395a191ed495c6e9))\n- Add random delay to login flow\n ([#1088](https://github.com/ory/kratos/issues/1088))\n ([cb9894f](https://github.com/ory/kratos/commit/cb9894fefc694a4092215d3981e80f287021542f)),\n closes [#832](https://github.com/ory/kratos/issues/832)\n- Add return_url to verification flow\n ([#1149](https://github.com/ory/kratos/issues/1149))\n ([bb99912](https://github.com/ory/kratos/commit/bb99912d823e9bcffa41edf50a01dcae40117fe6)),\n closes [#1123](https://github.com/ory/kratos/issues/1123)\n [#1133](https://github.com/ory/kratos/issues/1133)\n- Add sql migrations for new login flow\n ([e947edf](https://github.com/ory/kratos/commit/e947edf497b36bc576061c9ae38049e84ee48575))\n- Add sql tracing\n ([3c4cc1c](https://github.com/ory/kratos/commit/3c4cc1cec170df14331288170a94ada770d3289f))\n- Add tracing to config schema\n ([007dde4](https://github.com/ory/kratos/commit/007dde4482d11f22b8527c94b002da675152a872))\n- Add transporter with host modification\n ([2c41b81](https://github.com/ory/kratos/commit/2c41b81be947f9972638d082105f0f5c83078b91))\n- Add workaround template for go openapi\n ([5d72d10](https://github.com/ory/kratos/commit/5d72d10f6c6948c48c5701fe348084a668c8311a))\n- Adds slack sogial login ([#974](https://github.com/ory/kratos/issues/974))\n ([7c66053](https://github.com/ory/kratos/commit/7c66053390b3086fe7233625038a78431a61e507)),\n closes [#953](https://github.com/ory/kratos/issues/953)\n- Allow session cookie name configuration\n ([77ce316](https://github.com/ory/kratos/commit/77ce3162ba97cf5c516c26ef499d9fa892162f0a)),\n closes [#268](https://github.com/ory/kratos/issues/268)\n- Allow specifying sender name in smtp.from_address\n ([#1100](https://github.com/ory/kratos/issues/1100))\n ([5904fe3](https://github.com/ory/kratos/commit/5904fe319f75f8138783434d568db6fc7c55b301))\n- Bcrypt algorithm support ([#1169](https://github.com/ory/kratos/issues/1169))\n ([b2612ee](https://github.com/ory/kratos/commit/b2612eefbad98d29482d364f670549f470d0a6f5)):\n\n This patch adds the ability to use BCrypt instead of Argon2id for password\n hashing. We recommend using BCrypt for web workloads where password hashing\n should take around 200ms. For workloads where login takes >= 2 seconds, we\n recommend to continue using Argon2id.\n\n To use bcrypt for password hashing, set your config as follows:\n\n ```\n hashers:\n bcrypt:\n cost: 12\n algorithm: bcrypt\n ```\n\n Switching the hashing algorithm will not break existing passwords!\n\n Co-authored-by: Patrik \n\n- Check migrations in health check\n ([c6ef7ad](https://github.com/ory/kratos/commit/c6ef7ad16b70310c645550f7e41b3c8aff847de3))\n- Configure domain alias as query param\n ([9d8563e](https://github.com/ory/kratos/commit/9d8563eeb3293c42cce440ad74f025b304cccbbe))\n- Contextualize configuration\n ([d3d5327](https://github.com/ory/kratos/commit/d3d5327a3622318265a063be4782caa25e645a05))\n- Contextualize health checks\n ([8145a1c](https://github.com/ory/kratos/commit/8145a1c9acaeab441e787118d40ccd448ea82fe4))\n- Contextualize http client in cli calls\n ([3b3ef8f](https://github.com/ory/kratos/commit/3b3ef8f025d75b244d9285036e66f79af7d5ee35))\n- Contextualize persitence testers\n ([6440373](https://github.com/ory/kratos/commit/64403736ad9f8b264567e1f8eed1af710cab6046))\n- Courier foreground worker with \"kratos courier watch\"\n ([#1062](https://github.com/ory/kratos/issues/1062))\n ([500b8ba](https://github.com/ory/kratos/commit/500b8bacd9fd541afd053f42fec66443cfebabda)),\n closes [#1033](https://github.com/ory/kratos/issues/1033)\n [#1024](https://github.com/ory/kratos/issues/1024):\n\n BREACKING CHANGES: This patch moves the courier watcher (responsible for\n sending mail) to its own foreground worker, which can be executed as a, for\n example, Kubernetes job.\n\n It is still possible to have the previous behaviour which would run the worker\n as a background task when running `kratos serve` by using the\n `--watch-courier` flag.\n\n To run the foreground worker, use `kratos courier watch -c your/config.yaml`.\n\n- **courier:** Allow sending individual messages\n ([cbb2c0b](https://github.com/ory/kratos/commit/cbb2c0bef63323a177589e9d2a809c84b4f1acdd))\n- Do not enforce bcrypt 12 for dev envs\n ([bbf44d8](https://github.com/ory/kratos/commit/bbf44d887ae5cdb5975516149c74b3ba10896209))\n- Email input validation ([#1287](https://github.com/ory/kratos/issues/1287))\n ([cd56b73](https://github.com/ory/kratos/commit/cd56b73df363dd37485f07d31fef11fd4d9f40a6)),\n closes [#1285](https://github.com/ory/kratos/issues/1285)\n- Export and add config options\n ([4391fe5](https://github.com/ory/kratos/commit/4391fe572eb6a766afe9808396847ca5fdca07f5))\n- Expose courier worker\n ([f50969e](https://github.com/ory/kratos/commit/f50969ecba757dea558e9e8b9dd142f5f564d53a))\n- Expose crdb ui\n ([504d518](https://github.com/ory/kratos/commit/504d5181f5e391bb8d67768b314a0348ed252c8b))\n- Global docs sidebar ([#1258](https://github.com/ory/kratos/issues/1258))\n ([7108262](https://github.com/ory/kratos/commit/71082624e093b8c100e71ae59050f89b35ac20a2))\n- Implement and test domain aliasing\n ([1516a54](https://github.com/ory/kratos/commit/1516a54657df485627251de4e7019bc16353c956)):\n\n This patch adds a feature called domain aliasing. For more information, head\n over to http://ory.sh/docs/kratos/next/guides/multi-domain-cookies\n\n- Improve oas spec and fix mobile tests\n ([4ead2c8](https://github.com/ory/kratos/commit/4ead2c826a2f1a307e327b9736dd8ac99ef52743))\n- Improve sorting of ui fields\n ([797b49d](https://github.com/ory/kratos/commit/797b49d0175280f85f568014cf3083e9bc42d354)):\n\n See https://github.com/ory/kratos/discussions/1196\n\n- Include schema\n ([348a493](https://github.com/ory/kratos/commit/348a493c9e5381830b76e57cad803a308e6ce53a))\n- Make cli commands consumable in Ory Cloud\n ([#926](https://github.com/ory/kratos/issues/926))\n ([fed790b](https://github.com/ory/kratos/commit/fed790b0f71f028f6d92e8ebceee188dbdb20770))\n- Migrate to openapi v3\n ([595224b](https://github.com/ory/kratos/commit/595224b1efd5a225702ef236a87f08180a7118b8))\n- **oidc:** Support google hd claim\n ([#1097](https://github.com/ory/kratos/issues/1097))\n ([1f20a5c](https://github.com/ory/kratos/commit/1f20a5ceba7682719112d24a3b18bf046fb2ac22))\n- Populate email templates at delivery time, add plaintext defaults\n ([#1155](https://github.com/ory/kratos/issues/1155))\n ([7749c7a](https://github.com/ory/kratos/commit/7749c7a75a4386c1fd53db57626355467b698c2f)),\n closes [#1065](https://github.com/ory/kratos/issues/1065)\n- **schema:** Add totp errors\n ([a61f881](https://github.com/ory/kratos/commit/a61f8814101401dbb422967e37b6c6c1ae85d113))\n- Sort and label nodes with easy to use defaults\n ([cbec27c](https://github.com/ory/kratos/commit/cbec27c957a733411e4c1d511ed5854855b7236e)):\n\n Ory Kratos takes a guess based on best practices for\n - ordering UI nodes (e.g. email, password, submit button)\n - grouping UI nodes (e.g. keep password and oidc nodes together)\n - labeling UI nodes (e.g. \"Sign in with GitHub\")\n - using the \"title\" attribute from the identity schema to label trait fields\n\n This greatly simplifies front-end code on your end and makes it even easier to\n integrate with Ory Kratos! If you want a custom experience with e.g.\n translations or other things you can always adjust this in your UI\n integration!\n\n- Support base64 inline schemas\n ([815a248](https://github.com/ory/kratos/commit/815a24890a118f4128ac083241a93d8df27042f7))\n- Support contextual csrf cookies\n ([957ef38](https://github.com/ory/kratos/commit/957ef38b69fc6ab071b91262736e6c191be3a4b8))\n- Support domain aliasing in session cookie\n ([0681c12](https://github.com/ory/kratos/commit/0681c123f2d856ca27caee645dadc9e6e3731d2c))\n- Support label in oidc config\n ([a99cdcd](https://github.com/ory/kratos/commit/a99cdcddaa0c4bd7b679884b232c2ef8f2dcd978))\n- Support retryable CRDB transactions\n ([f0c21d7](https://github.com/ory/kratos/commit/f0c21d7e0a6ed85818d0e9025a451cb8cbdee086))\n- Unix sockets support ([#1255](https://github.com/ory/kratos/issues/1255))\n ([ad010de](https://github.com/ory/kratos/commit/ad010de240ddd9219f0cfb2ca3fbb180d2d3a697))\n- Web hooks support (recovery)\n ([#1289](https://github.com/ory/kratos/issues/1289))\n ([3e181fe](https://github.com/ory/kratos/commit/3e181fe3d7750a715ab31eb8347fbb4bdb89d6e6)),\n closes [#271](https://github.com/ory/kratos/issues/271):\n\n feat: web hooks for self-service flows\n\n This feature adds the ability to define web-hooks using a mixture of\n configuration and JsonNet. This allows integration with services like\n Mailchimp, Stripe, CRMs, and all other APIs that support REST requests.\n Additional to these new changes it is now possible to define hooks for\n verification and recovery as well!\n\n For more information, head over to the\n [hooks documentation](https://www.ory.sh/kratos/docs/self-service/hooks).\n\n### Tests\n\n- Add case to ensure correct behavior when verifying a different email address\n ([#999](https://github.com/ory/kratos/issues/999))\n ([f95a117](https://github.com/ory/kratos/commit/f95a117677c9c59436ad10aa8951fe875c39a64f)),\n closes [#998](https://github.com/ory/kratos/issues/998)\n- Add oasis test case\n ([f80691b](https://github.com/ory/kratos/commit/f80691b9dd77566857c4284e2639cc94d5b8c333))\n- Bump poll interval\n ([b3dc925](https://github.com/ory/kratos/commit/b3dc925a5d43557293745ee81c0ffb3db37b6342))\n- Bump video quality\n ([b7f8d04](https://github.com/ory/kratos/commit/b7f8d042646037e1589ae2d03602bd63a5cec2fe))\n- Bump wait times\n ([b2e43f8](https://github.com/ory/kratos/commit/b2e43f8b0b64784f60e5f57d9a0f5d2928c2b891))\n- Clean up hydra env before restart\n ([cf49414](https://github.com/ory/kratos/commit/cf494149e6a46b15e3b174185e1e87cfcd6f9f7a))\n- **e2e:** Significantly reduce wait and idle times\n ([f525fc5](https://github.com/ory/kratos/commit/f525fc53afec6f5232ce507fe25ddec1b9069196))\n- Longer wait times\n ([4bec9ef](https://github.com/ory/kratos/commit/4bec9ef50f14f22342a311f09ba1b59cde47befc))\n- Reliable migration tests on crdb\n ([2e3764b](https://github.com/ory/kratos/commit/2e3764ba66c156d810de66fba2b0e142dced6f4d))\n- Remove old noop test\n ([16dca3f](https://github.com/ory/kratos/commit/16dca3f78b2021c09ec83e81ab6d2e68c42ca081))\n- Resolve compile issues\n ([c1b5ba4](https://github.com/ory/kratos/commit/c1b5ba42171ec522579df9dfaff27b5b74a1566a))\n- Resolve flaky tests\n ([cb670a8](https://github.com/ory/kratos/commit/cb670a854cbb09b8437bfed7e4a6908ff6dcfd27))\n- Resolve json parser test regression\n ([a1b9b9a](https://github.com/ory/kratos/commit/a1b9b9a95d58583dc7ecf6d2a501da52f84dd6bb))\n- Resolve login integration regressions\n ([388b5b2](https://github.com/ory/kratos/commit/388b5b27d6dee7770e5f37d6d83c532044a4e984))\n- Resolve migration regression\n ([2051a71](https://github.com/ory/kratos/commit/2051a716cb4b8cf334dd65f2ccddb31e5fbed545))\n- Resolve more json parser test regressions\n ([ff791c4](https://github.com/ory/kratos/commit/ff791c41a1d9ce25af4e883469d3f8c0ef9eb302))\n- Resolve more regressions\n ([c5a23af](https://github.com/ory/kratos/commit/c5a23af81427480088651833d904e3403a969fab))\n- Resolve order regression\n ([40a849c](https://github.com/ory/kratos/commit/40a849ca35f4700185322e9ac4f6a4b70132851c))\n- Resolve regression\n ([e2b0ad3](https://github.com/ory/kratos/commit/e2b0ad3c1845da80f078b11b327b9a0376cbb7c5))\n- Resolve regression\n ([f0c9e5f](https://github.com/ory/kratos/commit/f0c9e5ff105d76d6bc9478c98522b2440c7181df))\n- Resolve regressions\n ([4b9da3c](https://github.com/ory/kratos/commit/4b9da3c9d98d40f7b71a56c51543fc115974630d))\n- Resolve stub regressions\n ([82650cf](https://github.com/ory/kratos/commit/82650cf1843f6bfde015f556f4452a7b6fd52b11))\n- Resolve test migrations\n ([de0b65d](https://github.com/ory/kratos/commit/de0b65d96daef0e31c12b3b6915f283a8e71244b))\n- Resolve test regression issues\n ([ccf9fed](https://github.com/ory/kratos/commit/ccf9feddade11f9fcaaf1c37dd3efeb2c4df6649))\n- Speed up tests\n ([a16737c](https://github.com/ory/kratos/commit/a16737cccc36a14444711660f1737913ffd7ba01))\n- Update schema tests for webhooks\n ([d1ddfa8](https://github.com/ory/kratos/commit/d1ddfa80742728b28dc5710ca5b6e7282a2dec55))\n- Update test description\n ([55fb37f](https://github.com/ory/kratos/commit/55fb37f62fc3ab7c0d5324ed31ef3e7f66a73aa2))\n- Use bcrypt cost 4 to reduce CI times\n ([cabe97d](https://github.com/ory/kratos/commit/cabe97d0656858fd1ee0442b40881417e91294f3))\n- Use fast bcrypt for e2e\n ([d90cf13](https://github.com/ory/kratos/commit/d90cf13230632e76eb74965c0945573b4f2e98ff))\n\n### Unclassified\n\n- fix: resolve clidoc issues (#976)\n ([346bc73](https://github.com/ory/kratos/commit/346bc73921655d52861b8803eb3351c4205657ee)),\n closes [#976](https://github.com/ory/kratos/issues/976)\n [#951](https://github.com/ory/kratos/issues/951)\n- :bug: fix ory home directory path (#897)\n ([2fca2be](https://github.com/ory/kratos/commit/2fca2bedaa907691bef324c11545e007b51d4881)),\n closes [#897](https://github.com/ory/kratos/issues/897)\n- Fix typo in config schema\n ([16337f1](https://github.com/ory/kratos/commit/16337f13e4388a715c8109c29cf198c82a848a16))\n- Format\n ([e4b7e79](https://github.com/ory/kratos/commit/e4b7e79f4ee91dadfcd008a5b3e318b6bfedad10))\n- Format\n ([193d266](https://github.com/ory/kratos/commit/193d2668ae0955a1346390057539a8b796d17afd))\n- Format\n ([1ebfbde](https://github.com/ory/kratos/commit/1ebfbdea75f27c8eeafa7d3aff45de133ea340bb))\n- Format\n ([ba1eeef](https://github.com/ory/kratos/commit/ba1eeef4f232c4ab59343a2ca3c7cf0eb6dfd110))\n- Format\n ([ada5dbb](https://github.com/ory/kratos/commit/ada5dbb58c45502b8275850a3bc0876debc66888))\n- Format\n ([17a0bf5](https://github.com/ory/kratos/commit/17a0bf5872b33eac615afc675c7d92d7c7441b2e))\n- Initial documentation tests via Text-Runner\n ([#567](https://github.com/ory/kratos/issues/567))\n ([c30eb26](https://github.com/ory/kratos/commit/c30eb26f76ab70a6098c0b40c9a04726d36d72f2))\n\n# [0.5.5-alpha.1](https://github.com/ory/kratos/compare/v0.5.4-alpha.1...v0.5.5-alpha.1) (2020-12-09)\n\nThe ORY Community is proud to present you the next iteration of ORY Kratos. In\nthis release, we focused on improving production stability!\n\n### Bug Fixes\n\n- CSRF token is required when using the Revoke Session API endpoint\n ([#839](https://github.com/ory/kratos/issues/839))\n ([d3218a0](https://github.com/ory/kratos/commit/d3218a0f23de7293b0a4a966ad21369a92b68b1a)),\n closes [#838](https://github.com/ory/kratos/issues/838)\n- Incorrect home path ([#848](https://github.com/ory/kratos/issues/848))\n ([5265af0](https://github.com/ory/kratos/commit/5265af00c92fe505819300caddfcc64004d45c65))\n- Make password policy configurable\n ([#888](https://github.com/ory/kratos/issues/888))\n ([7a00483](https://github.com/ory/kratos/commit/7a00483908bb623efdf281e76005c4485ea6b1ab)),\n closes [#450](https://github.com/ory/kratos/issues/450)\n [#316](https://github.com/ory/kratos/issues/316):\n\n Allows configuring password breach thresholds and optionally enforces checks\n against the HIBP API.\n\n- Remove obsolete types ([#887](https://github.com/ory/kratos/issues/887))\n ([b8bac7a](https://github.com/ory/kratos/commit/b8bac7aa56c16cd98f76a95a5e0d01fb1bbde6b7)),\n closes [#716](https://github.com/ory/kratos/issues/716)\n- Set samesite attribute to lax if in dev mode\n ([#824](https://github.com/ory/kratos/issues/824))\n ([91d6698](https://github.com/ory/kratos/commit/91d6698e4ce05ee59bb72fc84b54af9d1d204b41)),\n closes [#821](https://github.com/ory/kratos/issues/821)\n- Use working cache-control header for cdn/proxies/cache\n ([#869](https://github.com/ory/kratos/issues/869))\n ([d8e3d40](https://github.com/ory/kratos/commit/d8e3d40001ffdc64da2288f3cffd53cf3bfdf781)),\n closes [#601](https://github.com/ory/kratos/issues/601)\n\n### Code Generation\n\n- Pin v0.5.5-alpha.1 release commit\n ([83aedcb](https://github.com/ory/kratos/commit/83aedcb885acb96c5deb39fff675d5f0528af32d))\n\n### Documentation\n\n- Add contributing to sidebar ([#866](https://github.com/ory/kratos/issues/866))\n ([44f33f9](https://github.com/ory/kratos/commit/44f33f97d43f2a3c553a65ebb2986e0731c0e5f2)):\n\n The same change as in https://github.com/ory/hydra/pull/2209\n\n- Add newsletter to config\n ([1735ca2](https://github.com/ory/kratos/commit/1735ca2ced104971de4e97524d0a23d57ba045f2))\n- Add recovery flow ([#868](https://github.com/ory/kratos/issues/868))\n ([d95cfe9](https://github.com/ory/kratos/commit/d95cfe9759d3ffc08c24048a064c0c800abdf4b4)),\n closes [#864](https://github.com/ory/kratos/issues/864):\n\n Added a short section for the recovery flow on managing-user-identities.\n\n- Fix account recovery click instruction\n ([#870](https://github.com/ory/kratos/issues/870))\n ([383de9e](https://github.com/ory/kratos/commit/383de9ecf6f6504dbb9c20fb4cb984e934f0751e))\n- Fix broken link ([#893](https://github.com/ory/kratos/issues/893))\n ([dec38a2](https://github.com/ory/kratos/commit/dec38a28964aaa13827d356e5bfa12c2a6d1400e)),\n closes [#835](https://github.com/ory/kratos/issues/835)\n- Fix oidc config example structure\n ([#845](https://github.com/ory/kratos/issues/845))\n ([c102a68](https://github.com/ory/kratos/commit/c102a6844db29f994b67d23bb04e64ee71376264))\n- Fix redirect ([#802](https://github.com/ory/kratos/issues/802))\n ([b868782](https://github.com/ory/kratos/commit/b86878229f343e6b11521596b04040f892d1e2c3))\n- Fix typo ([#847](https://github.com/ory/kratos/issues/847))\n ([9b3da9f](https://github.com/ory/kratos/commit/9b3da9f0fe2ce71743115844d8c91a1dc9c4cbae))\n- Fix typo ([#881](https://github.com/ory/kratos/issues/881))\n ([3078293](https://github.com/ory/kratos/commit/3078293717a2ce21c4b939de4c2c4886c75303b5))\n- Fix typo MKFA to MFA ([#826](https://github.com/ory/kratos/issues/826))\n ([a5613d0](https://github.com/ory/kratos/commit/a5613d08aa21f90f4d192e5663ba4977b3de16c3))\n- Remove workaround note ([#886](https://github.com/ory/kratos/issues/886))\n ([05409bc](https://github.com/ory/kratos/commit/05409bc13f527398e3de01f29437e5d4353ef8d4)),\n closes [#718](https://github.com/ory/kratos/issues/718)\n- Swagger specs for selfservice settings browser flow\n ([#825](https://github.com/ory/kratos/issues/825))\n ([28d50f4](https://github.com/ory/kratos/commit/28d50f45ab14d561609be7047cac13902394b547))\n- Update oidc provider with json conf support\n ([#833](https://github.com/ory/kratos/issues/833))\n ([670eb37](https://github.com/ory/kratos/commit/670eb37d19674f33a36402cd9a88d61ca7327751))\n\n### Features\n\n- Add return_to parameter to logout flow\n ([#823](https://github.com/ory/kratos/issues/823))\n ([1c146dd](https://github.com/ory/kratos/commit/1c146dd21d616a56f510019abadd37402782bb39)),\n closes [#702](https://github.com/ory/kratos/issues/702)\n- Add selinux compatible quickstart config\n ([#889](https://github.com/ory/kratos/issues/889))\n ([0f87948](https://github.com/ory/kratos/commit/0f879481df209ed96b778799adcc2a9424449b37)),\n closes [#831](https://github.com/ory/kratos/issues/831)\n\n### Tests\n\n- Ensure registration runs only once\n ([#872](https://github.com/ory/kratos/issues/872))\n ([5ffc036](https://github.com/ory/kratos/commit/5ffc036ac82f36ad6ef499e217971275a35fc23a))\n\n### Unclassified\n\n- docs: fix link and typo in Configuring Cookies (#883)\n ([c51ed6b](https://github.com/ory/kratos/commit/c51ed6b789d2e3a8fe4e93565c3bded37d298f98)),\n closes [#883](https://github.com/ory/kratos/issues/883)\n\n# [0.5.4-alpha.1](https://github.com/ory/kratos/compare/v0.5.3-alpha.1...v0.5.4-alpha.1) (2020-11-11)\n\nThis release introduces the new CLI command\n`kratos hashers argon2 calibrate 500ms`. This command will choose the best\nparameterization for Argon2. Check out the\n[Choose Argon2 Parameters for Secure Password Hashing and Login](https://www.ory.sh/choose-recommended-argon2-parameters-password-hashing/)\nblog article for more insights!\n\n### Bug Fixes\n\n- Case in settings handler method\n ([#798](https://github.com/ory/kratos/issues/798))\n ([83eb4e0](https://github.com/ory/kratos/commit/83eb4e0021621014d2b543e57a01401381f07fe4))\n- Force brew install statement\n ([#796](https://github.com/ory/kratos/issues/796))\n ([ad542ad](https://github.com/ory/kratos/commit/ad542ad5919205ac26a757145474e5a46f3937ec)):\n\n Closes https://github.com/ory/homebrew-kratos/issues/1\n\n### Code Generation\n\n- Pin v0.5.4-alpha.1 release commit\n ([b02926c](https://github.com/ory/kratos/commit/b02926c42aee2748bc37ce2600596bd0c2537a0d))\n\n### Code Refactoring\n\n- Move pkger and ioutil helpers to ory/x\n ([60a0fc4](https://github.com/ory/kratos/commit/60a0fc449d90ead6065ca00926536a989d8b2a2b))\n\n### Documentation\n\n- Fix another broken link\n ([15bae9f](https://github.com/ory/kratos/commit/15bae9f893c2e2910167326d987455246c110001))\n- Fix broken links ([#795](https://github.com/ory/kratos/issues/795))\n ([0ab0e7e](https://github.com/ory/kratos/commit/0ab0e7eca8e95d6c26d028c177cbbd1f06b68871)),\n closes [#793](https://github.com/ory/kratos/issues/793)\n- Fix broken relative link ([#812](https://github.com/ory/kratos/issues/812))\n ([b32b173](https://github.com/ory/kratos/commit/b32b173fe30b7c5c43700abfa4ddb3409a33556b))\n- Fix links ([#800](https://github.com/ory/kratos/issues/800))\n ([5fcc272](https://github.com/ory/kratos/commit/5fcc272e625de9e583b2ec24d5679895a6d24c1b))\n- Fix oidc config examples ([#799](https://github.com/ory/kratos/issues/799))\n ([8a4f480](https://github.com/ory/kratos/commit/8a4f480121995d9899668f037382086fcdd2da4c))\n- Fix self-service recovery flow typo\n ([#807](https://github.com/ory/kratos/issues/807))\n ([800110d](https://github.com/ory/kratos/commit/800110d87c9df70a5ec79b58d9fcb9ae39ff76b9))\n- Remove duplicate words & fix spelling\n ([#810](https://github.com/ory/kratos/issues/810))\n ([4e1b966](https://github.com/ory/kratos/commit/4e1b96667d9f08dbafeb2f5ce144ca43309de8e0))\n- Remove leftover category from reference sidebar\n ([#813](https://github.com/ory/kratos/issues/813))\n ([94fde51](https://github.com/ory/kratos/commit/94fde5101d00b9e1f7228e9d122ef0a8e4719355))\n- Use correct links ([#797](https://github.com/ory/kratos/issues/797))\n ([a4de293](https://github.com/ory/kratos/commit/a4de29399e4f1b5d0a33acc85478f2d38579a174))\n\n### Features\n\n- Add helper for choosing argon2 parameters\n ([#803](https://github.com/ory/kratos/issues/803))\n ([ca5a69b](https://github.com/ory/kratos/commit/ca5a69b798635d0e5361fd5b0cc369b035dca738)),\n closes [#723](https://github.com/ory/kratos/issues/723)\n [#572](https://github.com/ory/kratos/issues/572)\n [#647](https://github.com/ory/kratos/issues/647):\n\n This patch adds the new command \"hashers argon2 calibrate\" which allows one to\n pick the desired hashing time for password hashing and then chooses the\n optimal parameters for the hardware the command is running on:\n\n ```\n $ kratos hashers argon2 calibrate 500ms\n Increasing memory to get over 500ms:\n took 2.846592732s in try 0\n took 6.006488824s in try 1\n took 4.42657975s with 4.00GB of memory\n [...]\n Decreasing iterations to get under 500ms:\n took 484.257775ms in try 0\n took 488.784192ms in try 1\n took 486.534204ms with 3 iterations\n Settled on 3 iterations.\n\n {\n \"memory\": 1048576,\n \"iterations\": 3,\n \"parallelism\": 32,\n \"salt_length\": 16,\n \"key_length\": 32\n }\n ```\n\n# [0.5.3-alpha.1](https://github.com/ory/kratos/compare/v0.5.2-alpha.1...v0.5.3-alpha.1) (2020-10-27)\n\nThis release improves the developer and user experience around CSRF\ncounter-measures. It should now be possible to use the self-service API flows\nwithout having to explicitly disable cookie features in your SDKs and\nintegrations. Additionally, another issue in the CGO pipeline was resolved which\nfinally allows running ORY Kratos without CGO if the target database is not\nSQLite.\n\nFurther improvements to default config values have been made and a full\nend-to-end test suite for the exemplary\n[kratos-selfservice-ui-react-native](kratos-selfservice-ui-react-native) app.\nThe app is now available in the iTunes store as well - just search for \"ORY\nProfile App\"!\n\n### Bug Fixes\n\n- Add \"x-session-token\" to default allowed headers\n ([3c912e4](https://github.com/ory/kratos/commit/3c912e4c7d46fd45c00cabb68ed7770bd44f7d07))\n- Do not set cookies on api endpoints\n ([2f67c28](https://github.com/ory/kratos/commit/2f67c28718856ea03ea2effa89b28a8c4b3b8ae0))\n- Do not set csrf cookies on potential api endpoints\n ([4d97a95](https://github.com/ory/kratos/commit/4d97a95d084ea99f5aca158609e197acd256cdd7))\n- Ignore unsupported migration dialects\n ([12bb8d1](https://github.com/ory/kratos/commit/12bb8d14ae1edef18591996411be67d5693e5101)),\n closes [#778](https://github.com/ory/kratos/issues/778):\n\n Skips sqlite3 migrations when support is lacking.\n\n- Improve semver regex\n ([584c0b5](https://github.com/ory/kratos/commit/584c0b5043e85e88ac2648cf699d60fed3e775a9))\n- Properly set nosurf context even when ignored\n ([0dcb774](https://github.com/ory/kratos/commit/0dcb774157bcbfd41a5d9df3914c31162226da75))\n- Update cypress\n ([ba8b172](https://github.com/ory/kratos/commit/ba8b1729477233f79d099e5d7b397430ac1c6ace))\n- Use correct regex for version replacement\n ([ce870ab](https://github.com/ory/kratos/commit/ce870ababdf089344a9428d3a405e18504a3c906)),\n closes [#787](https://github.com/ory/kratos/issues/787)\n\n### Code Generation\n\n- Pin v0.5.3-alpha.1 release commit\n ([64dc91a](https://github.com/ory/kratos/commit/64dc91af54cdf3eba158a50690240cdc8f7cb43b))\n\n### Documentation\n\n- Fix docosaurus admonitions ([#788](https://github.com/ory/kratos/issues/788))\n ([281a7c9](https://github.com/ory/kratos/commit/281a7c9289570d4bee33447655281b610cbe7e52))\n- Pin download script version\n ([e4137a6](https://github.com/ory/kratos/commit/e4137a6a41d68b1480af2075bda8c5f46c42cd22))\n- Remove trailing garbage from quickstart\n ([#787](https://github.com/ory/kratos/issues/787))\n ([7e70924](https://github.com/ory/kratos/commit/7e709242ada28b7781c6ace272f60f9d1b9d5b2f))\n\n### Features\n\n- Improve makefile install process and update deps\n ([d1eb37f](https://github.com/ory/kratos/commit/d1eb37f5d9d0f16e7864b5f8f08a44ba80853fa5))\n\n### Tests\n\n- Add e2e tests for mobile\n ([d481d51](https://github.com/ory/kratos/commit/d481d51f5f4de96cbbc7c347f5dbff381b44462d))\n- Add option to disable csrf protection in apis\n ([a0077f1](https://github.com/ory/kratos/commit/a0077f12adf94ff428b502b69bbb0eaafd05be66))\n- Bump wait time\n ([7a719e1](https://github.com/ory/kratos/commit/7a719e17c5641f4df47314f6f0ac2cf73dddc8bb))\n- Install expo-cli globally\n ([db21cfa](https://github.com/ory/kratos/commit/db21cfa1c589a2dab829a4c8eaf1db15d14d965e))\n- Install expo-cli in cci config with sudo\n ([d255f46](https://github.com/ory/kratos/commit/d255f462402f2d2c2278dcba1a139d0064343b22))\n- Log wait-on output\n ([62b5ba9](https://github.com/ory/kratos/commit/62b5ba92d56e9f6b98adb8fb9c4daff03be08f2e))\n- Output web server address\n ([cb41ca7](https://github.com/ory/kratos/commit/cb41ca78367b1943d230fa9ac116fcf3cf69b1c1))\n- Resolve csrf test issues in settings\n ([ef8ba7d](https://github.com/ory/kratos/commit/ef8ba7dc93d6ba84f22b7aa65d00797e33b520a3))\n- Resolve test panic\n ([6f6461f](https://github.com/ory/kratos/commit/6f6461fe3690576015ded9146c065a1e5d950be1))\n- Revert delay increase and improve install scripts\n ([1eafcaa](https://github.com/ory/kratos/commit/1eafcaa86be194e412b0470a759bff6afc6c21af))\n\n# [0.5.2-alpha.1](https://github.com/ory/kratos/compare/v0.5.1-alpha.1...v0.5.2-alpha.1) (2020-10-22)\n\nThis release addresses bugs and user experience issues.\n\n### Bug Fixes\n\n- Add debug quickstart yml ([#780](https://github.com/ory/kratos/issues/780))\n ([16e6b4d](https://github.com/ory/kratos/commit/16e6b4d76d297182ea9a1f5dc6367570f02f7b42))\n- Gracefully handle double slashes in URLs\n ([aeb9414](https://github.com/ory/kratos/commit/aeb941477910b5ab54429a6aab7a3e1e388c48c5)),\n closes [#779](https://github.com/ory/kratos/issues/779)\n- Merge gobuffalo CGO fix\n ([fea2e77](https://github.com/ory/kratos/commit/fea2e77ca0f9b20185c7a7704854fdcf29b7ab33))\n- Remove obsolete recovery_token and add link to schema\n ([acf6ac4](https://github.com/ory/kratos/commit/acf6ac4e11c755e56c7d40728088257de367f7ff))\n- Return correct error in login csrf\n ([dd9cab0](https://github.com/ory/kratos/commit/dd9cab0e02400c88e89877f755f03c6179013123)),\n closes [#785](https://github.com/ory/kratos/issues/785)\n- Use correct assert package\n ([76be5b0](https://github.com/ory/kratos/commit/76be5b0a5d94c251f5f07eee9f700ec11b341e2e))\n\n### Code Generation\n\n- Pin v0.5.2-alpha.1 release commit\n ([79fcd8a](https://github.com/ory/kratos/commit/79fcd8a6949886f847f7be0c9ba2aba7554ab204))\n\n### Documentation\n\n- Small improvements to discord oidc provider guide\n ([#783](https://github.com/ory/kratos/issues/783))\n ([6a3c453](https://github.com/ory/kratos/commit/6a3c45330885eb95015fa7ee9b58a72c38132499))\n\n### Tests\n\n- Add tests for csrf behavior\n ([48993e2](https://github.com/ory/kratos/commit/48993e2c496fb8af7e7b9e2752ba7078a134a75a)),\n closes [#785](https://github.com/ory/kratos/issues/785)\n- Mark link as enabled in e2e test\n ([c214b81](https://github.com/ory/kratos/commit/c214b81a7026b06aaca062b2aa77951d01b0e237))\n- Resolve schema test regression\n ([bb7af1b](https://github.com/ory/kratos/commit/bb7af1b759d6c812755956ef872bcbd31b9c50be))\n\n# [0.5.1-alpha.1](https://github.com/ory/kratos/compare/v0.5.0-alpha.1...v0.5.1-alpha.1) (2020-10-20)\n\nThis release resolves an issue where ORY Kratos Docker Images without CGO and\nSQLite support would fail to boot even when SQLite was not used as a data\nsource.\n\n### Bug Fixes\n\n- Do not require sqlite without build tag\n ([2ee787b](https://github.com/ory/kratos/commit/2ee787bc1e97bdc11d0c92d55664d59e777f7ed1))\n- Use extra dc config file for quickstart-dev\n ([72c03f9](https://github.com/ory/kratos/commit/72c03f9bcb91d30d5ff6b94030f2cbb6144fbf8d))\n\n### Code Generation\n\n- Pin v0.5.1-alpha.1 release commit\n ([b85b36b](https://github.com/ory/kratos/commit/b85b36b967d91c13b6d70ed668f17d3474eafae7))\n\n### Documentation\n\n- Fix spelling mistake\n ([14e7f65](https://github.com/ory/kratos/commit/14e7f6535e69f4bee2e3ca611a8d1a36bfd5f8f8))\n- Fix spelling mistake ([#772](https://github.com/ory/kratos/issues/772))\n ([bf401a2](https://github.com/ory/kratos/commit/bf401a26ee4422a8ea1b52f642885b0d8bac1272))\n- Improve schemas ([#773](https://github.com/ory/kratos/issues/773))\n ([e614859](https://github.com/ory/kratos/commit/e6148590577e1688d58534b8559d3bc602f9c2e7))\n\n### Features\n\n- Auto-update docker and git tags on release\n ([08084a9](https://github.com/ory/kratos/commit/08084a987501939544da1a1c7ee102819e2480ce))\n- Use fixed versions for docker-compose\n ([e73c4ce](https://github.com/ory/kratos/commit/e73c4ce6f328376ad310b8f6d5c391ea06573003))\n\n### Tests\n\n- Increase waittime\n ([5e911d6](https://github.com/ory/kratos/commit/5e911d687247e4878bdcf82e5b008617f0bbdf4e))\n- Reduce flakes by increasing wait time for expiry test\n ([cddf29e](https://github.com/ory/kratos/commit/cddf29e7dc5304c497d5ba7c1e6a2d63c9b6c137))\n\n### Unclassified\n\n- Format\n ([8be02c8](https://github.com/ory/kratos/commit/8be02c8938769dfcd7c9b7ed5e72e4ded3b1924b))\n\n# [0.5.0-alpha.1](https://github.com/ory/kratos/compare/v0.4.6-alpha.1...v0.5.0-alpha.1) (2020-10-15)\n\nThe ORY team and community is very proud to present the next ORY Kratos\niteration!\n\nORY Kratos is now capable of handling native (iOS, Android, Windows, macOS, ...)\nlogin, registration, settings, recovery, and verification flows. As a goodie on\ntop, we released a reference React Native application which you can find on\n[GitHub](http://github.com/ory/kratos-selfservice-ui-react-native).\n\nWe co-released our reference React Native application which acts as a reference\non implementing these flows:\n\n![Registration](http://ory.sh/images/newsletter/kratos-0.5.0/registration-screen.png)\n\n![Welcome](http://ory.sh/images/newsletter/kratos-0.5.0/welcome-screen.png)\n\n![Settings](http://ory.sh/images/newsletter/kratos-0.5.0/settings-screen.png)\n\nIn total, almost 1200 files were changed in about 480 commits. While you can\nfind a list of all changes in the changelist below, these are the changes we are\nmost proud of:\n\n- We renamed login, registration, ... requests to \"flows\" consistently across\n the code base, APIs, and data storage. We now:\n - Initiate a login, registration, ... flow;\n - Fetch a login, registration, ... flow; and\n - Complete a login, registration, ... flow using a login flow method such as\n \"Log in with username and password\".\n- All self-service flows are now capable of handling API-based requests that do\n not originate from Browser such as Chrome. This is set groundwork for handling\n native flows (see above)!\n- The self service documentation has been refactored and simplified. We added\n code samples, screenshots, payloads, and curl commands to make things easier\n and clearer to understand. Video guides have also been added to help you and\n the community get things done faster!\n- Documentation for rotating important secrets such as the cookie and session\n secrets was added.\n- The need for reverse proxies was removed by adding the ability to change the\n ORY Kratos Session Cookie domain and path! The\n [kratos-selfservice-ui-node](https://github.com/ory/kratos-selfservice-ui-node)\n reference implementation no longer requires HTTP Request piping which greatly\n simplifies the network layout and codebase!\n- The ORY Kratos CLI is now capable of managing identities with an interface\n that works almost like the Docker CLI we all love!\n- Admins are now able to initiate account recovery for identities.\n- Email verification and account recovery were refactored. It is now possible to\n add additional strategies (e.g. recovery codes) in the future, greatly\n increasing the feature set and security capabilities of future ORY Kratos\n versions!\n- Lookup to Have I Been Pwnd is no longer a hard requirement, allowing\n registration processes to complete when the service is unavailable or the\n network is slow.\n- We contributed several issues and features in upstream projects such as\n justinas/nosurf, gobuffalo/pop, and many more!\n- The build pipeline has been upgraded to support cross-compilation of CGO with\n Go 1.15+.\n- Fetching flows no longer requires CSRF cookies to be set, improving developer\n experience while not compromising on security!\n- ORY Kratos now has ORY Kratos Session Cookies (set in the HTTP Cookie header)\n and ORY Kratos Session Tokens (set as a HTTP Bearer Authorization token or the\n `X-Session-Token` HTTP Header).\n\nAdditionally tons of bugs were fixed, tests added, documentation improved, and\nmuch more. Please note that several things have changed in a breaking fashion.\nYou can find details for the individual breaking changes in the changelog below.\n\nWe would like to thank all community members who contributed towards this\nrelease (in no particular order):\n\n- https://github.com/kevgo\n- https://github.com/NickUfer\n- https://github.com/drwatsno\n- https://github.com/alsuren\n- https://github.com/wezzle\n- https://github.com/sherbang\n- https://github.com/perryao\n- https://github.com/jikunchong\n- https://github.com/err0r500\n- https://github.com/debrutal\n- https://github.com/c0depwn\n- https://github.com/aschepis\n- https://github.com/jakhog\n\nHave fun exploring the new release, we hope you like it! If you haven't already,\njoin the [ORY Community Slack](http://slack.ory.sh) where we hold weekly\ncommunity hangouts via video chat and answer your questions, exchange ideas, and\npresent new developments!\n\n## Breaking Changes\n\nThe \"common\" keyword has been removed from the Swagger 2.0 spec which deprecates\nthe `common` module / package / class (depending on the generated SDK). Please\nuse `public` or `admin` instead!\n\nAdditionally, the SDK for TypeScript now uses the `fetch` API which allows the\nSDK to be used in both client-side as well as server-side contexts. Please note\nthat several methods and parameters in the generated TypeScript SDK have\nchanged. Please check the TypeScript results to see what needs to be changed!\n\nThis patch changes the OpenID Connect and OAuth2 (\"Sign in with Google,\nFacebook, ...\") Callback URL from\n`http(s):///self-service/browser/flows/strategies/oidc/`\nto `http(s):///self-service/methods/oidc/`. To apply\nthis patch, you need to update these URLs at the OAuth2 Client configuration\npages of the individual OpenID Conenct providers (e.g. GitHub, Google).\n\nConfiguration key `selfservice.strategies` was renamed to `selfservice.methods`.\n\nThis patch significantly changes how email verification works. The Verification\nFlow no longer uses its own system but now re-uses the API and Browser flows and\nflow methods established in other components such as login, recovery,\nregistration.\n\nDue to the many changes these patch notes does not cover how to upgrade this\nparticular flow. We instead want to kindly ask you to check out the updated\ndocumentation for this flow at:\nhttps://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation\n\nThis patch changes the SQL schema and thus requires running the SQL Migration\ncommand (e.g. `... migrate sql`). Never apply SQL migrations without backing up\nyour database prior.\n\nConfiguration items `selfservice.flows..request_lifespan` have been\nrenamed to `selfservice.flows..lifespan` to match the new flow semantics.\n\nWording has changed from \"Self-Service Recovery Request\" to \"Self-Service\nRecovery Flow\" to follow community feedback and practice already applied in the\ndocumentation. Additionally, fetching a recovery flow over the public API no\nlonger requires Anti-CSRF cookies to be sent.\n\nThis patch renames several important recovery flow endpoints:\n\n- `/self-service/browser/flows/recovery` is now `/self-service/recovery/browser`\n without functional changes.\n- `/self-service/browser/flows/requests/recovery?request=abcd` is now\n `/self-service/recovery/flows?id=abcd` and no longer needs anti-CSRF cookies\n to be available.\n\nAdditionally, the URL for completing the password and oidc recovery method has\nbeen moved. Given that this endpoint is typically not manually called, you can\nprobably ignore this change:\n\n- `/self-service/browser/flows/recovery/link?request=abcd` is now\n `/self-service/recovery/methods/link?flow=abcd` without functional changes.\n\nThe Recovery UI Endpoint no longer receives a `?request=abcde` query parameter\nbut instead a `?flow=abcde` query parameter. Functionality did not change\nhowever.\n\nAs part of this change SDK methods have been renamed:\n\n```\n const kratos = new CommonApi(config.kratos.public)\n // ...\n- kratos.completeSelfServiceBrowserRecoveryLinkStrategyFlow(req.query.request)\n+ kratos.completeSelfServiceRecoveryFlowWithLinkMethod(req.query.flow)\n```\n\nThis patch requires you to run SQL migrations.\n\nWording has changed from \"Self-Service Settings Request\" to \"Self-Service\nSettings Flow\" to follow community feedback and practice already applied in the\ndocumentation.\n\nThis patch renames several important settings flow endpoints:\n\n- `/self-service/browser/flows/settings` is now `/self-service/settings/browser`\n without functional changes.\n- `/self-service/browser/flows/requests/settings?request=abcd` is now\n `/self-service/settings/flows?id=abcd` and no longer needs anti-CSRF cookies\n to be available.\n\nAdditionally, the URL for completing the password, profile, and oidc settings\nmethod has been moved. Given that this endpoint is typically not manually\ncalled, you can probably ignore this change:\n\n- `/self-service/browser/flows/login/strategies/password?request=abcd` is now\n `/self-service/login/methods/password?flow=abcd` without functional changes.\n- `/self-service/browser/flows/strategies/oidc?request=abcd` is now\n `/self-service/methods/oidc?flow=abcd` without functional changes.\n- `/self-service/browser/flows/settings/strategies/profile?request=abcd` is now\n `/self-service/settings/methods/profile?flow=abcd` without functional changes.\n\nThe Settings UI Endpoint no longer receives a `?request=abcde` query parameter\nbut instead a `?flow=abcde` query parameter. Functionality did not change\nhowever.\n\nAs part of this change SDK methods have been renamed:\n\n```\n const kratos = new CommonApi(config.kratos.public)\n // ...\n- kratos.getSelfServiceBrowserSettingsRequest(req.query.request)\n+ kratos.getSelfServiceSettingsFlow(req.query.flow)\n\n // You will most likely not be using this:\n const kratos = new PublicApi(config.kratos.public)\n- kratos.completeSelfServiceBrowserSettingsPasswordStrategyFlow //...\n- kratos.completeSelfServiceSettingsFlowWithPasswordMethod //..\n- kratos.completeSelfServiceBrowserSettingsProfileStrategyFlow //...\n- kratos.completeSelfServiceSettingsFlowWithProfileMethod //..\n```\n\nThis patch requires you to run SQL migrations.\n\nThis patch makes the reverse proxy functionality required in prior versions of\nthe self-service UI example obsolete. All examples work now with a simple set up\nand documentation has been added to assist in subdomain scenarios.\n\nThe session field `sid` has been renamed to `id` to stay consistent with other\nAPIs which also use `id` terminology to clarify identifiers. The payload of, for\nexample, `/session/whoami` has changed as follows:\n\n```patch\n {\n- \"sid\": \"abcde\",\n+ \"id\": \"abcde\",\n \"expires_at\": \"...\"\n \"identity\": {\n // ..\n }\n }\n```\n\nWording has changed from \"Self-Service Registration Request\" to \"Self-Service\nRegistration Flow\" to follow community feedback and practice already applied in\nthe documentation. Additionally, fetching a login flow over the public API no\nlonger requires Anti-CSRF cookies to be sent.\n\nThis patch renames several important registration flow endpoints:\n\n- `/self-service/browser/flows/registration` is now\n `/self-service/registration/browser` without behavioral change.\n- `/self-service/browser/flows/requests/registration?request=abcd` is now\n `/self-service/registration/flows?id=abcd` and no longer needs anti-CSRF\n cookies to be available.\n\nAdditionally, the URL for completing the password registration method has been\nmoved. Given that this endpoint is typically not manually called, you can\nprobably ignore this change:\n\n- `/self-service/browser/flows/registration/strategies/password?request=abcd` is\n now `/self-service/registration/methods/password?flow=abcd` without functional\n changes.\n- `/self-service/browser/flows/strategies/oidc?request=abcd` is now\n `/self-service/methods/oidc?flow=abcd` without functional changes.\n\nThe Registration UI Endpoint no longer receives a `?request=abcde` query\nparameter but instead a `?flow=abcde` query parameter. Functionality did not\nchange however.\n\nAs part of this change SDK methods have been renamed:\n\n```\n const kratos = new CommonApi(config.kratos.public)\n // ...\n- kratos.getSelfServiceBrowserRegistrationRequest(req.query.request)\n+ kratos.getSelfServiceRegistrationFlow(req.query.flow)\n```\n\nThis patch requires you to run SQL migrations.\n\nExisting login sessions will no longer be valid because the session cookie data\nmodel changed. If you apply this patch, your users will need to sign in again.\n\nWording has changed from \"Self-Service Login Request\" to \"Self-Service Login\nFlow\" to follow community feedback and practice already applied in the\ndocumentation. Additionally, fetching a login flow over the public API no longer\nrequires Anti-CSRF cookies to be sent.\n\nThis patch renames several important login flow endpoints:\n\n- `/self-service/browser/flows/login` is now `/self-service/login/browser`\n without functional changes.\n- `/self-service/browser/flows/requests/login?request=abcd` is now\n `/self-service/login/flows?id=abcd` and no longer needs anti-CSRF cookies to\n be available.\n\nAdditionally, the URL for completing the password and oidc login method has been\nmoved. Given that this endpoint is typically not manually called, you can\nprobably ignore this change:\n\n- `/self-service/browser/flows/login/strategies/password?request=abcd` is now\n `/self-service/login/methods/password?flow=abcd` without functional changes.\n- `/self-service/browser/flows/strategies/oidc?request=abcd` is now\n `/self-service/methods/oidc?flow=abcd` without functional changes.\n\nThe Login UI Endpoint no longer receives a `?request=abcde` query parameter but\ninstead a `?flow=abcde` query parameter. Functionality did not change however.\n\nAs part of this change SDK methods have been renamed:\n\n```\n const kratos = new CommonApi(config.kratos.public)\n // ...\n- kratos.getSelfServiceBrowserLoginRequest(req.query.request)\n+ kratos.getSelfServiceLoginFlow(req.query.flow)\n```\n\nThis patch requires you to run SQL migrations.\n\nConfiguraiton value `session.cookie_same_site` has moved to\n`session.cookie.same_site`. There was no functional change.\n\n### Bug Fixes\n\n- Add missing 'recovery' path in oathkeeper access-rules.yml\n ([#763](https://github.com/ory/kratos/issues/763))\n ([f180dba](https://github.com/ory/kratos/commit/f180dba2207638e83e4a23ebc213cddaecb5677f))\n- Add missing error handling\n ([43c1446](https://github.com/ory/kratos/commit/43c14464efa7b736695e2144b031daf6fca87703))\n- Add ory-prettier-styles to main repo\n ([#744](https://github.com/ory/kratos/issues/744))\n ([aeaddbc](https://github.com/ory/kratos/commit/aeaddbcb27f89d61b076bdd9ad1739fb1da2ffd9))\n- Add remote help description\n ([f66bbe1](https://github.com/ory/kratos/commit/f66bbe18cfad1e8725ecbcf6e2843b34c3d5119f))\n- Add serve help description\n ([2eb072b](https://github.com/ory/kratos/commit/2eb072b71e5602895d4232e197bfd76180fcdcd7))\n- Allow using json with form layout in password registration\n ([bd2225c](https://github.com/ory/kratos/commit/bd2225c0fff3e0363716d2096346d59046838bb7))\n- Annotate whoami endpoint with cookie and token\n ([a8a781c](https://github.com/ory/kratos/commit/a8a781c00847c74c65558b55e882e12c1e69d8c8))\n- Bump datadog version to fix build failure\n ([4dfd322](https://github.com/ory/kratos/commit/4dfd322290313ec8467ebe8b385b56004b2417bd))\n- Change KRATOS_ADMIN_ENDPOINT to KRATOS_ADMIN_URL\n ([763fdc5](https://github.com/ory/kratos/commit/763fdc56d19d12fa2b83eed2757fbf178d9288b1))\n- Clarify fetch use\n ([8eb2e6f](https://github.com/ory/kratos/commit/8eb2e6f222788a9a579774772696c77987f3cf97))\n- Complete verification by redirecting to UI with success\n ([f0ecf51](https://github.com/ory/kratos/commit/f0ecf5144970f666643aa7c00a3f4ca73f4ab047))\n- Correct cookie domain on logout\n ([#646](https://github.com/ory/kratos/issues/646))\n ([6d77e04](https://github.com/ory/kratos/commit/6d77e043ce3bec0864b8abdee371a101f68e4335)),\n closes [#645](https://github.com/ory/kratos/issues/645)\n- Correct help message for import\n ([a5f46d2](https://github.com/ory/kratos/commit/a5f46d260b43d15f8e77b04cb36c589e103468bf))\n- Correct password and profile swagger annotations\n ([668c184](https://github.com/ory/kratos/commit/668c1847c4c4236ca28f9dcd5147b523a2f60832))\n- Correct password registration method api spec\n ([08dd582](https://github.com/ory/kratos/commit/08dd582195cdb6a891d2428ba5d02cd956555e48))\n- Correct PHONY spelling ([#739](https://github.com/ory/kratos/issues/739))\n ([e3d3617](https://github.com/ory/kratos/commit/e3d3617b8d82812b0ad67cc1cb02ff86c2c0c66c))\n- Cover more test cases for persister\n ([37d2e08](https://github.com/ory/kratos/commit/37d2e0839b88792733387f26abb98c51bd1e1395))\n- Create decoder only once\n ([34dc43b](https://github.com/ory/kratos/commit/34dc43b0c75303f88d2c304225c027faf5366c1f))\n- Deprecate packr2 dependency in makefile\n ([be9a84d](https://github.com/ory/kratos/commit/be9a84dcffbccd5f0e073a38264cf11a404d3b66)),\n closes [#711](https://github.com/ory/kratos/issues/711)\n [#750](https://github.com/ory/kratos/issues/750)\n- Do not propagate parent validation error\n ([bf6093d](https://github.com/ory/kratos/commit/bf6093d442d9779b4df051031565d020ef628ded))\n- Don't resend verification emails once verified\n ([#583](https://github.com/ory/kratos/issues/583))\n ([a4d9969](https://github.com/ory/kratos/commit/a4d99694525e65b58d49197c96324b27fb8c31c2)),\n closes [#578](https://github.com/ory/kratos/issues/578)\n- Enforce endpoint to be set\n ([171ac18](https://github.com/ory/kratos/commit/171ac18d73eaa0822b45f544a9034d6734400f31))\n- Escape jsx characters in api documentation\n ([0946094](https://github.com/ory/kratos/commit/09460948a24918b2a84804cafa86cf88189af919))\n- Exit with code 1 on unimplemented CLI commands\n ([66943d7](https://github.com/ory/kratos/commit/66943d7e5b47fc477a378d8a7cf2b2009ccfceb3))\n- Explicitly ignore fprint return values\n ([f50e582](https://github.com/ory/kratos/commit/f50e5823f4ee047fdc3e276b80b4fb08c9128d99))\n- Explicitly ignore fprintf results\n ([a83dc50](https://github.com/ory/kratos/commit/a83dc509970b3be46d832743481357f336fecc35))\n- Fallback to default return url if logout after url is not defined\n ([#594](https://github.com/ory/kratos/issues/594))\n ([7edd367](https://github.com/ory/kratos/commit/7edd367dc64a01dbe252ca0ab8cf4d3926a35014))\n- Favor packr2 over pkger\n ([ac18a45](https://github.com/ory/kratos/commit/ac18a45ea55929c34ca20953e3baa197363483bc)):\n\n See https://github.com/markbates/pkger/issues/117\n\n- Find and replace \"request\" references\n ([41fb673](https://github.com/ory/kratos/commit/41fb673e38779cb27d4400f70458617eb7e5b93c))\n- Force exe buildmode for windows CGO\n ([e017bb5](https://github.com/ory/kratos/commit/e017bb579cd29ad1a634cd552e2601295ff9c104))\n- Html form parse regression issue\n ([6b07cbb](https://github.com/ory/kratos/commit/6b07cbb657702d36423d1fa66fe8a149222c8772))\n- Ignore x/net false positives\n ([7044b95](https://github.com/ory/kratos/commit/7044b95f6188c4ffbfff42c666dee6ebaba055c8))\n- Improve debugging output for login hook and restructure files\n ([dabac40](https://github.com/ory/kratos/commit/dabac40f82407f72071780840f468d0b5b389777))\n- Improve debugging output for registration hook and restructure files\n ([ec11775](https://github.com/ory/kratos/commit/ec117754f5dd41e5a3a43b3807c05796396ced55))\n- Improve expired error responses\n ([124a92e](https://github.com/ory/kratos/commit/124a92ee98d62abeb695e1e271ee2536a69d6047))\n- Improve hook tests\n ([55ba485](https://github.com/ory/kratos/commit/55ba48530a890fdd55ed7da380940f2791148f26))\n- Improve makefile dependency building\n ([8e1d69a](https://github.com/ory/kratos/commit/8e1d69a024414196b39eb3d419f4850cd547e3b5))\n- Improve pagination when listing identities\n ([c60bf44](https://github.com/ory/kratos/commit/c60bf440b9c85b4f2e871237e3d7725571151efe))\n- Improve post login hook log and audit messages\n ([ddd5d5a](https://github.com/ory/kratos/commit/ddd5d5a253d01d2b7b74239a1c7c701759084140))\n- Improve post registration hook log and audit messages\n ([2495629](https://github.com/ory/kratos/commit/24956296dd91cf6f5b110a17f65f9f60d8a7aa78))\n- Improve registration hook tests\n ([8163152](https://github.com/ory/kratos/commit/8163152a4d9595b1ea73d2887205e7ba80b016f9))\n- Improve session max-age behavior\n ([65189fe](https://github.com/ory/kratos/commit/65189fe4a2f84f832240cd67366400e44bb7f09a)),\n closes [#42](https://github.com/ory/kratos/issues/42)\n- Keep HTML form type on registration error\n ([#698](https://github.com/ory/kratos/issues/698))\n ([6c9e756](https://github.com/ory/kratos/commit/6c9e7564efffe1452004d4eda42e1b9ec9feac6b)),\n closes [#670](https://github.com/ory/kratos/issues/670)\n- Lowercase emails on login\n ([244b4dd](https://github.com/ory/kratos/commit/244b4dd825b9a2448cc61465cef81bd9dcb051db))\n- Mark flow methods' fields as required\n ([#708](https://github.com/ory/kratos/issues/708))\n ([834c607](https://github.com/ory/kratos/commit/834c60738ca7bb26e982ff73134b7b0e85a72076))\n- Merge public and admin login flow fetch handlers\n ([48c4906](https://github.com/ory/kratos/commit/48c4906a606396d889e057a03dc83b619220db54))\n- Missing write in registration error handler\n ([3b2af53](https://github.com/ory/kratos/commit/3b2af5397048d63099eace092bf2e50e84a4c610))\n- Properly annotate swagger password parameters\n ([2ef57c4](https://github.com/ory/kratos/commit/2ef57c4323eb2623f4115bee0e44ee27dd1648a9))\n- Properly fetch identity for session\n ([7be4086](https://github.com/ory/kratos/commit/7be4086045fddfacc38813ca3dd7fbcc7039391f))\n- Recursive loop on network errors in password validator\n ([#589](https://github.com/ory/kratos/issues/589))\n ([b4d5a42](https://github.com/ory/kratos/commit/b4d5a42346510e40222b8eb59b455b585f0a05cf)),\n closes [#316](https://github.com/ory/kratos/issues/316):\n\n The old code no error when ignoreNetworkErrors was set to true, but did not\n set a hash result which caused an infinite loop.\n\n- Remove incorrect security specs\n ([4c3d46d](https://github.com/ory/kratos/commit/4c3d46dac20363202f0ccd043e1c9d6bf97fb1f8))\n- Remove obsolete tests\n ([f102f95](https://github.com/ory/kratos/commit/f102f95f420c8a03520602880d096616069c9233)):\n\n The test is no longer valid as CSRF checks now happen after checking for login\n sessions in settings flows.\n\n- Remove redirector from code base\n ([6689ecf](https://github.com/ory/kratos/commit/6689ecf110b11ba15ec39af822906c2b4b17369e))\n- Remove stray debug statements\n ([a8e1ec4](https://github.com/ory/kratos/commit/a8e1ec42cda6ebc664e9434bb5ba7e4dd7c21b4c))\n- Rename import to put\n ([8003e0f](https://github.com/ory/kratos/commit/8003e0f42a5d1b77e326d1dba0a70fcd44c704c0))\n- Rename quickstart config files and path\n ([#671](https://github.com/ory/kratos/issues/671))\n ([be8b9e5](https://github.com/ory/kratos/commit/be8b9e5f1ca70b1aa06b77bb2ca35644d8cd3c00))\n- Rename quickstart schema file name\n ([e943c90](https://github.com/ory/kratos/commit/e943c9018a495b39b72ae463fd4727b1798d5ba2))\n- Rename recovery models and generate SDKs\n ([d764435](https://github.com/ory/kratos/commit/d7644359c39732e0b25f43e122d05c1566fb837b))\n- Resolve and test for missing data when updating flows\n ([045ecab](https://github.com/ory/kratos/commit/045ecab11ec185ca688a10de75e506fe413afa26))\n- Resolve broken csrf tests\n ([6befe2e](https://github.com/ory/kratos/commit/6befe2ec08c01c6c9fb397ba119ecebdcecf7db3))\n- Resolve broken docs links\n ([56f4a39](https://github.com/ory/kratos/commit/56f4a397a715b6c0428ae63baa0d2e4bc936f737))\n- Resolve broken migrations and bump fizz\n ([1ed9c70](https://github.com/ory/kratos/commit/1ed9c700b946a090bce9587a57eeb9ac64f04c59))\n- Resolve broken OIDC tests and disallow API flows\n ([9986d8f](https://github.com/ory/kratos/commit/9986d8f818934bd5e073f59bf7a73c6b7a74b6e2))\n- Resolve cookie issues\n ([6e2b6d2](https://github.com/ory/kratos/commit/6e2b6d2f0ce2fb6df7d3e26d6cc8e755e6593a81))\n- Resolve e2e headless test failures\n ([82d506e](https://github.com/ory/kratos/commit/82d506e9d35bbbe4c1578f72e5bcf380ebc97142))\n- Resolve e2e test failures\n ([2627db2](https://github.com/ory/kratos/commit/2627db26089e8f8e4c18782ff59b4cb2068b276f))\n- Resolve failing test cases\n ([f8647b4](https://github.com/ory/kratos/commit/f8647b4c637b4aee29d68df2336fd216306ec78c))\n- Resolve flaky passwort setting tests\n ([#582](https://github.com/ory/kratos/issues/582))\n ([c42d936](https://github.com/ory/kratos/commit/c42d936ef51d2ffb48b491b99988d048442e3b8b)),\n closes [#581](https://github.com/ory/kratos/issues/581)\n [#577](https://github.com/ory/kratos/issues/577)\n- Resolve handler testing issue\n ([4f6bafd](https://github.com/ory/kratos/commit/4f6bafdc84ba4d878c68700dc243cd3cfe8fe530))\n- Resolve identity admin api issues\n ([#586](https://github.com/ory/kratos/issues/586))\n ([feef8a7](https://github.com/ory/kratos/commit/feef8a7d4454c1b343c34a96fa4dadd56149b0cd)),\n closes [#435](https://github.com/ory/kratos/issues/435)\n [#500](https://github.com/ory/kratos/issues/500):\n\n This patch resolves several issues that occurred when creating or updating\n identities using the Admin API. Now, all hooks are running properly and\n updating privileged properties no longer causes errors.\n\n- Resolve interface type issues\n ([064b305](https://github.com/ory/kratos/commit/064b305ab31dc003ccb5992eb1ed2804f85085b9))\n- Resolve logout csrf issues ([#761](https://github.com/ory/kratos/issues/761))\n ([74c0aac](https://github.com/ory/kratos/commit/74c0aac3b94446c3824ae52b04b6f69395938b81))\n- Resolve migratest failures\n ([e2f34d3](https://github.com/ory/kratos/commit/e2f34d3f411bac042079d7f5425063ef117fae77))\n- Resolve migratest ordering failing tests\n ([dffecc0](https://github.com/ory/kratos/commit/dffecc0e80810ffae57870fd313ee0103ad3f60c))\n- Resolve migration issues\n ([b545e15](https://github.com/ory/kratos/commit/b545e15eeaa3e6e1f4a8fe0f8e1890012ac62c94))\n- Resolve panic on `serve`\n ([ae34155](https://github.com/ory/kratos/commit/ae341555e7b2b622cf58d09d3eb6a78d833dfdcc))\n- Resolve panic when DSN=\"memory\"\n ([#574](https://github.com/ory/kratos/issues/574))\n ([05e55f3](https://github.com/ory/kratos/commit/05e55f3584e20ae5d39cfda6e542d4da40d718e4)):\n\n Executing the migration logic in registry.go cause a panic as the registry is\n not initalized at that point. Therefore we decided to move the handling to\n driver_default.go, after the registry has been initialized.\n\n- Resolve pkger issues\n ([294066c](https://github.com/ory/kratos/commit/294066c41be1d508681caa435afda4858a37b7f1))\n- Resolve remaining testing issues\n ([af40d93](https://github.com/ory/kratos/commit/af40d933b2f663adb6a537b32546b43ba13ae237))\n- Resolve SQL persistence tester issues\n ([4952df4](https://github.com/ory/kratos/commit/4952df43e0aba067c06cdedb1fc2c2d9a2a81a40))\n- Resolve swagger issues and regenerate SDK\n ([be4c7e4](https://github.com/ory/kratos/commit/be4c7e4ea72d2ad7cec67b1d6709858d5a1b3d61))\n- Resolve template loading issue\n ([145fb20](https://github.com/ory/kratos/commit/145fb204d9a8ca189480f9f2221527ccc62980a0))\n- Resolve test issues introduced by new csrf protection\n ([625ef5e](https://github.com/ory/kratos/commit/625ef5e4781700449af0c4e4f1f6cb8aa1787764))\n- Resolve verification sql errors\n ([784da53](https://github.com/ory/kratos/commit/784da53ddefe59aea90254be40ae63e919b4b419))\n- Resolves a bug that prevents sessions from expiring\n ([#612](https://github.com/ory/kratos/issues/612))\n ([86b281a](https://github.com/ory/kratos/commit/86b281a46b676d80c8f70bfc42c91d988997c21c)),\n closes [#611](https://github.com/ory/kratos/issues/611)\n- Revert disabling `swagger flatten` during sdk generation\n ([98c7915](https://github.com/ory/kratos/commit/98c7915cc493ad99c959244eef68b70bc9baa971))\n- Set correct path for kratos in oathkeeper set up\n ([414259f](https://github.com/ory/kratos/commit/414259f9383f30b762051c712763d484f5358075))\n- Set quickstart logging to trace\n ([d3e9192](https://github.com/ory/kratos/commit/d3e919249ae59b449367511d3cc8adef839f31c9))\n- Support browser flows only in redirector\n ([cab5280](https://github.com/ory/kratos/commit/cab5280859b0fc7fc7fec2b2ec9945f457910b20))\n- Swagger models\n ([1b5f9ab](https://github.com/ory/kratos/commit/1b5f9abd5d82251ab93a05d4ff26b4c48c8151ca)):\n\n The `swagger:parameters ` definitions for `updateIdentity` and\n `createIdentity` where defined two times with the same ID. They had some old\n definition swagger used. The `internal/httpclient` should now work again as\n expected.\n\n- Tell tls what the smtps server name is\n ([#634](https://github.com/ory/kratos/issues/634))\n ([b724038](https://github.com/ory/kratos/commit/b724038a67e84ca71b146bf4b9b044be2dc8c0b4))\n- Type\n ([e264c69](https://github.com/ory/kratos/commit/e264c69a07e569429b5e835b1e15c318eff23339))\n- Update cli documentation examples\n ([216ea7f](https://github.com/ory/kratos/commit/216ea7f926798ff03d211447200919f9ef3c8b39))\n- Update contrib samples\n ([79d24b4](https://github.com/ory/kratos/commit/79d24b4472017a75854cce4a45b4c762e5390a67))\n- Update crdb quickstart version\n ([249a6ba](https://github.com/ory/kratos/commit/249a6bae32ccaa6cf002eaab921388e8cb10e58f))\n- Update import description\n ([aef1e1a](https://github.com/ory/kratos/commit/aef1e1acf757637590fe19644952a44d1994ba18))\n- Update quickstart kratos config\n ([e3246e5](https://github.com/ory/kratos/commit/e3246e5d56b95750529239663bab03168789cc09))\n- Update recovery token field and column names\n ([42abfa1](https://github.com/ory/kratos/commit/42abfa1dea2a6291c5b723baf25f35a66f2af835))\n- Update status help description\n ([b147831](https://github.com/ory/kratos/commit/b1478316d2f601843133fd33d75c3b047384f283))\n- Update swagger names and fix broken tests\n ([85b7fb1](https://github.com/ory/kratos/commit/85b7fb1d466bc4dcee97ad75cc92b8bea8e44d9f))\n- Update version help description\n ([8bf4a79](https://github.com/ory/kratos/commit/8bf4a79064a93cb53ef8aee3433b24602bc9f30a))\n- Use and test for csrf tokens and prevent api misuse\n ([a4e3bc5](https://github.com/ory/kratos/commit/a4e3bc55e43ba42582a33551c1cc2e83ecd865fa))\n- Use correct HTTP method for password login\n ([4f4fcee](https://github.com/ory/kratos/commit/4f4fcee8931ab4998e974106b8d88e0c61736e3f))\n- Use correct log message\n ([53c384a](https://github.com/ory/kratos/commit/53c384a542a583259a75315b2602cf4fb41a0ef0))\n- Use correct redirection for registration\n ([8d47113](https://github.com/ory/kratos/commit/8d47113a5f7c0c25dc5f92c683b560763cfd47c9))\n- Use correct security annotation\n ([c9bebe0](https://github.com/ory/kratos/commit/c9bebe00452a73d1c831831e5a95cb4ed8de37b9))\n- Use correct swagger tags and regenerate\n ([df99d8c](https://github.com/ory/kratos/commit/df99d8cbe6e0f2f6a5da872f66db557b2a5e9f70))\n- Use helpers to create flow\n ([aba8610](https://github.com/ory/kratos/commit/aba861097d2c67ce9ebff85df59fce8018862516))\n- Use nosurf fork to address VerifyToken bug\n ([cd84e51](https://github.com/ory/kratos/commit/cd84e51b7b1861ca9bd2312a4dfc5e84afd890cf))\n- Use params per_page and page for pagination\n ([5dfb6e3](https://github.com/ory/kratos/commit/5dfb6e32c44420ed49d652733b9099a41c9347f2))\n- Use proper pwd in makefile\n ([52e22c3](https://github.com/ory/kratos/commit/52e22c3b5c0130afd3e235aba9847389369f435e))\n- Use public instead of common sdk\n ([dcb4a36](https://github.com/ory/kratos/commit/dcb4a36f9fb3c25ace9a252b7e05f7ab71d2e21f))\n- Use relative threshold to judge longest common substring in password policy\n ([#585](https://github.com/ory/kratos/issues/585))\n ([3e9f8cc](https://github.com/ory/kratos/commit/3e9f8cce4b058b05d69c73fff514f3b8e46c2be3)),\n closes [#581](https://github.com/ory/kratos/issues/581)\n- Whoami returns 401 not 403\n ([3b3b78c](https://github.com/ory/kratos/commit/3b3b78c04bbbbb7b7fb05635d96b4f7c7fa7776f)),\n closes [#729](https://github.com/ory/kratos/issues/729)\n\n### Code Generation\n\n- Pin v0.5.0-alpha.1 release commit\n ([557d37d](https://github.com/ory/kratos/commit/557d37d1139adb14a25abe40d0174d47d4e18fee))\n\n### Code Refactoring\n\n- Add flow methods to verification\n ([00ee828](https://github.com/ory/kratos/commit/00ee828842bd4bc6f917ba2446b1374d28b62000)):\n\n Completely refactors the verification flow to support other methods. The\n original email verification flow now moved to the \"link\" method also used for\n recovery.\n\n Additionally, several upstream bugs in gobuffalo/pop and gobuffalo/fizz have\n been addressed, patched, and merged which improves support for SQLite and\n CockroachDB migrations:\n - https://github.com/gobuffalo/fizz/pull/97\n - https://github.com/gobuffalo/fizz/pull/96\n\n- Add method and rename request to flow\n ([006bf56](https://github.com/ory/kratos/commit/006bf56671d8162cdb5bcce630c027b67935263d))\n- Change oidc callback URL\n ([36d9380](https://github.com/ory/kratos/commit/36d9380b2123d27219c908b51ad97574ee11bc57))\n- Complete login flow refactoring\n ([ad2b3db](https://github.com/ory/kratos/commit/ad2b3db4493085b80889cbc0dce9562288ec6896))\n- Dry up login.NewFlow\n ([f261c44](https://github.com/ory/kratos/commit/f261c442dbe74e3b9887193b74e36fe70306f9d8))\n- Improve CSRF infrastructure\n ([7e367e7](https://github.com/ory/kratos/commit/7e367e7f45481147d5c231d0ea8cbb30b738226f))\n- Improve login test reuse\n ([b4184e5](https://github.com/ory/kratos/commit/b4184e5f1525a9918bc795f2353b186141ce5399))\n- Improve NewFlowExpiredError\n ([1caefac](https://github.com/ory/kratos/commit/1caefac6e0e82aa2b12458ef16d7f5af24014bf9))\n- Improve registration tests with testhelpers\n ([9bf4530](https://github.com/ory/kratos/commit/9bf45303be908449b78c68c7382eab5cfc5c40fa))\n- Improve selfservice method tests\n ([df4d06d](https://github.com/ory/kratos/commit/df4d06d553852cdb8b914810c19bdd0fcc845c9c))\n- Improve settings helper functions\n ([fda17ca](https://github.com/ory/kratos/commit/fda17ca5ea7824c4bf5010218cace7d5fbc7ad5b))\n- Move samesite config to cookie parent-key\n ([753eb86](https://github.com/ory/kratos/commit/753eb86c904c4af9e7d91e46ff4c836dcce35807))\n- Moved clihelpers to ory/x ([#756](https://github.com/ory/kratos/issues/756))\n ([6ccffa8](https://github.com/ory/kratos/commit/6ccffa8a1cc5b9fd33435187720257bb66323546)):\n\n Contributes to https://github.com/ory/hydra/issues/2124.\n\n- Profile settings method is now API-able\n ([c5f361f](https://github.com/ory/kratos/commit/c5f361ff418336cfcaa452eded4bd61132808b16))\n- Remove common keyword from API spec\n ([6619562](https://github.com/ory/kratos/commit/6619562667ef0e363d14c57cfbcd15c16f292853))\n- Remove need for reverse proxy in selfservice-ui\n ([beb4c32](https://github.com/ory/kratos/commit/beb4c3284e552fe51c3a8cebb20a8c2bfc07cdf8)),\n closes [#661](https://github.com/ory/kratos/issues/661)\n- Rename `session.sid` to `session.id`\n ([809fe73](https://github.com/ory/kratos/commit/809fe7334e4a308405c1f03ada1dbef6ed33c01a))\n- Rename login request to login flow\n ([9369d1b](https://github.com/ory/kratos/commit/9369d1bb637fc80b5d5980140693d5bcac0c76bb)),\n closes [#635](https://github.com/ory/kratos/issues/635):\n\n As part of this change, fetching a login flow over the public API no longer\n requires Anti-CSRF cookies to be sent.\n\n- Rename LoginRequestErrorHandler to LoginFlowErrorHandler\n ([66ae029](https://github.com/ory/kratos/commit/66ae029f49aecdfba5fa6905cfccfcdad992dd5a))\n- Rename package recoverytoken to link\n ([f87fb54](https://github.com/ory/kratos/commit/f87fb549f6d8a10ba5adffddeb2fe12060d520ab))\n- Rename recovery request to flow internally\n ([16c5618](https://github.com/ory/kratos/commit/16c5618644e78cf1081f966e01b570a36eea709b))\n- Rename recovery request to recovery flow\n ([b0f433d](https://github.com/ory/kratos/commit/b0f433d4cb65d79acba789394d828663e873a833)),\n closes [#635](https://github.com/ory/kratos/issues/635):\n\n As part of this change, fetching a login flow over the public API no longer\n requires Anti-CSRF cookies to be sent.\n\n- Rename registration request to flow\n ([8437ebc](https://github.com/ory/kratos/commit/8437ebcf4deb2844562ec701af3bbbb2a9b5dea4))\n- Rename registration request to registration flow\n ([0470956](https://github.com/ory/kratos/commit/0470956128d03921d8554c43af2c5a0003abe82f)),\n closes [#635](https://github.com/ory/kratos/issues/635):\n\n As part of this change, fetching a registration flow over the public API no\n longer requires Anti-CSRF cookies to be sent.\n\n- Rename request_lifespan to lifespan\n ([#677](https://github.com/ory/kratos/issues/677))\n ([3c8d5e0](https://github.com/ory/kratos/commit/3c8d5e02b04686a1e0bfbd28caa0bc536e3414e4)),\n closes [#666](https://github.com/ory/kratos/issues/666)\n- Rename strategies to methods\n ([8985189](https://github.com/ory/kratos/commit/89851896d563518909bc2b47a7ff91683eec4958)):\n\n This patch renames `strategies` such as \"Username/Email & Password\" to\n methods.\n\n- Rename verify to verificaiton\n ([#597](https://github.com/ory/kratos/issues/597))\n ([0ecd69a](https://github.com/ory/kratos/commit/0ecd69a60f741fc334c9b060b6aeaafc39e048b1))\n- Replace all occurrences of login request to flow\n ([1b3c491](https://github.com/ory/kratos/commit/1b3c49174a7a2eff51dd531f3a49afc15c31c536))\n- Replace all registration request occurrences with registration flow\n ([308ef47](https://github.com/ory/kratos/commit/308ef47846c9ab4f18a598ef6ef78514fad77c42))\n- Replace packr2 with pkger fork\n ([4e2acae](https://github.com/ory/kratos/commit/4e2acae7c4fc17880cf88ef05cf7cca5f20f5be3))\n- Restructure login package\n ([c99e2a2](https://github.com/ory/kratos/commit/c99e2a2f23c3c2aabaae55de67e40ab7fb2dd307))\n- Use session token as cookie identifier\n ([60fd9c2](https://github.com/ory/kratos/commit/60fd9c2efa881fcdd769a8967abe73c05a198868))\n\n### Documentation\n\n- Add administrative user management guide\n ([b97e0c6](https://github.com/ory/kratos/commit/b97e0c69bb1115bdec88b218e8cdda34f137d798))\n- Add code samples to session checking\n ([eba8eda](https://github.com/ory/kratos/commit/eba8eda70423aa802eace278889a5e8d2e0bc513))\n- Add configuring introduction\n ([#630](https://github.com/ory/kratos/issues/630))\n ([b8cfb35](https://github.com/ory/kratos/commit/b8cfb351c2dca783e355f39d25ce17b65fef7dd4))\n- Add descriptions to cobra commands\n ([607b76d](https://github.com/ory/kratos/commit/607b76d109d1fa519235fe9d6af78c8315b9c4fc))\n- Add documentation for configuring cookies\n ([e3dbc8a](https://github.com/ory/kratos/commit/e3dbc8acc055f6e2d78bc959be7356f9a66ac90f)),\n closes [#516](https://github.com/ory/kratos/issues/516)\n- Add domain, subdomain, multi-domain cookie guides\n ([3eb1e59](https://github.com/ory/kratos/commit/3eb1e5987df56993c792684a6a2bc11f5eb570b8)),\n closes [#661](https://github.com/ory/kratos/issues/661)\n- Add github video tutorial ([#622](https://github.com/ory/kratos/issues/622))\n ([0c4222c](https://github.com/ory/kratos/commit/0c4222c0d12df4e971fd7e5099006484e0bcb317))\n- Add guide for cors\n ([a8ae759](https://github.com/ory/kratos/commit/a8ae759565d94ebd9d0f758b7eb6efbddf486372))\n- Add guide for cors\n ([91fd278](https://github.com/ory/kratos/commit/91fd278d1a6720576998b115dedb882b90915561))\n- Add guide for dealing with login sessions\n ([4e2718c](https://github.com/ory/kratos/commit/4e2718c779031c0e3b877e9df1747ccb2371927b))\n- Add identity state\n ([fb4aedb](https://github.com/ory/kratos/commit/fb4aedb9a95367e25080491b54aab11de491d819))\n- Add login session to navbar\n ([b212d64](https://github.com/ory/kratos/commit/b212d6484e40c9f2cce10f2ba4aaf4e2a72f03a1))\n- Add milestones to sidebar\n ([aae13ec](https://github.com/ory/kratos/commit/aae13ec141a2c315aff1a53aa005bb9465efcdc0))\n- Add missing GitLab provider to the list of supported OIDC providers\n ([#766](https://github.com/ory/kratos/issues/766))\n ([a43ed33](https://github.com/ory/kratos/commit/a43ed335262fd542f349224aef918af5263c384d))\n- Add missing TOC entries ([#748](https://github.com/ory/kratos/issues/748))\n ([bd7edfb](https://github.com/ory/kratos/commit/bd7edfbebd19f01af337c34293ebc2865f2b077d))\n- Add pagination docs\n ([7fe0901](https://github.com/ory/kratos/commit/7fe0901ee5d0e829e110bd0c4fdecb24bfc27768))\n- Add secret key rotation guide\n ([3d6e21a](https://github.com/ory/kratos/commit/3d6e21af2f726944468299c326600a8ab0e4e885))\n- Add sequence diagrams for browser/api flows\n ([590d767](https://github.com/ory/kratos/commit/590d767352b9253b7550eaba56fea99400399cd7))\n- Add session hook to ssi guide\n ([#623](https://github.com/ory/kratos/issues/623))\n ([1bbed39](https://github.com/ory/kratos/commit/1bbed390ffedd811afdb5fcfe69047554419d8ce))\n- Add terminology section\n ([29b81a7](https://github.com/ory/kratos/commit/29b81a78fcf880cd6d9d3b2cbb03f955b701ffbd))\n- Add theme helpers and decouple mermaid\n ([7c3eb32](https://github.com/ory/kratos/commit/7c3eb32df5d9287845258bf25d6719733f6c4227))\n- Add video to OIDC guide ([#619](https://github.com/ory/kratos/issues/619))\n ([f286980](https://github.com/ory/kratos/commit/f286980c29ce8460ba550e5d74b8dee23602e920))\n- Added sidebar cli label\n ([5d24a29](https://github.com/ory/kratos/commit/5d24a2998b412159295feca40421b8b11cf02274)):\n\n `clidoc.Generate` expects to find an entry under `sidebar.json/Reference` that\n contains the substring \"CLI\" in it's label. Because that was missing, a new\n entry was appended on every regeneration of the file.\n\n- Added sidebar item ([#639](https://github.com/ory/kratos/issues/639))\n ([8574761](https://github.com/ory/kratos/commit/857476112d12b8ab79ef49054452a950ff81bc23)):\n\n Added Kratos Video Tutorial Transcripts document to sidebar.\n\n- Added transcript ([#627](https://github.com/ory/kratos/issues/627))\n ([cec7f1f](https://github.com/ory/kratos/commit/cec7f1fc4955b02d21d772e748ec791f31bad24e)):\n\n Added Login with Github Transcript\n\n- Adds twitch oidc provider guide\n ([#760](https://github.com/ory/kratos/issues/760))\n ([339e622](https://github.com/ory/kratos/commit/339e62202170bf21d469d1a2bfe6b053a78c374d))\n- Bring oidc docs up to date\n ([7d0e470](https://github.com/ory/kratos/commit/7d0e47058cd6dca1763f01e45ed46cee49321240))\n- Changed transcript location ([#642](https://github.com/ory/kratos/issues/642))\n ([c52764d](https://github.com/ory/kratos/commit/c52764d4394181b24dffbf8301418530ba5dbcc2)):\n\n Changed the location so it is in the right place.\n\n- Clarify 302 redirect on expired login flows\n ([ca31b53](https://github.com/ory/kratos/commit/ca31b53837e8eb2b811bf384da3724fdf61b423b))\n- Clarify api flow use\n ([a38b4a1](https://github.com/ory/kratos/commit/a38b4a1684cfbc385ca21005c91a47e57df5a35d))\n- Clarify feature-set\n ([2266ae7](https://github.com/ory/kratos/commit/2266ae7ea92207cdc4fcb58ef1384e287a5b34dc))\n- Clarify kratos config snippet\n ([e7732f3](https://github.com/ory/kratos/commit/e7732f3283d82a1678076cd2463ef5ff33dd30ea))\n- Clean up docs and correct samples\n ([8627ec5](https://github.com/ory/kratos/commit/8627ec58edb15118e0c4ce2cfcef7a5573482c5a))\n- Complete registration documentation\n ([b3af02b](https://github.com/ory/kratos/commit/b3af02b0ea4cbf16ea282b7ce5f5057d99044ac3))\n- Consistent formatting of badges\n ([#745](https://github.com/ory/kratos/issues/745))\n ([b391a03](https://github.com/ory/kratos/commit/b391a036f3b49cd6c1915444c9f26dead4855a7c))\n- Correct settings and verification redir\n ([30e25e7](https://github.com/ory/kratos/commit/30e25e7287a2579da99a6a6dc2f890e7e06fcc81))\n- Docker image documentation ([#573](https://github.com/ory/kratos/issues/573))\n ([bfe032e](https://github.com/ory/kratos/commit/bfe032e2b6bfd8b9415d466011bdd7e36efa4146))\n- Document APi flows in self-service overview\n ([71ed0bd](https://github.com/ory/kratos/commit/71ed0bd2027d61c2e5cebf6b031fe66469bdf97e))\n- Document how to check for login sessions\n ([9ad73b8](https://github.com/ory/kratos/commit/9ad73b8dab06c6796933448cb93ae4e55d9f2c51))\n- Explain high-level API and browser flows\n ([fe3ee0a](https://github.com/ory/kratos/commit/fe3ee0a0c8681a99dc6b61b90cff547c6a7fc6d2)),\n closes [hi#level](https://github.com/hi/issues/level)\n- Fix logout url ([#593](https://github.com/ory/kratos/issues/593))\n ([f0971d4](https://github.com/ory/kratos/commit/f0971d44a911caed8a6071358fa6b7ebc0fcf145))\n- Fix sidebar missing comment\n ([d90123a](https://github.com/ory/kratos/commit/d90123ae31edbae6a39a1f039cc9362f9acdfdcb))\n- Fix typo\n ([c2f94da](https://github.com/ory/kratos/commit/c2f94daa4143a70c13426ccd5366ec891182e4d0))\n- Fix typo on index page ([#656](https://github.com/ory/kratos/issues/656))\n ([907add5](https://github.com/ory/kratos/commit/907add5edb526adb4de57d35da16929ac08041e1))\n- Fix url of admin-api /recovery/link\n ([#650](https://github.com/ory/kratos/issues/650))\n ([e68c7cb](https://github.com/ory/kratos/commit/e68c7cbdc2191565570d0ee6812318ac9ad3421d))\n- Fixed link\n ([c2aebbd](https://github.com/ory/kratos/commit/c2aebbd898f38388d849954938d56212c88d280f))\n- Fixed link ([#629](https://github.com/ory/kratos/issues/629))\n ([ad1276f](https://github.com/ory/kratos/commit/ad1276f2b2cf3cbbecba4dee1d6d433999286946))\n- Fixed typos/readability ([#620](https://github.com/ory/kratos/issues/620))\n ([7fd3ce0](https://github.com/ory/kratos/commit/7fd3ce0d8c52346ba3504ce5777321937baf8d1e)):\n\n Fixed a few typos, and moved some sentences around to improve readability.\n\n- Fixed typos/readability ([#621](https://github.com/ory/kratos/issues/621))\n ([c4fc75f](https://github.com/ory/kratos/commit/c4fc75f7dca59fa8f31d068f57179f49bf798b6a))\n- Import mermaid ([#696](https://github.com/ory/kratos/issues/696))\n ([6f75004](https://github.com/ory/kratos/commit/6f750047d41add6bd2d30adb1c654181c9636d2d))\n- Improve charts and examples in self-service overview\n ([312c91d](https://github.com/ory/kratos/commit/312c91de3ae3c086f836ec3928735d787ad40dde))\n- Improve documentation and add tests\n ([3dde956](https://github.com/ory/kratos/commit/3dde956e09d1f3f6411046b12f8684d8760f9b91))\n- Improve long messages and render cli documentation\n ([e5fc02f](https://github.com/ory/kratos/commit/e5fc02ff22836e074a1dfca043d4b4b8ad64c747))\n- Make assumptions neutral in concepts overview\n ([e89d980](https://github.com/ory/kratos/commit/e89d98099bd3fc5c8361f9015e44668494211152))\n- Move development section\n ([2e6f643](https://github.com/ory/kratos/commit/2e6f6430f88105efd5618482043809c6d643216b))\n- Move hooks\n ([c02b588](https://github.com/ory/kratos/commit/c02b58867ee2c0a386b2b741375ec8cd76122461))\n- Move to json sidebar\n ([504af3b](https://github.com/ory/kratos/commit/504af3b89d728eb11bf42f4a2037c78b3b7cb788))\n- Password login and registration methods for API clients\n ([5a44356](https://github.com/ory/kratos/commit/5a4435643ae3463df85458f22f87730c11af10ab))\n- Prettify all files ([#743](https://github.com/ory/kratos/issues/743))\n ([d9d1bfd](https://github.com/ory/kratos/commit/d9d1bfdff70ad835629a2dba00579925fcb3094d))\n- Quickstart next steps ([#676](https://github.com/ory/kratos/issues/676))\n ([ee9dd0d](https://github.com/ory/kratos/commit/ee9dd0d58a4146a0e131f6a7b74943bb39d26c0b)):\n\n Added a section outlining some easy config changes, that users can apply to\n the quickstart to test out different scenarios and configurations.\n\n- Refactor login and registration documentation\n ([c660a04](https://github.com/ory/kratos/commit/c660a04ed6a70aefca18896662331fcc5d1919cf))\n- Refactor settings and recovery documentation\n ([11ca9f7](https://github.com/ory/kratos/commit/11ca9f7d1b858dcda3a96e1e1d2607ba64f7fbbe))\n- Refactor verification docs\n ([70f2789](https://github.com/ory/kratos/commit/70f2789363773fccc4bd8691597ff588ac6892c6))\n- Regenerate clidocs with up-to-date binary\n ([e53289c](https://github.com/ory/kratos/commit/e53289c8e9f34a02ec66ec7ee03e2269a4a13c42))\n- Remove `make tools` task\n ([ec6e664](https://github.com/ory/kratos/commit/ec6e6641234191d4eb39e1ad17bc7fcc03c2a0b5)),\n closes [#711](https://github.com/ory/kratos/issues/711)\n [#750](https://github.com/ory/kratos/issues/750):\n\n This task does not exist any more and the dependency building is much smarter\n now.\n\n- Remove contraction ([#747](https://github.com/ory/kratos/issues/747))\n ([cd4f21d](https://github.com/ory/kratos/commit/cd4f21dbfa2b3824468146677f542fbab2417c42))\n- Remove duplicate word\n ([b84e659](https://github.com/ory/kratos/commit/b84e659af29aa1b129f33ccf5ca9e0d54353c019))\n- Remove duplicate word ([#700](https://github.com/ory/kratos/issues/700))\n ([a12100e](https://github.com/ory/kratos/commit/a12100e7644b535c4bd3073e03c48229bb81e7b2))\n- Remove react native guide for now\n ([daa5f2e](https://github.com/ory/kratos/commit/daa5f2e3de3fe8380a91f594e034afcadc6e6ba5))\n- Rename self service and add admin section\n ([639c424](https://github.com/ory/kratos/commit/639c424d3bde0557f7edd7edc489a476f1aa60b3))\n- Replace ampersand ([#749](https://github.com/ory/kratos/issues/749))\n ([8337b80](https://github.com/ory/kratos/commit/8337b80a13e8cf0cb2848241c93bb151420ac6a4))\n- Resolve regression issues\n ([0470fd7](https://github.com/ory/kratos/commit/0470fd734fb30170033e10758d99cf5711c80eb1))\n- Resolve typo in message IDs\n ([562cfc4](https://github.com/ory/kratos/commit/562cfc4392ba1c9c1fb8854ea0ac85bd44d0fac9))\n- Resolve typo in message IDs ([#607](https://github.com/ory/kratos/issues/607))\n ([f7688f0](https://github.com/ory/kratos/commit/f7688f0ab07b579a375ce4cc25361b360e82dd88))\n- Update cli docs\n ([085efca](https://github.com/ory/kratos/commit/085efcae895b3aa3c76c819dca0f080ea79d57cd))\n- Update link to mfa issue\n ([d03a706](https://github.com/ory/kratos/commit/d03a706307be21b83d18601223fb0d1430459a29))\n- Update links\n ([a06fd88](https://github.com/ory/kratos/commit/a06fd88b0dcb747808ffea450bf1ac74dd941769))\n- Update MFA link to issue ([#690](https://github.com/ory/kratos/issues/690))\n ([7a744ad](https://github.com/ory/kratos/commit/7a744ad7b62540dd5789aee8532c1f97ddcab32d)):\n\n MFA issue was pushed to a later milestone. Update the documentation to point\n to the issue instead of the milestone.\n\n- Update repository templates\n ([f422485](https://github.com/ory/kratos/commit/f4224852ceeb054405251b21895efa493e1abc9c))\n- Update repository templates ([#678](https://github.com/ory/kratos/issues/678))\n ([bdb6875](https://github.com/ory/kratos/commit/bdb6875e55aed454cda061969e1dd4f712e09bb5))\n- Update sidebar\n ([ea15c20](https://github.com/ory/kratos/commit/ea15c2093fc66e4cfc0a66aabf7dfad6965777dc))\n- Update ts examples\n ([65cb46e](https://github.com/ory/kratos/commit/65cb46e57595b920bd6544f9a9a4f7b886462be0))\n- Use correct id for multi-domain-cookies\n ([b49288a](https://github.com/ory/kratos/commit/b49288a351647c91a3c7d4a62537146d4a9f1bd0))\n- Use correct path in 0.4 docs\n ([9fcaac4](https://github.com/ory/kratos/commit/9fcaac4048e05500d0456eb3cd9cd11cc123e370)),\n closes [#588](https://github.com/ory/kratos/issues/588)\n- Use NYT Capitalization for all Swagger headlines\n ([#675](https://github.com/ory/kratos/issues/675))\n ([6c96429](https://github.com/ory/kratos/commit/6c9642959dab8cf042ad227711609d5726328394)),\n closes [#664](https://github.com/ory/kratos/issues/664)\n\n### Features\n\n- Add ability to configure session cookie domain/path\n ([faeb332](https://github.com/ory/kratos/commit/faeb3328dab343c6ef3974065ba0c5c590a8817e)),\n closes [#516](https://github.com/ory/kratos/issues/516)\n- Add and improve settings testhelpers\n ([10a43fc](https://github.com/ory/kratos/commit/10a43fc518bd5c764712b549e6d35bf7159d757a))\n- Add bearer helper\n ([ec6ca20](https://github.com/ory/kratos/commit/ec6ca20279d839dc10e7e3bc80e0442a630e586b))\n- Add config version schema ([#608](https://github.com/ory/kratos/issues/608))\n ([d218662](https://github.com/ory/kratos/commit/d218662388ef4fb7ea3bfee7b29c5cc8d34f1c8c)),\n closes [#590](https://github.com/ory/kratos/issues/590)\n- Add discord oidc provider ([#767](https://github.com/ory/kratos/issues/767))\n ([487296d](https://github.com/ory/kratos/commit/487296dd39d2e59d61b63f00f3d61fea9b8aed8c))\n- Add enum to form field type\n ([96028d8](https://github.com/ory/kratos/commit/96028d8c80414cdcea177150ba6e986d0ecb29c6))\n- Add flow type to login\n ([ce9133b](https://github.com/ory/kratos/commit/ce9133b0ff6d03738a5d27cf9c6a213496d75772))\n- Add HTTP request flow validator\n ([1a6e847](https://github.com/ory/kratos/commit/1a6e84774b65ee7be9294baaaff77192cec8f0f2))\n- Add new prometheus metrics endpoint\n [#672](https://github.com/ory/kratos/issues/672)\n ([#673](https://github.com/ory/kratos/issues/673))\n ([0f5c436](https://github.com/ory/kratos/commit/0f5c436ce6e4aa78ca52ae63e58812e6703a1ab7)):\n\n Adds endpoint `/metrics` for prometheus metrics collection to the Admin API\n Endpoint.\n\n- Add nocache helpers\n ([54dcc4d](https://github.com/ory/kratos/commit/54dcc4da2ff22bdb17e53dd6eac1c0bd54a20390))\n- Add pagination tests\n ([e3aa81b](https://github.com/ory/kratos/commit/e3aa81b7da55108f43ea6e16c817c97e2f8a1d50))\n- Add session token security definition\n ([d36c26f](https://github.com/ory/kratos/commit/d36c26f2edd66ddbd8338de4901957a9b9b7342e)):\n\n Adds the new Session Token as a Swagger security definition to allow setting\n the session token as a Bearer token when calling `/sessions/whoami`.\n\n- Add stub errors to errorx\n ([5d452bb](https://github.com/ory/kratos/commit/5d452bb582e6a9e3b893424ec135d0cbdf875659)),\n closes [#610](https://github.com/ory/kratos/issues/610)\n- Add test helper for fetching settings requests\n ([3646383](https://github.com/ory/kratos/commit/36463838d81d8b108aa9ded8c1ec6bc8f48f2267))\n- Add tests and helpers to test recovery/verifiable addresses\n ([#579](https://github.com/ory/kratos/issues/579))\n ([29979e6](https://github.com/ory/kratos/commit/29979e6c4934b71c7fb158cfa5b85e97be3ea8fc)),\n closes [#576](https://github.com/ory/kratos/issues/576)\n- Add tests to cover auth\n ([c9d3a15](https://github.com/ory/kratos/commit/c9d3a1525cc74976d16b483e0ab5c48909b84022))\n- Add texts for settings\n ([795548c](https://github.com/ory/kratos/commit/795548c25507c34c7fc37ce1c1a8ecc076c34ef4))\n- Add the already declared (and settable) tracer as a middleware\n ([#614](https://github.com/ory/kratos/issues/614))\n ([e24fffe](https://github.com/ory/kratos/commit/e24fffe3f13c353e3c07214c1e056a849533a9f6))\n- Add token to session\n ([08c8c78](https://github.com/ory/kratos/commit/08c8c7837dbf799e6ba01d1820812c9e792d7850))\n- Add type to all flows in SQL\n ([5515776](https://github.com/ory/kratos/commit/551577659f6a416ff6ef032c35af224b517df413))\n- Allow import/validation of arrays\n ([d11ac32](https://github.com/ory/kratos/commit/d11ac32db6ddc0dce73067ffe7d4d0a734a3f991))\n- Bump cli and migration render tasks\n ([6dcb42a](https://github.com/ory/kratos/commit/6dcb42a487476371a545b72f7ee7e820b815bbee))\n- Finalize tests for registration flow refactor\n ([8e52c3a](https://github.com/ory/kratos/commit/8e52c3a99bd39b3429ff476340b5df49e0a85707))\n- Finish off client cli\n ([36d60c7](https://github.com/ory/kratos/commit/36d60c7e7bc38d83726b4b4a3061ba6353dd1978))\n- Implement administrative account recovery\n ([f5f9c43](https://github.com/ory/kratos/commit/f5f9c43e10dd3a9547e87776164d2d4a171f35ce))\n- Implement API flow for recovery link method\n ([d65bf66](https://github.com/ory/kratos/commit/d65bf66781bdd2fae73e75c0ba39287b1575c45a))\n- Implement API-based tests for password method settings flows\n ([60664aa](https://github.com/ory/kratos/commit/60664aaf05dbd6b228f420688d0171e5789246be))\n- Implement max-age for session cookie\n ([2e642ff](https://github.com/ory/kratos/commit/2e642ff13c59a7e23babe9209c1a114ef0163bad)),\n closes [#326](https://github.com/ory/kratos/issues/326)\n- Implement tests and anti-csrf for API settings flows\n ([8b8b6e5](https://github.com/ory/kratos/commit/8b8b6e5367e05f49950b851ea6834a9f18e896e7))\n- Implement tests for new migrations\n ([e08ece9](https://github.com/ory/kratos/commit/e08ece9bb1c8c52580c15cf9152b4203821a0a0e))\n- Improve test readability for password method\n ([a896d9b](https://github.com/ory/kratos/commit/a896d9b55596d2925941a6b6a91b8a6e4ef2caa1))\n- Log successful hook execution\n ([f6026cf](https://github.com/ory/kratos/commit/f6026cfb0418767d99d18cd50529c2b71b21d775))\n- Log successful hook execution\n ([1e7d044](https://github.com/ory/kratos/commit/1e7d044603b204632d2ec73c2e54db896992300b))\n- Make login error handle JSON aware\n ([88f581f](https://github.com/ory/kratos/commit/88f581ff40a183cb96b5fb6d1ba398c58a9792d1))\n- Make password settings method API-able\n ([0cf6027](https://github.com/ory/kratos/commit/0cf60274f87f098d5eb57531f5071cd407b65f4d))\n- Make public cors configurable\n ([863a0d4](https://github.com/ory/kratos/commit/863a0d4f4696b05209b16f2e0c3daa9e8f4c1945)),\n closes [#712](https://github.com/ory/kratos/issues/712)\n- Oidc provider claims config option\n ([#753](https://github.com/ory/kratos/issues/753))\n ([bf94a40](https://github.com/ory/kratos/commit/bf94a40acd52128303c0b878ddb92d56abc4ceaf)),\n closes [#735](https://github.com/ory/kratos/issues/735)\n- Reply with cache-control: 0 for browser-facing APIs\n ([1a45b53](https://github.com/ory/kratos/commit/1a45b5341e0ab4580208bfb6a505859d1e5d2faf)),\n closes [#360](https://github.com/ory/kratos/issues/360)\n- Schemas are now static assets\n ([1776d58](https://github.com/ory/kratos/commit/1776d58278c42094b2c703e269a5901a96617051))\n- Support and document api flow in session issuer hook\n ([91f3cc7](https://github.com/ory/kratos/commit/91f3cc7a559b1ea1279216f8dc81abd8e6f73776))\n- Support application/json in registration\n ([3476b97](https://github.com/ory/kratos/commit/3476b978fdaee90358cc5505e20a0526f812a460)),\n closes [#44](https://github.com/ory/kratos/issues/44)\n- Support custom session token header\n ([56bec76](https://github.com/ory/kratos/commit/56bec760fd1b94428ba296395a11358664d9e830)):\n\n The `/sessions/whoami` endpoint now accepts the ORY Kratos Session Token in\n the `X-Session-Token` HTTP header.\n\n- Support GitLab OIDC Provider\n ([#519](https://github.com/ory/kratos/issues/519))\n ([8580d96](https://github.com/ory/kratos/commit/8580d96b7e345cc85a646f2945c3931f831afebf)),\n closes [#518](https://github.com/ory/kratos/issues/518)\n- Support json payloads for login and password\n ([354e8b2](https://github.com/ory/kratos/commit/354e8b2cd63ee8feb1fd8a4ed8b033490155d90c))\n- Support JSON payloads in password login flow\n ([dd32c23](https://github.com/ory/kratos/commit/dd32c23121da42e7eb3294fc8cb940fb7982723b))\n- Support session token bearer auth and lifecycle\n ([c12600a](https://github.com/ory/kratos/commit/c12600a7243b541a91631169ec09d618a45c72dc)):\n\n This patch adds support for issuing, validating, and revoking session tokens.\n Session tokens carry a reference to a session, and are equal to session\n cookies but can be used on environments which do not support cookies (e.g.\n React Native) by sending them in the Bearer Authorization.\n\n- Update migration tests\n ([fb28173](https://github.com/ory/kratos/commit/fb28173afa46ee828a3090981f394043c075f1ec))\n- Use uri-reference for ui_url etc. to allow relative urls\n ([#617](https://github.com/ory/kratos/issues/617))\n ([2dba450](https://github.com/ory/kratos/commit/2dba4503266436a615f4c1c18e07aa36ec713498))\n- Write request -> flow rename migrations\n ([d7189a9](https://github.com/ory/kratos/commit/d7189a99c9d3e0ce33b4cc9846e6b2530ddfe5ec))\n\n### Tests\n\n- Add handler update tests\n ([aea1fb8](https://github.com/ory/kratos/commit/aea1fb807a16acd8406b94a72c3b39be8c3e1280)),\n closes [#325](https://github.com/ory/kratos/issues/325)\n- Add init browser flow tests\n ([f477ece](https://github.com/ory/kratos/commit/f477ecebc73741b638cd62ef8aa2adb8b7adb8f2))\n- Add test for no-cache on public router\n ([b8aa63b](https://github.com/ory/kratos/commit/b8aa63b7ebd269a87578e8a5c6b2df27e18f9efa))\n- Add test for registration request\n ([79ed63c](https://github.com/ory/kratos/commit/79ed63cb4536499712796dab52999bcb73fe8466))\n- Add tests for registration flows\n ([4772f71](https://github.com/ory/kratos/commit/4772f710f66d1ee36b52eca120d617a354f72413))\n- Complete test suite for API-based auth\n ([fb9d62f](https://github.com/ory/kratos/commit/fb9d62f658165aa80bd117e1f827bbcc7c635150))\n- Implement API login password tests\n ([8bfd5f2](https://github.com/ory/kratos/commit/8bfd5f294ff03280bcf01c5066acefe767eabc73))\n- Implement API registration password tests\n ([db178b7](https://github.com/ory/kratos/commit/db178b73b097820c8dcd8760eec041a6fd0740aa))\n- Replace e2e-memory with unit test\n ([52bd839](https://github.com/ory/kratos/commit/52bd839ea9fe8de1aac4663b9dc0a88ae18a5765)),\n closes [#580](https://github.com/ory/kratos/issues/580)\n- Resolve broken decoder tests\n ([07add1b](https://github.com/ory/kratos/commit/07add1b3e4f46e4aff52174ce43d6970f60cf3ee))\n- Use correct hook in test\n ([421320c](https://github.com/ory/kratos/commit/421320ca4ad5b346c6dfb6ef0a9d14d7cf23fded))\n\n### Unclassified\n\n- u\n ([e207a6a](https://github.com/ory/kratos/commit/e207a6adb98f639413accce383633d7e74ca4db9))\n- As part of this change, fetching a settings flow over the public API no longer\n requires Anti-CSRF cookies to be sent.\n ([31d560e](https://github.com/ory/kratos/commit/31d560e47d55b087519355081cbca20b2a49da4e)),\n closes [#635](https://github.com/ory/kratos/issues/635)\n- Create labels.json\n ([68b1f6f](https://github.com/ory/kratos/commit/68b1f6f5a35c66cc71f74f1473796fa16a852366))\n- Add codedoc to identifier hint block\n ([6fe840f](https://github.com/ory/kratos/commit/6fe840f9c7a27ed97593e01936913e2239fd9446))\n- Format\n ([e61a51d](https://github.com/ory/kratos/commit/e61a51dd6e2d5e003165a0b7906a9c86ebbc87d9))\n- Format\n ([1e5b738](https://github.com/ory/kratos/commit/1e5b738f0765ec110c3ee70d7fc90fad0d1c89ac))\n- Format code\n ([c3b5ff5](https://github.com/ory/kratos/commit/c3b5ff5d3bc3a1e72f48498fbed60bae9f159617))\n\n# [0.4.6-alpha.1](https://github.com/ory/kratos/compare/v0.4.5-alpha.1...v0.4.6-alpha.1) (2020-07-13)\n\nResolves build and install issues and includes a few bugfixes.\n\n### Bug Fixes\n\n- Use proper binary name in dockerfile\n ([d36bbb0](https://github.com/ory/kratos/commit/d36bbb0875177ccd68747f4a17e59c981a7a6464))\n\n### Code Generation\n\n- Pin v0.4.6-alpha.1 release commit\n ([ad90e77](https://github.com/ory/kratos/commit/ad90e772cf59a33b213bc0fb782959a1685d9741)):\n\n Bumps from v0.4.4-alpha.1\n\n# [0.4.5-alpha.1](https://github.com/ory/kratos/compare/v0.4.4-alpha.1...v0.4.5-alpha.1) (2020-07-13)\n\nResolves build and install issues and includes a few bugfixes.\n\n### Bug Fixes\n\n- Ensure default_browser_return_url for flows is configured in after\n ([#570](https://github.com/ory/kratos/issues/570))\n ([cf9753c](https://github.com/ory/kratos/commit/cf9753c690c67e6401be52d2c1ce69f168aae6e8)),\n closes [#569](https://github.com/ory/kratos/issues/569)\n- Require selfservice.default_browser_return_url to be set in config\n ([#571](https://github.com/ory/kratos/issues/571))\n ([af2af7d](https://github.com/ory/kratos/commit/af2af7d35ba8b10dcd6d7636b044b0f7761a719d))\n\n### Code Generation\n\n- Pin v0.4.5-alpha.1 release commit\n ([3ea7fd3](https://github.com/ory/kratos/commit/3ea7fd3e7fd2c0b4aef638aa30e2b5b05c1bad26)):\n\n Bumps from v0.4.4-alpha.1\n\n# [0.4.4-alpha.1](https://github.com/ory/kratos/compare/v0.4.3-alpha.1...v0.4.4-alpha.1) (2020-07-10)\n\nThe purpose of this release is to resolve issues with install scripts, homebrew,\nand scoop.\n\n### Bug Fixes\n\n- Detection of SQLite memory mode\n ([#564](https://github.com/ory/kratos/issues/564))\n ([605cd57](https://github.com/ory/kratos/commit/605cd579895f3b765d398074cfdb37fa3eae0c4e))\n- Improve goreleaser config\n ([0f8a0d8](https://github.com/ory/kratos/commit/0f8a0d8afa6489383800d3eff1b7b1da01fbef08))\n\n### Code Generation\n\n- Pin v0.4.4-alpha.1 release commit\n ([154d543](https://github.com/ory/kratos/commit/154d543eef29ab67be8637a96d8d06620974094f))\n\n### Documentation\n\n- Add description for subkeys of serve\n ([#562](https://github.com/ory/kratos/issues/562))\n ([deae005](https://github.com/ory/kratos/commit/deae005a259747872f678d355b49cca21904e565))\n- Add section about password expiry\n ([19c2414](https://github.com/ory/kratos/commit/19c2414c3defe79fe6e80e50dd0e85026ecd60e6))\n- Specify the use of secrets ([#565](https://github.com/ory/kratos/issues/565))\n ([7680450](https://github.com/ory/kratos/commit/7680450cfa44049759b27ec09d5bebc236b19a29))\n- Update upgrade guide\n ([a40b1ec](https://github.com/ory/kratos/commit/a40b1ec18e7801f2862aad4e37becb7ce8f99c37))\n\n# [0.4.3-alpha.1](https://github.com/ory/kratos/compare/v0.4.2-alpha.1...v0.4.3-alpha.1) (2020-07-08)\n\nWe are very happy to announce the 0.4 release of ORY Kratos with 163 commits and\n817 changed files with 52,681 additions and 9,876 deletions.\n\nThere have been many improvements and bugfixes merged. The biggest changes are:\n\n1. Account recovery (\"reset password\") has been implemented.\n2. Documentation has been improved with easier to understand examples -\n currently only for account recovery so let us know what you think!\n3. The configuration has been simplified a lot. It is now much easier to enable\n account recovery and email verification. This is a breaking change - please\n read the breaking changes section with care!\n4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema.\n This is a breaking change - please read the breaking changes section with\n care!\n5. `prompt=login` has been renamed to `refresh=true`. This is a breaking\n change - please read the breaking changes section with care!\n6. We have reworked how (error) messages are returned. They now include an ID\n and all the parameters required for translating and customizing UI messages.\n This is a breaking change - please read the breaking changes section with\n care!\n7. Instead of keeping track of `update_successful` with booleans, flows (e.g.\n the settings flow) that have more than one state now include a state machine.\n This is a breaking change - please read the breaking changes section with\n care!\n8. Tons of tests have been added.\n9. We have reworked and fully tested the migration pipeline to prevent breaking\n schema changes in future versions.\n10. ORY Kratos now supports login with Azure AD and the Microsoft Identity\n Platform.\n\nBefore upgrading, please make a backup of your database and read the section\n\"Breaking Changes\" with care!\n\n### Bug Fixes\n\n- Resolve goreleaser build issues\n ([223571b](https://github.com/ory/kratos/commit/223571bca15f507067d20bedb104923331f88e59))\n- Update install.sh script\n ([883d99b](https://github.com/ory/kratos/commit/883d99ba42de084018a32eaa094b5ae1a8ad4fc2))\n\n### Code Generation\n\n- Pin v0.4.3-alpha.1 release commit\n ([a3a34b1](https://github.com/ory/kratos/commit/a3a34b1e43b2d010ed85e098cd7cea31127df311)):\n\n Bumps from v0.4.0-alpha.1\n\n# [0.4.2-alpha.1](https://github.com/ory/kratos/compare/v0.4.0-alpha.1...v0.4.2-alpha.1) (2020-07-08)\n\nWe are very happy to announce the 0.4 release of ORY Kratos with 153 commits and\n760 changed files with 36,223 additions and 9,754 deletions.\n\nThere have been many improvements and bugfixes merged. The biggest changes are:\n\n1. Account recovery (\"reset password\") has been implemented.\n2. Documentation has been improved with easier to understand examples -\n currently only for account recovery so let us know what you think!\n3. The configuration has been simplified a lot. It is now much easier to enable\n account recovery and email verification. This is a breaking change - please\n read the breaking changes section with care!\n4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema.\n This is a breaking change - please read the breaking changes section with\n care!\n5. `prompt=login` has been renamed to `refresh=true`. This is a breaking\n change - please read the breaking changes section with care!\n6. We have reworked how (error) messages are returned. They now include an ID\n and all the parameters required for translating and customizing UI messages.\n This is a breaking change - please read the breaking changes section with\n care!\n7. Instead of keeping track of `update_successful` with booleans, flows (e.g.\n the settings flow) that have more than one state now include a state machine.\n This is a breaking change - please read the breaking changes section with\n care!\n8. Tons of tests have been added.\n9. We have reworked and fully tested the migration pipeline to prevent breaking\n schema changes in future versions.\n10. ORY Kratos now supports login with Azure AD and the Microsoft Identity\n Platform.\n\nBefore upgrading, please make a backup of your database and read the section\n\"Breaking Changes\" with care!\n\n### Bug Fixes\n\n- Ignore pkged generated files\n ([1d385e4](https://github.com/ory/kratos/commit/1d385e4d1a004405099242c3003006d1713a24c6))\n\n### Code Generation\n\n- Pin v0.4.2-alpha.1 release commit\n ([20024cb](https://github.com/ory/kratos/commit/20024cbbb44b4f556004ef752a7f37e70a070e6a)):\n\n Bumps from v0.4.0-alpha.1\n\n# [0.4.0-alpha.1](https://github.com/ory/kratos/compare/v0.3.0-alpha.1...v0.4.0-alpha.1) (2020-07-08)\n\nWe are very happy to announce the 0.4 release of ORY Kratos with 153 commits and\n760 changed files with 36,223 additions and 9,754 deletions.\n\nThere have been many improvements and bugfixes merged. The biggest changes are:\n\n1. Account recovery (\"reset password\") has been implemented.\n2. Documentation has been improved with easier to understand examples -\n currently only for account recovery so let us know what you think!\n3. The configuration has been simplified a lot. It is now much easier to enable\n account recovery and email verification. This is a breaking change - please\n read the breaking changes section with care!\n4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema.\n This is a breaking change - please read the breaking changes section with\n care!\n5. `prompt=login` has been renamed to `refresh=true`. This is a breaking\n change - please read the breaking changes section with care!\n6. We have reworked how (error) messages are returned. They now include an ID\n and all the parameters required for translating and customizing UI messages.\n This is a breaking change - please read the breaking changes section with\n care!\n7. Instead of keeping track of `update_successful` with booleans, flows (e.g.\n the settings flow) that have more than one state now include a state machine.\n This is a breaking change - please read the breaking changes section with\n care!\n8. Tons of tests have been added.\n9. We have reworked and fully tested the migration pipeline to prevent breaking\n schema changes in future versions.\n10. ORY Kratos now supports login with Azure AD and the Microsoft Identity\n Platform.\n\nBefore upgrading, please make a backup of your database and read the section\n\"Breaking Changes\" with care! This release requires running SQL migrations when\nupgrading!\n\n## Breaking Changes\n\nThis patch renames the Identity Traits JSON Schema to Identity JSON Schema.\n\nThe identity payload has changed from\n\n```\n {\n- \"traits_schema_url\": \"...\",\n- \"traits_schema_id\": \"...\",\n+ \"schema_url\": \"...\",\n+ \"schema_id\": \"...\",\n }\n```\n\nAdditionally, it is now expected that your Identity JSON Schema includes a\n\"traits\" key at the root level.\n\n**Before (example)**\n\n```\n{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n },\n \"required\": [\n \"email\"\n ],\n \"additionalProperties\": false\n}\n```\n\n**After (example)**\n\n```\n{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n },\n \"required\": [\n \"email\"\n ],\n \"additionalProperties\": false\n }\n }\n}\n```\n\nYou also need to remove the `traits` key from your ORY Kratos config like this:\n\n```\n identity:\n- traits:\n- default_schema_url: http://test.kratos.ory.sh/default-identity.schema.json\n- schemas:\n- - id: other\n- url: http://test.kratos.ory.sh/other-identity.schema.json\n+ default_schema_url: http://test.kratos.ory.sh/default-identity.schema.json\n+ schemas:\n+ - id: other\n+ url: http://test.kratos.ory.sh/other-identity.schema.json\n```\n\nDo not forget to also update environment variables for the Identity JSON Schema\nas well if set.\n\nTo address these refactorings, the configuration had to be changed and with\nbreaking changes as keys have moved or have been removed.\n\nHook configuration has also changed. It is no longer required to include hooks\nsuch as `verification` to get verification working. Instead, verification is\nenabled globally (`selfservice.flows.verification.enabled`). Also, the\n`redirect` hook has been removed as it lead to confusion because there are\nalready default redirect URLs configurable. You will find more information in\nthe details below.\n\n**Session Management**\n\n```diff\n-ttl:\n- session: 1h\n-security:\n- session:\n- cookie:\n- same_site: Lax\n+session:\n+ lifespan: 1h\n+ cookie_same_site: Lax\n```\n\n**Secrets**\n\n```diff\n-secrets:\n- session:\n- - secret-to-encrypt-session-cookies\n- - old-session-cookie-secret-that-has-been-rotated\n+secrets:\n+ default:\n+ # This secret is used as default and will also be used for encrypting e.g. cookies when a dedicated cookie secret (as shown below) is not defined.\n+ - default-secret-to-encrypt-stuff\n+ cookie:\n+ - secret-to-encrypt-session-cookies\n+ - old-session-cookie-secret-that-has-been-rotated\n```\n\n**URLs**\n\nThe Base URL configuration has moved to `serve.public` and `serve.admin`. They\nare also no longer required and fall back to defaults based on the machine's\nhostname, port configuration, and other settings:\n\n```diff\n-urls:\n- self:\n- public: https://kratos.my-website.com/\n- admin: https://admin.kratos.cluster.localnet/\n+serve:\n+ public:\n+ base_url: https://kratos.my-website.com/\n+ admin:\n+ base_url: https://admin.kratos.cluster.localnet/\n```\n\nThe UI URLs have moved from `urls` to their respective self-service flows:\n\n```diff\n-urls:\n- login_ui: http://127.0.0.1:4455/auth/login\n- registration_ui: http://127.0.0.1:4455/auth/registration\n- settings_ui: http://127.0.0.1:4455/settings\n- verify_ui: http://127.0.0.1:4455/verify\n- error_ui: http://127.0.0.1:4455/error\n+selfservice:\n+ flows:\n+ login:\n+ ui_url: http://127.0.0.1:4455/auth/login\n+ registration:\n+ ui_url: http://127.0.0.1:4455/auth/registration\n+ settings:\n+ ui_url: http://127.0.0.1:4455/settings\n+ # please note that `verify` has changed to `verification`!\n+ verification:\n+ ui_url: http://127.0.0.1:4455/verify\n+ error:\n+ ui_url: http://127.0.0.1:4455/error\n```\n\nThe default redirect URL as well as whitelisted redirect URLs have also changed\ntheir location:\n\n```diff\n-urls:\n- default_return_to: https://self-service/dashboard\n- whitelisted_return_to_urls:\n- - https://self-service/some-other-url\n- - https://example.org/another-url\n+selfservice:\n+ default_browser_return_url: https://self-service/dashboard\n# Please note that the `to` has been removed (`whitelisted_return_to_urls` -> `whitelisted_return_urls`)\n+ whitelisted_return_urls:\n+ - https://self-service/some-other-url\n+ - https://example.org/another-url\n```\n\n**Self-Service Login**\n\n`selfservice.login` has moved to `selfservice.flow.login`:\n\n```diff\n selfservice:\n- login:\n+ flows:\n+ login:\n```\n\nOn top of this change, a few keys under `login` have changed as well:\n\n```diff\n selfservice\n flows:\n login:\n+ ui_url: http://127.0.0.1:4455/auth/login\n request_lifespan: 99m\n- before:\n- hooks:\n- - hook: redirect\n- config:\n- default_redirect_url: http://test.kratos.ory.sh:4000/\n- allow_user_defined_redirect: false\n+ # The before hooks have been removed because there were no good use cases for them. If\n+ # this is a problem for you feel free to open an issue!\n\n after:\n- default_return_to: https://self-service/login/return_to\n+ default_browser_return_url: https://self-service/login/return_to\n password:\n- default_return_to: https://self-service/login/password/return_to\n+ default_browser_return_url: https://self-service/login/password/return_to\n hooks:\n - hook: revoke_active_sessions\n oidc:\n- default_return_to: https://self-service/login/podc/return_to\n+ default_browser_return_url: https://self-service/login/podc/return_to\n hooks:\n - hook: revoke_active_sessions\n```\n\n**Self-Service Registration**\n\n`selfservice.registration` has moved from to `selfservice.flow.registration`:\n\n```diff\n selfservice:\n- registration:\n+ flows:\n+ registration:\n```\n\nOn top of this change, a few keys under `registration` have changed as well:\n\n```diff\n selfservice\n flows:\n registration:\n+ ui_url: http://127.0.0.1:4455/auth/registration\n request_lifespan: 99m\n- before:\n- hooks:\n- - hook: redirect\n- config:\n- default_redirect_url: http://test.kratos.ory.sh:4000/\n- allow_user_defined_redirect: false\n+ # The before hooks have been removed because there were no good use cases for them. If\n+ # this is a problem for you feel free to open an issue!\n\n after:\n- default_return_to: https://self-service/registration/return_to\n+ default_browser_return_url: https://self-service/registration/return_to\n password:\n- default_return_to: https://self-service/registration/password/return_to\n+ default_browser_return_url: https://self-service/registration/password/return_to\n hooks:\n - hook: revoke_active_sessions\n+ # The verify hook is now executed automatically when verification is turned on.\n- - hook: verify\n+ # The redirect hook was confusing as it aborts the registration flow and does not solve redirection on\n+ # success. It has thus been removed.\n- - hook: redirect\n oidc:\n- default_return_to: https://self-service/registration/podc/return_to\n+ default_browser_return_url: https://self-service/registration/podc/return_to\n hooks:\n - hook: revoke_active_sessions\n+ # The verify hook is now executed automatically when verification is turned on.\n- - hook: verify\n+ # The redirect hook was confusing as it aborts the registration flow and does not solve redirection on\n+ # success. It has thus been removed.\n- - hook: redirect\n```\n\n**Self-Service Settings**\n\n`selfservice.settings` has moved from to `selfservice.flow.settings`:\n\n```diff\n selfservice:\n- settings:\n+ flows:\n+ settings:\n```\n\nOn top of this change, a few keys under `settings` have changed as well:\n\n```diff\n selfservice\n flows:\n settings:\n+ ui_url: http://127.0.0.1:4455/settings\n request_lifespan: 99m\n privileged_session_max_age: 99m\n- default_return_to: https://self-service/settings/return_to\n after:\n+ default_browser_return_url: https://self-service/settings/return_to\n+ # The profile/password after hooks have been removed as verification is now executed automatically\n+ # when turned on.\n- password:\n- hooks:\n- - hook: verify\n- profile:\n- hooks:\n- - hook: verify\n```\n\n**Self-Service Verification**\n\n`selfservice.verify` has moved from to `selfservice.flow.verification`:\n\n```diff\n selfservice:\n- verify:\n+ flows:\n+ verification:\n```\n\nInstead of configuring verification with hooks and other components, it can now\nbe enabled in a central place. If enabled, a SMTP server must be configured in\nthe `courier` section. You are still required to mark a field as verifiable in\nyour Identity JSON Schema.\n\n```diff\n selfservice:\n flows:\n verification:\n+ enabled: true # defaults to true\n+ ui_url: http://127.0.0.1:4455/recovery\n request_lifespan: 1m\n- default_return_to: https://self-service/verification/return_to\n after:\n+ default_browser_return_url: https://self-service/verification/return_to\n```\n\nReplaces the `update_successful` field of the settings request with a field\ncalled `state` which can be either `show_form` or `success`.\n\nFlows, request methods, form fields have had a key errors to show e.g.\nvalidation errors such as (\"not an email address\", \"incorrect\nusername/password\", and so on. The `errors` key is now called `messages`. Each\nmessage now has a `type` which can be `error` or `info`, an `id` which can be\nused to translate messages, a `text` (which was previously errors[*].message).\nThis affects all login, request, settings, and recovery flows and methods.\n\nTo refresh a login session it is now required to append `refresh=true` instead\nof `prompt=login` as the second has implications for revoking an existing issue\nand might be confusing when used in combination with OpenID Connect.\n\n- Applying this patch requires running SQL Migrations.\n- The field `identity.addresses` has moved to `identity.verifiable_addresses`.\n- Configuration key `selfservice.verification.link_lifespan` has been merged\n with `selfservice.verification.request_lifespan`.\n\n### Bug Fixes\n\n- Account recovery can't use recovery token\n ([#526](https://github.com/ory/kratos/issues/526))\n ([379f24e](https://github.com/ory/kratos/commit/379f24e96e50a3e5c71b53a11195bdd84a8dc957)),\n closes [#525](https://github.com/ory/kratos/issues/525)\n- Add and document recovery to quickstart\n ([c229c54](https://github.com/ory/kratos/commit/c229c54603bdc3efb863fd76b64096ae599d1aac))\n- Add pkger to docker builds\n ([d3ef5a0](https://github.com/ory/kratos/commit/d3ef5a0fe90f430999d0d94cb2f55acc8d628212))\n- Allow linking oidc credentials without existing oidc connection\n ([#548](https://github.com/ory/kratos/issues/548))\n ([39c1234](https://github.com/ory/kratos/commit/39c1234f8ff3f6c7b0923053c8a317677d6cb667)),\n closes [#532](https://github.com/ory/kratos/issues/532)\n- Bump pop version ([#558](https://github.com/ory/kratos/issues/558))\n ([9e46cea](https://github.com/ory/kratos/commit/9e46ceabec8d5c1995321b62cbba9ac3900de446)),\n closes [#556](https://github.com/ory/kratos/issues/556)\n- Clear error messages after updating settings successfully\n ([#421](https://github.com/ory/kratos/issues/421))\n ([7eec388](https://github.com/ory/kratos/commit/7eec38829449237cffe345d8bec67578764559be)),\n closes [#420](https://github.com/ory/kratos/issues/420)\n- Do not send debug on session/whoami\n ([16d3670](https://github.com/ory/kratos/commit/16d3670070bf46170c4540203e8380ad81bfb4c3)),\n closes [#483](https://github.com/ory/kratos/issues/483)\n- Document login refresh parameter in swagger\n ([#482](https://github.com/ory/kratos/issues/482))\n ([6b94993](https://github.com/ory/kratos/commit/6b949936725a6100a31851a5d879c877c2c76cbf))\n- Embedded video link properly\n ([#514](https://github.com/ory/kratos/issues/514))\n ([962bbc6](https://github.com/ory/kratos/commit/962bbc6e4af0797c190418b812f6298372dabdde))\n- Embedded video link properly\n ([#515](https://github.com/ory/kratos/issues/515))\n ([821ca93](https://github.com/ory/kratos/commit/821ca93838a360551378e336e9ce10cfe13369ec))\n- Enable recovery for quickstart\n ([0ccc651](https://github.com/ory/kratos/commit/0ccc651f809b1e39dd6c41b88f1a10c67451eae2))\n- Improve grammar of similar password error\n ([#471](https://github.com/ory/kratos/issues/471))\n ([39873bf](https://github.com/ory/kratos/commit/39873bfad89a654fe12e101b54e9b0c2f95714ec))\n- Improvements to Dockerfiles ([#552](https://github.com/ory/kratos/issues/552))\n ([6023877](https://github.com/ory/kratos/commit/6023877184efeadd6ec27a050a6969b6d0dd6caa)):\n - expose ory home as volume to simplify passing in own config file\n - declare Kratos default ports in Dockerfile\n\n- Initialize verification request with correct state\n ([3264ecf](https://github.com/ory/kratos/commit/3264ecfbb8f7b34d9dbb22237df8d9f591ac09f3)),\n closes [#543](https://github.com/ory/kratos/issues/543)\n- Re-add all databases to persister\n ([#527](https://github.com/ory/kratos/issues/527))\n ([b04d178](https://github.com/ory/kratos/commit/b04d17815b5a28b5fe73a6a94ce1d907a63115e1))\n- Re-add redirect targets for quickstart\n ([3c48ad2](https://github.com/ory/kratos/commit/3c48ad26961560d6e10a627a64052e316d9ffdc7))\n- Reduce docker bloat by ignoring docs and others\n ([ecc555b](https://github.com/ory/kratos/commit/ecc555b5ad0fa888a8d5ba39cc09094fd251e655))\n- Resolve broken redirect in verify flow\n ([a9ca8fd](https://github.com/ory/kratos/commit/a9ca8fd793347ed8e4404a4bd29e330a3f1ef684)),\n closes [#436](https://github.com/ory/kratos/issues/436)\n- Respect multiple secrets and fix used flag\n ([#526](https://github.com/ory/kratos/issues/526))\n ([b16c2b8](https://github.com/ory/kratos/commit/b16c2b80edfc78afca0c72fa8da7d73b51b3075a)),\n closes [#525](https://github.com/ory/kratos/issues/525)\n- Respect self-service enabled flag\n ([#470](https://github.com/ory/kratos/issues/470))\n ([b198faf](https://github.com/ory/kratos/commit/b198fafce9d96fbb644300243e6a757242fbbd06)),\n closes [#417](https://github.com/ory/kratos/issues/417):\n\n Respects the `enabled` flag for self-service strategies.\n\n Also a new testhelper function was needed, to defer route registration\n (because whether strategies are enabled or not is determined only once: at\n route registration)\n\n- Typo accent -> account\n ([984d978](https://github.com/ory/kratos/commit/984d978cf44763d916a9329742d046e00f21577b))\n- Use correct brew replacements\n ([fd269b1](https://github.com/ory/kratos/commit/fd269b1afa784becac7ee79cd7a6f9d2bbe39121)),\n closes [#423](https://github.com/ory/kratos/issues/423)\n- Write migration tests ([#499](https://github.com/ory/kratos/issues/499))\n ([d32413a](https://github.com/ory/kratos/commit/d32413a1fcd0ce1a82d2529f18b5d4334a490a2a)),\n closes [#481](https://github.com/ory/kratos/issues/481)\n\n### Code Generation\n\n- Pin v0.4.0-alpha.1 release commit\n ([e8690c4](https://github.com/ory/kratos/commit/e8690c4037ba5d80aa2459625be553c5bc2d2152))\n\n### Code Refactoring\n\n- Improve and simplify configuration\n ([#536](https://github.com/ory/kratos/issues/536))\n ([8e7f9f5](https://github.com/ory/kratos/commit/8e7f9f5ec3ac6f5675584974e8d189247b539634)),\n closes [#432](https://github.com/ory/kratos/issues/432)\n- Move schema packing to pkger\n ([173f9d2](https://github.com/ory/kratos/commit/173f9d2b09d597376490b5d4588f7c0a4f525857))\n- Move verify fallback to verification\n ([1ce6469](https://github.com/ory/kratos/commit/1ce64695ec61c3a31e00875069d2847be502744b))\n- Rename identity traits schema to identity schema\n ([#557](https://github.com/ory/kratos/issues/557))\n ([949e743](https://github.com/ory/kratos/commit/949e743ef9ddbc6e711f0174593f59f4fa3a1171)),\n closes [#531](https://github.com/ory/kratos/issues/531)\n- Rename prompt=login to refresh=true\n ([#478](https://github.com/ory/kratos/issues/478))\n ([c04346e](https://github.com/ory/kratos/commit/c04346e0f01aa7ce5627c0b7135032b225e7faf9)),\n closes [#477](https://github.com/ory/kratos/issues/477)\n- Replace settings update_successful with state\n ([#488](https://github.com/ory/kratos/issues/488))\n ([ca3b3f4](https://github.com/ory/kratos/commit/ca3b3f4dbdcd75ceb13c9a1b2c8dc991aba7c7e4)),\n closes [#449](https://github.com/ory/kratos/issues/449)\n- Text errors to text messages\n ([#476](https://github.com/ory/kratos/issues/476))\n ([8106951](https://github.com/ory/kratos/commit/81069514e5ef1d851f76d44bb45d6a896d4985a6)),\n closes [#428](https://github.com/ory/kratos/issues/428):\n\n This patch implements a better way to deal with text messages by giving them a\n unique ID, a context, and a default message.\n\n### Documentation\n\n- Add azure to next docs\n ([e1dd3fa](https://github.com/ory/kratos/commit/e1dd3fad30a07be6f105201a8478642e9792df46))\n- Add fixme note for viper workaround\n ([7e3eef6](https://github.com/ory/kratos/commit/7e3eef6d36dcbb1a06ce0a20e2de0874a7dc5d38)):\n\n See https://github.com/ory/x/issues/169\n\n- Add guide for setting up account recovery\n ([bbf3762](https://github.com/ory/kratos/commit/bbf37620d5b47fd18cb754c8ed43856652ee33c0))\n- Add guide for setting up email verification\n ([1435cbc](https://github.com/ory/kratos/commit/1435cbcea5d45c9cde1a0eb7e5ebb66ce65c4b82))\n- Add guide for SSO via Google\n ([#424](https://github.com/ory/kratos/issues/424))\n ([5c45b16](https://github.com/ory/kratos/commit/5c45b1653791cc3ab5d4e4694da98da7543e816d))\n- Add new guides to sidebar\n ([24c5cbc](https://github.com/ory/kratos/commit/24c5cbc129ad185ec02883c3451d7e573409b865))\n- Added video tutorials to guides\n ([#513](https://github.com/ory/kratos/issues/513))\n ([956731d](https://github.com/ory/kratos/commit/956731d562f33f2849197b2e692a4f20b18279f9))\n- Added youtube manual ([#490](https://github.com/ory/kratos/issues/490))\n ([ec232f7](https://github.com/ory/kratos/commit/ec232f72d7204b2cdf946874d51f7473a10a76a4))\n- Connecting Kratos to AzureAD\n ([#433](https://github.com/ory/kratos/issues/433))\n ([7660bcd](https://github.com/ory/kratos/commit/7660bcd2ba90d83c4ab0683a2f011e6841b2c810))\n- Correct claims.email in github guide\n ([#422](https://github.com/ory/kratos/issues/422))\n ([052a622](https://github.com/ory/kratos/commit/052a622de79d34e32ccab9c7da12a1275c7be51b)):\n\n There is no email_primary in claims, and the selfservice strategy is currently\n using claims.email.\n\n- Correct claims.email in github guide\n ([#422](https://github.com/ory/kratos/issues/422))\n ([58f7e15](https://github.com/ory/kratos/commit/58f7e15093d2461d4322fe68adb0723ae244bed9)):\n\n There is no email_primary in claims, and the selfservice strategy is currently\n using claims.email.\n\n- Correct link in user-settings\n ([d13317d](https://github.com/ory/kratos/commit/d13317d9bf71db775067a7c17f4c98cdbf1cc7e5))\n- Correct SDK use in quickstart\n ([#480](https://github.com/ory/kratos/issues/480))\n ([dfdf975](https://github.com/ory/kratos/commit/dfdf9751d9333994a49537d82a15b780ebd8bc76)),\n closes [#430](https://github.com/ory/kratos/issues/430)\n- Correct stray dot\n ([e820f41](https://github.com/ory/kratos/commit/e820f41e63aff1a85094a9e14dfd968353ae6b1b))\n- Correct user settings render form\n ([197e246](https://github.com/ory/kratos/commit/197e24603fc67707131e54e52e1bfb52011ca839))\n- Delete old redirect homepage\n ([b6d9244](https://github.com/ory/kratos/commit/b6d9244b5d683f5baf27e9af5970596261a4fd20))\n- Document new account recovery feature\n ([2252a86](https://github.com/ory/kratos/commit/2252a8676e573b9ade85814acc40b212dcfd48c1)),\n closes [#436](https://github.com/ory/kratos/issues/436)\n- Document refresh=true for login\n ([#479](https://github.com/ory/kratos/issues/479))\n ([2ab5ead](https://github.com/ory/kratos/commit/2ab5ead77517ab5b750835195ab6673e219da71a)),\n closes [#464](https://github.com/ory/kratos/issues/464)\n- Embedded quickstart video ([#491](https://github.com/ory/kratos/issues/491))\n ([ee80346](https://github.com/ory/kratos/commit/ee80346a30ebc2c7b06292e58bd3578e002e242a))\n- Fix broken link\n ([d20816e](https://github.com/ory/kratos/commit/d20816e5335abb8bcde5c6d68b17eaabae5d01b0))\n- Fix broken link\n ([aa9d3e6](https://github.com/ory/kratos/commit/aa9d3e6347375170a84ba53b2a9050c9544e7e2a))\n- Fix broken link ([#506](https://github.com/ory/kratos/issues/506))\n ([dac8dfd](https://github.com/ory/kratos/commit/dac8dfd970255f8e79e7fc7811f563e6903f6fc9)):\n\n The rest api is no longer under sdk but under reference.\n\n- Fix broken link ([#554](https://github.com/ory/kratos/issues/554))\n ([e80d691](https://github.com/ory/kratos/commit/e80d691e256326aacfa89b391583e0494d8a6872))\n- Fix code sample comment\n ([781a76b](https://github.com/ory/kratos/commit/781a76bb6de20767d6150b1fcb5236f4f376edd7))\n- Fix copy paste errors in code docs\n ([e456a4e](https://github.com/ory/kratos/commit/e456a4e435265eade7026fd899c4bc7d2b28a5c9))\n- Fix iframe syntax ([#520](https://github.com/ory/kratos/issues/520))\n ([0cb36ca](https://github.com/ory/kratos/commit/0cb36ca9d8459dc8027358190e6e8aa8764bffe4))\n- Fix typo ([#535](https://github.com/ory/kratos/issues/535))\n ([c57d270](https://github.com/ory/kratos/commit/c57d270758a97315c874df3fae867b0031300501))\n- Fix typo in base docs ([#503](https://github.com/ory/kratos/issues/503))\n ([6668048](https://github.com/ory/kratos/commit/666804812d707b1d50ea160877bdb3878ddfe6b0))\n- Fix typo in oauth sign in documentation\n ([#504](https://github.com/ory/kratos/issues/504))\n ([886e24d](https://github.com/ory/kratos/commit/886e24d93a5eb233062b8c7d562c8208f7a4f48f))\n- Fix typos\n ([81903a5](https://github.com/ory/kratos/commit/81903a5137d87588531391623b92afde70abc3ea))\n- Fix typos ([#489](https://github.com/ory/kratos/issues/489))\n ([57a7bc8](https://github.com/ory/kratos/commit/57a7bc89961612fea0255202d3dd6a535921ef3c))\n- Fix ui url keys everywhere\n ([b75debb](https://github.com/ory/kratos/commit/b75debb0ee4f87dd9910b30bd76d8c6ad382fb38))\n- Fix username example by renaming property and removing format\n ([#508](https://github.com/ory/kratos/issues/508))\n ([4573426](https://github.com/ory/kratos/commit/45734260bcead3087aadcaaf3033cc1e89bc1844))\n- Fix wording in settings flow graph\n ([e2a0084](https://github.com/ory/kratos/commit/e2a00842cb5bd3cfbddd0e5117c7f3f968e9f2df))\n- Fixed broken link ([#452](https://github.com/ory/kratos/issues/452))\n ([d1ddbd1](https://github.com/ory/kratos/commit/d1ddbd1ee465a7d3e29815fcfd9c75b5decbb5f9))\n- Fixed broken link ([#455](https://github.com/ory/kratos/issues/455))\n ([4f3d179](https://github.com/ory/kratos/commit/4f3d17906f3fa2aea3a0b0505047da6aa54938e4))\n- Fixed broken link ([#456](https://github.com/ory/kratos/issues/456))\n ([4b43e99](https://github.com/ory/kratos/commit/4b43e993df62d2bf54fa39624651f081eb75bbb0))\n- Fixed broken link ([#460](https://github.com/ory/kratos/issues/460))\n ([7da304c](https://github.com/ory/kratos/commit/7da304caf0de93442f047872cdd30d7fc316218e))\n- Fixed broken link ([#461](https://github.com/ory/kratos/issues/461))\n ([c248e4e](https://github.com/ory/kratos/commit/c248e4e2a48a409b53ed02644abfc27e3cebeb11))\n- Fixed broken link ([#462](https://github.com/ory/kratos/issues/462))\n ([ceacac3](https://github.com/ory/kratos/commit/ceacac30eda7d94cb24403c1fb988d4dd5fcd21f))\n- Fixed broken links ([#451](https://github.com/ory/kratos/issues/451))\n ([193a781](https://github.com/ory/kratos/commit/193a781576031818006d6e2b72418293cf94dda1)):\n\n Fixed a few broken links, .md in the url was the problem.\n\n- Fixed broken links ([#453](https://github.com/ory/kratos/issues/453))\n ([59d00eb](https://github.com/ory/kratos/commit/59d00ebb87564cc9ff9c5ae12bcd7d25fb0b26c9))\n- Fixed broken links ([#457](https://github.com/ory/kratos/issues/457))\n ([00ec00d](https://github.com/ory/kratos/commit/00ec00d09ca5318c75832caff5e7a97d640ac083))\n- Fixed broken links ([#458](https://github.com/ory/kratos/issues/458))\n ([f960887](https://github.com/ory/kratos/commit/f9608876e30dbdd7c67ee70dcf5d9a1985b80f0f))\n- Fixed broken links ([#459](https://github.com/ory/kratos/issues/459))\n ([2749596](https://github.com/ory/kratos/commit/27495964c7cd34e9bf914b19c83157e484c9cde4))\n- Fixed broken markdown ([#474](https://github.com/ory/kratos/issues/474))\n ([22d5be1](https://github.com/ory/kratos/commit/22d5be16f91ed9df206310c6f04d843cd79328ca))\n- Format guides\n ([407c70f](https://github.com/ory/kratos/commit/407c70f23d815380d98ee9252f263e07c1f0f4a9))\n- Improve grammar and wording ([#448](https://github.com/ory/kratos/issues/448))\n ([a19adf3](https://github.com/ory/kratos/commit/a19adf30426ff8df03a3eb725ae0101ebb6c4ab1))\n- Improve grammar, clarify sections, update images\n ([#419](https://github.com/ory/kratos/issues/419))\n ([79019d1](https://github.com/ory/kratos/commit/79019d1246b1517b3297996a207a3d2f517fab01))\n- Make whitelisted_return_to_urls examples an array\n ([#426](https://github.com/ory/kratos/issues/426))\n ([7ed5605](https://github.com/ory/kratos/commit/7ed56057f533f23ca18cab5a2614429554e877e2)),\n closes [#425](https://github.com/ory/kratos/issues/425)\n- Minor fixes ([#467](https://github.com/ory/kratos/issues/467))\n ([8d15307](https://github.com/ory/kratos/commit/8d153079ee44f0765993640500bbe746dc0a34aa))\n- Move security questions to own document\n ([2b77fba](https://github.com/ory/kratos/commit/2b77fba79b724dcd68ff0cd739cd65517aea4325))\n- Properly annotate forms disabled field\n ([#486](https://github.com/ory/kratos/issues/486))\n ([be1acb3](https://github.com/ory/kratos/commit/be1acb3d161412d18599c970364f0c91fa6ebffb)):\n\n See https://github.com/ory/kratos/pull/467#discussion_r434764266\n\n- Remove rogue slash and fix closing tag\n ([#521](https://github.com/ory/kratos/issues/521))\n ([3fd1076](https://github.com/ory/kratos/commit/3fd1076929eeecffb7e8aa8e906970774283daeb))\n- Rename redirect page to browser-redirect-flow-completion\n ([ae77d48](https://github.com/ory/kratos/commit/ae77d48a3435069556382b9403cb1ad45a9d7c07))\n- Replace mailhog references with mailslurper\n ([#509](https://github.com/ory/kratos/issues/509))\n ([d0e5a0f](https://github.com/ory/kratos/commit/d0e5a0fa64e2d46437fb2abd17dc306bdec34a91))\n- Run format\n ([2b3f299](https://github.com/ory/kratos/commit/2b3f29913be844498a02b9869789c2b2d4aaacf8))\n- Typo correction in credentials.md\n ([#551](https://github.com/ory/kratos/issues/551))\n ([3b7e104](https://github.com/ory/kratos/commit/3b7e104c2bcba52326f89761c9e3da14b4f06d08))\n- Typos and stale links\n ([29fb466](https://github.com/ory/kratos/commit/29fb466d9881b6574ee697d7e25e45785f07114b))\n- Typos and stale links ([#510](https://github.com/ory/kratos/issues/510))\n ([7557ab8](https://github.com/ory/kratos/commit/7557ab85ddf8501935d70e2558682dff2024897b))\n- Update repository templates\n ([4c89834](https://github.com/ory/kratos/commit/4c89834ce59195c5b59da5bc5b41db7ed03bf1c4))\n- Use central banner repo for README\n ([d1e8a82](https://github.com/ory/kratos/commit/d1e8a8272cd536b6e12326778258bfbe0b7e8af7))\n- Use shorthand closing tag for Mermaid\n ([f9f2dbc](https://github.com/ory/kratos/commit/f9f2dbc063f82a852b540013ddff81501f7c1222))\n\n### Features\n\n- Add support for Multitenant Azure AD as an OIDC provider\n ([#434](https://github.com/ory/kratos/issues/434))\n ([a8f1179](https://github.com/ory/kratos/commit/a8f117985217c753cfca52905e43b640e89a6bd1))\n- Add tests for defaults\n ([a16fc51](https://github.com/ory/kratos/commit/a16fc5121b36353cf2e684190eda976a1ea53a8f))\n- Add User ID to a header when calling whoami\n ([#530](https://github.com/ory/kratos/issues/530))\n ([183b4d0](https://github.com/ory/kratos/commit/183b4d075a9ff50c1f9f53d108a48789e49a5138))\n- Implement account recovery ([#428](https://github.com/ory/kratos/issues/428))\n ([e169a3e](https://github.com/ory/kratos/commit/e169a3e4079b1ef3a18564e0723baf81c44c38ec)),\n closes [#37](https://github.com/ory/kratos/issues/37):\n\n This patch implements the account recovery with endpoints such as \"Init\n Account Recovery\", a new config value `urls.recovery_ui` and so on. A new\n identity field has been added `identity.recovery_addresses` containing all\n recovery addresses.\n\n Additionally, some refactoring was made to DRY code and make naming\n consistent. As part of dependency upgrades, structured logging has also\n improved and an audit trail prototype has been added (currently streams to\n stderr only).\n\n### Unclassified\n\n- docs:fixed broken link (#454)\n ([22720c6](https://github.com/ory/kratos/commit/22720c6c5e3d31acc175980223183e2336b3751d)),\n closes [#454](https://github.com/ory/kratos/issues/454)\n- Allow kratos to talk to databases in docker-compose quickstart\n ([#522](https://github.com/ory/kratos/issues/522))\n ([8bf9a1a](https://github.com/ory/kratos/commit/8bf9a1ac4162c677a455c2f02de658bd5d146905)):\n\n All of the databases must exist on the same docker network to allow the main\n kratos applications to communicate with them.\n\n- Fixed typo ([#472](https://github.com/ory/kratos/issues/472))\n ([31263b6](https://github.com/ory/kratos/commit/31263b68ab8d81d264e0fa375a915f8f82d70bb3))\n\n# [0.3.0-alpha.1](https://github.com/ory/kratos/compare/v0.2.1-alpha.1...v0.3.0-alpha.1) (2020-05-15)\n\nThis release finalizes the OpenID Connect and OAuth2 login, registration, and\nsettings strategy with JsonNet data transformation! From now on, \"Sign in with\nGoogle, Github, ...\" is officially supported! It's also possible to link and\nunlink these connections using the Self-Service Settings Flow! The documentation\nhas been updated to reflect those changes and includes guides to setting up\n\"Sign in with GitHub\" in under 5 Minutes! Please be aware that existing OpenID\nConnect connections will stop working. Check out the \"Breaking Changes\" section\nfor more info! Want to learn more? Check\n[out the docs](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2)!\n\nWe also changed the config validation output, making it easier than ever to find\nbugs in your config:\n\n```\n% kratos --config invalid-config.yml serve\nINFO[0001] Config file loaded successfully. path=invalid-config.yml\nERRO[0001] The provided configuration is invalid and could not be loaded. Check the output below to understand why. config_file=invalid-config.yml\n\ndsn: \n ^-- one or more required properties are missing\n\nurls.whitelisted_return_to_urls: https://selfservice.office.example.com\n ^-- expected array, but got string\n\nFATA[0001] The services failed to start because the configuration is invalid. Check the output above for more details.\n```\n\nThis release concludes over 50 commits and 16.000 lines of code changed.\n\n## Breaking Changes\n\nIf you upgrade and have existing Social Sign In connections, it will no longer\nbe possible to use them to sign in. Because the oidc strategy was undocumented\nand not officially released we do not provide an upgrade guide. If you run into\nthis issue on a production system you may need to use SQL to change the config\nof those identities. If this is a real issue for you that you're unable to\nsolve, please create an issue on GitHub.\n\nThis is a breaking change as previous OIDC configurations will not work. Please\nconsult the newly written documentation on OpenID Connect to learn how to use\nOIDC in your login and registration flows. Since the OIDC feature was not\npublicly broadcasted yet we have chosen not to provide an upgrade path. If you\nhave issues, please reach out on the forums or slack.\n\n### Bug Fixes\n\n- Access rules of oathkeeper for quick start\n ([#390](https://github.com/ory/kratos/issues/390))\n ([5ed6d05](https://github.com/ory/kratos/commit/5ed6d05b3e13027e4e7ffef1ff10ab2fb948093d)),\n closes [#389](https://github.com/ory/kratos/issues/389):\n\n To access `/` as dashboard\n\n- Active field should not be required\n ([#401](https://github.com/ory/kratos/issues/401))\n ([aed2a5c](https://github.com/ory/kratos/commit/aed2a5c3c8e39132df53ae8f0eecfb7924296796)),\n closes [ory/sdk#14](https://github.com/ory/sdk/issues/14)\n- Adopt jsonnet in e2e oidc tests\n ([5e518fb](https://github.com/ory/kratos/commit/5e518fb2de678e27fcc0e4fff020a4d575f1c109))\n- Detect postgres unique constraint\n ([3a777af](https://github.com/ory/kratos/commit/3a777af00244066a42751005d832e4058ddad8d2))\n- Fix oidc strategy jsonnet test\n ([f6c48bf](https://github.com/ory/kratos/commit/f6c48bf2c64cea1f111e5777de22878e0be5f03c))\n- Improve config validation error message\n ([#414](https://github.com/ory/kratos/issues/414))\n ([d1e6896](https://github.com/ory/kratos/commit/d1e6896b3870cad49217ee78f6024a8a5c416f46)),\n closes [#413](https://github.com/ory/kratos/issues/413)\n- Reset request id after parse\n ([9550205](https://github.com/ory/kratos/commit/9550205a35364473e0f620ef2b2a7eac223dbfff))\n- Resolve flaky swagger generation\n ([#416](https://github.com/ory/kratos/issues/416))\n ([ac4acfc](https://github.com/ory/kratos/commit/ac4acfcd7f4e686b5d5c01136158fdf1687329ac))\n- Resolve regression issues and bugs\n ([e6d5369](https://github.com/ory/kratos/commit/e6d53693e146ec6e0d9de2ea366323721af3d8fb))\n- Return correct error on id mismatch\n ([5915f28](https://github.com/ory/kratos/commit/5915f2882d2a481ea357d50b0058093ba3ddb51b))\n- Test and implement mapper_url for jsonnet\n ([40ac3dc](https://github.com/ory/kratos/commit/40ac3dc7b5828ac775055fed3c0bd9ff393e5d86))\n- Transaction usage in the identity persister\n ([#404](https://github.com/ory/kratos/issues/404))\n ([7f5072d](https://github.com/ory/kratos/commit/7f5072dc2d4fbf1f48cdf4d199ce4e89683a87b1))\n\n### Chores\n\n- Pin v0.3.0-alpha.1 release commit\n ([43b693a](https://github.com/ory/kratos/commit/43b693a449bf7cd219eb6901acf36725ace1c41c))\n\n### Code Refactoring\n\n- Adopt new request parser\n ([ad16cc9](https://github.com/ory/kratos/commit/ad16cc917c8067eb1c4b89ef8192287be1c912c8))\n- Dry config and oidc tests\n ([3e98756](https://github.com/ory/kratos/commit/3e9875612ea895f9b565d34f4d5b0f80d136868f))\n- Improve oidc flows and payloads and add e2e tests\n ([#381](https://github.com/ory/kratos/issues/381))\n ([f9a5079](https://github.com/ory/kratos/commit/f9a50790637a848897ba275373bc538728e09f3d)),\n closes [#387](https://github.com/ory/kratos/issues/387):\n\n This patch improves the OpenID Connect login and registration user experience\n by simplifying the network flows and introduces e2e tests using ORY Hydra.\n\n- Move cypress files to test/e2e\n ([df8e627](https://github.com/ory/kratos/commit/df8e627d81d69682e01ec5670c7088ba564df578))\n- Moved scanner json to ory/x ([#412](https://github.com/ory/kratos/issues/412))\n ([8a0967d](https://github.com/ory/kratos/commit/8a0967daef4329981b01e6c2b8bb55a8105b4829))\n- Partition files and change creds structure\n ([4f1eb94](https://github.com/ory/kratos/commit/4f1eb946fe1e74e537fc2166fc000180a11c2048)):\n\n This patch changes the data model of the OpenID Connect strategy. Instead of\n using an array of providers as the base config item (e.g.\n `{\"type\":\"oidc\",\"config\":[{\"provider\":\"google\",\"subject\":\"...\"}]}`) the\n credentials config is now an object with a `providers` key:\n `{\"type\":\"oidc\",\"config\":{\"providers\":[{\"provider\":\"google\",\"subject\":\"...\"}]}}`.\n This change allows introduction of future changes to the schema without\n breaking compatibility.\n\n- Replace oidc jsonschema with jsonnet\n ([2b45e79](https://github.com/ory/kratos/commit/2b45e7953787ad46a6937fe44cb24b6c786eb223)),\n closes [#380](https://github.com/ory/kratos/issues/380):\n\n This patch replaces the previous methodology of merging OIDC data which used\n JSON Schema with Extensions and JSON Path in favor of a much easier to use\n approach with JSONNet.\n\n- **settings:** Use common request parser\n ([ad6c402](https://github.com/ory/kratos/commit/ad6c4026e5fd15924dc906cdc9cb6c9de2fc4daa))\n\n### Documentation\n\n- Document account enumeration defenses for oidc\n ([266329c](https://github.com/ory/kratos/commit/266329cd2969627c823418c1267360193e6342df)),\n closes [#32](https://github.com/ory/kratos/issues/32)\n- Document new oidc jsonnet mapper\n ([#392](https://github.com/ory/kratos/issues/392))\n ([088b30f](https://github.com/ory/kratos/commit/088b30feb6845863e6651489e0c963cde7e10516))\n- Document oidc strategy ([#415](https://github.com/ory/kratos/issues/415))\n ([9f079f4](https://github.com/ory/kratos/commit/9f079f4f77e54f7be67ac59e13e8ec2696522637)),\n closes [#409](https://github.com/ory/kratos/issues/409)\n [#124](https://github.com/ory/kratos/issues/124)\n [#32](https://github.com/ory/kratos/issues/32)\n- Explain that form data is merged with oidc data\n ([#394](https://github.com/ory/kratos/issues/394))\n ([b0dbec4](https://github.com/ory/kratos/commit/b0dbec403c96af41346b6b14fc74b7010e7f8e8a)),\n closes [#127](https://github.com/ory/kratos/issues/127)\n- Fix links in README\n ([efb6102](https://github.com/ory/kratos/commit/efb610239ac2ae828db26ee84c4c5a83c54c0a6a)),\n closes [#403](https://github.com/ory/kratos/issues/403)\n- Improve social sign in guide\n ([#393](https://github.com/ory/kratos/issues/393))\n ([647ced3](https://github.com/ory/kratos/commit/647ced3084d203e9954ca037afea34316f2080d8)),\n closes [#49](https://github.com/ory/kratos/issues/49):\n\n This patch changes the social sign in guide to represent more use cases such\n as Google and Facebook. Additionally, the example has been updated to work\n with Jsonnet.\n\n This patch also documents limitations around merging user data from GitHub.\n\n- Improve the identity data model page\n ([#410](https://github.com/ory/kratos/issues/410))\n ([2915b8f](https://github.com/ory/kratos/commit/2915b8faf3530fe7b9d252094c3aeb9fdbe9dd08))\n- Include redirect doc in nav\n ([5aaebff](https://github.com/ory/kratos/commit/5aaebffd8c03e613ec60735536b6ef38d4da39e3)),\n closes [#406](https://github.com/ory/kratos/issues/406)\n- Prepare v0.3.0-alpha.1\n ([d6a6f43](https://github.com/ory/kratos/commit/d6a6f432f375018a2dc79d6b60de18455057c25a))\n- Ui should show only active form sections\n ([#395](https://github.com/ory/kratos/issues/395))\n ([4db674d](https://github.com/ory/kratos/commit/4db674de14bc50e782321c7bd88ac8077db2bf75))\n- Update github templates ([#408](https://github.com/ory/kratos/issues/408))\n ([6e646b0](https://github.com/ory/kratos/commit/6e646b033e0d43499bf37579a2f04b726af0e3f7))\n\n### Features\n\n- Add format and lint for JSONNet files\n ([0a1b244](https://github.com/ory/kratos/commit/0a1b244a6fd2f714a12d101071b3c0f82b4da584)):\n\n This patch adds two commands `kratos jsonnet format` and `kratos jsonnet lint`\n that help with formatting and linting JSONNet code.\n\n- Implement oidc settings e2e tests\n ([919925c](https://github.com/ory/kratos/commit/919925c87be561064300c3981b5a230c6cada4f7))\n- Introduce leaklog for debugging oidc map payloads\n ([238d7a4](https://github.com/ory/kratos/commit/238d7a493566bcc28f08b1b2bf6463f95b100254))\n- Write tests and fix bugs for oidc settings\n ([575a61f](https://github.com/ory/kratos/commit/575a61f58a887fefa6b2917761c06304c94c9892))\n\n### Unclassified\n\n- Format code\n ([bc7557a](https://github.com/ory/kratos/commit/bc7557a4247ede1fdb4141f2670532aec7cbd456))\n\n# [0.2.1-alpha.1](https://github.com/ory/kratos/compare/v0.2.0-alpha.2...v0.2.1-alpha.1) (2020-05-05)\n\nResolves a bug in the kratos-selfservice-ui-node application.\n\n### Chores\n\n- Pin v0.2.1-alpha.1 release commit\n ([16463ea](https://github.com/ory/kratos/commit/16463ead91a009f33373150d10095aa3857b38f4))\n\n### Documentation\n\n- Fix quickstart hero sections\n ([7c6c439](https://github.com/ory/kratos/commit/7c6c4397bccd2b505fc04cc8d3b0944ceca18982))\n- Fix typo in upgrade guide\n ([a1b1d7c](https://github.com/ory/kratos/commit/a1b1d7c9cbe5fad3b1112a16eced4f3064cfdda0))\n\n# [0.2.0-alpha.2](https://github.com/ory/kratos/compare/v0.1.1-alpha.1...v0.2.0-alpha.2) (2020-05-04)\n\nThis is a heavy release with over hundreds of commits and files changed! Let's\ntake a look at some of the highlights!\n\n**ORY Oathkeeper now optional**\n\nUsing ORY Oathkeeper to protect your API is now optional. The basic quickstart\nnow uses a much simpler set up. Go\n[check it out](https://www.ory.sh/kratos/docs/quickstart) now!\n\n**PostgreSQL, MySQL, CockroachDB support now tested and official!**\n\nAll three databases now pass acceptance tests and are thus officially supported!\n\n**Self-Service Profile Flow**\n\nThe self-service profile flow has been refactored into a more generic flow\nallowing users to make modifications to their traits and credentials. Check out\nthe\n[docs to learn more](https://www.ory.sh/kratos/docs/self-service/flows/user-settings-profile-management)\nabout the flow and it's features.\n\nPlease keep in mind that the flow's APIs have changed. We recommend re-reading\nthe docs!\n\n**Managing Privileged Profile Fields**\n\nFlows such as changing ones profile or primary email address should not be\npossible unless the login session is fresh. This prevents your colleague or evil\nfriend to take over your account while you make yourself a coffee.\n\nORY Kratos now supports this by redirecting the user to the login screen if\nchanges to sensitive fields are made. The changes will only be applied after\nsuccessful reauthentication.\n\n**Changes to Hooks**\n\nThis patch focuses on refactoring how self-service flows terminate and changes\nhow hooks behave and when they are executed.\n\nBefore this patch, it was not clear whether hooks run before or after an\nidentity is persisted. This caused problems with multiple writes on the HTTP\nResponseWriter and other bugs.\n\nThis patch removes certain hooks from after login, registration, and profile\nflows. Per default, these flows now respond with an appropriate payload (\nredirect for browsers, JSON for API clients) and deprecate the `redirect` hook.\nThis patch includes documentation which explains how these hooks work now.\n\nAdditionally, the documentation was updated. Especially the sections about hooks\nhave been refactored. The login and user registration docs have been updated to\nreflect the latest changes as well.\n\nBREAKING CHANGE: Please remove the `redirect` hook from both login,\nregistration, and settings after configuration. Please remove the `session` hook\nfrom your login after configuration. Hooks have moved down a level and are now\nconfigured at `selfservice...hooks`\ninstead of `selfservice...hooks`.\nHooks are now identified by `hook:` instead of `job:`. Please rename those\nsections accordingly.\n\nWe recommend re-reading the\n[Hooks Documentation](https://www.ory.sh/kratos/docs/self-service/hooks/index).\n\n**Changing Passwords**\n\nIt's now possible to change your password using the Self-Service Settings Flow!\nLean more about this flow\n[here](https://www.ory.sh/kratos/docs/self-service/flows/user-settings-profile-management)\n\n**End-To-End Tests**\n\nWe added tons of end-to-end and integration tests to find and fix pesky bugs.\n\n## Breaking Changes\n\nPlease remove the `redirect` hook from both login, registration, and settings\nafter configuration. Please remove the `session` hook from your login after\nconfiguration. Hooks have moved down a level and are now configured at\n`selfservice...hooks` instead of\n`selfservice...hooks`. Hooks are now\nidentified by `hook:` instead of `job:`. Please rename those sections\naccordingly.\n\nSeveral profile-related URLs have and payloads been updated. Please consult the\nmost recent documentation.\n\nThe payloads of the Profile Management Request API that previously were set in\n`{ \"methods\": { \"traits\": { ... } }}` have now moved to\n`{ \"methods\": { \"profile\": { ... } }}`.\n\nThis patch introduces a refactor that is needed for the profile management API\nto be capable of handling (password, oidc, ...) credential changes as well.\n\nTo implement this, the payloads of the Profile Management Request API that\npreviously were set in `{\"form\": {...} }` have now moved to\n`{\"methods\": { \"traits\": { ... } }}`.\n\nIn the future, as more credential updates are handled, there will be additional\nkeys in the forms key `{\"methods\": { \"traits\": { ... }, \"password\": { ... } }}`.\n\n### Bug Fixes\n\n- Allow setting new password in profile flow\n ([3b5fd5c](https://github.com/ory/kratos/commit/3b5fd5ca8c09b2344c0262547f2b387bda362362))\n- Automatically append multiStatements parameter to mySQL URI\n ([#374](https://github.com/ory/kratos/issues/374))\n ([39f77bb](https://github.com/ory/kratos/commit/39f77bb29637db048b15c097d869d8828b0d292b))\n- **config:** Rename config key stmp to smtp\n ([#278](https://github.com/ory/kratos/issues/278))\n ([ef95811](https://github.com/ory/kratos/commit/ef95811bb891afe3a0ef3b19514f13a56a32ea3b))\n- Create pop connection without parsed connection options\n ([#366](https://github.com/ory/kratos/issues/366))\n ([10b6481](https://github.com/ory/kratos/commit/10b6481774aaff42b70b9c6af3ed776ac8f7734c))\n- Declare proper vars for setting version\n ([#383](https://github.com/ory/kratos/issues/383))\n ([2fc7556](https://github.com/ory/kratos/commit/2fc7556b70b11e519162326ded0ba2638b6d32df))\n- Decouple quickstart scenarios\n ([#336](https://github.com/ory/kratos/issues/336))\n ([17363b3](https://github.com/ory/kratos/commit/17363b312deff8b92fc1b0d158dc70670d5938e5)),\n closes [#262](https://github.com/ory/kratos/issues/262):\n\n Creates several docker compose examples which include various scenarios of the\n quickstart.\n\n The regular quickstart guide now works without ORY Oathkeeper and uses the\n standalone mode of the example app instead.\n\n Additionally, the Makefile was improved and now automatically pulls required\n dependencies in the appropriate version.\n\n- **docker:** Throw away build artifacts\n ([481ec1b](https://github.com/ory/kratos/commit/481ec1ba14480ced39516f6e0c47a40b6a44a631))\n- Document Schema API and serve over admin endpoint\n ([#299](https://github.com/ory/kratos/issues/299))\n ([4be417c](https://github.com/ory/kratos/commit/4be417c0ee18622247a15d2803f7f436cfe3c229)),\n closes [#287](https://github.com/ory/kratos/issues/287)\n- Exempt whomai from csrf protection\n ([#329](https://github.com/ory/kratos/issues/329))\n ([31d4065](https://github.com/ory/kratos/commit/31d4065c2b0cbd6c8d2b0031ce8f6f157ff967cf))\n- Fix swagger annotation ([#331](https://github.com/ory/kratos/issues/331))\n ([5c5c78f](https://github.com/ory/kratos/commit/5c5c78f404a11d5df25cb68584b826b685bf5385)):\n\n Closes https://github.com/ory/sdk/issues/10\n\n- Move to ory sqa service ([#309](https://github.com/ory/kratos/issues/309))\n ([7c244e0](https://github.com/ory/kratos/commit/7c244e0a28a010e56e07d061132dad7a0309ea75))\n- Properly annotate error API\n ([a6f1300](https://github.com/ory/kratos/commit/a6f1300951010e7c862c410e93653f7c02c2e79f))\n- Remove unused returnTo\n ([e64e5b0](https://github.com/ory/kratos/commit/e64e5b0cecceedda29a525f683cbf6070a9ef1eb))\n- Resolve docker build permission issues\n ([f3612e8](https://github.com/ory/kratos/commit/f3612e8f82018bae17c9146d273fe7e82ceb033d))\n- Resolve failing test issues\n ([2e968e5](https://github.com/ory/kratos/commit/2e968e52d3ae3396a3f2e212c0dab22677b4b5fd))\n- Resolve linux install script archive naming\n ([#302](https://github.com/ory/kratos/issues/302))\n ([c98b8aa](https://github.com/ory/kratos/commit/c98b8aa4cd3ab881b904e9dc4cdcb6383a8ad09b))\n- Resolve NULL value for seen_at\n ([#259](https://github.com/ory/kratos/issues/259))\n ([a7d1e86](https://github.com/ory/kratos/commit/a7d1e86844a9cdd0c58353e1f1e4340dac4260b3)),\n closes [#244](https://github.com/ory/kratos/issues/244):\n\n Previously, errorx tests were not executed which caused several bugs.\n\n- Resolve password continuity issues\n ([56a44fa](https://github.com/ory/kratos/commit/56a44fa33d325eea9fddec4269e34e632310f77b))\n- Revert use host volume mount for sqlite\n ([#272](https://github.com/ory/kratos/issues/272))\n ([#285](https://github.com/ory/kratos/issues/285))\n ([a7477ab](https://github.com/ory/kratos/commit/a7477ab1db0d986f96e754946607d05888de4c97)):\n\n This reverts commit 230ab2d83f4d187f410e267c6d68554e82514948.\n\n- Self-service error query parameter name\n ([#308](https://github.com/ory/kratos/issues/308))\n ([be257f5](https://github.com/ory/kratos/commit/be257f5448abaa48e25735a088757f3fd6dc6d22)):\n\n The query parameter for the self-service errors endpoint was named `id` in the\n API docs, whereas it is the `error` param that is used by the handler.\n\n- **session:** Regenerate CSRF Token on principal change\n ([#290](https://github.com/ory/kratos/issues/290))\n ([1527ef4](https://github.com/ory/kratos/commit/1527ef4209b937e2175b60d56efd019f17b33b04)),\n closes [#217](https://github.com/ory/kratos/issues/217)\n- **session:** Whoami endpoint now supports all HTTP methods\n ([#283](https://github.com/ory/kratos/issues/283))\n ([4bf645b](https://github.com/ory/kratos/commit/4bf645b66c7a128182ff55e52fdad7f53d752ce7)),\n closes [#270](https://github.com/ory/kratos/issues/270)\n- Show log in ui only when unauthenticated or forced\n ([df77310](https://github.com/ory/kratos/commit/df77310ffbe7cfc90fa3bc5dad0450e79c34ebef)),\n closes [#323](https://github.com/ory/kratos/issues/323)\n- **sql:** Rename migrations with same version\n ([#280](https://github.com/ory/kratos/issues/280))\n ([07e46b9](https://github.com/ory/kratos/commit/07e46b9c9e57940bec904d744ffdd272d610a77b)),\n closes [#279](https://github.com/ory/kratos/issues/279)\n- **swagger:** Move nolint,deadcode instructions to own file\n ([#293](https://github.com/ory/kratos/issues/293))\n ([1935510](https://github.com/ory/kratos/commit/1935510ad9b0f387eb3b2e690e31c5313a06883e)):\n\n Closes https://github.com/ory/docs/pull/279\n\n- Use host volume mount for sqlite\n ([#272](https://github.com/ory/kratos/issues/272))\n ([230ab2d](https://github.com/ory/kratos/commit/230ab2d83f4d187f410e267c6d68554e82514948))\n- Use resilient client for HIBP lookup\n ([#288](https://github.com/ory/kratos/issues/288))\n ([735b435](https://github.com/ory/kratos/commit/735b43508392c6966a57907c20caa7cf9df4fc4d)),\n closes [#261](https://github.com/ory/kratos/issues/261)\n- Use semver-regex replacer func\n ([d5c9a47](https://github.com/ory/kratos/commit/d5c9a47800fc2a55b96c7b9330f68b0a2db328cb))\n- Use sqlite tag on make install\n ([2c82784](https://github.com/ory/kratos/commit/2c82784cd69e0468a72354f6898945032d826306))\n- Verified_at field should not be required\n ([#353](https://github.com/ory/kratos/issues/353))\n ([15d5e26](https://github.com/ory/kratos/commit/15d5e268d2ec397f0647d2407d86404c4ee8bfa3)):\n\n Closes https://github.com/ory/sdk/issues/11\n\n### Chores\n\n- Pin v0.2.0-alpha.2 release commit\n ([ab91689](https://github.com/ory/kratos/commit/ab916894b761b18c53e4ed1fd0e42d9f5aa0817c))\n\n### Code Refactoring\n\n- Move docs to this repository\n ([#317](https://github.com/ory/kratos/issues/317))\n ([aa0d726](https://github.com/ory/kratos/commit/aa0d72639ecae3b0649761e6ee881a59b2f3e94e))\n- Prepare profile management payloads for credentials\n ([44493f3](https://github.com/ory/kratos/commit/44493f3ddbb449981576ec317ac45530ca3be14d))\n- Rename traits method to profile\n ([4f1e033](https://github.com/ory/kratos/commit/4f1e0339ecc1efbdfa3d3680ad64b7683e90e447))\n- Rework hooks and self-service flow completion\n ([#349](https://github.com/ory/kratos/issues/349))\n ([a7c7fef](https://github.com/ory/kratos/commit/a7c7fef758e843393b0dc1e60bee11b88b8c9b4a)),\n closes [#348](https://github.com/ory/kratos/issues/348)\n [#347](https://github.com/ory/kratos/issues/347)\n [#179](https://github.com/ory/kratos/issues/179)\n [#51](https://github.com/ory/kratos/issues/51)\n [#50](https://github.com/ory/kratos/issues/50)\n [#31](https://github.com/ory/kratos/issues/31):\n\n This patch focuses on refactoring how self-service flows terminate and changes\n how hooks behave and when they are executed.\n\n Before this patch, it was not clear whether hooks run before or after an\n identity is persisted. This caused problems with multiple writes on the HTTP\n ResponseWriter and other bugs.\n\n This patch removes certain hooks from after login, registration, and profile\n flows. Per default, these flows now respond with an appropriate payload (\n redirect for browsers, JSON for API clients) and deprecate the `redirect`\n hook. This patch includes documentation which explains how these hooks work\n now.\n\n Additionally, the documentation was updated. Especially the sections about\n hooks have been refactored. The login and user registration docs have been\n updated to reflect the latest changes as well.\n\n Also, some other minor, cosmetic, changes to the documentation have been made.\n\n### Documentation\n\n- Add banner kratos\n ([8a9dfbb](https://github.com/ory/kratos/commit/8a9dfbbd54bac14778cc84ec13326eb1ef80f5b3))\n- Add csrf and cookie debug section\n ([#342](https://github.com/ory/kratos/issues/342))\n ([cac2948](https://github.com/ory/kratos/commit/cac2948685ed2a3c3edbc8eb4696bbfb8523dfeb)),\n closes [#341](https://github.com/ory/kratos/issues/341)\n- Add database connection documentation\n ([#332](https://github.com/ory/kratos/issues/332))\n ([4f9e8b0](https://github.com/ory/kratos/commit/4f9e8b00bacda3612db3f48b81fabd562075470a))\n- Add HA docs\n ([2e5c591](https://github.com/ory/kratos/commit/2e5c59158915d1ccbb90363e23f73a09c227b6f7))\n- Add hook changes to upgrade guide\n ([55b5fe0](https://github.com/ory/kratos/commit/55b5fe00c0472f5f6f7408eee76bf9a39318db7e))\n- Add info to oidc ([#382](https://github.com/ory/kratos/issues/382))\n ([6eeeb5d](https://github.com/ory/kratos/commit/6eeeb5dbe98d2f31fd922d60a35d9d8f81d0b2a8))\n- Add more examples to config schema\n ([#372](https://github.com/ory/kratos/issues/372))\n ([ed2ccb9](https://github.com/ory/kratos/commit/ed2ccb935fdcfcb11999996cd582726bba096435)),\n closes [#345](https://github.com/ory/kratos/issues/345)\n- Add quickstart notes for docker debugging\n ([74f082a](https://github.com/ory/kratos/commit/74f082a407ee73741453ff6a394f47790e79b667))\n- Add settings docs and improve flows\n ([#375](https://github.com/ory/kratos/issues/375))\n ([478cd9c](https://github.com/ory/kratos/commit/478cd9c5b5755030307d1f11e9bcbd4e171ee0d6)),\n closes [#345](https://github.com/ory/kratos/issues/345)\n- **concepts:** Fix typo\n ([a49184c](https://github.com/ory/kratos/commit/a49184c30d9c2ccff5a2d41d3aff61b24e7d2ea9)):\n\n Closes https://github.com/ory/docs/pull/296\n\n- **concepts:** Properly close code tag\n ([1c841c2](https://github.com/ory/kratos/commit/1c841c213bdbc79a6aa41e8450444d8d6c1f0284))\n- Declare api frontmatter properly\n ([df7591f](https://github.com/ory/kratos/commit/df7591f7b70c94cfe62042a598eceb36b6a4f29a))\n- Document 0.2.0 high-level changes\n ([9be1064](https://github.com/ory/kratos/commit/9be1064500dd86489b79e1abd9cbf1268b97853a)),\n closes [hi#level](https://github.com/hi/issues/level)\n- Document multi-tenant set up\n ([891594d](https://github.com/ory/kratos/commit/891594df488e42ce30a81465f10f2936d152cb55)),\n closes [#370](https://github.com/ory/kratos/issues/370)\n- Fix broken images in quickstart\n ([52aa4cf](https://github.com/ory/kratos/commit/52aa4cf0b6967108fa58f58b6b151e6f6118bcc9))\n- Fix broken link\n ([bf7843c](https://github.com/ory/kratos/commit/bf7843cd96795a894488a0910529c847cf7eee19)),\n closes [#327](https://github.com/ory/kratos/issues/327)\n- Fix broken link\n ([c2adc73](https://github.com/ory/kratos/commit/c2adc734a73758d858d50d8738dc2a556110f26c)),\n closes [#327](https://github.com/ory/kratos/issues/327)\n- Fix broken mermaid links\n ([f24fc1b](https://github.com/ory/kratos/commit/f24fc1bbba234d71098298bcddbba236ac4297f3))\n- Fix spelling in quickstart ([#356](https://github.com/ory/kratos/issues/356))\n ([3ce6b4a](https://github.com/ory/kratos/commit/3ce6b4a1b0722a96bcbae79b7261616f20741494))\n- Improve changelog ([#384](https://github.com/ory/kratos/issues/384))\n ([a973ca7](https://github.com/ory/kratos/commit/a973ca7719cd820bb196ec5732c85418528be1d0))\n- Improve profile section and restructure nav\n ([#373](https://github.com/ory/kratos/issues/373))\n ([3cc0979](https://github.com/ory/kratos/commit/3cc097934edc81d4c6d853594eed5e68e9e48445)),\n closes [#345](https://github.com/ory/kratos/issues/345)\n- Regenerate and update changelog\n ([7d4ed98](https://github.com/ory/kratos/commit/7d4ed9873f25b14b59f727002fb08a8b8a4e91a6))\n- Regenerate and update changelog\n ([175b626](https://github.com/ory/kratos/commit/175b626f74b4471e068bd79259c6d479fd6c1a7d))\n- Regenerate and update changelog\n ([e60e2df](https://github.com/ory/kratos/commit/e60e2df5d5cc4c1ef8a6a7f13487d4ebbf54741e))\n- Regenerate and update changelog\n ([41eeb75](https://github.com/ory/kratos/commit/41eeb7587fad864f64c4179ac20847f902c438b3))\n- Regenerate and update changelog\n ([468105a](https://github.com/ory/kratos/commit/468105a6080b861f1e02db3a404f2bac7f2f5eb6))\n- Regenerate and update changelog\n ([8414520](https://github.com/ory/kratos/commit/8414520c995cb2405ed051952357d37ca8111f25))\n- Regenerate and update changelog\n ([85d5866](https://github.com/ory/kratos/commit/85d5866df403b3cfa5566cef5cb983714b395505))\n- Regenerate and update changelog\n ([e8d2d10](https://github.com/ory/kratos/commit/e8d2d1019bbc05fbe4eeaaee7a8eb1e8f2d18cf9))\n- Regenerate and update changelog\n ([4c58b6d](https://github.com/ory/kratos/commit/4c58b6de4a3a39b1e94516abd1ea8ed7b09c1fe4))\n- Regenerate and update changelog\n ([a726eb2](https://github.com/ory/kratos/commit/a726eb202a070038148612f98f12e5d22170d1ec))\n- Regenerate and update changelog\n ([87b47ba](https://github.com/ory/kratos/commit/87b47baa9cdc0175c58ccbb20e67b458ce6a445f))\n- Regenerate and update changelog\n ([537d496](https://github.com/ory/kratos/commit/537d496d2043a17c68f31a8744c39bc76f76314c))\n- Regenerate and update changelog\n ([00e6af9](https://github.com/ory/kratos/commit/00e6af96060ec38059c449ac5e8b3c1df5bb8c95))\n- Regenerate and update changelog\n ([48a2eca](https://github.com/ory/kratos/commit/48a2eca2dcd274ca73d55132efca4a6dae63efdf))\n- Regenerate and update changelog\n ([8a71948](https://github.com/ory/kratos/commit/8a719481b54957681aa21eff5415229f3e5d4bff))\n- Regenerate and update changelog\n ([ad3d510](https://github.com/ory/kratos/commit/ad3d5101dad3c8a2725083c63f155638905b6e8c))\n- Regenerate and update changelog\n ([48bcc70](https://github.com/ory/kratos/commit/48bcc704ed22d8c78620aa3a5f8ecb5b41937759))\n- Regenerate and update changelog\n ([816a55c](https://github.com/ory/kratos/commit/816a55c81a27b53d5bd823392751853b68d3f607))\n- Regenerate and update changelog\n ([4ed74d2](https://github.com/ory/kratos/commit/4ed74d25c45f6e439377329d42cd7ae0acf9d0f1))\n- Regenerate and update changelog\n ([367927e](https://github.com/ory/kratos/commit/367927e716e7c1c6898151a5f14876fb30070dd3))\n- Regenerate and update changelog\n ([38f4019](https://github.com/ory/kratos/commit/38f40190f54264808c7a2716555876d05cdf560f))\n- Typo in README.md ([#265](https://github.com/ory/kratos/issues/265))\n ([9f865a2](https://github.com/ory/kratos/commit/9f865a2ebace801414b2de17fe2f627d91f23474))\n- Update banner url\n ([292c986](https://github.com/ory/kratos/commit/292c986729d83187f7e77365e11ef74a6f3cadf6))\n- Update forum and chat links\n ([3039191](https://github.com/ory/kratos/commit/30391919d7ea58609dd3cd37db2709495e7abc76))\n- Update github templates ([#338](https://github.com/ory/kratos/issues/338))\n ([57dbc77](https://github.com/ory/kratos/commit/57dbc77b548383522ca428e899dfde461334216c))\n- Update github templates ([#343](https://github.com/ory/kratos/issues/343))\n ([eb13dc1](https://github.com/ory/kratos/commit/eb13dc1285cb16515d1c63b99cc389147508a31e))\n- Update github templates ([#350](https://github.com/ory/kratos/issues/350))\n ([faf2f30](https://github.com/ory/kratos/commit/faf2f305aea1826e3d5f0b2614313920ac2b585b))\n- Update github templates ([#351](https://github.com/ory/kratos/issues/351))\n ([20ff289](https://github.com/ory/kratos/commit/20ff2890004745231073cd4fd6ef1b37521cde72))\n- Update linux install guide\n ([3b8e549](https://github.com/ory/kratos/commit/3b8e5493a01357f8c442a8a2dc9437712498452c))\n- Update linux install guide ([#354](https://github.com/ory/kratos/issues/354))\n ([ec49cae](https://github.com/ory/kratos/commit/ec49caec6ddea2c800db0779005bac6da73903e1))\n- Update self service reg docs\n ([#367](https://github.com/ory/kratos/issues/367))\n ([4cf0323](https://github.com/ory/kratos/commit/4cf0323095990c5ec25283a01561cb9b8833f9ef)):\n\n The old links pointed at `/auth/browser/(login|registration)` which seems to\n be outdated now.\n\n From the ui node code:\n https://github.com/ory/kratos-selfservice-ui-node/blob/489c76d1b0474ee55ef56804b28f54d8718747ba/src/routes/auth.ts#L28\n and the api documentation for kratos\n https://www.ory.sh/kratos/docs/reference/api#get-the-request-context-of-browser-based-login-user-flows,\n these seem to be incorrect.\n\n The actual url hit is\n `/self-service/browser/flows/requests/(login|registration)`. This commit\n updates those links\n\n This blob was previously one large inline string, which personally made the\n docs a bit hard to read. This formats it into an (arguably) easier to parse\n code block\n\n- Update user-settings-profile-management.md\n ([#322](https://github.com/ory/kratos/issues/322))\n ([45dc3a5](https://github.com/ory/kratos/commit/45dc3a56c15ae442890313a7dbc784b75644248a))\n- Updates issue and pull request templates\n ([#298](https://github.com/ory/kratos/issues/298))\n ([1be738d](https://github.com/ory/kratos/commit/1be738d3f8e9bbc6dae31ffad5d990657a66761c))\n- Updates issue and pull request templates\n ([#313](https://github.com/ory/kratos/issues/313))\n ([299063c](https://github.com/ory/kratos/commit/299063caf2fdde40713bae4c36abb3b6fac7271d))\n- Updates issue and pull request templates\n ([#314](https://github.com/ory/kratos/issues/314))\n ([d5ae452](https://github.com/ory/kratos/commit/d5ae452a8ce5f641a40e510e82441d4eb8137218))\n- Updates issue and pull request templates\n ([#315](https://github.com/ory/kratos/issues/315))\n ([8b68db1](https://github.com/ory/kratos/commit/8b68db140a7fc1c0eaa9318c1759ea9d8d0c27df))\n- Use git checkout in quickstart\n ([#339](https://github.com/ory/kratos/issues/339))\n ([2d2562b](https://github.com/ory/kratos/commit/2d2562b587a69a2891ff29d927cb001e15d75b5d)),\n closes [#335](https://github.com/ory/kratos/issues/335)\n\n### Features\n\n- Add `dsn: memory` shorthand ([#284](https://github.com/ory/kratos/issues/284))\n ([e66a030](https://github.com/ory/kratos/commit/e66a030f7d67dec639121fb23dfc7f1444474c6b)),\n closes [#228](https://github.com/ory/kratos/issues/228)\n- Add and test id hint in reauth flow\n ([2298f01](https://github.com/ory/kratos/commit/2298f0140e77da870c842daa8eaca274e5d64254)),\n closes [#323](https://github.com/ory/kratos/issues/323)\n- Add cypress e2e tests ([#334](https://github.com/ory/kratos/issues/334))\n ([abc0e91](https://github.com/ory/kratos/commit/abc0e91e278f7938b264598ac0c60d18c5a9e8a0))\n- Allow configuring same-site for session cookies\n ([#303](https://github.com/ory/kratos/issues/303))\n ([2eb2054](https://github.com/ory/kratos/commit/2eb2054a94281aefa9a0818110d168cc9c052094)),\n closes [#257](https://github.com/ory/kratos/issues/257):\n\n It is now possible to set SameSite for the session cookie via the key\n `security.session.cookie.same_site`.\n\n- **continuity:** Implement request continuity\n ([135e047](https://github.com/ory/kratos/commit/135e04750b1855ab0db812517c61e292a770ba94)),\n closes [#304](https://github.com/ory/kratos/issues/304)\n [#311](https://github.com/ory/kratos/issues/311):\n\n This patch adds a module which is capable of aborting a request, waiting for\n another option to complete, and then resuming the request again.\n\n This feature makes use of a temporary cookie which keeps track of the request\n state.\n\n This feature is required for several workflows that update privileged fields\n such as passwords, 2fa recovery codes, email addresses.\n\n refactor: rename profile to settings flow\n\n Renames selfservice/profile to settings. The settings flow includes a strategy\n for managing profile information\n\n- Enable CockroachDB integration\n ([#260](https://github.com/ory/kratos/issues/260))\n ([adc5153](https://github.com/ory/kratos/commit/adc5153410fb4d9f99702d7c73a78aeec8c1e9f1)),\n closes [#132](https://github.com/ory/kratos/issues/132)\n [#155](https://github.com/ory/kratos/issues/155)\n- Enable continuity management for settings module\n ([009d755](https://github.com/ory/kratos/commit/009d7558f525168fecf86168de2906088662535e))\n- Enable updating auth related traits\n ([#266](https://github.com/ory/kratos/issues/266))\n ([65b88ba](https://github.com/ory/kratos/commit/65b88ba52fb9e6da3c1a65f734352519303327a6)),\n closes [#243](https://github.com/ory/kratos/issues/243)\n- Implement password profile management flow\n ([a31839a](https://github.com/ory/kratos/commit/a31839a5c33c80500c900fb50d1dd499ab1161a1)),\n closes [#243](https://github.com/ory/kratos/issues/243)\n- Introduce fallbacks for required configs\n ([#376](https://github.com/ory/kratos/issues/376))\n ([b3bcb25](https://github.com/ory/kratos/commit/b3bcb25be6b417647ece2b3dda26d691f8e8d685)),\n closes [#369](https://github.com/ory/kratos/issues/369)\n [#352](https://github.com/ory/kratos/issues/352)\n- **login:** Forced reauthentication\n ([#248](https://github.com/ory/kratos/issues/248))\n ([344fc9c](https://github.com/ory/kratos/commit/344fc9cddccff958f13249b999a835d3e46a7771)),\n closes [#243](https://github.com/ory/kratos/issues/243)\n- Return 410 when selfservice requests expire\n ([#289](https://github.com/ory/kratos/issues/289))\n ([b414607](https://github.com/ory/kratos/commit/b4146076148d9ff079e9d433f0a90f5bc938650c)),\n closes [#235](https://github.com/ory/kratos/issues/235)\n- Send verification emails on profile update\n ([#333](https://github.com/ory/kratos/issues/333))\n ([1cacc80](https://github.com/ory/kratos/commit/1cacc80c54f92b380ef3752591970cc4dd97085e)),\n closes [#267](https://github.com/ory/kratos/issues/267)\n\n### Unclassified\n\n- u\n ([0b6fa48](https://github.com/ory/kratos/commit/0b6fa48e90fa0c50b9c26bae034eb1662c855d69))\n- u\n ([03fa4f0](https://github.com/ory/kratos/commit/03fa4f05363aa1f38fe45730317375ce380cfa31))\n- u\n ([a3dfd9d](https://github.com/ory/kratos/commit/a3dfd9d15e1f7287558b85c3a4f23d02444b0bf4))\n- u\n ([616aa0f](https://github.com/ory/kratos/commit/616aa0f0cf3d662b48fcaa02715e02e854e05581))\n- fix:add graceful shutdown to courier handler (#296)\n ([235d784](https://github.com/ory/kratos/commit/235d784b7f8bf38859d15d68c37b089fc9371195)),\n closes [#296](https://github.com/ory/kratos/issues/296)\n [#295](https://github.com/ory/kratos/issues/295):\n\n Courier would not stop with the provided Background handler. This changes the\n methods of Courier so that the graceful package can be used in the same way as\n the http endpoints can be used.\n\n- fix(sql) change courier body to text field (#276)\n ([ed5268d](https://github.com/ory/kratos/commit/ed5268d539b2a28f5367e8ba2e2e6bd3a605ce5b)),\n closes [#276](https://github.com/ory/kratos/issues/276)\n [#269](https://github.com/ory/kratos/issues/269)\n- Make format\n ([b85e5af](https://github.com/ory/kratos/commit/b85e5af2e29f9ca3bc3341ba4f2b1b338b441398))\n\n# [0.1.1-alpha.1](https://github.com/ory/kratos/compare/v0.1.0-alpha.6...v0.1.1-alpha.1) (2020-02-18)\n\ndocs: Regenerate and update changelog\n\n### Bug Fixes\n\n- Add verify return to address\n ([#252](https://github.com/ory/kratos/issues/252))\n ([64ab9e5](https://github.com/ory/kratos/commit/64ab9e510e6b65f9dd16fdfaadfd24785dab0c93))\n- Clean up docker quickstart ([#255](https://github.com/ory/kratos/issues/255))\n ([7f0996b](https://github.com/ory/kratos/commit/7f0996b99646e57136f20c04a77a6f682eecdd9c))\n- Resolve several verification problems\n ([#253](https://github.com/ory/kratos/issues/253))\n ([30d4632](https://github.com/ory/kratos/commit/30d46326373cf038b600ee07db3e95ce6d94ab12))\n- Update verify URLs ([#258](https://github.com/ory/kratos/issues/258))\n ([5d4f909](https://github.com/ory/kratos/commit/5d4f9099b5c61ff9572ad23a3eb9c0e0025d92da))\n\n### Code Refactoring\n\n- Support context-based SQL transactions\n ([#254](https://github.com/ory/kratos/issues/254))\n ([6ace1ee](https://github.com/ory/kratos/commit/6ace1ee2070c35b0da3e36dcd5417ff70a4ff9cb))\n\n### Documentation\n\n- Regenerate and update changelog\n ([a125822](https://github.com/ory/kratos/commit/a1258221a1fef82cc525be7b1042e91e2d20b1eb))\n- Regenerate and update changelog\n ([b3a8220](https://github.com/ory/kratos/commit/b3a822035509ec2c9fb04037b2088ce6df8191da))\n- Regenerate and update changelog\n ([a141b30](https://github.com/ory/kratos/commit/a141b309a1fc22bc45d70a090869fdee198a065e))\n- Regenerate and update changelog\n ([7e12e20](https://github.com/ory/kratos/commit/7e12e20be0fa61a2f41a416a3edcd2b522165196))\n- Regenerate and update changelog\n ([3c1c67b](https://github.com/ory/kratos/commit/3c1c67b31a54dd8d5fceac9449d305db82ff8844))\n- Regenerate and update changelog\n ([ee07937](https://github.com/ory/kratos/commit/ee07937d5e797f0217c86946da42d0070ca7c250))\n\n# [0.1.0-alpha.6](https://github.com/ory/kratos/compare/v0.1.0-alpha.5...v0.1.0-alpha.6) (2020-02-16)\n\nfeat: Add verification to quickstart (#251)\n\n### Bug Fixes\n\n- Adapt quickstart to verify changes\n ([#247](https://github.com/ory/kratos/issues/247))\n ([24eceb7](https://github.com/ory/kratos/commit/24eceb7147cef1081ac1ad969713ca1bc36229cb))\n- Gracefully handle selfservice request expiry\n ([#242](https://github.com/ory/kratos/issues/242))\n ([4421e6b](https://github.com/ory/kratos/commit/4421e6bde494fbe9672251cf813a39e3031bf3fd)),\n closes [#233](https://github.com/ory/kratos/issues/233)\n- Set AuthenticatedAt in session issuer hook\n ([#246](https://github.com/ory/kratos/issues/246))\n ([29c83fa](https://github.com/ory/kratos/commit/29c83fa986c612fb17e13fe9415f7836062159d2)),\n closes [#224](https://github.com/ory/kratos/issues/224)\n- **swagger:** Sanitize before validate\n ([c72f140](https://github.com/ory/kratos/commit/c72f140083e94f3a47ee2398c56d188e6d4edcb4))\n- **swagger:** Use correct annotations for request methods\n ([#237](https://github.com/ory/kratos/issues/237))\n ([8473c85](https://github.com/ory/kratos/commit/8473c85d8282b27375b53babbbc79046d407b3fb)),\n closes [#234](https://github.com/ory/kratos/issues/234)\n\n### Code Refactoring\n\n- Move to ory/jsonschema/v3 everywhere\n ([#229](https://github.com/ory/kratos/issues/229))\n ([61f5c1d](https://github.com/ory/kratos/commit/61f5c1d3d896841b08deb08c42ba896118e3fc71)),\n closes [#225](https://github.com/ory/kratos/issues/225)\n\n### Documentation\n\n- Regenerate and update changelog\n ([922cf0f](https://github.com/ory/kratos/commit/922cf0f3d7ec8860d13aff3b88849a71fb59e2c9))\n- Regenerate and update changelog\n ([e097c23](https://github.com/ory/kratos/commit/e097c23d8b4902a9013f3a8fa9a397033a92fb88))\n- Regenerate and update changelog\n ([2d1685f](https://github.com/ory/kratos/commit/2d1685f4f4235e9293b1ab79e67050042787c6e9))\n- Regenerate and update changelog\n ([f8964e9](https://github.com/ory/kratos/commit/f8964e9e5c442f75ba501ce7cfcb18916b781dc1))\n- Regenerate and update changelog\n ([92b8001](https://github.com/ory/kratos/commit/92b80013c98e9556138eff04aa24dc696b8d6128))\n- Regenerate and update changelog\n ([d7083ab](https://github.com/ory/kratos/commit/d7083ab9fb8e8172707cae3ac4a8a183f0c25903))\n- Regenerate and update changelog\n ([c4547dc](https://github.com/ory/kratos/commit/c4547dc53ecf167b63e5d7d3b6764535bd86fa5a))\n- Regenerate and update changelog\n ([d8d8bba](https://github.com/ory/kratos/commit/d8d8bbae055e2220023a45b832d2435984191029))\n- Regenerate and update changelog\n ([b012ed9](https://github.com/ory/kratos/commit/b012ed9ce1f4fd0ece2e3463e952711b4380f4a4))\n\n### Features\n\n- Add disabled flag to identifier form fields\n ([#238](https://github.com/ory/kratos/issues/238))\n ([a2178bd](https://github.com/ory/kratos/commit/a2178bdbbe20798a3e1e3fb5ed7b44afc187c640)),\n closes [#227](https://github.com/ory/kratos/issues/227)\n- Add verification to quickstart\n ([#251](https://github.com/ory/kratos/issues/251))\n ([172dc87](https://github.com/ory/kratos/commit/172dc87d22f925668c21da1b3b581156e01d45a4))\n- Implement email verification\n ([#245](https://github.com/ory/kratos/issues/245))\n ([eed00f4](https://github.com/ory/kratos/commit/eed00f4b328c173057455980ce0e1aad909c278f)),\n closes [#27](https://github.com/ory/kratos/issues/27)\n- Improve password validation strategy\n ([#231](https://github.com/ory/kratos/issues/231))\n ([256fad3](https://github.com/ory/kratos/commit/256fad37164c81cc44c35e77b99911996722a86a))\n\n# [0.1.0-alpha.5](https://github.com/ory/kratos/compare/v0.1.0-alpha.4...v0.1.0-alpha.5) (2020-02-06)\n\ndocs: Regenerate and update changelog\n\n### Documentation\n\n- Regenerate and update changelog\n ([e87e9c9](https://github.com/ory/kratos/commit/e87e9c9ec9cf55351439ab16a778f3ea303ec646))\n- Regenerate and update changelog\n ([d6f0794](https://github.com/ory/kratos/commit/d6f0794d53b6e7d6d9e3bc63a77d402e43a29bed))\n- Regenerate and update changelog\n ([eb7326c](https://github.com/ory/kratos/commit/eb7326c98c2d5e87a8ac3cd9f2efb43f2552164a))\n\n### Features\n\n- Redirect to new auth session on expired auth sessions\n ([#230](https://github.com/ory/kratos/issues/230))\n ([b477ecd](https://github.com/ory/kratos/commit/b477ecd47de33a9a45159a298ac288c4ad5a0b55)),\n closes [#96](https://github.com/ory/kratos/issues/96)\n\n# [0.1.0-alpha.4](https://github.com/ory/kratos/compare/v0.1.0-alpha.3...v0.1.0-alpha.4) (2020-02-06)\n\nci: Bump ory/sdk to 0.1.22\n\n### Continuous Integration\n\n- Bump ory/sdk to 0.1.22\n ([c0d0edf](https://github.com/ory/kratos/commit/c0d0edf1f369ecaeb28d1337930b16222b97337f))\n\n### Documentation\n\n- Regenerate and update changelog\n ([f02afb3](https://github.com/ory/kratos/commit/f02afb3fed310f7fe9c5e6f7df34dfc9738018ad))\n\n# [0.1.0-alpha.3](https://github.com/ory/kratos/compare/v0.1.0-alpha.2...v0.1.0-alpha.3) (2020-02-06)\n\nci: Bump ory/sdk orb\n\n### Continuous Integration\n\n- Bump ory/sdk orb\n ([65b2ca0](https://github.com/ory/kratos/commit/65b2ca0b8a1da8249aa4b4cb439b1d63aecaf8e0))\n\n# [0.1.0-alpha.2](https://github.com/ory/kratos/compare/v0.1.0-alpha.1...v0.1.0-alpha.2) (2020-02-03)\n\ndocs: Regenerate and update changelog\n\n### Bug Fixes\n\n- Add paths to sqa middleware ([#216](https://github.com/ory/kratos/issues/216))\n ([130c9c2](https://github.com/ory/kratos/commit/130c9c242e1434074d9fa4970b60ccb9b4f2ff47))\n- **daemon:** Register error routes on admin port\n ([#226](https://github.com/ory/kratos/issues/226))\n ([decd8d8](https://github.com/ory/kratos/commit/decd8d8ef8dac3674938b564962238195ffaf017))\n- Set csrf token on public endpoints\n ([d0b15ae](https://github.com/ory/kratos/commit/d0b15aeca991a94771715a6eabd4a956be41ceda))\n\n### Documentation\n\n- Introduce upgrade guide\n ([736a3b1](https://github.com/ory/kratos/commit/736a3b19bfe35cc699dea508b4bdb56b3302ba7e))\n- Prepare ecosystem automation\n ([7013b6c](https://github.com/ory/kratos/commit/7013b6c9a856e05f6ad385eb8ce36c5faf342f5a))\n- Regenerate and update changelog\n ([f39b942](https://github.com/ory/kratos/commit/f39b9422d79d3e69304f013c85f3850337ca1730))\n- Regenerate and update changelog\n ([c121601](https://github.com/ory/kratos/commit/c121601b5c741c846d9c478b01aabb9907d81b95))\n- Regenerate and update changelog\n ([a947d55](https://github.com/ory/kratos/commit/a947d554ba2be94f334568a4e77a501742ca95af))\n- Regenerate and update changelog\n ([8ba2044](https://github.com/ory/kratos/commit/8ba2044ebb369ea741f99c65163f650c607e6c07))\n- Regenerate and update changelog\n ([9c023e1](https://github.com/ory/kratos/commit/9c023e1a9288f156c79ea78b3a979d0fefab8825))\n- Regenerate and update changelog\n ([1e855a9](https://github.com/ory/kratos/commit/1e855a9e0ebd232ba2b07dc4a8bb79b84cd548e6))\n- Regenerate and update changelog\n ([01ce3a8](https://github.com/ory/kratos/commit/01ce3a891edd84174694111637dd44fe65e48b37))\n- Updates issue and pull request templates\n ([#222](https://github.com/ory/kratos/issues/222))\n ([4daae88](https://github.com/ory/kratos/commit/4daae88af527018e9ee4e1e9717a07dffab427fe))\n\n### Features\n\n- Override semantic config ([#220](https://github.com/ory/kratos/issues/220))\n ([9b4214b](https://github.com/ory/kratos/commit/9b4214bf5eac81a92513e04dc5f862b93df86935))\n\n### Unclassified\n\n- Update CHANGELOG [ci skip]\n ([ce9390c](https://github.com/ory/kratos/commit/ce9390c27f61966b7ed23244400215c2218bbc0b))\n- refactor!: Improve user-facing error APIs (#219)\n ([7d4054f](https://github.com/ory/kratos/commit/7d4054f4363da7bc0e943e7abfbd0c804eb7f0c1)),\n closes [#219](https://github.com/ory/kratos/issues/219)\n [#204](https://github.com/ory/kratos/issues/204):\n\n This patch refactors user-facing error APIs:\n - The `/errors` endpoint moved to `/self-service/errors`\n - The endpoint is now available at both the Admin and Public API. The Public\n API requires CSRF Token match or a 403 error will be returned.\n - The Public API endpoint no longer returns 404 errors but 403 instead.\n - The response payload changed. What was `[{\"code\": ...}]` is now\n `{\"id\": \"...\", \"errors\": [{\"code\": ...}]}`\n\n This patch requires running `kratos migrate sql` as a new column\n (`csrf_token`) has been added to the user-facing error store.\n\n- Update CHANGELOG [ci skip]\n ([c368a11](https://github.com/ory/kratos/commit/c368a11523a9bcb30a830d65c11e4f6d27417a78))\n\n# [0.1.0-alpha.1](https://github.com/ory/kratos/compare/v0.0.3-alpha.15...v0.1.0-alpha.1) (2020-01-31)\n\ndocs: Updates issue and pull request templates (#215)\n\nSigned-off-by: aeneasr \n\n### Documentation\n\n- Updates issue and pull request templates\n ([#215](https://github.com/ory/kratos/issues/215))\n ([10c45f2](https://github.com/ory/kratos/commit/10c45f23e11abba1ca82095548769cd923a6a6a6))\n\n# [0.0.3-alpha.15](https://github.com/ory/kratos/compare/v0.0.3-alpha.14...v0.0.3-alpha.15) (2020-01-31)\n\nUpdate permissions in SQLite Dockerfile\n\n### Unclassified\n\n- Update permissions in SQLite Dockerfile\n ([1266e53](https://github.com/ory/kratos/commit/1266e533ac9a1f6ec375980cadce9755998f9fe6))\n\n# [0.0.3-alpha.14](https://github.com/ory/kratos/compare/v0.0.3-alpha.13...v0.0.3-alpha.14) (2020-01-31)\n\nUpdate README.md\n\n### Unclassified\n\n- Update README.md\n ([db8d65b](https://github.com/ory/kratos/commit/db8d65bf136223df546aa27f1ecff03d01159624))\n\n# [0.0.3-alpha.13](https://github.com/ory/kratos/compare/v0.0.3-alpha.12...v0.0.3-alpha.13) (2020-01-31)\n\nAllow mounting SQLite in /home/ory/sqlite (#212)\n\n### Unclassified\n\n- Allow mounting SQLite in /home/ory/sqlite (#212)\n ([2fe8c0f](https://github.com/ory/kratos/commit/2fe8c0f752e870028d68e8593a46c0902f673a65)),\n closes [#212](https://github.com/ory/kratos/issues/212)\n\n# [0.0.3-alpha.11](https://github.com/ory/kratos/compare/v0.0.3-alpha.10...v0.0.3-alpha.11) (2020-01-31)\n\nClean up cmd and resolve packr2 issues (#211)\n\nThis patch addresses issues with the build pipeline caused by an invalid import.\nProfiling was also added.\n\n### Unclassified\n\n- Clean up cmd and resolve packr2 issues (#211)\n ([2e43ec0](https://github.com/ory/kratos/commit/2e43ec09e9d6aa572c4351bfef4c59dfc43f2343)),\n closes [#211](https://github.com/ory/kratos/issues/211):\n\n This patch addresses issues with the build pipeline caused by an invalid\n import. Profiling was also added.\n\n- Improve field types (#209)\n ([aeefa93](https://github.com/ory/kratos/commit/aeefa93bf0427685f6ffadad5abfaa1fc26ce074)),\n closes [#209](https://github.com/ory/kratos/issues/209)\n- Update CHANGELOG [ci skip]\n ([fc32207](https://github.com/ory/kratos/commit/fc32207482861b8f989cb1d6fe5d96bf34c54e4c))\n\n# [0.0.3-alpha.10](https://github.com/ory/kratos/compare/v0.0.3-alpha.9...v0.0.3-alpha.10) (2020-01-31)\n\nUpdate README\n\n### Unclassified\n\n- Update README\n ([35a310d](https://github.com/ory/kratos/commit/35a310d6de52fa74ad8728b1df67f88ce900aa61))\n- Update CHANGELOG [ci skip]\n ([3c98745](https://github.com/ory/kratos/commit/3c987455a44b9e12e31619ba9f447e8a5feafc38))\n- Update CHANGELOG [ci skip]\n ([c1c01df](https://github.com/ory/kratos/commit/c1c01df3a04fc7988bf847e3f31680112f5a642d))\n\n# [0.0.3-alpha.7](https://github.com/ory/kratos/compare/v0.0.3-alpha.5...v0.0.3-alpha.7) (2020-01-30)\n\nUse correct project root in Dockerfile\n\n### Unclassified\n\n- Use correct project root in Dockerfile\n ([3528758](https://github.com/ory/kratos/commit/352875878c74d15b522336b518df339c8ad48e49))\n- Update CHANGELOG [ci skip]\n ([e78bbbe](https://github.com/ory/kratos/commit/e78bbbecbd9515c02e447efc3208599bf27ef85c))\n\n# [0.0.3-alpha.5](https://github.com/ory/kratos/compare/v0.0.3-alpha.4...v0.0.3-alpha.5) (2020-01-30)\n\nci: Resolve final docker build issues (#210)\n\n### Continuous Integration\n\n- Resolve final docker build issues\n ([#210](https://github.com/ory/kratos/issues/210))\n ([d703a1e](https://github.com/ory/kratos/commit/d703a1e328808df6761a9da5866a3f4df4c7923e))\n\n### Unclassified\n\n- Update CHANGELOG [ci skip]\n ([ebb1744](https://github.com/ory/kratos/commit/ebb1744d68b8a416774477182b1e2b2cd8bdfc43))\n- Add libmusl to binary output\n ([e9b8445](https://github.com/ory/kratos/commit/e9b8445f2fc8e9e571ec0b8480cc70fe3251db9e))\n\n# [0.0.3-alpha.4](https://github.com/ory/kratos/compare/v0.0.3-alpha.3...v0.0.3-alpha.4) (2020-01-30)\n\nUpdate CHANGELOG [ci skip]\n\n### Unclassified\n\n- Update CHANGELOG [ci skip]\n ([018c229](https://github.com/ory/kratos/commit/018c229c4cff62e47c1154ca29ab9c70766a43e5))\n- Add and use ory docker user\n ([cccbe09](https://github.com/ory/kratos/commit/cccbe09cc6e2ad72847206d46afe3e0bf7f79ab5))\n- Update CHANGELOG [ci skip]\n ([0e436e5](https://github.com/ory/kratos/commit/0e436e57f79692c4c6e0a0c25f48a41654afcda1))\n- Update goreleaser changelog filters\n ([7e5af97](https://github.com/ory/kratos/commit/7e5af97fded9f56a3cc9d1d92a7726e7b613b586))\n- Update CHANGELOG [ci skip]\n ([4387503](https://github.com/ory/kratos/commit/438750326c5d6ad1569802c82806e831f43e785e))\n\n# [0.0.3-alpha.2](https://github.com/ory/kratos/compare/v0.0.3-alpha.1...v0.0.3-alpha.2) (2020-01-30)\n\nResolve goreleaser build issues (#208)\n\n### Unclassified\n\n- Resolve goreleaser build issues (#208)\n ([d59a08a](https://github.com/ory/kratos/commit/d59a08a0ef680a984352d7f5068626cc1958185a)),\n closes [#208](https://github.com/ory/kratos/issues/208)\n\n# [0.0.3-alpha.1](https://github.com/ory/kratos/compare/v0.0.1-alpha.9...v0.0.3-alpha.1) (2020-01-30)\n\nUpdate CHANGELOG [ci skip]\n\n### Unclassified\n\n- Update CHANGELOG [ci skip]\n ([49e09ea](https://github.com/ory/kratos/commit/49e09eaaab1fc681f9330e12ce6e5483c62ee9e3))\n- Take form field orders from JSON Schema (#205)\n ([a880f0d](https://github.com/ory/kratos/commit/a880f0ddb52fb4366acf8fbd80aabaa9843445a9)),\n closes [#205](https://github.com/ory/kratos/issues/205)\n [#176](https://github.com/ory/kratos/issues/176)\n- Update CHANGELOG [ci skip]\n ([ff52bbb](https://github.com/ory/kratos/commit/ff52bbb264542b48658679bf5563b0f3b7ad73c7))\n- Adapt quickstart docker compose config (#207)\n ([e532583](https://github.com/ory/kratos/commit/e532583b35a22cb39bbab0101bf86c0bf01b1088)),\n closes [#207](https://github.com/ory/kratos/issues/207)\n- Update CHANGELOG [ci skip]\n ([7f4800b](https://github.com/ory/kratos/commit/7f4800b07556e688ba0cd551438876b3bf23ace5))\n- Update CHANGELOG [ci skip]\n ([1b2c3f6](https://github.com/ory/kratos/commit/1b2c3f645e64848e7fba6656aa730c7e346ed75d))\n- Rework public and admin fetch strategy (#203)\n ([99aa169](https://github.com/ory/kratos/commit/99aa1693e758f706f264c2439594e2be37ae9bc6)),\n closes [#203](https://github.com/ory/kratos/issues/203)\n [#122](https://github.com/ory/kratos/issues/122)\n- Update CHANGELOG [ci skip]\n ([1cea427](https://github.com/ory/kratos/commit/1cea42780a95d4ebf5520e1c1803fb13ef596d52))\n- ss/profile: Use request ID as query param everywhere (#202)\n ([ed32b14](https://github.com/ory/kratos/commit/ed32b14f8ea972cf549480f29cbf1b95d010789c)),\n closes [#202](https://github.com/ory/kratos/issues/202)\n [#190](https://github.com/ory/kratos/issues/190)\n- Update CHANGELOG [ci skip]\n ([a392027](https://github.com/ory/kratos/commit/a3920278129399ce576c5336c2e50dd015b8f2f8))\n- Update HTTP routes for a consistent API naming (#199)\n ([9ed4bda](https://github.com/ory/kratos/commit/9ed4bda9f0b0d45e8ac0de0c42b78f717f3d92f3)),\n closes [#199](https://github.com/ory/kratos/issues/199)\n [#195](https://github.com/ory/kratos/issues/195)\n\n# [0.0.1-alpha.9](https://github.com/ory/kratos/compare/v0.0.1-alpha.11...v0.0.1-alpha.9) (2020-01-29)\n\nci: Bump goreleaser orb\n\n### Continuous Integration\n\n- Bump goreleaser orb\n ([29cd754](https://github.com/ory/kratos/commit/29cd754d33ec2f800730bd007f17fc0ce53a51eb))\n\n# [0.0.2-alpha.1](https://github.com/ory/kratos/compare/v0.0.1-alpha.8...v0.0.2-alpha.1) (2020-01-29)\n\nUse correct build archive for homebrew\n\n### Unclassified\n\n- Use correct build archive for homebrew\n ([74ac29f](https://github.com/ory/kratos/commit/74ac29f43f2937cad9065ad3c03cf3cf909cff42))\n\n# [0.0.1-alpha.6](https://github.com/ory/kratos/compare/v0.0.1-alpha.5...v0.0.1-alpha.6) (2020-01-29)\n\nci: Bump goreleaser orb\n\n### Continuous Integration\n\n- Bump goreleaser orb\n ([018c94c](https://github.com/ory/kratos/commit/018c94ccc9e833f28f827fd10d607a7a1c954ac5))\n\n# [0.0.1-alpha.5](https://github.com/ory/kratos/compare/v0.0.1-alpha.3...v0.0.1-alpha.5) (2020-01-29)\n\nci: Bump goreleaser dependency\n\n### Continuous Integration\n\n- Bump goreleaser dependency\n ([ec49bfb](https://github.com/ory/kratos/commit/ec49bfb4b636a72e51d3a68521ba047f97d4c5e6))\n\n### Unclassified\n\n- Resolve build issues with CGO (#196)\n ([298f4ea](https://github.com/ory/kratos/commit/298f4ea85b3e7405929f481b756efe8c5c133479)),\n closes [#196](https://github.com/ory/kratos/issues/196)\n- ss/password: Make form fields an array (#197)\n ([6cb0058](https://github.com/ory/kratos/commit/6cb005860755ff897ad847f09af50bc911bbc7f0)),\n closes [#197](https://github.com/ory/kratos/issues/197)\n [#186](https://github.com/ory/kratos/issues/186)\n\n# [0.0.1-alpha.3](https://github.com/ory/kratos/compare/ab6f24a85276bdd8687f2fc06390c1279892b005...v0.0.1-alpha.3) (2020-01-28)\n\nci: Only compile goarmv7\n\n### Continuous Integration\n\n- Only compile goarmv7\n ([d8e7ec7](https://github.com/ory/kratos/commit/d8e7ec788d1b43bcbbe221becde3432fdbf28e9b))\n\n### Documentation\n\n- Present ORY Hive to the world\n ([#107](https://github.com/ory/kratos/issues/107))\n ([7883589](https://github.com/ory/kratos/commit/78835897664a5ab5564751fc9f04172f7d20d572))\n- Updates issue and pull request templates\n ([0441dff](https://github.com/ory/kratos/commit/0441dffe0c439cc54214bf9ee8f4a4bd25206999))\n- Updates issue and pull request templates\n ([#174](https://github.com/ory/kratos/issues/174))\n ([ad405e9](https://github.com/ory/kratos/commit/ad405e9037e2db2910a012f414556fea672e732a))\n- Updates issue and pull request templates\n ([#39](https://github.com/ory/kratos/issues/39))\n ([daf5aa8](https://github.com/ory/kratos/commit/daf5aa89c717de6176ee25119d2e751ae2ef6558))\n- Updates issue and pull request templates\n ([#40](https://github.com/ory/kratos/issues/40))\n ([f5907f3](https://github.com/ory/kratos/commit/f5907f3f248e05511b19ff6dc15bf6f60f8b62da))\n- Updates issue and pull request templates\n ([#59](https://github.com/ory/kratos/issues/59))\n ([8c5612c](https://github.com/ory/kratos/commit/8c5612c080e5b7531028b778b86cc4cde2abd516))\n- Updates issue and pull request templates\n ([#7](https://github.com/ory/kratos/issues/7))\n ([a1220ba](https://github.com/ory/kratos/commit/a1220ba1e950498a6e9594266dc730c9a8731b49))\n- Updates issue and pull request templates\n ([#8](https://github.com/ory/kratos/issues/8))\n ([c56798a](https://github.com/ory/kratos/commit/c56798ab29e72ed308fff840e3b1b98ead19aea6))\n\n### Unclassified\n\n- Remove redundant return statement\n ([7c2989f](https://github.com/ory/kratos/commit/7c2989f52c090bb9900380b4ec74e04d9c37a441))\n- ss/oidc: Remove obsolete request field from form (#193)\n ([59671ba](https://github.com/ory/kratos/commit/59671badb63009e2440b14868b622adc75cf882f)),\n closes [#193](https://github.com/ory/kratos/issues/193)\n [#180](https://github.com/ory/kratos/issues/180)\n- strategy/oidc: Allow multiple OIDC Connections (#191)\n ([8984831](https://github.com/ory/kratos/commit/898483137ff9dc47d65750cd94a973f2e5bee770)),\n closes [#191](https://github.com/ory/kratos/issues/191)\n [#114](https://github.com/ory/kratos/issues/114)\n- Improve Docker Compose Quickstart (#187)\n ([9459072](https://github.com/ory/kratos/commit/945907297ded4b18e1bd0e7c9824a975ac7395c6)),\n closes [#187](https://github.com/ory/kratos/issues/187)\n [#188](https://github.com/ory/kratos/issues/188)\n- selfservice/password: Remove request field and ensure method is set (#183)\n ([e035adc](https://github.com/ory/kratos/commit/e035adc233198e9b5c9a6e08d442fb5fb3290816)),\n closes [#183](https://github.com/ory/kratos/issues/183)\n- Add tests and fixtures for the config JSON Schema (#171)\n ([ede9c0e](https://github.com/ory/kratos/commit/ede9c0e9c45ee91e60587311dc18a0a04ff62295)),\n closes [#171](https://github.com/ory/kratos/issues/171)\n- Add example values for config JSON Schema\n ([12ba728](https://github.com/ory/kratos/commit/12ba7283bf879cd7682d3017c3b3f12e49029d6b))\n- Replace `url` with `uri` format in config JSON Schema\n ([68eddef](https://github.com/ory/kratos/commit/68eddef0cf179bf61abb999d84d2af19c3703c80))\n- Replace number with integer in config JSON Schema (#177)\n ([9eff6fd](https://github.com/ory/kratos/commit/9eff6fd09720b11acae089ebfcaf37288bc031b0)),\n closes [#177](https://github.com/ory/kratos/issues/177)\n- Improve `--dev` flag (#167)\n ([9b61ee1](https://github.com/ory/kratos/commit/9b61ee10bbb4710d6694addfa60c04313855516f)),\n closes [#167](https://github.com/ory/kratos/issues/167)\n [#162](https://github.com/ory/kratos/issues/162)\n- Add goreleaser orb task (#170)\n ([5df0def](https://github.com/ory/kratos/commit/5df0defefc95ced289a9c59a4f5deb3c67446e75)),\n closes [#170](https://github.com/ory/kratos/issues/170)\n- Add changelog generation task (#169)\n ([edd937c](https://github.com/ory/kratos/commit/edd937c21b7e37b2f2e926f0fe62c2e7d4a7d608)),\n closes [#169](https://github.com/ory/kratos/issues/169)\n- Adopt new SDK pipeline (#168)\n ([21d9b6d](https://github.com/ory/kratos/commit/21d9b6d27adbfe8504fb46ac95952e7cea239085)),\n closes [#168](https://github.com/ory/kratos/issues/168)\n- Add docker-compose quickstart (#153)\n ([e096190](https://github.com/ory/kratos/commit/e096190e778f22573e30f35e85b7cf147caf851b)),\n closes [#153](https://github.com/ory/kratos/issues/153)\n- Update README (#160)\n ([533775b](https://github.com/ory/kratos/commit/533775ba78a2c1758c47ed093da6acc18ab951c2)),\n closes [#160](https://github.com/ory/kratos/issues/160)\n- Separate post register/login hooks (#150)\n ([f4b7812](https://github.com/ory/kratos/commit/f4b78122d9cbe4dcc05b4fd52d94a2d9f1b16eb2)),\n closes [#150](https://github.com/ory/kratos/issues/150)\n [#149](https://github.com/ory/kratos/issues/149)\n- Update README badges\n ([4f7838e](https://github.com/ory/kratos/commit/4f7838e69181c5a10e27cde1e241779e4e724909))\n- Bump go-acc and resolve test issues (#154)\n ([15b1b63](https://github.com/ory/kratos/commit/15b1b630c5363e0e1afbed53285b3f39098c0792)),\n closes [#154](https://github.com/ory/kratos/issues/154)\n [#152](https://github.com/ory/kratos/issues/152)\n [#151](https://github.com/ory/kratos/issues/151):\n\n Due to a bug in `go-acc`, tests would not run if `-tags sqlite` was supplied\n as a go tool argument to `go-acc`. This patch resolves that issue and also\n includes several test patches from previous community PRs and some internal\n test issues.\n\n- Add ORY Kratos banner to README (#145)\n ([23b824f](https://github.com/ory/kratos/commit/23b824f7f99efbc23787508c03506e73a3240a2a)),\n closes [#145](https://github.com/ory/kratos/issues/145)\n- Replace DBAL layer with gobuffalo/pop (#130)\n ([21d08b8](https://github.com/ory/kratos/commit/21d08b84560230d8a063a418a74efcf53c146872)),\n closes [#130](https://github.com/ory/kratos/issues/130):\n\n This is a major refactoring of the internal DBAL. After a successful proof of\n concept and evaluation of gobuffalo/pop, we believe this to be the best DBAL\n for Go at the moment. It abstracts a lot of boilerplate code away.\n\n As with all sophisticated DBALs, pop too has its quirks. There are several\n issues that have been discovered during testing and adoption:\n https://github.com/gobuffalo/pop/issues/136\n https://github.com/gobuffalo/pop/issues/476\n https://github.com/gobuffalo/pop/issues/473\n https://github.com/gobuffalo/pop/issues/469\n https://github.com/gobuffalo/pop/issues/466\n\n However, the upside of moving much of the hard database/sql plumbing into\n another library cleans up the code base significantly and reduces complexity.\n\n As part of this change, the \"ephermal\" DBAL (\"in memory\") will be removed and\n sqlite will be used instead. This further reduces complexity of the code base\n and code-duplication.\n\n To support sqlite, CGO is required, which means that we need to run tests with\n `go test -tags sqlite` on a machine that has g++ installed. This also means\n that we need a Docker Image with `alpine` as opposed to pure `scratch`. While\n this is certainly a downside, the upside of less maintenance and \"free\"\n support for SQLite, PostgreSQL, MySQL, and CockroachDB simply outweighs any\n downsides that come with CGO.\n\n- Replace local deps with remote ones\n ([8605e45](https://github.com/ory/kratos/commit/8605e454cf538e047c5a9c3479372892d6b3f483))\n- ss/profile: Improve success and error flows\n ([9e0015a](https://github.com/ory/kratos/commit/9e0015acec7f8d927498e48366b377e22ec768b7)),\n closes [#112](https://github.com/ory/kratos/issues/112):\n\n This patch completes the profile management flow by implementing proper error\n and success states and adding several data integrity tests.\n\n- Rebrand ORY Hive to ORY Kratos (#111)\n ([ceda7fb](https://github.com/ory/kratos/commit/ceda7fb3472b081f0c6066aa1f282d4ec1787f7b)),\n closes [#111](https://github.com/ory/kratos/issues/111)\n- Fix broken tests and ci linter issues (#104)\n ([69760fe](https://github.com/ory/kratos/commit/69760fe9fecb2f302dd5c1821185ea990f4e411c)),\n closes [#104](https://github.com/ory/kratos/issues/104)\n- Update to Go modules 1.13\n ([1da4d75](https://github.com/ory/kratos/commit/1da4d757bc2434f97c588e395305066edce9ef0d))\n- Resolve minor configuration issues and response errors (#85)\n ([a44913b](https://github.com/ory/kratos/commit/a44913b26b515333576def6b882861ff2c8d4aff)),\n closes [#85](https://github.com/ory/kratos/issues/85)\n- Clean up dead files (#84)\n ([e0c96ef](https://github.com/ory/kratos/commit/e0c96effbee2521b12eeedc851b67fa3a1ae41c8)),\n closes [#84](https://github.com/ory/kratos/issues/84)\n- Add health endpoints (#83)\n ([0e936f7](https://github.com/ory/kratos/commit/0e936f7047bb9eacae0c5107360ce752a23d8282)),\n closes [#83](https://github.com/ory/kratos/issues/83)\n [#82](https://github.com/ory/kratos/issues/82)\n- Update Dockerfile and related build tools (#80)\n ([d20c701](https://github.com/ory/kratos/commit/d20c701433cea916d3df4863846cf09743150966)),\n closes [#80](https://github.com/ory/kratos/issues/80)\n- Implement SQL Database adapter (#79)\n ([86d07c4](https://github.com/ory/kratos/commit/86d07c4a9e3b3e6607e73f4d54b4e7b9f0382e59)),\n closes [#79](https://github.com/ory/kratos/issues/79)\n [#69](https://github.com/ory/kratos/issues/69)\n- Prevent duplicate signups (#76)\n ([4c88968](https://github.com/ory/kratos/commit/4c88968a6853396755f61db2673a0cb2201868f7)),\n closes [#76](https://github.com/ory/kratos/issues/76)\n [#46](https://github.com/ory/kratos/issues/46)\n- Contributing 08 10 19 00 52 45 (#74)\n ([43b511f](https://github.com/ory/kratos/commit/43b511f1a43be114ac04b377434b22ec8afe465b)),\n closes [#74](https://github.com/ory/kratos/issues/74)\n- Echo form values from oidc signup\n ([98b1da5](https://github.com/ory/kratos/commit/98b1da5f59d5dcde4416b74ea323af3e29fefa75)),\n closes [#71](https://github.com/ory/kratos/issues/71)\n- Properly decode values in error handler\n ([5eb9088](https://github.com/ory/kratos/commit/5eb9088efb291256d65fadbd5a803369cc96bdd2)),\n closes [#71](https://github.com/ory/kratos/issues/71)\n- Force path and domain on CSRF cookie (#70)\n ([a80d8b0](https://github.com/ory/kratos/commit/a80d8b0e0bb16fce530559826de29fd6b9836873)),\n closes [#70](https://github.com/ory/kratos/issues/70)\n [#68](https://github.com/ory/kratos/issues/68)\n- Require no session when accessing login or sign up (#67)\n ([c0e0da1](https://github.com/ory/kratos/commit/c0e0da1b38ebadaa33eb5b59dc566731b3320b70)),\n closes [#67](https://github.com/ory/kratos/issues/67)\n [#63](https://github.com/ory/kratos/issues/63)\n- Add tests for selfservice ErrorHandler (#62)\n ([4bb9e70](https://github.com/ory/kratos/commit/4bb9e7086ee57c4eb1a73fea436c7b2dec0257b7)),\n closes [#62](https://github.com/ory/kratos/issues/62)\n- Enable Circle CI (#57)\n ([6fb0afd](https://github.com/ory/kratos/commit/6fb0afd30e3755026b6ffca0cc80f2fe00267681)),\n closes [#57](https://github.com/ory/kratos/issues/57)\n [#53](https://github.com/ory/kratos/issues/53)\n- OIDC provider selfservice data enrichment (#56)\n ([936970a](https://github.com/ory/kratos/commit/936970a9abaadeab5c191ff52218bf4f65af2220)),\n closes [#56](https://github.com/ory/kratos/issues/56)\n [#23](https://github.com/ory/kratos/issues/23)\n [#55](https://github.com/ory/kratos/issues/55)\n- Remove local jsonschema module override\n ([cd2a5d8](https://github.com/ory/kratos/commit/cd2a5d8c74b21b122f5d5437702d8c74fb1cb726))\n- Implement identity management, login, and registration (#22)\n ([bf3395e](https://github.com/ory/kratos/commit/bf3395ea34ecf85303034f3e941a049c8cbd6229)),\n closes [#22](https://github.com/ory/kratos/issues/22)\n- Revert incorrect license changes\n ([fb9740b](https://github.com/ory/kratos/commit/fb9740b37a94dbdde1a8f4433fb7e5a8b4dac295))\n- Create FUNDING.yml\n ([3c67ac8](https://github.com/ory/kratos/commit/3c67ac83f58c5b03dc3935d279083268b8a85e0d))\n- Initial commit\n ([ab6f24a](https://github.com/ory/kratos/commit/ab6f24a85276bdd8687f2fc06390c1279892b005))\n- Add ability to define multiple schemas and serve them over HTTP\n ([#164](https://github.com/ory/kratos/issues/164))\n ([c65119c](https://github.com/ory/kratos/commit/c65119c24378dabd306e5a49f89c28c0367f7c2e)),\n closes [#86](https://github.com/ory/kratos/issues/86):\n\n All identity traits schemas have to be configured using a human readable ID\n and the corresponding URL. This PR enables multiple schemas to be used next to\n the default schema. It also adds the kratos.public/schemas/:id endpoint that\n mirrors all schemas.\n\n- Add helper for requiring authentication\n ([3888fbd](https://github.com/ory/kratos/commit/3888fbdc239b7a06c7fca34d08de7d55af69a48c))\n- Add helpers for go-swagger\n ([165a660](https://github.com/ory/kratos/commit/165a660f277588ed572d7843354c207f72f1678d)):\n\n See https://github.com/go-swagger/go-swagger/issues/2119\n\n- Add profile management and refactor internals\n ([3ec9263](https://github.com/ory/kratos/commit/3ec9263f597a5949d0de6d10073cc626cfcfcca4)),\n closes [#112](https://github.com/ory/kratos/issues/112)\n- Add session destroyer hook ([#148](https://github.com/ory/kratos/issues/148))\n ([d17f002](https://github.com/ory/kratos/commit/d17f002cdfe1f11ebb6bcbb17f6976aa329eab4a)),\n closes [#139](https://github.com/ory/kratos/issues/139):\n\n This patch adds a hook that destroys all active session by the identity which\n is being logged in. This can be useful in scenarios where only one session\n should be active at any given time.\n\n- Add SQL adapter ([#100](https://github.com/ory/kratos/issues/100))\n ([9e7f998](https://github.com/ory/kratos/commit/9e7f99871e3f09e7ae9ec1c38c8b8cf94d076f45)),\n closes [#92](https://github.com/ory/kratos/issues/92)\n- Explicitly whitelist form parser keys\n ([#105](https://github.com/ory/kratos/issues/105))\n ([28b056e](https://github.com/ory/kratos/commit/28b056e5bbfec645262914c52f0386d70c787a32)),\n closes [#98](https://github.com/ory/kratos/issues/98):\n\n Previously the form parser would try to detect the field type by asserting\n types for the whole form. That caused passwords containing only numbers to\n fail to unmarshal into a string value.\n\n This patch resolves that issue by introducing a prefix option to the\n BodyParser\n\n- Fix broken import\n ([308aa13](https://github.com/ory/kratos/commit/308aa1334dd43bc4bebade4e70e9c81c83fe8806))\n- Handle securecookie errors appropriately\n ([#101](https://github.com/ory/kratos/issues/101))\n ([75bf6fe](https://github.com/ory/kratos/commit/75bf6fe3f79d025f2aaa79d06db39c26430dc3fc)),\n closes [#97](https://github.com/ory/kratos/issues/97):\n\n Previously, IsNotAuthenticated would not handle securecookie errors\n appropriately. This has been resolved.\n\n- Implement CRUD for identities ([#60](https://github.com/ory/kratos/issues/60))\n ([58a3c24](https://github.com/ory/kratos/commit/58a3c240fca66e1195bf310024a2f8473826bce6)),\n closes [#58](https://github.com/ory/kratos/issues/58)\n- Implement message templates and SMTP delivery\n ([#146](https://github.com/ory/kratos/issues/146))\n ([dc674bf](https://github.com/ory/kratos/commit/dc674bfa7d1fa9ee94b014d09866bbdc0a97c321)),\n closes [#99](https://github.com/ory/kratos/issues/99):\n\n This patch adds a message templates (with override capabilities) and SMTP\n delivery.\n\n Integration tests using MailHog test fault resilience and e2e email delivery.\n\n This system is designed to be extended for SMS and other use cases.\n\n- Improve migration command ([#94](https://github.com/ory/kratos/issues/94))\n ([2b631de](https://github.com/ory/kratos/commit/2b631de6d621dcebac5318f6dd628646fec7712f))\n- Inject Identity Traits JSON Schema\n ([3a4c5ad](https://github.com/ory/kratos/commit/3a4c5ad35f885c7d38ffcf1d5836fb485f122fe9)),\n closes [#189](https://github.com/ory/kratos/issues/189)\n- Mark active field as nullable ([#89](https://github.com/ory/kratos/issues/89))\n ([292702d](https://github.com/ory/kratos/commit/292702d9e031e43c63e0ecb59354557139499e87))\n- Move package to selfservice\n ([063b767](https://github.com/ory/kratos/commit/063b7679af76333fc546e94e92b197079e5bdb30)):\n\n Because this module is primarily used in selfservice scenarios, it has been\n moved to the selfservice parent.\n\n- Omit request header from login/registration request\n ([#106](https://github.com/ory/kratos/issues/106))\n ([9b07587](https://github.com/ory/kratos/commit/9b07587f2de2b270c5c326e37b2b6b3dbbfa8595)),\n closes [#95](https://github.com/ory/kratos/issues/95):\n\n When fetching a login and registration request, the HTTP Request Headers must\n not be included in the response, as they contain irrelevant information for\n the API caller.\n\n- Properly handle empty credentials config in sql\n ([#93](https://github.com/ory/kratos/issues/93))\n ([b79c5d1](https://github.com/ory/kratos/commit/b79c5d1d5216e994f986ce739285cb1a89523df5))\n- Re-introduce migration plans to CLI command\n ([#192](https://github.com/ory/kratos/issues/192))\n ([bb32cd3](https://github.com/ory/kratos/commit/bb32cd3cad3cd0bd6f3166de0166701e1f676ac6)),\n closes [#131](https://github.com/ory/kratos/issues/131)\n- Reset CSRF token on principal change\n ([#64](https://github.com/ory/kratos/issues/64))\n ([9c889ab](https://github.com/ory/kratos/commit/9c889ab4f6c846812a4290545fef7d8106da35f0)),\n closes [#38](https://github.com/ory/kratos/issues/38):\n\n Add tests for logout.\n\n- Resolve wrong column reference in sql\n ([#90](https://github.com/ory/kratos/issues/90))\n ([0c0eb87](https://github.com/ory/kratos/commit/0c0eb87cd341bd3e73eb9adb303054b38c103ba9)):\n\n Reference ic.method instead of ici.method.\n\n Added regression tests against this particular issue.\n\n- Update keyword from kratos to ory.sh/kratos\n ([f45cbe0](https://github.com/ory/kratos/commit/f45cbe0339db8d129522314f3099e6944e4a6ea3)),\n closes [#115](https://github.com/ory/kratos/issues/115)\n- Update sdk generation method\n ([24aa3d7](https://github.com/ory/kratos/commit/24aa3d73354d5a28f05999a09e7bbbe51a44d44e))\n- Update to ory/x 0.0.80 ([#110](https://github.com/ory/kratos/issues/110))\n ([64de2f8](https://github.com/ory/kratos/commit/64de2f86540bf8715a1703d773fa95011603a854)):\n\n Removes the need for BindEnv()\n\n- Use JSON Schema to type assert form body\n ([#116](https://github.com/ory/kratos/issues/116))\n ([1944c7c](https://github.com/ory/kratos/commit/1944c7c6e82b5b6a3b9d47db94c8f8f45248feb7)),\n closes [#109](https://github.com/ory/kratos/issues/109)\n" }, { "path": "CODE_OF_CONDUCT.md", "content": "\n\n\n# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nWe as members, contributors, and leaders pledge to make participation in our\ncommunity a harassment-free experience for everyone, regardless of age, body\nsize, visible or invisible disability, ethnicity, sex characteristics, gender\nidentity and expression, level of experience, education, socio-economic status,\nnationality, personal appearance, race, caste, color, religion, or sexual\nidentity and orientation.\n\nWe pledge to act and interact in ways that contribute to an open, welcoming,\ndiverse, inclusive, and healthy community.\n\n## Our Standards\n\nExamples of behavior that contributes to a positive environment for our\ncommunity include:\n\n- Demonstrating empathy and kindness toward other people\n- Being respectful of differing opinions, viewpoints, and experiences\n- Giving and gracefully accepting constructive feedback\n- Accepting responsibility and apologizing to those affected by our mistakes,\n and learning from the experience\n- Focusing on what is best not just for us as individuals, but for the overall\n community\n\nExamples of unacceptable behavior include:\n\n- The use of sexualized language or imagery, and sexual attention or advances of\n any kind\n- Trolling, insulting or derogatory comments, and personal or political attacks\n- Public or private harassment\n- Publishing others' private information, such as a physical or email address,\n without their explicit permission\n- Other conduct which could reasonably be considered inappropriate in a\n professional setting\n\n## Open Source Community Support\n\nOry Open source software is collaborative and based on contributions by\ndevelopers in the Ory community. There is no obligation from Ory to help with\nindividual problems. If Ory open source software is used in production in a\nfor-profit company or enterprise environment, we mandate a paid support contract\nwhere Ory is obligated under their service level agreements (SLAs) to offer a\ndefined level of availability and responsibility. For more information about\npaid support please contact us at sales@ory.com.\n\n## Enforcement Responsibilities\n\nCommunity leaders are responsible for clarifying and enforcing our standards of\nacceptable behavior and will take appropriate and fair corrective action in\nresponse to any behavior that they deem inappropriate, threatening, offensive,\nor harmful.\n\nCommunity leaders have the right and responsibility to remove, edit, or reject\ncomments, commits, code, wiki edits, issues, and other contributions that are\nnot aligned to this Code of Conduct, and will communicate reasons for moderation\ndecisions when appropriate.\n\n## Scope\n\nThis Code of Conduct applies within all community spaces, and also applies when\nan individual is officially representing the community in public spaces.\nExamples of representing our community include using an official e-mail address,\nposting via an official social media account, or acting as an appointed\nrepresentative at an online or offline event.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be\nreported to the community leaders responsible for enforcement at\n[office@ory.com](mailto:office@ory.com). All complaints will be reviewed and\ninvestigated promptly and fairly.\n\nAll community leaders are obligated to respect the privacy and security of the\nreporter of any incident.\n\n## Enforcement Guidelines\n\nCommunity leaders will follow these Community Impact Guidelines in determining\nthe consequences for any action they deem in violation of this Code of Conduct:\n\n### 1. Correction\n\n**Community Impact**: Use of inappropriate language or other behavior deemed\nunprofessional or unwelcome in the community.\n\n**Consequence**: A private, written warning from community leaders, providing\nclarity around the nature of the violation and an explanation of why the\nbehavior was inappropriate. A public apology may be requested.\n\n### 2. Warning\n\n**Community Impact**: A violation through a single incident or series of\nactions.\n\n**Consequence**: A warning with consequences for continued behavior. No\ninteraction with the people involved, including unsolicited interaction with\nthose enforcing the Code of Conduct, for a specified period of time. This\nincludes avoiding interactions in community spaces as well as external channels\nlike social media. Violating these terms may lead to a temporary or permanent\nban.\n\n### 3. Temporary Ban\n\n**Community Impact**: A serious violation of community standards, including\nsustained inappropriate behavior.\n\n**Consequence**: A temporary ban from any sort of interaction or public\ncommunication with the community for a specified period of time. No public or\nprivate interaction with the people involved, including unsolicited interaction\nwith those enforcing the Code of Conduct, is allowed during this period.\nViolating these terms may lead to a permanent ban.\n\n### 4. Permanent Ban\n\n**Community Impact**: Demonstrating a pattern of violation of community\nstandards, including sustained inappropriate behavior, harassment of an\nindividual, or aggression toward or disparagement of classes of individuals.\n\n**Consequence**: A permanent ban from any sort of public interaction within the\ncommunity.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage],\nversion 2.1, available at\n[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].\n\nCommunity Impact Guidelines were inspired by [Mozilla's code of conduct\nenforcement ladder][mozilla coc].\n\nFor answers to common questions about this code of conduct, see the FAQ at\n[https://www.contributor-covenant.org/faq][faq]. Translations are available at\n[https://www.contributor-covenant.org/translations][translations].\n\n[homepage]: https://www.contributor-covenant.org\n[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html\n[mozilla coc]: https://github.com/mozilla/diversity\n[faq]: https://www.contributor-covenant.org/faq\n[translations]: https://www.contributor-covenant.org/translations\n" }, { "path": "CONTRIBUTING.md", "content": "\n\n\n# Contribute to Ory Kratos\n\n\n\n\n- [Introduction](#introduction)\n- [FAQ](#faq)\n- [How can I contribute?](#how-can-i-contribute)\n- [Communication](#communication)\n- [Contribute examples or community projects](#contribute-examples-or-community-projects)\n- [Contribute code](#contribute-code)\n- [Contribute documentation](#contribute-documentation)\n- [Disclosing vulnerabilities](#disclosing-vulnerabilities)\n- [Code style](#code-style)\n - [Working with forks](#working-with-forks)\n- [Conduct](#conduct)\n\n\n\n## Introduction\n\n_Please note_: We take Ory Kratos's security and our users' trust very\nseriously. If you believe you have found a security issue in Ory Kratos, please\ndisclose it by contacting us at security@ory.com.\n\nThere are many ways in which you can contribute. The goal of this document is to\nprovide a high-level overview of how you can get involved in Ory.\n\nAs a potential contributor, your changes and ideas are welcome at any hour of\nthe day or night, on weekdays, weekends, and holidays. Please do not ever\nhesitate to ask a question or send a pull request.\n\nIf you are unsure, just ask or submit the issue or pull request anyways. You\nwon't be yelled at for giving it your best effort. The worst that can happen is\nthat you'll be politely asked to change something. We appreciate any sort of\ncontributions and don't want a wall of rules to get in the way of that.\n\nThat said, if you want to ensure that a pull request is likely to be merged,\ntalk to us! You can find out our thoughts and ensure that your contribution\nwon't clash with Ory Kratos's direction. A great way to do this is via\n[Ory Kratos Discussions](https://github.com/ory/kratos/discussions) or the\n[Ory Chat](https://www.ory.com/chat).\n\n## FAQ\n\n- I am new to the community. Where can I find the\n [Ory Community Code of Conduct?](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md)\n\n- I have a question. Where can I get\n [answers to questions regarding Ory Kratos?](#communication)\n\n- I would like to contribute but I am not sure how. Are there\n [easy ways to contribute?](#how-can-i-contribute)\n [Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues)\n\n- I want to talk to other Ory Kratos users.\n [How can I become a part of the community?](#communication)\n\n- I would like to know what I am agreeing to when I contribute to Ory Kratos.\n Does Ory have\n [a Contributors License Agreement?](https://cla-assistant.io/ory/kratos)\n\n- I would like updates about new versions of Ory Kratos.\n [How are new releases announced?](https://www.ory.com/l/sign-up-newsletter)\n\n## How can I contribute?\n\nIf you want to start to contribute code right away, take a look at the\n[list of good first issues](https://github.com/ory/kratos/labels/good%20first%20issue).\n\nThere are many other ways you can contribute. Here are a few things you can do\nto help out:\n\n- **Give us a star.** It may not seem like much, but it really makes a\n difference. This is something that everyone can do to help out Ory Kratos.\n Github stars help the project gain visibility and stand out.\n\n- **Join the community.** Sometimes helping people can be as easy as listening\n to their problems and offering a different perspective. Join our Slack, have a\n look at discussions in the forum and take part in community events. More info\n on this in [Communication](#communication).\n\n- **Answer discussions.** At all times, there are several unanswered discussions\n on GitHub. You can see an\n [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc).\n If you think you know an answer or can provide some information that might\n help, please share it! Bonus: You get GitHub achievements for answered\n discussions.\n\n- **Help with open issues.** We have a lot of open issues for Ory Kratos and\n some of them may lack necessary information, some are duplicates of older\n issues. You can help out by guiding people through the process of filling out\n the issue template, asking for clarifying information or pointing them to\n existing issues that match their description of the problem.\n\n- **Review documentation changes.** Most documentation just needs a review for\n proper spelling and grammar. If you think a document can be improved in any\n way, feel free to hit the `edit` button at the top of the page. More info on\n contributing to the documentation [here](#contribute-documentation).\n\n- **Help with tests.** Pull requests may lack proper tests or test plans. These\n are needed for the change to be implemented safely.\n\n## Communication\n\nWe use [Slack](https://www.ory.com/chat). You are welcome to drop in and ask\nquestions, discuss bugs and feature requests, talk to other users of Ory, etc.\n\nCheck out [Ory Kratos Discussions](https://github.com/ory/kratos/discussions).\nThis is a great place for in-depth discussions and lots of code examples, logs\nand similar data.\n\nYou can also join our community calls if you want to speak to the Ory team\ndirectly or ask some questions. You can find more info and participate in\n[Slack](https://www.ory.com/chat) in the #community-call channel.\n\nIf you want to receive regular notifications about updates to Ory Kratos,\nconsider joining the mailing list. We will _only_ send you vital information on\nthe projects that you are interested in.\n\nAlso, [follow us on Twitter](https://twitter.com/orycorp).\n\n## Contribute examples or community projects\n\nOne of the most impactful ways to contribute is by adding code examples or other\nOry-related code. You can find an overview of community code in the\n[awesome-ory](https://github.com/ory/awesome-ory) repository.\n\n_If you would like to contribute a new example, we would love to hear from you!_\n\nPlease [open a pull request at awesome-ory](https://github.com/ory/awesome-ory/)\nto add your example or Ory-related project to the awesome-ory README.\n\n## Contribute code\n\n**All code contributions require prior discussion and agreement with maintainers\nbefore opening a pull request.**\n\nThis applies to bug fixes, new features, and refactoring. Before writing code:\n\n1. Open a [Discussion](https://github.com/ory/kratos/discussions/new/choose) or\n [Issue](https://github.com/ory/kratos/issues/new/choose) describing the\n problem and your proposed solution.\n2. Wait for maintainer feedback and explicit agreement on the implementation\n approach.\n3. Only then begin writing code.\n\nPull requests without prior discussion may be closed without review. This policy\nexists to protect your time and maintainer time.\n\n\"Drive-by\" PRs, even well-intentioned ones, often conflict with the project\nroadmap, duplicate ongoing work, or introduce architectural inconsistencies. A\nquick conversation can help avoid these problems.\n\nAll contributions are made via pull requests. To make a pull request, you will\nneed a GitHub account; if you are unclear on this process, see GitHub's\ndocumentation on [forking](https://help.github.com/articles/fork-a-repo) and\n[pull requests](https://help.github.com/articles/using-pull-requests). Pull\nrequests should be targeted at the `master` branch. Before creating a pull\nrequest, go through this checklist:\n\n1. Create a feature branch off of `master` so that changes do not get mixed up.\n1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local\n changes against the `master` branch.\n1. Run the full project test suite with the `go test -tags sqlite ./...` (or\n equivalent) command and confirm that it passes.\n1. Run `make format`\n1. Add a descriptive prefix to commits. This ensures a uniform commit history\n and helps structure the changelog. Please refer to this\n [Convential Commits configuration](https://github.com/ory/kratos/blob/master/.github/workflows/conventional_commits.yml)\n for the list of accepted prefixes. You can read more about the Conventional\n Commit specification\n [at their site](https://www.conventionalcommits.org/en/v1.0.0/).\n\nIf a pull request is not ready to be reviewed yet\n[it should be marked as a \"Draft\"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request).\n\nBefore your contributions can be reviewed you need to sign our\n[Contributor License Agreement](https://cla-assistant.io/ory/kratos).\n\nThis agreement defines the terms under which your code is contributed to Ory.\nMore specifically it declares that you have the right to, and actually do, grant\nus the rights to use your contribution. You can see the Apache 2.0 license under\nwhich our projects are published\n[here](https://github.com/ory/meta/blob/master/LICENSE).\n\nWhen pull requests fail the automated testing stages (for example unit or E2E\ntests), authors are expected to update their pull requests to address the\nfailures until the tests pass.\n\nPull requests eligible for review\n\n1. follow the repository's code formatting conventions;\n2. include tests that prove that the change works as intended and does not add\n regressions;\n3. document the changes in the code and/or the project's documentation;\n4. pass the CI pipeline;\n5. have signed our\n [Contributor License Agreement](https://cla-assistant.io/ory/kratos);\n6. include a proper git commit message following the\n [Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/).\n\nIf all of these items are checked, the pull request is ready to be reviewed and\nyou should change the status to \"Ready for review\" and\n[request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review).\n\nReviewers will approve the pull request once they are satisfied with the patch.\n\n### AI-assisted contributions\n\nAI can be a valuable aid for writing code, documentation, and tests. However, to\nmaintain the quality and reliability of Ory Kratos, please follow these\nguidelines:\n\n- When submitting a pull request or issue that involved AI assistance, mention\n the tools you used and the extent of their involvement. This helps reviewers\n understand the context of your contribution.\n\n- Pull requests created with AI assistance should address an existing, accepted\n issue. If you have an idea for a new feature or improvement, please open a\n discussion or issue first to ensure alignment with the project's direction\n before investing time in implementation.\n\n- You must use AI responsibly when writing code. All contributions must be\n tested and verified before submission. Unreviewed AI-generated code will not\n be accepted, and repeated submissions of this nature may result in restricted\n contribution privileges.\n\n- When using AI to help draft issues, discussions, or documentation, review and\n edit the output before submitting. AI tends to be verbose. Trim unnecessary\n content and ensure your submission is clear and focused.\n\nContributors must use AI responsibly. These guidelines exist to ensure that\nevery contribution meets the high standards our community expects, while still\nembracing the productivity benefits that AI tools can provide.\n\n## Contribute documentation\n\nPlease provide documentation when changing, removing, or adding features. All\nOry Documentation resides in the\n[Ory documentation repository](https://github.com/ory/docs/). For further\ninstructions please head over to the Ory Documentation\n[README.md](https://github.com/ory/docs/blob/master/README.md).\n\n## Disclosing vulnerabilities\n\nPlease disclose vulnerabilities exclusively to\n[security@ory.com](mailto:security@ory.com). Do not use GitHub issues.\n\n## Code style\n\nPlease run `make format` to format all source code following the Ory standard.\n\n### Working with forks\n\n```bash\n# First you clone the original repository\ngit clone git@github.com:ory/ory/kratos.git\n\n# Next you add a git remote that is your fork:\ngit remote add fork git@github.com:/ory/kratos.git\n\n# Next you fetch the latest changes from origin for master:\ngit fetch origin\ngit checkout master\ngit pull --rebase\n\n# Next you create a new feature branch off of master:\ngit checkout my-feature-branch\n\n# Now you do your work and commit your changes:\ngit add -A\ngit commit -a -m \"fix: this is the subject line\" -m \"This is the body line. Closes #123\"\n\n# And the last step is pushing this to your fork\ngit push -u fork my-feature-branch\n```\n\nNow go to the project's GitHub Pull Request page and click \"New pull request\"\n\n## Conduct\n\nWhether you are a regular contributor or a newcomer, we care about making this\ncommunity a safe place for you and we've got your back.\n\n[Ory Community Code of Conduct](https://github.com/ory/kratos/blob/master/CODE_OF_CONDUCT.md)\n\nWe welcome discussion about creating a welcoming, safe, and productive\nenvironment for the community. If you have any questions, feedback, or concerns\n[please let us know](https://www.ory.com/chat).\n" }, { "path": "DEVELOP.md", "content": "# Development\n\nThis document explains how to develop Ory Kratos, run tests, and work with the tooling around it.\n\n## Upgrading and changelog\n\nCheck [releases tab](https://github.com/ory/kratos/releases) for updates and changelogs when using the open source license.\n\n## Command line documentation\n\nTo see available commands and flags, run:\n\n```bash\nkratos -h\n# or\nkratos help\n```\n\n## Contribution guidelines\n\nWe encourage all contributions. Before opening a pull request, read the\n[contribution guidelines](./CONTRIBUTING.md).\n\n## Prerequisites\n\nYou need Go 1.16+ and, for the test suites:\n\n* Docker and Docker Compose\n* `make`\n* Node.js and npm\n\nYou can develop Ory Kratos on Windows, but most guides assume a Unix shell such as `bash` or `zsh`.\n\n## Install from source\n\nTo install Kratos from source:\n\n```make\nmake install\n```\n\n## Formatting code\n\nFormat all code using:\n\n```make\nmake format\n```\n\nThe continuous integration pipeline checks code formatting.\n\n## Running tests\n\nThere are three types of tests:\n\n* Short tests that do not require a SQL database\n* Regular tests that require PostgreSQL, MySQL, and CockroachDB\n* End to end tests that use real databases and a test browser\n\n### Short tests\n\nShort tests run quickly and use SQLite.\n\nRun all short tests:\n\n```bash\ngo test -short -tags sqlite ./...\n```\n\nRun short tests in a specific module:\n\n```bash\ncd client\ngo test -short -tags sqlite .\n```\n\n### Regular tests\n\nRegular tests require a database setup.\n\nThe test suite can start databases using\n[ory/dockertest](https://github.com/ory/dockertest). In practice, it is usually\neasier and faster to use the Makefile targets.\n\nRun the full test suite:\n\n```make\nmake test\n```\n\n> Note: `make test` recreates the databases every time. This can be slow if you\n> are iterating frequently on a specific test.\n\nIf you want to reuse databases across test runs, initialize them once:\n\n```bash\nmake test-resetdb\nexport TEST_DATABASE_MYSQL='mysql://root:secret@(127.0.0.1:3444)/mysql?parseTime=true'\nexport TEST_DATABASE_POSTGRESQL='postgres://postgres:secret@127.0.0.1:3445/kratos?sslmode=disable'\nexport TEST_DATABASE_COCKROACHDB='cockroach://root@127.0.0.1:3446/defaultdb?sslmode=disable'\n```\n\nThen you can run Go tests directly as often as needed:\n\n```bash\ngo test -tags sqlite ./...\n\n# or in a module:\ncd client\ngo test -tags sqlite .\n```\n\n### Updating test fixtures\n\nSome tests use snapshot fixtures.\n\nUpdate snapshots for short tests:\n\n```bash\nmake test-update-snapshots\n```\n\nUpdate all snapshots:\n\n```bash\nUPDATE_SNAPSHOTS=true go test -p 4 -tags sqlite ./...\n```\n\nYou can run this from the repository root or from subdirectories.\n\n### End-to-end tests\n\nEnd to end tests are implemented with [Cypress](https://www.cypress.io).\n\n> On ARM based Macs you may need to install Rosetta 2 to run Cypress.\n> See the Cypress documentation:\n> [https://www.cypress.io/blog/2021/01/20/running-cypress-on-the-apple-m1-silicon-arm-architecture-using-rosetta-2/](https://www.cypress.io/blog/2021/01/20/running-cypress-on-the-apple-m1-silicon-arm-architecture-using-rosetta-2/)\n\nTo install Rosetta 2:\n\n```bash\nsoftwareupdate --install-rosetta --agree-to-license\n```\n\nRun e2e tests in development mode:\n\n```bash\n./test/e2e/run.sh --dev sqlite\n```\n\nRun all e2e tests with databases:\n\n```make\nmake test-e2e\n```\n\nFor more options:\n\n```bash\n./test/e2e/run.sh\n```\n\n#### Run a single test\n\nAdd `.only` to the test you want to run, for example:\n\n```ts\nit.only('invalid remote recovery email template', () => {\n // ...\n})\n```\n\n#### Run a subset of tests\n\nTo run a subset of e2e tests:\n\n1. Edit `cypress.json` in `test/e2e/`.\n\n2. Add the `testFiles` option and point it to the specs you want, for example:\n\n ```json\n \"testFiles\": [\"profiles/network/*\"]\n ```\n\n3. Start the tests again using the run script or Makefile.\n\n## Build Docker image\n\nTo build a development Docker image:\n\n```make\nmake docker\n```\n\n## Preview API documentation\n\nTo work on and preview the generated API documentation:\n\n1. Update the SDK including the OpenAPI specification:\n\n ```make\n make sdk\n ```\n\n2. Run the preview server for API documentation:\n\n ```make\n make docs/api\n ```\n\n3. Run the preview server for Swagger documentation:\n\n ```make\n make docs/swagger\n ```\n" }, { "path": "LICENSE", "content": " Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n" }, { "path": "Makefile", "content": "SHELL=/usr/bin/env bash -o pipefail\n\n# EXECUTABLES = docker-compose docker node npm go\n# K := $(foreach exec,$(EXECUTABLES),\\\n# $(if $(shell which $(exec)),some string,$(error \"No $(exec) in PATH\")))\n\nexport PATH := .bin:${PATH}\nexport PWD := $(shell pwd)\nexport BUILD_DATE := $(shell date -u +\"%Y-%m-%dT%H:%M:%SZ\")\nexport VCS_REF := $(shell git rev-parse HEAD)\nexport QUICKSTART_OPTIONS ?=\nexport IMAGE_TAG \t\t\t\t\t:= $(if $(IMAGE_TAG),$(IMAGE_TAG),latest)\n\n.bin/clidoc:\n\techo \"deprecated usage, use docs/cli instead\"\n\tgo build -o .bin/clidoc ./cmd/clidoc/.\n\n.PHONY: docs/cli\ndocs/cli:\n\tgo run ./cmd/clidoc/. .\n\n.PHONY: docs/api\ndocs/api:\n\tnpx @redocly/openapi-cli preview-docs spec/api.json\n\n.PHONY: docs/swagger\ndocs/swagger:\n\tnpx @redocly/openapi-cli preview-docs spec/swagger.json\n\n.bin/golangci-lint: Makefile\n\tcurl --retry 7 --retry-connrefused -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -d -b .bin v2.10.1\n\n.bin/hydra: Makefile\n\tbash <(curl --retry 7 --retry-connrefused https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b .bin hydra v2.2.0\n\n.bin/ory: Makefile\n\tcurl --retry 7 --retry-connrefused https://raw.githubusercontent.com/ory/meta/master/install.sh | bash -s -- -b .bin ory v0.2.2\n\ttouch -a -m .bin/ory\n\n.bin/buf: Makefile\n\tcurl -sSL \\\n\t\"https://github.com/bufbuild/buf/releases/download/v1.39.0/buf-$(shell uname -s)-$(shell uname -m).tar.gz\" | \\\n\ttar -xvzf - -C \".bin/\" --strip-components=2 buf/bin/buf buf/bin/protoc-gen-buf-breaking buf/bin/protoc-gen-buf-lint\n\ttouch -a -m .bin/buf\n\n.PHONY: lint\nlint: .bin/golangci-lint .bin/buf\n\t.bin/golangci-lint run -v --timeout 10m ./...\n\t.bin/buf lint\n\n.PHONY: mocks\nmocks:\n\tgo tool mockgen -mock_names Manager=MockLoginExecutorDependencies -package pkg -destination pkg/hook_login_executor_dependencies.go github.com/ory/kratos/selfservice loginExecutorDependencies\n\n.PHONY: proto\nproto: gen/oidc/v1/state.pb.go\n\ngen/oidc/v1/state.pb.go: proto/oidc/v1/state.proto buf.yaml buf.gen.yaml .bin/buf\n\t.bin/buf generate\n\tgo tool goimports -w gen/\n\n.PHONY: install\ninstall:\n\tgo install -tags sqlite .\n\n.PHONY: test-resetdb\ntest-resetdb:\n\tscript/testenv.sh\n\n.PHONY: test\ntest:\n\tdocker pull oryd/hydra:v2.2.0\n\tgo test -p 1 -tags sqlite -count=1 -failfast ./...\n\ntest-short:\n\tgo test -tags sqlite -count=1 -failfast -short ./...\n\n.PHONY: test-coverage\ntest-coverage:\n\tgo test -coverprofile=coverage.out -failfast -timeout=20m -tags sqlite ./...\n\n.PHONY: test-coverage-next\ntest-coverage-next:\n\tgo test -short -failfast -timeout=20m -tags sqlite -cover ./... --args test.gocoverdir=\"$$PWD/coverage\"\n\tgo tool covdata percent -i=coverage\n\tgo tool covdata textfmt -i=./coverage -o coverage.new.out\n\n# Generates the SDK\n.PHONY: sdk\nsdk: .bin/ory node_modules\n\tgo tool swagger generate spec -m -o spec/swagger.json \\\n\t\t-c github.com/ory/kratos \\\n\t\t-c github.com/ory/x/healthx \\\n\t\t-c github.com/ory/x/crdbx \\\n\t\t-c github.com/ory/x/openapix\n\tory dev swagger sanitize ./spec/swagger.json\n\tgo tool swagger validate ./spec/swagger.json\n\tCIRCLE_PROJECT_USERNAME=ory CIRCLE_PROJECT_REPONAME=kratos \\\n\t\tory dev openapi migrate \\\n\t\t\t--health-path-tags metadata \\\n\t\t\t-p https://raw.githubusercontent.com/ory/x/master/healthx/openapi/patch.yaml \\\n\t\t\t-p file://.schema/openapi/patches/meta.yaml \\\n\t\t\t-p file://.schema/openapi/patches/schema.yaml \\\n\t\t\t-p file://.schema/openapi/patches/selfservice.yaml \\\n\t\t\t-p file://.schema/openapi/patches/security.yaml \\\n\t\t\t-p file://.schema/openapi/patches/session.yaml \\\n\t\t\t-p file://.schema/openapi/patches/identity.yaml \\\n\t\t\t-p file://.schema/openapi/patches/courier.yaml \\\n\t\t\t-p file://.schema/openapi/patches/generic_error.yaml \\\n\t\t\t-p file://.schema/openapi/patches/nulls.yaml \\\n\t\t\t-p file://.schema/openapi/patches/common.yaml \\\n\t\t\tspec/swagger.json spec/api.json\n\n\trm -rf pkg/httpclient\n\tmkdir -p pkg/httpclient/\n\tnpm run openapi-generator-cli -- generate -i \"spec/api.json\" \\\n\t\t-g go \\\n\t\t-o \"pkg/httpclient\" \\\n\t\t--git-user-id ory \\\n\t\t--git-repo-id client-go \\\n\t\t--git-host github.com \\\n\t\t--api-name-suffix \"API\" \\\n\t\t-c .schema/openapi/gen.go.yml\n\n\t(cd pkg/httpclient; rm -rf go.mod go.sum test api docs)\n\n\trm -rf pkg/client-go\n\tmkdir -p pkg/client-go/\n\tnpm run openapi-generator-cli -- generate -i \"spec/api.json\" \\\n\t\t-g go \\\n\t\t-o \"pkg/client-go\" \\\n\t\t--git-user-id ory \\\n\t\t--git-repo-id client-go \\\n\t\t--git-host github.com \\\n\t\t--api-name-suffix \"API\" \\\n\t\t-c .schema/openapi/gen.go.yml\n\n\t(cd pkg/client-go; go mod edit -module github.com/ory/client-go go.mod; rm -rf test api docs; go mod tidy)\n\n\tmake format\n\n.PHONY: quickstart\nquickstart:\n\tdocker pull oryd/kratos:latest\n\tdocker pull oryd/kratos-selfservice-ui-node:latest\n\tdocker-compose -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate\n\n.PHONY: quickstart-dev\nquickstart-dev:\n\tdocker build -f .docker/Dockerfile-build -t oryd/kratos:latest .\n\tdocker-compose -f quickstart.yml -f quickstart-standalone.yml -f quickstart-latest.yml $(QUICKSTART_OPTIONS) up --build --force-recreate\n\nauthors: # updates the AUTHORS file\n\tcurl --retry 7 --retry-connrefused https://raw.githubusercontent.com/ory/ci/master/authors/authors.sh | env PRODUCT=\"Ory Kratos\" bash\n\n# Formats the code\n.PHONY: format\nformat: .bin/ory node_modules .bin/buf\n\t.bin/ory dev headers copyright --exclude=gen --exclude=pkg/httpclient --exclude=pkg/client-go --exclude test/e2e/proxy/node_modules --exclude test/e2e/node_modules --exclude node_modules --exclude=oryx\n\tgo tool goimports -w -local github.com/ory .\n\tnpm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'\n\tnpm exec -- prettier --write '.github'\n\t.bin/buf format --write\n\n# Build local docker image\n.PHONY: docker\ndocker:\n\tDOCKER_BUILDKIT=1 DOCKER_CONTENT_TRUST=1 docker build -f .docker/Dockerfile-build --build-arg=COMMIT=$(VCS_REF) --build-arg=BUILD_DATE=$(BUILD_DATE) -t oryd/kratos:${IMAGE_TAG} .\n\n.PHONY: test-e2e\ntest-e2e: node_modules test-resetdb kratos-config-e2e\n\tsource script/test-envs.sh\n\ttest/e2e/run.sh sqlite\n\ttest/e2e/run.sh postgres\n\ttest/e2e/run.sh cockroach\n\ttest/e2e/run.sh mysql\n\n.PHONY: test-e2e-playwright\ntest-e2e-playwright: node_modules test-resetdb kratos-config-e2e\n\tsource script/test-envs.sh\n\ttest/e2e/run.sh --only-setup\n\t(cd test/e2e; DB=memory npm run playwright)\n\n.PHONY: test-refresh\ntest-refresh:\n\tUPDATE_SNAPSHOTS=true go test -tags sqlite,json1,refresh -short ./...\n\n.PHONY: pre-release\npre-release:\n\tgo tool yq '.services.kratos.image = \"oryd/kratos:'$$DOCKER_TAG'\"' -i quickstart.yml\n\tgo tool yq '.services.kratos-migrate.image = \"oryd/kratos:'$$DOCKER_TAG'\"' -i quickstart.yml\n\tgo tool yq '.services.kratos-selfservice-ui-node.image = \"oryd/kratos-selfservice-ui-node:'$$DOCKER_TAG'\"' -i quickstart.yml\n\n.PHONY: post-release\npost-release:\n\techo \"nothing to do\"\n\nlicenses: .bin/licenses node_modules # checks open-source licenses\n\t.bin/licenses\n\n.bin/licenses: Makefile\n\tcurl --retry 7 --retry-connrefused https://raw.githubusercontent.com/ory/ci/master/licenses/install | sh\n\nnode_modules: package-lock.json\n\tnpm ci\n\ttouch node_modules\n\n.PHONY: kratos-config-e2e\nkratos-config-e2e:\n\tsh ./test/e2e/render-kratos-config.sh\n" }, { "path": "README.md", "content": "

\n \"Ory\n

\n\n

\n Chat ·\n Discussions ·\n Newsletter ·\n Docs ·\n Try Ory Network ·\n Jobs\n

\n\nOry Kratos is an API first identity and user management system for cloud native\napplications. It centralizes login, registration, recovery, verification, and\nprofile management flows so your services consume them instead of reimplementing\nthem.\n\n\n\n\n**Table of contents**\n\n- [What is Ory Kratos?](#what-is-ory-kratos)\n - [Why Ory Kratos](#why-ory-kratos)\n- [Migrating from Auth0, Okta, and similar providers](#migrating-from-auth0-okta-and-similar-providers)\n- [Deployment options](#deployment-options)\n - [Use Ory Kratos on the Ory Network](#use-ory-kratos-on-the-ory-network)\n - [Self-host Ory Kratos](#self-host-ory-kratos)\n- [Quickstart](#quickstart)\n - [Who is using it?](#who-is-using-it)\n\n\n\n## What is Ory Kratos?\n\nOry Kratos is an API first identity and user management system that follows\n[cloud architecture best practices](https://www.ory.com/docs/ecosystem/software-architecture-philosophy).\nIt focuses on core identity workflows that almost every application needs:\n\n- Self service login and registration\n- Account verification and recovery\n- Multi factor authentication\n- Profile and account management\n- Identity schemas and traits\n- Admin APIs for lifecycle management\n\nWe recommend starting with the\n[Ory Kratos introduction docs](https://www.ory.com/kratos/docs/) to learn more\nabout its architecture, feature set, and how it compares to other systems.\n\n### Why Ory Kratos\n\nOry Kratos is designed to:\n\n- Remove identity logic from your application code and expose it over HTTP APIs\n- Work well with any UI framework through browser based and native app flows\n- Scale to large numbers of identities and devices\n- Integrate with the rest of the Ory stack for OAuth2, OpenID Connect, and\n access control\n- Fit into modern cloud native environments such as Kubernetes and managed\n platforms\n\n## Migrating from Auth0, Okta, and similar providers\n\nIf you are migrating from Auth0, Okta, or another identity provider that uses\nOAuth2 / OpenID Connect based login, consider using **Ory Hydra + Ory Kratos**\ntogether:\n\n- **Ory Hydra** acts as the OAuth2 and OpenID Connect provider and can replace\n most authorization server and token issuing capabilities of your existing IdP.\n- **Ory Kratos** provides identity, credentials, and user-facing flows (login,\n registration, recovery, verification, profile management).\n\nThis combination is often a drop-in replacement for OAuth2 and OpenID Connect\ncapabilities at the protocol level. In practice, you update client configuration\nand endpoints to point to Hydra, migrate identities into Kratos, and keep your\napplications speaking the same OAuth2 / OIDC protocols they already use.\n\n## Deployment options\n\nYou can run Ory Kratos in two main ways:\n\n- As a managed service on the Ory Network\n- As a self hosted service under your own control, with or without the Ory\n Enterprise License\n\n### Use Ory Kratos on the Ory Network\n\nThe [Ory Network](https://www.ory.com/cloud) is the fastest way to use Ory\nservices in production. **Ory Identities** is powered by the open source Ory\nKratos server and is API compatible.\n\nThe Ory Network provides:\n\n- Identity and credential management that scales to billions of users and\n devices\n- Registration, login, and account management flows for passkeys, biometrics,\n social login, SSO, and multi factor authentication\n- Prebuilt login, registration, and account management pages and components\n- OAuth2 and OpenID Connect for single sign on, API access, and machine to\n machine authorization\n- Low latency permission checks based on the Zanzibar model with the Ory\n Permission Language\n- GDPR friendly storage with data locality and compliance in mind\n- Web based Ory Console and Ory CLI for administration and operations\n- Cloud native APIs compatible with the open source servers\n- Fair, usage based [pricing](https://www.ory.com/pricing)\n\nSign up for a\n[free developer account](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=kratos-readme)\nto get started.\n\n### Self-host Ory Kratos\n\nYou can run Ory Kratos yourself for full control over infrastructure,\ndeployment, and customization.\n\nThe [install guide](https://www.ory.com/kratos/docs/install) explains how to:\n\n- Install Kratos on Linux, macOS, Windows, and Docker\n- Configure databases such as PostgreSQL, MySQL, and CockroachDB\n- Deploy to Kubernetes and other orchestration systems\n- Build Kratos from source\n\nThis guide uses the open source distribution to get you started without license\nrequirements. It is a great fit for individuals, researchers, hackers, and\ncompanies that want to experiment, prototype, or run unimportant workloads\nwithout SLAs. You get the full core engine, and you are free to inspect, extend,\nand build it from source.\n\nIf you run Kratos as part of a business-critical system, for example login and\naccount recovery for all your users, you should use a commercial agreement to\nreduce operational and security risk. The **Ory Enterprise License (OEL)**\nlayers on top of self-hosted Kratos and provides:\n\n- Additional enterprise features that are not available in the open source\n version such as SCIM, SAML, organization login (\"SSO\"), CAPTCHAs and more\n- Regular security releases, including CVE patches, with service level\n agreements\n- Support for advanced scaling, multi-tenancy, and complex deployments\n- Premium support options with SLAs, direct access to engineers, and onboarding\n help\n- Access to a private Docker registry with frequent and vetted, up-to-date\n enterprise builds\n\nFor guaranteed CVE fixes, current enterprise builds, advanced features, and\nsupport in production, you need a valid\n[Ory Enterprise License](https://www.ory.com/ory-enterprise-license) and access\nto the Ory Enterprise Docker registry. To learn more,\n[contact the Ory team](https://www.ory.com/contact/).\n\n## Quickstart\n\nInstall the [Ory CLI](https://www.ory.com/docs/guides/cli/installation) and\ncreate a new project to try Ory Identities.\n\n```bash\n# Install the Ory CLI if you do not have it yet:\nbash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory\nsudo mv ./ory /usr/local/bin/\n\n# Sign in or sign up\nory auth\n\n# Create a new project\nory create project --create-workspace \"Ory Open Source\" --name \"GitHub Quickstart\" --use-project\nory open ax login\n```\n\n### Who is using it?\n\n\n\nThe Ory community stands on the shoulders of individuals, companies, and\nmaintainers. The Ory team thanks everyone involved - from submitting bug reports\nand feature requests, to contributing patches and documentation. The Ory\ncommunity counts more than 50.000 members and is growing. The Ory stack protects\n7.000.000.000+ API requests every day across thousands of companies. None of\nthis would have been possible without each and everyone of you!\n\nThe following list represents companies that have accompanied us along the way\nand that have made outstanding contributions to our ecosystem. _If you think\nthat your company deserves a spot here, reach out to\noffice@ory.com now_!\n\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
NameLogoWebsiteCase Study
OpenAI\n \n \n \"OpenAI\"\n \n openai.comOpenAI Case Study
Fandom\n \n \n \"Fandom\"\n \n fandom.comFandom Case Study
Lumin\n \n \n \"Lumin\"\n \n luminpdf.comLumin Case Study
Sencrop\n \n \n \"Sencrop\"\n \n sencrop.comSencrop Case Study
OSINT Industries\n \n \n \"OSINT\n \n osint.industriesOSINT Industries Case Study
HGV\n \n \n \"HGV\"\n \n hgv.itHGV Case Study
Maxroll\n \n \n \"Maxroll\"\n \n maxroll.ggMaxroll Case Study
Zezam\n \n \n \"Zezam\"\n \n zezam.ioZezam Case Study
T.RowePrice\n \n \n \"T.RowePrice\"\n \n troweprice.com
Mistral\n \n \n \"Mistral\"\n \n mistral.ai
Axel Springer\n \n \n \"Axel\n \n axelspringer.com
Hemnet\n \n \n \"Hemnet\"\n \n hemnet.se
Cisco\n \n \n \"Cisco\"\n \n cisco.com
Presidencia de la República Dominicana\n \n \n \"Presidencia\n \n presidencia.gob.do
Moonpig\n \n \n \"Moonpig\"\n \n moonpig.com
Booster\n \n \n \"Booster\"\n \n choosebooster.com
Zaptec\n \n \n \"Zaptec\"\n \n zaptec.com
Klarna\n \n \n \"Klarna\"\n \n klarna.com
Raspberry PI Foundation\n \n \n \"Raspberry\n \n raspberrypi.org
Tulip\n \n \n \"Tulip\n \n tulip.com
Hootsuite\n \n \n \"Hootsuite\"\n \n hootsuite.com
Segment\n \n \n \"Segment\"\n \n segment.com
Arduino\n \n \n \"Arduino\"\n \n arduino.cc
Sainsbury's\n \n \n \"Sainsbury's\"\n \n sainsburys.co.uk
Contraste\n \n \n \"Contraste\"\n \n contraste.com
inMusic\n \n \n \"InMusic\"\n \n inmusicbrands.com
Buhta\n \n \n \"Buhta\"\n \n buhta.com
Amplitude\n \n \n \"amplitude.com\"\n \n amplitude.com
\"TIER\"Kyma\"Serlo\"\"Padis\"
\"Cloudbear\"\"Security\"Factly\"\"All
\"Nortal\"\"OrderMyGear\"\"R2Devops\"\"Paralus\"
\"dyrector.io\"\"pinniped.dev\"\"pvotal.tech\"
\n\nMany thanks to all individual contributors\n\n\n\n\n" }, { "path": "SECURITY.md", "content": "\n\n\n# Ory Security Policy\n\nThis policy outlines Ory's security commitments and practices for users across\ndifferent licensing and deployment models.\n\nTo learn more about Ory's security service level agreements (SLAs) and\nprocesses, please [contact us](https://www.ory.com/contact/).\n\n## Ory Network Users\n\n- **Security SLA:** Ory addresses vulnerabilities in the Ory Network according\n to the following guidelines:\n - Critical: Typically addressed within 14 days.\n - High: Typically addressed within 30 days.\n - Medium: Typically addressed within 90 days.\n - Low: Typically addressed within 180 days.\n - Informational: Addressed as necessary. \n These timelines are targets and may vary based on specific circumstances.\n- **Release Schedule:** Updates are deployed to the Ory Network as\n vulnerabilities are resolved.\n- **Version Support:** The Ory Network always runs the latest version, ensuring\n up-to-date security fixes.\n\n## Ory Enterprise License Customers\n\n- **Security SLA:** Ory addresses vulnerabilities based on their severity:\n - Critical: Typically addressed within 14 days.\n - High: Typically addressed within 30 days.\n - Medium: Typically addressed within 90 days.\n - Low: Typically addressed within 180 days.\n - Informational: Addressed as necessary. \n These timelines are targets and may vary based on specific circumstances.\n- **Release Schedule:** Updates are made available as vulnerabilities are\n resolved. Ory works closely with enterprise customers to ensure timely updates\n that align with their operational needs.\n- **Version Support:** Ory may provide security support for multiple versions,\n depending on the terms of the enterprise agreement.\n\n## Apache 2.0 License Users\n\n- **Security SLA:** Ory does not provide a formal SLA for security issues under\n the Apache 2.0 License.\n- **Release Schedule:** Releases prioritize new functionality and include fixes\n for known security vulnerabilities at the time of release. While major\n releases typically occur one to two times per year, Ory does not guarantee a\n fixed release schedule.\n- **Version Support:** Security patches are only provided for the latest release\n version.\n\n## Reporting a Vulnerability\n\nFor details on how to report security vulnerabilities, visit our\n[security policy documentation](https://www.ory.com/docs/ecosystem/security).\n" }, { "path": "anonymous_sessions.md", "content": "\n# Feasibility Report: Anonymous Sessions in Ory Kratos\n\n## Executive summary\n\nAnonymous sessions (sessions not tied to an authenticated identity) are **not natively supported** in Kratos today. The session model is deeply coupled to the identity model at the database, struct, and API level. Implementing anonymous sessions is feasible but requires changes across multiple layers. This report outlines the current architecture constraints, proposes API designs, and evaluates implementation approaches.\n\n---\n\n## 1. Current architecture analysis\n\n### 1.1 Session–Identity coupling\n\nThe `Session` struct has a **non-nullable** `IdentityID uuid.UUID` field and a hard foreign key constraint at the database level:\n\n```cloud/kratos/kratos-oss/persistence/sql/migrations/sql/20191100000003000000_sessions.postgres.up.sql#L1-10\nCREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);\n```\n\nThe persistence layer explicitly rejects sessions without an identity:\n\n```cloud/kratos/kratos-oss/persistence/sql/persister_session.go#L244-248\n\ts.NID = p.NetworkID(ctx)\n\tif s.Identity != nil {\n\t\ts.IdentityID = s.Identity.ID\n\t} else if s.IdentityID.IsNil() {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"cannot upsert session without an identity or identity ID set\"))\n```\n\n### 1.2 Session activation requires an identity\n\n`ManagerHTTP.ActivateSession` hard-requires a non-nil, active identity:\n\n```cloud/kratos/kratos-oss/session/manager_http.go#L314-324\nfunc (s *ManagerHTTP) ActivateSession(r *http.Request, session *Session, i *identity.Identity, authenticatedAt time.Time) (err error) {\n\t// ...\n\tif i == nil {\n\t\treturn errors.WithStack(x.PseudoPanic.WithReasonf(\"Identity must not be nil when activating a session.\"))\n\t}\n\n\tif !i.IsActive() {\n\t\treturn errors.WithStack(ErrIdentityDisabled.WithDetail(\"identity_id\", i.ID))\n\t}\n```\n\n### 1.3 The `/sessions/whoami` endpoint always returns identity data\n\nThe `whoami` handler unconditionally reads identity data and sets the `X-Kratos-Authenticated-Identity-Id` header:\n\n```cloud/kratos/kratos-oss/session/handler.go#L260-261\n\t// Set userId as the X-Kratos-Authenticated-Identity-Id header.\n\tw.Header().Set(\"X-Kratos-Authenticated-Identity-Id\", s.Identity.ID.String())\n```\n\n### 1.4 JWT tokenization uses identity as subject\n\nThe tokenizer requires the session's identity for the `sub` claim:\n\n```cloud/kratos/kratos-oss/session/tokenizer.go#L71-82\nfunc SetSubjectClaim(claims jwt.MapClaims, session *Session, subjectSource string) error {\n\tswitch subjectSource {\n\tcase \"\", \"id\":\n\t\tclaims[\"sub\"] = session.IdentityID.String()\n\tcase \"external_id\":\n\t\tif session.Identity.ExternalID == \"\" {\n\t\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"The session's identity does not have an external ID set, but it is required for the subject claim.\"))\n\t\t}\n\t\tclaims[\"sub\"] = session.Identity.ExternalID.String()\n```\n\n### 1.5 Hooks assume identity existence\n\nMultiple hooks (e.g., `SessionDestroyer`, `AddressVerifier`, `SessionIssuer`) dereference `s.Identity.ID` without nil checks:\n\n```cloud/kratos/kratos-oss/selfservice/hook/session_destroyer.go#L37-44\nfunc (e *SessionDestroyer) ExecuteLoginPostHook(_ http.ResponseWriter, r *http.Request, _ node.UiNodeGroup, _ *login.Flow, s *session.Session) error {\n\treturn otelx.WithSpan(r.Context(), \"selfservice.hook.SessionDestroyer.ExecuteLoginPostHook\", func(ctx context.Context) error {\n\t\tif _, err := e.r.SessionPersister().RevokeSessionsIdentityExcept(ctx, s.Identity.ID, s.ID); err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n### 1.6 There is zero existing concept of \"anonymous\" or \"guest\" in the codebase\n\nA codebase-wide search for `anonymous`, `guest`, `ephemeral` in the context of sessions returned **no relevant results**. This is a greenfield feature.\n\n---\n\n## 2. Proposed API design\n\n### 2.1 New endpoint: create anonymous session\n\n```/dev/null/api.yaml#L1-30\n# POST /sessions/anonymous\n# Creates an anonymous session without requiring authentication.\n\n# Request (Browser flow):\n# No body required. Sets session cookie automatically.\n\n# Request (API flow):\n# No body required.\n\n# Response 200:\n{\n \"session\": {\n \"id\": \"uuid\",\n \"active\": true,\n \"expires_at\": \"2024-01-01T00:00:00Z\",\n \"issued_at\": \"2024-01-01T00:00:00Z\",\n \"authenticated_at\": \"2024-01-01T00:00:00Z\",\n \"authenticator_assurance_level\": \"aal0\",\n \"authentication_methods\": [\n { \"method\": \"anonymous\", \"aal\": \"aal0\", \"completed_at\": \"...\" }\n ],\n \"identity\": null,\n \"anonymous\": true,\n \"devices\": [...]\n },\n \"session_token\": \"ory_st_...\" // Only for API flows\n}\n```\n\n### 2.2 Modified `/sessions/whoami` behavior\n\nThe whoami endpoint should gracefully handle anonymous sessions:\n\n```/dev/null/api.yaml#L1-22\n# GET /sessions/whoami\n# Returns the current session. For anonymous sessions, identity is null.\n\n# Response 200 (anonymous session):\n{\n \"id\": \"uuid\",\n \"active\": true,\n \"anonymous\": true,\n \"authenticator_assurance_level\": \"aal0\",\n \"authentication_methods\": [\n { \"method\": \"anonymous\", \"aal\": \"aal0\" }\n ],\n \"identity\": null,\n \"devices\": [...]\n}\n\n# Response 200 (authenticated session):\n# Same as today, with \"anonymous\": false\n```\n\n### 2.3 Session promotion: anonymous → authenticated\n\nWhen a user logs in or registers while holding an anonymous session, the session should be promotable:\n\n```/dev/null/api.yaml#L1-15\n# POST /self-service/login?flow=\n# If the user has an active anonymous session cookie/token,\n# the login flow promotes the anonymous session to an authenticated one.\n\n# Behavior:\n# 1. Anonymous session is revoked\n# 2. New authenticated session is created\n# 3. The anonymous session ID is available in the login hook context\n# so that application logic can migrate anonymous data (e.g., cart)\n\n# New hook context field:\n# \"previous_anonymous_session_id\": \"uuid\" (available in post-login webhooks)\n```\n\n### 2.4 Configuration\n\n```/dev/null/config.yaml#L1-14\nsession:\n anonymous:\n # Enable anonymous session creation\n enabled: false\n # Lifespan of anonymous sessions (shorter than authenticated by default)\n lifespan: 1h\n # Maximum number of anonymous sessions per IP (rate limiting)\n max_per_ip: 100\n # Cookie name for anonymous sessions (separate from authenticated sessions)\n cookie:\n name: ory_kratos_anonymous_session\n```\n\n---\n\n## 3. Implementation approaches\n\n### Approach A: Phantom identity (recommended)\n\nCreate a lightweight \"anonymous\" identity behind the scenes for each anonymous session. This is the **lowest-risk** option.\n\n| Aspect | Detail |\n|---|---|\n| **Core idea** | When an anonymous session is requested, create a special `Identity` with `state: active`, a dedicated `schema_id: \"anonymous\"`, and empty traits. The session's `IdentityID` FK is satisfied. |\n| **Session struct change** | Add `Anonymous bool` field to `Session` (new DB column `is_anonymous`). |\n| **Existing code impact** | Minimal. All existing code that reads `IdentityID` or `Identity` continues to work. `whoami` can check `s.Anonymous` and null out the identity in the response. |\n| **Migration** | One new column: `ALTER TABLE sessions ADD COLUMN is_anonymous BOOL NOT NULL DEFAULT false`. |\n| **Promotion** | On login/registration, update the anonymous session's `IdentityID` to the real identity and set `is_anonymous = false`. Or revoke and create new. |\n| **Cleanup** | Expired anonymous sessions are cleaned up by existing `DeleteExpiredSessions`. The phantom identities can be garbage-collected when their sessions expire. |\n| **Drawbacks** | Creates identity records that aren't \"real\" users. Inflates identity counts. Needs logic to exclude anonymous identities from list/count endpoints. |\n\n### Approach B: Nullable IdentityID\n\nMake `IdentityID` nullable across the entire stack.\n\n| Aspect | Detail |\n|---|---|\n| **Core idea** | Change `IdentityID uuid.UUID` → `IdentityID uuid.NullUUID` in the `Session` struct. Change DB column to nullable. |\n| **Blast radius** | **Very large.** Every code path that references `IdentityID` or `Identity` must handle nil: `UpsertSession`, `ActivateSession`, `GetSessionByToken`, `DoesSessionSatisfy`, `SetSessionDeviceInformation`, `Tokenizer`, all hooks, all self-service flows, OpenAPI spec, generated clients. |\n| **Migration** | `ALTER TABLE sessions ALTER COLUMN identity_id DROP NOT NULL; ALTER TABLE sessions DROP CONSTRAINT sessions_identity_id_fkey; ADD CONSTRAINT ... ON DELETE SET NULL`. |\n| **Drawbacks** | High risk of nil-pointer panics. Breaks the invariant that every session has an owner. Difficult to validate completeness of nil-handling. |\n\n### Approach C: Separate anonymous session table and handler\n\nCreate a distinct `anonymous_sessions` table with its own handler.\n\n| Aspect | Detail |\n|---|---|\n| **Core idea** | `anonymous_sessions` table with `id`, `token`, `expires_at`, `metadata`, `devices`. Completely separate from authenticated sessions. |\n| **Blast radius** | Low on existing code. New code is isolated. |\n| **Migration** | New table only, no changes to existing schema. |\n| **Drawbacks** | Duplicates session management logic (cookie issuance, token handling, expiry, etc.). Two parallel systems to maintain. `whoami` must check both tables. Session promotion requires cross-table coordination. |\n\n---\n\n## 4. Impact matrix\n\n| Component | Approach A (Phantom) | Approach B (Nullable) | Approach C (Separate) |\n|---|---|---|---|\n| `session.Session` struct | +1 field | Change `IdentityID` type | No change |\n| `session.Persister` | Minor guard | Major refactor | New interface |\n| `session.ManagerHTTP` | New method + guards | Refactor `ActivateSession`, `FetchFromRequest`, `DoesSessionSatisfy` | New manager |\n| `session.Handler` | New route + `whoami` guard | Guards in every handler | New handler |\n| `session.Tokenizer` | Guard for anonymous | Guard for nullable identity | Separate tokenizer logic |\n| DB migration | 1 column | ALTER + FK change | New table |\n| Self-service flows | Hook context extension | Nil-handling everywhere | Isolated |\n| Hooks | Nil-guard in ~5 hooks | Nil-guard in ~5 hooks | N/A |\n| OpenAPI spec | New endpoint + field | Modified `session` schema | New endpoints + schema |\n| Identity handler/pool | Exclude anonymous from counts | No change | No change |\n| Risk | **Low-Medium** | **High** | **Low** |\n| Effort | **Medium** (~2-3 weeks) | **High** (~4-6 weeks) | **Medium** (~2-3 weeks) |\n\n---\n\n## 5. Recommendation\n\n**Approach A (Phantom Identity)** is recommended. It satisfies the FK constraint naturally, minimizes blast radius on existing code, and leverages all existing session infrastructure (cookies, tokens, expiry, cleanup, caching). The main trade-off—phantom identities inflating counts—is manageable by filtering on the `is_anonymous` column or a dedicated `schema_id`.\n\n### Key implementation steps for Approach A:\n\n1. **Add `Anonymous` field** to `Session` struct + DB migration.\n2. **Add new `CredentialsType`**: `CredentialsTypeAnonymous = \"anonymous\"` for the AMR.\n3. **Add `POST /sessions/anonymous` endpoint** in `session.Handler` that:\n - Creates a phantom identity with `schema_id: \"anonymous\"` and empty traits.\n - Creates and activates a session with `Anonymous: true`, `AAL: aal0`.\n - Issues cookie or returns token.\n4. **Guard `whoami`**: If `s.Anonymous`, null out identity in response and skip the `X-Kratos-Authenticated-Identity-Id` header.\n5. **Guard hooks**: Add nil/anonymous checks in `SessionDestroyer` and other hooks.\n6. **Session promotion**: In the login/registration post-hook, detect if an anonymous session exists, revoke it, and pass the old session ID to webhooks via `transient_payload` or a new hook context field.\n7. **Configuration**: Add `session.anonymous.enabled` and `session.anonymous.lifespan`.\n8. **Identity list filtering**: Exclude anonymous identities from `/admin/identities` by default (or add a filter parameter).\n9. **Cleanup job**: Extend `DeleteExpiredSessions` to also garbage-collect orphaned phantom identities whose sessions are all expired/revoked.\n\n---\n\n## 6. Open questions\n\n1. **Should anonymous sessions share the same cookie name?** Using a separate cookie avoids interference but complicates promotion. Using the same cookie makes promotion seamless but means authenticated sessions overwrite anonymous ones.\n2. **Should anonymous sessions be tokenizable (JWT)?** The `sub` claim has no meaningful identity. A session-ID-only JWT could work, but consumers expecting an identity subject would break.\n3. **Rate limiting**: Without authentication, anonymous session creation is a DoS vector. Per-IP rate limiting and short lifespans are essential.\n4. **Multi-tenancy (NID)**: Anonymous sessions should respect network isolation like authenticated sessions. No additional work needed since phantom identities inherit the NID.\n5. **Hydra/OAuth2 integration**: Anonymous sessions should likely **not** be usable as OAuth2 login sessions. The `AcceptLoginRequest` flow requires an authenticated identity.\n" }, { "path": "buf.gen.yaml", "content": "version: v2\nmanaged:\n enabled: true\n override:\n - file_option: go_package_prefix\n value: github.com/ory/kratos\nplugins:\n - remote: buf.build/protocolbuffers/go\n out: gen\n opt: paths=source_relative\ninputs:\n - directory: proto\n" }, { "path": "buf.yaml", "content": "version: v2\nmodules:\n - path: proto\nlint:\n use:\n - DEFAULT\nbreaking:\n use:\n - FILE\n" }, { "path": "cipher/aes.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cipher\n\nimport (\n\t\"context\"\n\t\"encoding/hex\"\n\n\t\"github.com/gtank/cryptopasta\"\n\n\t\"github.com/ory/herodot\"\n\n\t\"github.com/pkg/errors\"\n)\n\ntype AES struct {\n\tc SecretsProvider\n}\n\nfunc NewCryptAES(c SecretsProvider) *AES {\n\treturn &AES{c: c}\n}\n\n// Encrypt return a AES encrypt of plaintext\nfunc (a *AES) Encrypt(ctx context.Context, message []byte) (string, error) {\n\tif len(message) == 0 {\n\t\t// do nothing if empty instead of return an error\n\t\t// return nil, errors.WithStack(herodot.ErrInternalServerError.WithReason(\"Can not encrypt empty string.\"))\n\t\treturn \"\", nil\n\t}\n\n\tif len(a.c.SecretsCipher(ctx)) == 0 {\n\t\treturn \"\", errors.WithStack(herodot.ErrMisconfiguration.WithReason(\"Unable to encrypt message because no cipher secrets were configured.\"))\n\t}\n\n\tciphertext, err := cryptopasta.Encrypt(message, &a.c.SecretsCipher(ctx)[0])\n\tif err != nil {\n\t\treturn \"\", errors.WithStack(herodot.ErrForbidden.WithWrap(err))\n\t}\n\treturn hex.EncodeToString(ciphertext), nil\n}\n\n// Decrypt returns the decrypted aes data\nfunc (a *AES) Decrypt(ctx context.Context, ciphertext string) ([]byte, error) {\n\tif len(ciphertext) == 0 {\n\t\t// do nothing if empty instead of return an error\n\t\t// return \"\", errors.WithStack(herodot.ErrInternalServerError.WithReason(\"Can not decrypt empty message.\"))\n\t\treturn nil, nil\n\t}\n\n\tsecrets := a.c.SecretsCipher(ctx)\n\tif len(secrets) == 0 {\n\t\treturn nil, errors.WithStack(herodot.ErrMisconfiguration.WithReason(\"Unable to decipher the encrypted message because no AES secrets were configured.\"))\n\t}\n\n\tdecode, err := hex.DecodeString(ciphertext)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithWrap(err))\n\t}\n\n\tfor i := range secrets {\n\t\tplaintext, err := cryptopasta.Decrypt(decode, &secrets[i])\n\t\tif err == nil {\n\t\t\treturn plaintext, nil\n\t\t}\n\t}\n\n\treturn nil, errors.WithStack(herodot.ErrForbidden.WithReason(\"Unable to decipher the encrypted message.\"))\n}\n" }, { "path": "cipher/chacha20.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cipher\n\nimport (\n\t\"context\"\n\t\"crypto/rand\"\n\t\"encoding/hex\"\n\t\"io\"\n\t\"math\"\n\n\t\"github.com/pkg/errors\"\n\t\"golang.org/x/crypto/chacha20poly1305\"\n\n\t\"github.com/ory/herodot\"\n)\n\ntype XChaCha20Poly1305 struct {\n\tc SecretsProvider\n}\n\nfunc NewCryptChaCha20(c SecretsProvider) *XChaCha20Poly1305 {\n\treturn &XChaCha20Poly1305{c: c}\n}\n\n// Encrypt returns a ChaCha encryption of plaintext\nfunc (c *XChaCha20Poly1305) Encrypt(ctx context.Context, message []byte) (string, error) {\n\tif len(message) == 0 {\n\t\treturn \"\", nil\n\t}\n\n\tif len(c.c.SecretsCipher(ctx)) == 0 {\n\t\treturn \"\", errors.WithStack(herodot.ErrMisconfiguration.WithReason(\"Unable to encrypt message because no cipher secrets were configured.\"))\n\t}\n\n\taead, err := chacha20poly1305.NewX(c.c.SecretsCipher(ctx)[0][:])\n\tif err != nil {\n\t\treturn \"\", herodot.ErrInternalServerError.WithWrap(err).WithReason(\"Unable to generate key\")\n\t}\n\n\t// Make sure the size calculation does not overflow.\n\tif len(message) > math.MaxInt-aead.NonceSize()-aead.Overhead() {\n\t\treturn \"\", errors.WithStack(herodot.ErrInternalServerError.WithReason(\"plaintext too large\"))\n\t}\n\n\tnonce := make([]byte, aead.NonceSize(), aead.NonceSize()+len(message)+aead.Overhead())\n\t_, err = io.ReadFull(rand.Reader, nonce)\n\tif err != nil {\n\t\treturn \"\", errors.WithStack(herodot.ErrInternalServerError.WithWrap(err).WithReason(\"Unable to generate nonce\"))\n\t}\n\n\tencryptedMsg := aead.Seal(nonce, nonce, message, nil)\n\treturn hex.EncodeToString(encryptedMsg), nil\n}\n\n// Decrypt decrypts data using 256 bit key\nfunc (c *XChaCha20Poly1305) Decrypt(ctx context.Context, ciphertext string) ([]byte, error) {\n\tif len(ciphertext) == 0 {\n\t\treturn nil, nil\n\t}\n\n\tsecrets := c.c.SecretsCipher(ctx)\n\tif len(secrets) == 0 {\n\t\treturn nil, errors.WithStack(herodot.ErrMisconfiguration.WithReason(\"Unable to decipher the encrypted message because no cipher secrets were configured.\"))\n\t}\n\n\trawCiphertext, err := hex.DecodeString(ciphertext)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithWrap(err).WithReason(\"Unable to decode hex encrypted string\"))\n\t}\n\n\tfor i := range secrets {\n\t\taead, err := chacha20poly1305.NewX(secrets[i][:])\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(herodot.ErrInternalServerError.WithWrap(err).WithReason(\"Unable to instantiate chacha20\"))\n\t\t}\n\n\t\tif len(ciphertext) < aead.NonceSize() {\n\t\t\treturn nil, errors.WithStack(herodot.ErrInternalServerError.WithReason(\"cipher text too short\"))\n\t\t}\n\n\t\tnonce, ciphertext := rawCiphertext[:aead.NonceSize()], rawCiphertext[aead.NonceSize():]\n\t\tplaintext, err := aead.Open(nil, nonce, ciphertext, nil)\n\t\tif err == nil {\n\t\t\treturn plaintext, nil\n\t\t}\n\t}\n\n\treturn nil, errors.WithStack(herodot.ErrForbidden.WithReason(\"Unable to decrypt string\"))\n}\n" }, { "path": "cipher/cipher.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cipher\n\nimport \"context\"\n\n// Cipher provides methods for encrypt and decrypt string\ntype Cipher interface {\n\t// Encrypt encrypts the (binary) message and returns a hex-encoded binary ciphertext\n\t// or an error if the encryption failed.\n\t//\n\t// If the message is empty, the ciphertext is also empty and no error is returned.\n\tEncrypt(ctx context.Context, message []byte) (string, error)\n\n\t// Decrypt takes a hex-encoded binary ciphertext and decrypts it or returns an error if the decryption\n\t// failed.\n\t//\n\t// If the ciphertext is empty a nil byte slice is returned.\n\tDecrypt(ctx context.Context, encrypted string) ([]byte, error)\n}\n\ntype Provider interface {\n\tCipher(ctx context.Context) Cipher\n}\n\ntype SecretsProvider interface {\n\tSecretsCipher(ctx context.Context) [][32]byte\n}\n" }, { "path": "cipher/cipher_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cipher_test\n\nimport (\n\t\"context\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/cipher\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/contextx\"\n)\n\nvar goodSecret = []string{\"secret-thirty-two-character-long\"}\n\nfunc TestCipher(t *testing.T) {\n\tctx := context.Background()\n\t_, reg := pkg.NewFastRegistryWithMocks(t, configx.WithValue(config.ViperKeySecretsDefault, goodSecret))\n\n\tciphers := []cipher.Cipher{\n\t\tcipher.NewCryptAES(reg.Config()),\n\t\tcipher.NewCryptChaCha20(reg.Config()),\n\t}\n\n\tfor _, c := range ciphers {\n\t\tt.Run(fmt.Sprintf(\"cipher=%T\", c), func(t *testing.T) {\n\t\t\tt.Parallel()\n\n\t\t\tt.Run(\"case=all_work\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\ttestAllWork(ctx, t, c)\n\t\t\t})\n\n\t\t\tt.Run(\"case=encryption_failed\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{\"\"})\n\n\t\t\t\t// secret have to be set\n\t\t\t\t_, err := c.Encrypt(ctx, []byte(\"not-empty\"))\n\t\t\t\trequire.Error(t, err)\n\t\t\t\tvar hErr *herodot.DefaultError\n\t\t\t\trequire.ErrorAs(t, err, &hErr)\n\t\t\t\tassert.Equal(t, \"Unable to encrypt message because no cipher secrets were configured.\", hErr.Reason())\n\n\t\t\t\tctx = contextx.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{\"bad-length\"})\n\n\t\t\t\t// bad secret length\n\t\t\t\t_, err = c.Encrypt(ctx, []byte(\"not-empty\"))\n\t\t\t\trequire.ErrorAs(t, err, &hErr)\n\t\t\t\tassert.Equal(t, \"Unable to encrypt message because no cipher secrets were configured.\", hErr.Reason())\n\t\t\t})\n\n\t\t\tt.Run(\"case=decryption_failed\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\t_, err := c.Decrypt(ctx, hex.EncodeToString([]byte(\"bad-data\")))\n\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t_, err = c.Decrypt(ctx, \"not-empty\")\n\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t_, err = c.Decrypt(contextx.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{\"\"}), \"not-empty\")\n\t\t\t\trequire.Error(t, err)\n\t\t\t})\n\t\t})\n\t}\n\n\tc := cipher.NewNoop()\n\tt.Run(fmt.Sprintf(\"cipher=%T\", c), func(t *testing.T) {\n\t\tt.Parallel()\n\t\ttestAllWork(ctx, t, c)\n\t})\n}\n\nfunc testAllWork(ctx context.Context, t *testing.T, c cipher.Cipher) {\n\tmessage := \"my secret message!\"\n\n\tencryptedSecret, err := c.Encrypt(ctx, []byte(message))\n\trequire.NoError(t, err)\n\n\tdecryptedSecret, err := c.Decrypt(ctx, encryptedSecret)\n\trequire.NoError(t, err, \"encrypted\", encryptedSecret)\n\tassert.Equal(t, message, string(decryptedSecret))\n\n\t// data to encrypt return blank result\n\t_, err = c.Encrypt(ctx, []byte(\"\"))\n\trequire.NoError(t, err)\n\n\t// empty encrypted data return blank\n\t_, err = c.Decrypt(ctx, \"\")\n\trequire.NoError(t, err)\n}\n" }, { "path": "cipher/noop.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cipher\n\nimport (\n\t\"context\"\n\t\"encoding/hex\"\n)\n\n// Noop is default cipher implementation witch does not do encryption\ntype Noop struct{}\n\nfunc NewNoop() *Noop {\n\treturn &Noop{}\n}\n\n// Encrypt encode message to hex\nfunc (*Noop) Encrypt(_ context.Context, message []byte) (string, error) {\n\treturn hex.EncodeToString(message), nil\n}\n\n// Decrypt decode the hex message\nfunc (*Noop) Decrypt(_ context.Context, ciphertext string) ([]byte, error) {\n\treturn hex.DecodeString(ciphertext)\n}\n" }, { "path": "cmd/cleanup/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cleanup\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/x/configx\"\n)\n\nfunc NewCleanupCmd() *cobra.Command {\n\tc := &cobra.Command{\n\t\tUse: \"cleanup\",\n\t\tShort: \"Various cleanup helpers\",\n\t}\n\tconfigx.RegisterFlags(c.PersistentFlags())\n\treturn c\n}\n\nfunc RegisterCommandRecursive(parent *cobra.Command) {\n\tc := NewCleanupCmd()\n\tparent.AddCommand(c)\n\tc.AddCommand(NewCleanupSQLCmd())\n}\n" }, { "path": "cmd/cleanup/sql.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cleanup\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/ory/x/cmdx\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n\t\"github.com/ory/x/configx\"\n)\n\n// cleanupSqlCmd represents the sql command\nfunc NewCleanupSQLCmd() *cobra.Command {\n\tc := &cobra.Command{\n\t\tUse: \"sql \",\n\t\tShort: \"Cleanup sql database from expired flows and sessions\",\n\t\tLong: `Run this command as frequently as you need.\nIt is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet.\nThis decreases risk of failure and decreases time required.\nYou can read in the database URL using the -e flag, for example:\n\texport DSN=...\n\tkratos cleanup sql -e\n### WARNING ###\nBefore running this command on an existing database, create a back up!\n`,\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\terr := cliclient.NewCleanupHandler().CleanupSQL(cmd, args)\n\t\t\tif err != nil {\n\t\t\t\t_, _ = fmt.Fprintln(cmd.OutOrStdout(), err)\n\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t}\n\n\tconfigx.RegisterFlags(c.PersistentFlags())\n\tc.Flags().BoolP(\"read-from-env\", \"e\", true, \"If set, reads the database connection string from the environment variable DSN or config file key dsn.\")\n\tc.Flags().Duration(config.ViperKeyDatabaseCleanupSleepTables, time.Minute, \"How long to wait between each table cleanup\")\n\tc.Flags().IntP(config.ViperKeyDatabaseCleanupBatchSize, \"b\", 100, \"Set the number of records to be cleaned per run\")\n\tc.Flags().Duration(\"keep-last\", 0, \"Don't remove records younger than\")\n\treturn c\n}\n" }, { "path": "cmd/cleanup/sql_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cleanup\n\nimport (\n\t\"bytes\"\n\t\"io\"\n\t\"strings\"\n\t\"testing\"\n)\n\nfunc Test_ExecuteCleanupFailedDSN(t *testing.T) {\n\tcmd := NewCleanupSQLCmd()\n\tb := bytes.NewBufferString(\"\")\n\tcmd.SetOut(b)\n\tcmd.SetArgs([]string{\"--read-from-env=false\"})\n\t_ = cmd.Execute()\n\tout, err := io.ReadAll(b)\n\tif err != nil {\n\t\tt.Fatal(err)\n\t}\n\tif !strings.Contains(string(out), \"expected to get the DSN as an argument\") {\n\t\tt.Fatalf(\"expected \\\"%s\\\" got \\\"%s\\\"\", \"expected to get the DSN as an argument\", string(out))\n\t}\n\t_ = cmd.Execute()\n}\n" }, { "path": "cmd/cliclient/cleanup.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cliclient\n\nimport (\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/contextx\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/flagx\"\n)\n\ntype CleanupHandler struct{}\n\nfunc NewCleanupHandler() *CleanupHandler {\n\treturn &CleanupHandler{}\n}\n\nfunc (h *CleanupHandler) CleanupSQL(cmd *cobra.Command, args []string) error {\n\topts := []configx.OptionModifier{\n\t\tconfigx.WithFlags(cmd.Flags()),\n\t\tconfigx.SkipValidation(),\n\t}\n\n\tif !flagx.MustGetBool(cmd, \"read-from-env\") {\n\t\tif len(args) != 1 {\n\t\t\treturn errors.New(`expected to get the DSN as an argument, or the \"read-from-env\" flag`)\n\t\t}\n\t\topts = append(opts, configx.WithValue(config.ViperKeyDSN, args[0]))\n\t}\n\n\td, err := driver.NewWithoutInit(\n\t\tcmd.Context(),\n\t\tcmd.ErrOrStderr(),\n\t\tdriver.WithConfigOptions(opts...),\n\t)\n\tif len(d.Config().DSN(cmd.Context())) == 0 {\n\t\treturn errors.New(`required config value \"dsn\" was not set`)\n\t} else if err != nil {\n\t\treturn errors.Wrap(err, \"An error occurred initializing cleanup\")\n\t}\n\n\terr = d.Init(cmd.Context(), &contextx.Default{})\n\tif err != nil {\n\t\treturn errors.Wrap(err, \"An error occurred initializing cleanup\")\n\t}\n\n\tkeepLast := flagx.MustGetDuration(cmd, \"keep-last\")\n\n\terr = d.Persister().CleanupDatabase(\n\t\tcmd.Context(),\n\t\td.Config().DatabaseCleanupSleepTables(cmd.Context()),\n\t\tkeepLast,\n\t\td.Config().DatabaseCleanupBatchSize(cmd.Context()))\n\tif err != nil {\n\t\treturn errors.Wrap(err, \"An error occurred while cleaning up expired data\")\n\t}\n\n\treturn nil\n}\n" }, { "path": "cmd/cliclient/client.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cliclient\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/hashicorp/go-retryablehttp\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/spf13/pflag\"\n\n\tkratos \"github.com/ory/kratos/pkg/httpclient\"\n)\n\nconst (\n\tenvKeyEndpoint = \"KRATOS_ADMIN_URL\"\n\tFlagEndpoint = \"endpoint\"\n)\n\ntype ContextKey int\n\nconst (\n\tClientContextKey ContextKey = iota + 1\n)\n\ntype ClientContext struct {\n\tEndpoint string\n\tHTTPClient *http.Client\n}\n\nfunc NewClient(cmd *cobra.Command) (*kratos.APIClient, error) {\n\tif f, ok := cmd.Context().Value(ClientContextKey).(func(cmd *cobra.Command) (*ClientContext, error)); ok {\n\t\tcc, err := f(cmd)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tconf := kratos.NewConfiguration()\n\t\tconf.HTTPClient = cc.HTTPClient\n\t\tconf.Servers = kratos.ServerConfigurations{{URL: cc.Endpoint}}\n\t\treturn kratos.NewAPIClient(conf), nil\n\t} else if f != nil {\n\t\treturn nil, errors.Errorf(\"ClientContextKey was expected to be *client.OryKratos but it contained an invalid type %T \", f)\n\t}\n\n\tendpoint, err := cmd.Flags().GetString(FlagEndpoint)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\tif endpoint == \"\" {\n\t\tendpoint = os.Getenv(envKeyEndpoint)\n\t}\n\n\tif endpoint == \"\" {\n\t\treturn nil, errors.Errorf(\"you have to set the remote endpoint, try --help for details\")\n\t}\n\n\tu, err := url.Parse(endpoint)\n\tif err != nil {\n\t\treturn nil, errors.Wrapf(err, `could not parse the endpoint URL \"%s\"`, endpoint)\n\t}\n\n\tconf := kratos.NewConfiguration()\n\tconf.HTTPClient = retryablehttp.NewClient().StandardClient()\n\tconf.HTTPClient.Timeout = time.Second * 10\n\tconf.Servers = kratos.ServerConfigurations{{URL: u.String()}}\n\treturn kratos.NewAPIClient(conf), nil\n}\n\nfunc RegisterClientFlags(flags *pflag.FlagSet) {\n\tflags.StringP(FlagEndpoint, FlagEndpoint[:1], \"\", fmt.Sprintf(\"The URL of Ory Kratos' Admin API. Alternatively set using the %s environmental variable.\", envKeyEndpoint))\n}\n" }, { "path": "cmd/cliclient/migrate.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cliclient\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/popx\"\n\n\t\"github.com/ory/x/contextx\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/flagx\"\n)\n\ntype MigrateHandler struct{}\n\nfunc NewMigrateHandler() *MigrateHandler {\n\treturn &MigrateHandler{}\n}\n\nfunc (h *MigrateHandler) getPersister(cmd *cobra.Command, args []string, opts []driver.RegistryOption) (d driver.Registry, err error) {\n\tif flagx.MustGetBool(cmd, \"read-from-env\") {\n\t\td, err = driver.NewWithoutInit(\n\t\t\tcmd.Context(),\n\t\t\tcmd.ErrOrStderr(),\n\t\t\tdriver.WithConfigOptions(\n\t\t\t\tconfigx.WithFlags(cmd.Flags()),\n\t\t\t\tconfigx.SkipValidation(),\n\t\t\t))\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tif len(d.Config().DSN(cmd.Context())) == 0 {\n\t\t\tfmt.Println(cmd.UsageString())\n\t\t\tfmt.Println(\"\")\n\t\t\tfmt.Println(\"When using flag -e, environment variable DSN must be set\")\n\t\t\treturn nil, cmdx.FailSilently(cmd)\n\t\t}\n\t} else {\n\t\tif len(args) != 1 {\n\t\t\tfmt.Println(cmd.UsageString())\n\t\t\treturn nil, cmdx.FailSilently(cmd)\n\t\t}\n\t\td, err = driver.NewWithoutInit(\n\t\t\tcmd.Context(),\n\t\t\tcmd.ErrOrStderr(),\n\t\t\tdriver.WithConfigOptions(\n\t\t\t\tconfigx.WithFlags(cmd.Flags()),\n\t\t\t\tconfigx.SkipValidation(),\n\t\t\t\tconfigx.WithValue(config.ViperKeyDSN, args[0]),\n\t\t\t))\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\terr = d.Init(cmd.Context(), &contextx.Default{}, append(opts, driver.SkipNetworkInit)...)\n\tif err != nil {\n\t\treturn nil, errors.Wrap(err, \"an error occurred initializing migrations\")\n\t}\n\n\treturn d, nil\n}\n\nfunc (h *MigrateHandler) MigrateSQLDown(cmd *cobra.Command, args []string, opts ...driver.RegistryOption) error {\n\tp, err := h.getPersister(cmd, args, opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\treturn popx.MigrateSQLDown(cmd, p.Persister())\n}\n\nfunc (h *MigrateHandler) MigrateSQLStatus(cmd *cobra.Command, args []string, opts ...driver.RegistryOption) error {\n\tp, err := h.getPersister(cmd, args, opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\treturn popx.MigrateStatus(cmd, p.Persister())\n}\n\nfunc (h *MigrateHandler) MigrateSQLUp(cmd *cobra.Command, args []string, opts ...driver.RegistryOption) error {\n\tp, err := h.getPersister(cmd, args, opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\treturn popx.MigrateSQLUp(cmd, p.Persister())\n}\n" }, { "path": "cmd/clidoc/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"go/ast\"\n\t\"go/importer\"\n\t\"go/parser\"\n\t\"go/token\"\n\t\"go/types\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"sort\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/cmd\"\n\t\"github.com/ory/kratos/text\"\n\n\t\"github.com/ory/x/clidoc\"\n)\n\nvar (\n\taSecondAgo = time.Date(2020, 1, 1, 1, 0, 0, 0, time.UTC).Add(-time.Second)\n\tinAMinute = time.Date(2020, 1, 1, 1, 0, 0, 0, time.UTC).Add(time.Minute)\n)\n\nvar messages map[string]*text.Message\n\nfunc init() {\n\ttext.Until = func(t time.Time) time.Duration {\n\t\treturn time.Minute\n\t}\n\ttext.Since = func(time.Time) time.Duration {\n\t\treturn time.Minute\n\t}\n\n\tmessages = map[string]*text.Message{\n\t\t\"NewInfoNodeLabelVerifyOTP\": text.NewInfoNodeLabelVerifyOTP(),\n\t\t\"NewInfoNodeLabelVerificationCode\": text.NewInfoNodeLabelVerificationCode(),\n\t\t\"NewInfoNodeLabelRecoveryCode\": text.NewInfoNodeLabelRecoveryCode(),\n\t\t\"NewInfoNodeInputPassword\": text.NewInfoNodeInputPassword(),\n\t\t\"NewInfoNodeInputPhoneNumber\": text.NewInfoNodeInputPhoneNumber(),\n\t\t\"NewInfoNodeLabelGenerated\": text.NewInfoNodeLabelGenerated(\"{title}\", \"{name}\"),\n\t\t\"NewInfoNodeLabelSave\": text.NewInfoNodeLabelSave(),\n\t\t\"NewInfoNodeLabelSubmit\": text.NewInfoNodeLabelSubmit(),\n\t\t\"NewInfoNodeLabelID\": text.NewInfoNodeLabelID(),\n\t\t\"NewErrorValidationSettingsFlowExpired\": text.NewErrorValidationSettingsFlowExpired(aSecondAgo),\n\t\t\"NewInfoSelfServiceSettingsTOTPQRCode\": text.NewInfoSelfServiceSettingsTOTPQRCode(),\n\t\t\"NewInfoSelfServiceSettingsTOTPSecret\": text.NewInfoSelfServiceSettingsTOTPSecret(\"{secret}\"),\n\t\t\"NewInfoSelfServiceSettingsTOTPSecretLabel\": text.NewInfoSelfServiceSettingsTOTPSecretLabel(),\n\t\t\"NewInfoSelfServiceSettingsUpdateSuccess\": text.NewInfoSelfServiceSettingsUpdateSuccess(),\n\t\t\"NewInfoSelfServiceSettingsUpdateUnlinkTOTP\": text.NewInfoSelfServiceSettingsUpdateUnlinkTOTP(),\n\t\t\"NewInfoSelfServiceSettingsRevealLookup\": text.NewInfoSelfServiceSettingsRevealLookup(),\n\t\t\"NewInfoSelfServiceSettingsRegenerateLookup\": text.NewInfoSelfServiceSettingsRegenerateLookup(),\n\t\t\"NewInfoSelfServiceSettingsDisableLookup\": text.NewInfoSelfServiceSettingsDisableLookup(),\n\t\t\"NewInfoSelfServiceSettingsLookupConfirm\": text.NewInfoSelfServiceSettingsLookupConfirm(),\n\t\t\"NewInfoSelfServiceSettingsLookupSecretList\": text.NewInfoSelfServiceSettingsLookupSecretList([]string{\"{secrets_list}\"}, []interface{}{\n\t\t\ttext.NewInfoSelfServiceSettingsLookupSecret(\"{secret}\"),\n\t\t\ttext.NewInfoSelfServiceSettingsLookupSecretUsed(aSecondAgo),\n\t\t}),\n\t\t\"NewInfoSelfServiceSettingsLookupSecret\": text.NewInfoSelfServiceSettingsLookupSecret(\"{secret}\"),\n\t\t\"NewInfoSelfServiceSettingsLookupSecretUsed\": text.NewInfoSelfServiceSettingsLookupSecretUsed(aSecondAgo),\n\t\t\"NewInfoSelfServiceSettingsLookupSecretsLabel\": text.NewInfoSelfServiceSettingsLookupSecretsLabel(),\n\t\t\"NewInfoSelfServiceSettingsUpdateLinkOIDC\": text.NewInfoSelfServiceSettingsUpdateLinkOIDC(\"{provider}\"),\n\t\t\"NewInfoSelfServiceSettingsUpdateUnlinkOIDC\": text.NewInfoSelfServiceSettingsUpdateUnlinkOIDC(\"{provider}\"),\n\t\t\"NewInfoSelfServiceRegisterWebAuthnDisplayName\": text.NewInfoSelfServiceRegisterWebAuthnDisplayName(),\n\t\t\"NewInfoSelfServiceRemoveWebAuthn\": text.NewInfoSelfServiceRemoveWebAuthn(\"{display_name}\", aSecondAgo),\n\t\t\"NewInfoSelfServiceRemovePasskey\": text.NewInfoSelfServiceRemovePasskey(\"{display_name}\", aSecondAgo),\n\t\t\"NewErrorValidationVerificationFlowExpired\": text.NewErrorValidationVerificationFlowExpired(aSecondAgo),\n\t\t\"NewInfoSelfServiceVerificationSuccessful\": text.NewInfoSelfServiceVerificationSuccessful(),\n\t\t\"NewVerificationEmailSent\": text.NewVerificationEmailSent(),\n\t\t\"NewVerificationEmailWithCodeSent\": text.NewVerificationEmailWithCodeSent(),\n\t\t\"NewErrorValidationVerificationTokenInvalidOrAlreadyUsed\": text.NewErrorValidationVerificationTokenInvalidOrAlreadyUsed(),\n\t\t\"NewErrorValidationVerificationRetrySuccess\": text.NewErrorValidationVerificationRetrySuccess(),\n\t\t\"NewErrorValidationVerificationStateFailure\": text.NewErrorValidationVerificationStateFailure(),\n\t\t\"NewErrorValidationVerificationCodeInvalidOrAlreadyUsed\": text.NewErrorValidationVerificationCodeInvalidOrAlreadyUsed(),\n\t\t\"NewErrorSystemGeneric\": text.NewErrorSystemGeneric(\"{reason}\"),\n\t\t\"NewErrorSystemNoAuthenticationMethodsAvailable\": text.NewErrorSystemNoAuthenticationMethodsAvailable(),\n\t\t\"NewValidationErrorGeneric\": text.NewValidationErrorGeneric(\"{reason}\"),\n\t\t\"NewValidationErrorRequired\": text.NewValidationErrorRequired(\"{property}\"),\n\t\t\"NewErrorValidationMinLength\": text.NewErrorValidationMinLength(5, 3),\n\t\t\"NewErrorValidationMaxLength\": text.NewErrorValidationMaxLength(5, 6),\n\t\t\"NewErrorValidationInvalidFormat\": text.NewErrorValidationInvalidFormat(\"{pattern}\"),\n\t\t\"NewErrorValidationMinimum\": text.NewErrorValidationMinimum(5, 3),\n\t\t\"NewErrorValidationExclusiveMinimum\": text.NewErrorValidationExclusiveMinimum(5, 5),\n\t\t\"NewErrorValidationMaximum\": text.NewErrorValidationMaximum(5, 6),\n\t\t\"NewErrorValidationExclusiveMaximum\": text.NewErrorValidationExclusiveMaximum(5, 5),\n\t\t\"NewErrorValidationMultipleOf\": text.NewErrorValidationMultipleOf(7, 3),\n\t\t\"NewErrorValidationMaxItems\": text.NewErrorValidationMaxItems(3, 4),\n\t\t\"NewErrorValidationMinItems\": text.NewErrorValidationMinItems(3, 2),\n\t\t\"NewErrorValidationUniqueItems\": text.NewErrorValidationUniqueItems(0, 2),\n\t\t\"NewErrorValidationWrongType\": text.NewErrorValidationWrongType([]string{\"{allowed_types_list}\"}, \"{actual_type}\"),\n\t\t\"NewErrorValidationConst\": text.NewErrorValidationConst(\"{expected}\"),\n\t\t\"NewErrorValidationConstGeneric\": text.NewErrorValidationConstGeneric(),\n\t\t\"NewErrorValidationPasswordPolicyViolationGeneric\": text.NewErrorValidationPasswordPolicyViolationGeneric(\"{reason}\"),\n\t\t\"NewErrorValidationPasswordIdentifierTooSimilar\": text.NewErrorValidationPasswordIdentifierTooSimilar(),\n\t\t\"NewErrorValidationPasswordMinLength\": text.NewErrorValidationPasswordMinLength(6, 5),\n\t\t\"NewErrorValidationPasswordMaxLength\": text.NewErrorValidationPasswordMaxLength(72, 80),\n\t\t\"NewErrorValidationPasswordTooManyBreaches\": text.NewErrorValidationPasswordTooManyBreaches(101),\n\t\t\"NewErrorValidationPasswordNewSameAsOld\": text.NewErrorValidationPasswordNewSameAsOld(),\n\t\t\"NewErrorValidationInvalidCredentials\": text.NewErrorValidationInvalidCredentials(),\n\t\t\"NewErrorValidationDuplicateCredentials\": text.NewErrorValidationDuplicateCredentials(),\n\t\t\"NewErrorValidationDuplicateCredentialsWithHints\": text.NewErrorValidationDuplicateCredentialsWithHints([]string{\"{available_credential_types_list}\"}, []string{\"{available_oidc_providers_list}\"}, \"{credential_identifier_hint}\"),\n\t\t\"NewErrorValidationDuplicateCredentialsOnOIDCLink\": text.NewErrorValidationDuplicateCredentialsOnOIDCLink(),\n\t\t\"NewErrorValidationTOTPVerifierWrong\": text.NewErrorValidationTOTPVerifierWrong(),\n\t\t\"NewErrorValidationLookupAlreadyUsed\": text.NewErrorValidationLookupAlreadyUsed(),\n\t\t\"NewErrorValidationLookupInvalid\": text.NewErrorValidationLookupInvalid(),\n\t\t\"NewErrorValidationIdentifierMissing\": text.NewErrorValidationIdentifierMissing(),\n\t\t\"NewErrorValidationAddressNotVerified\": text.NewErrorValidationAddressNotVerified(),\n\t\t\"NewErrorValidationNoTOTPDevice\": text.NewErrorValidationNoTOTPDevice(),\n\t\t\"NewErrorValidationNoLookup\": text.NewErrorValidationNoLookup(),\n\t\t\"NewErrorValidationNoWebAuthnDevice\": text.NewErrorValidationNoWebAuthnDevice(),\n\t\t\"NewInfoLoginReAuth\": text.NewInfoLoginReAuth(),\n\t\t\"NewInfoLoginMFA\": text.NewInfoLoginMFA(),\n\t\t\"NewInfoLoginTOTPLabel\": text.NewInfoLoginTOTPLabel(),\n\t\t\"NewInfoLoginLookupLabel\": text.NewInfoLoginLookupLabel(),\n\t\t\"NewInfoLogin\": text.NewInfoLogin(),\n\t\t\"NewInfoLoginAndLink\": text.NewInfoLoginAndLink(),\n\t\t\"NewInfoLoginLinkMessage\": text.NewInfoLoginLinkMessage(\"{duplicateIdentifier}\", \"{provider}\", \"{newLoginUrl}\", []string{\"{available_credential_types_list}\"}, []string{\"{available_oidc_providers_list}\"}),\n\t\t\"NewInfoLoginTOTP\": text.NewInfoLoginTOTP(),\n\t\t\"NewInfoLoginLookup\": text.NewInfoLoginLookup(),\n\t\t\"NewInfoLoginVerify\": text.NewInfoLoginVerify(),\n\t\t\"NewInfoLoginWith\": text.NewInfoLoginWith(\"{provider}\", \"{providerID}\"),\n\t\t\"NewInfoLoginWithAndLink\": text.NewInfoLoginWithAndLink(\"{provider}\"),\n\t\t\"NewErrorValidationLoginFlowExpired\": text.NewErrorValidationLoginFlowExpired(aSecondAgo),\n\t\t\"NewErrorValidationLoginNoStrategyFound\": text.NewErrorValidationLoginNoStrategyFound(),\n\t\t\"NewErrorValidationRegistrationNoStrategyFound\": text.NewErrorValidationRegistrationNoStrategyFound(),\n\t\t\"NewErrorValidationSettingsNoStrategyFound\": text.NewErrorValidationSettingsNoStrategyFound(),\n\t\t\"NewErrorValidationRecoveryNoStrategyFound\": text.NewErrorValidationRecoveryNoStrategyFound(),\n\t\t\"NewErrorValidationVerificationNoStrategyFound\": text.NewErrorValidationVerificationNoStrategyFound(),\n\t\t\"NewInfoSelfServiceLoginWebAuthn\": text.NewInfoSelfServiceLoginWebAuthn(),\n\t\t\"NewInfoRegistration\": text.NewInfoRegistration(),\n\t\t\"NewInfoRegistrationWith\": text.NewInfoRegistrationWith(\"{provider}\", \"{providerID}\"),\n\t\t\"NewInfoRegistrationContinue\": text.NewInfoRegistrationContinue(),\n\t\t\"NewInfoRegistrationBack\": text.NewInfoRegistrationBack(),\n\t\t\"NewInfoSelfServiceChooseCredentials\": text.NewInfoSelfServiceChooseCredentials(),\n\t\t\"NewErrorValidationRegistrationFlowExpired\": text.NewErrorValidationRegistrationFlowExpired(aSecondAgo),\n\t\t\"NewErrorValidationRecoveryFlowExpired\": text.NewErrorValidationRecoveryFlowExpired(aSecondAgo),\n\t\t\"NewRecoverySuccessful\": text.NewRecoverySuccessful(inAMinute),\n\t\t\"NewRecoveryEmailSent\": text.NewRecoveryEmailSent(),\n\t\t\"NewRecoveryEmailWithCodeSent\": text.NewRecoveryEmailWithCodeSent(),\n\t\t\"NewRecoveryCodeRecoverySelectAddressSent\": text.NewRecoveryCodeRecoverySelectAddressSent(\"{masked_address}\"),\n\t\t\"NewRecoveryAskAnyRecoveryAddress\": text.NewRecoveryAskAnyRecoveryAddress(),\n\t\t\"NewRecoveryAskForFullAddress\": text.NewRecoveryAskForFullAddress(),\n\t\t\"NewRecoveryAskToChooseAddress\": text.NewRecoveryAskToChooseAddress(),\n\t\t\"NewRecoveryBack\": text.NewRecoveryBack(),\n\t\t\"NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed\": text.NewErrorValidationRecoveryTokenInvalidOrAlreadyUsed(),\n\t\t\"NewErrorValidationRecoveryCodeInvalidOrAlreadyUsed\": text.NewErrorValidationRecoveryCodeInvalidOrAlreadyUsed(),\n\t\t\"NewErrorValidationRecoveryRetrySuccess\": text.NewErrorValidationRecoveryRetrySuccess(),\n\t\t\"NewErrorValidationRecoveryStateFailure\": text.NewErrorValidationRecoveryStateFailure(),\n\t\t\"NewInfoNodeInputEmail\": text.NewInfoNodeInputEmail(),\n\t\t\"NewInfoNodeResendOTP\": text.NewInfoNodeResendOTP(),\n\t\t\"NewInfoNodeLoginAndLinkCredential\": text.NewInfoNodeLoginAndLinkCredential(),\n\t\t\"NewInfoNodeLabelContinue\": text.NewInfoNodeLabelContinue(),\n\t\t\"NewInfoSelfServiceSettingsRegisterWebAuthn\": text.NewInfoSelfServiceSettingsRegisterWebAuthn(),\n\t\t\"NewInfoSelfServiceSettingsRegisterPasskey\": text.NewInfoSelfServiceSettingsRegisterPasskey(),\n\t\t\"NewInfoLoginWebAuthnPasswordless\": text.NewInfoLoginWebAuthnPasswordless(),\n\t\t\"NewInfoSelfServiceRegistrationRegisterWebAuthn\": text.NewInfoSelfServiceRegistrationRegisterWebAuthn(),\n\t\t\"NewInfoSelfServiceContinueLoginWebAuthn\": text.NewInfoSelfServiceContinueLoginWebAuthn(),\n\t\t\"NewInfoSelfServiceLoginPasskey\": text.NewInfoSelfServiceLoginPasskey(),\n\t\t\"NewInfoSelfServiceRegistrationRegisterPasskey\": text.NewInfoSelfServiceRegistrationRegisterPasskey(),\n\t\t\"NewInfoSelfServiceLoginContinue\": text.NewInfoSelfServiceLoginContinue(),\n\t\t\"NewErrorValidationSuchNoWebAuthnUser\": text.NewErrorValidationSuchNoWebAuthnUser(),\n\t\t\"NewRegistrationEmailWithCodeSent\": text.NewRegistrationEmailWithCodeSent(),\n\t\t\"NewLoginCodeSent\": text.NewLoginCodeSent(),\n\t\t\"NewErrorValidationRegistrationCodeInvalidOrAlreadyUsed\": text.NewErrorValidationRegistrationCodeInvalidOrAlreadyUsed(),\n\t\t\"NewErrorValidationLoginCodeInvalidOrAlreadyUsed\": text.NewErrorValidationLoginCodeInvalidOrAlreadyUsed(),\n\t\t\"NewErrorValidationNoCodeUser\": text.NewErrorValidationNoCodeUser(),\n\t\t\"NewInfoNodeLabelRegistrationCode\": text.NewInfoNodeLabelRegistrationCode(),\n\t\t\"NewInfoNodeLabelLoginCode\": text.NewInfoNodeLabelLoginCode(),\n\t\t\"NewErrorValidationLoginRetrySuccessful\": text.NewErrorValidationLoginRetrySuccessful(),\n\t\t\"NewErrorValidationTraitsMismatch\": text.NewErrorValidationTraitsMismatch(),\n\t\t\"NewInfoSelfServiceLoginCode\": text.NewInfoSelfServiceLoginCode(),\n\t\t\"NewErrorValidationRegistrationRetrySuccessful\": text.NewErrorValidationRegistrationRetrySuccessful(),\n\t\t\"NewInfoSelfServiceRegistrationRegisterCode\": text.NewInfoSelfServiceRegistrationRegisterCode(),\n\t\t\"NewErrorValidationLoginLinkedCredentialsDoNotMatch\": text.NewErrorValidationLoginLinkedCredentialsDoNotMatch(),\n\t\t\"NewErrorValidationAddressUnknown\": text.NewErrorValidationAddressUnknown(),\n\t\t\"NewInfoSelfServiceLoginCodeMFA\": text.NewInfoSelfServiceLoginCodeMFA(),\n\t\t\"NewInfoLoginPassword\": text.NewInfoLoginPassword(),\n\t\t\"NewErrorValidationAccountNotFound\": text.NewErrorValidationAccountNotFound(),\n\t\t\"NewInfoSelfServiceLoginAAL2CodeAddress\": text.NewInfoSelfServiceLoginAAL2CodeAddress(\"{channel}\", \"{address}\"),\n\t\t\"NewErrorCaptchaFailed\": text.NewErrorCaptchaFailed(),\n\t\t\"NewCaptchaContainerMessage\": text.NewCaptchaContainerMessage(),\n\t\t\"NewErrorValidationEmail\": text.NewErrorValidationEmail(\"{value}\"),\n\t\t\"NewErrorValidationPhone\": text.NewErrorValidationPhone(\"{value}\"),\n\t}\n}\n\nfunc main() {\n\tif os.Args[1] == \"elements\" {\n\t\tpath, err := filepath.Abs(os.Args[2])\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(os.Stderr, \"Unable to determine absolute path for elements generation: %+v\", err)\n\t\t\tos.Exit(1)\n\t\t}\n\n\t\tif err := generateElements(path); err != nil {\n\t\t\t_, _ = fmt.Fprintf(os.Stderr, \"Unable to generate locales for elements: %+v\", err)\n\t\t\tos.Exit(1)\n\t\t}\n\t\treturn\n\t}\n\n\tif err := clidoc.Generate(cmd.NewRootCmd(nil, nil), []string{filepath.Join(os.Args[2], \"cli\")}); err != nil {\n\t\t_, _ = fmt.Fprintf(os.Stderr, \"Unable to generate CLI docs: %+v\", err)\n\t\tos.Exit(1)\n\t}\n\n\tif err := validateAllMessages(filepath.Join(os.Args[1], \"text\")); err != nil {\n\t\t_, _ = fmt.Fprintf(os.Stderr, \"Unable to validate messages: %+v\\n\", err)\n\t\tos.Exit(1)\n\t}\n\n\tsortedMessages := sortMessages()\n\tfor i := 1; i < len(sortedMessages); i++ {\n\t\tif sortedMessages[i].ID == sortedMessages[i-1].ID {\n\t\t\t_, _ = fmt.Fprintf(os.Stderr, \"Message ID %d is used more than once: %q %q\\n\", sortedMessages[i].ID, sortedMessages[i].Text, sortedMessages[i-1].Text)\n\t\t\tos.Exit(1)\n\t\t}\n\t}\n\n\tif err := writeMessages(filepath.Join(os.Args[2], \"concepts/ui-messages.md\"), sortedMessages); err != nil {\n\t\t_, _ = fmt.Fprintf(os.Stderr, \"Unable to generate message table: %+v\\n\", err)\n\t\tos.Exit(1)\n\t}\n\n\tif err := writeMessagesJson(filepath.Join(os.Args[2], \"concepts/messages.json\"), sortedMessages); err != nil {\n\t\t_, _ = fmt.Fprintf(os.Stderr, \"Unable to generate messages.json: %+v\\n\", err)\n\t\tos.Exit(1)\n\t}\n\n\tfmt.Println(\"All files have been generated and updated.\")\n}\n\nfunc codeEncode(in interface{}) string {\n\tout, err := json.MarshalIndent(in, \"\", \" \")\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(os.Stderr, \"Unable to encode to JSON: %+v\", err)\n\t\tos.Exit(1)\n\t}\n\n\treturn string(out)\n}\n\nfunc sortMessages() []*text.Message {\n\tvar toSort []*text.Message\n\tfor _, m := range messages {\n\t\ttoSort = append(toSort, m)\n\t}\n\n\tsort.Slice(toSort, func(i, j int) bool {\n\t\tif toSort[i].ID == toSort[j].ID {\n\t\t\treturn toSort[i].Text < toSort[j].Text\n\t\t}\n\t\treturn toSort[i].ID < toSort[j].ID\n\t})\n\n\treturn toSort\n}\n\nfunc writeMessages(path string, sortedMessages []*text.Message) error {\n\t//nolint:gosec\n\tcontent, err := os.ReadFile(path) // #nosec\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tvar w bytes.Buffer\n\tfor _, m := range sortedMessages {\n\t\tfmt.Fprintf(&w, `###### %s (%d)\n\n%s\n\n`, m.Text, m.ID, \"```json\\n\"+codeEncode(m)+\"\\n```\")\n\t}\n\n\tr := regexp.MustCompile(`(?s)(.*?)`)\n\tresult := r.ReplaceAllString(string(content), \"\\n\"+w.String()+\"\\n\")\n\n\tf, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600) // #nosec\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif _, err := f.WriteString(result); err != nil {\n\t\treturn err\n\t}\n\n\tif err := f.Close(); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc writeMessagesJson(path string, sortedMessages []*text.Message) error {\n\tresult := codeEncode(sortedMessages)\n\n\tf, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o644) // #nosec\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif _, err := f.WriteString(result); err != nil {\n\t\treturn err\n\t}\n\n\tif err := f.Close(); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc validateAllMessages(path string) error {\n\ttype message struct {\n\t\tID, Name string\n\t}\n\n\tusedIDs := make([]message, 0, len(messages))\n\tset := token.NewFileSet()\n\tpacks, err := parser.ParseDir(set, path, nil, 0)\n\tif err != nil {\n\t\treturn errors.Wrapf(err, \"unable to parse text directory\")\n\t}\n\tinfo := &types.Info{\n\t\tDefs: make(map[*ast.Ident]types.Object),\n\t}\n\n\t//nolint:staticcheck\n\tvar pack *ast.Package\n\tfor _, p := range packs {\n\t\tif p.Name == \"text\" {\n\t\t\tpack = p\n\t\t\tbreak\n\t\t}\n\t}\n\tallFiles := make([]*ast.File, 0)\n\tfor fn, f := range pack.Files {\n\t\tif strings.HasSuffix(fn, \"/id.go\") {\n\t\t\tallFiles = append(allFiles, f)\n\t\t}\n\t}\n\t_, err = (&types.Config{Importer: importer.Default()}).Check(\"text\", set, allFiles, info)\n\tif err != nil {\n\t\treturn err // type error\n\t}\n\n\tfor _, f := range pack.Files {\n\t\tfor _, d := range f.Decls {\n\t\t\tswitch decl := d.(type) {\n\t\t\tcase *ast.FuncDecl:\n\t\t\t\tif name := decl.Name.String(); decl.Name.IsExported() && strings.HasPrefix(name, \"New\") {\n\t\t\t\t\tif _, ok := messages[name]; !ok {\n\t\t\t\t\t\treturn errors.Errorf(\"expected to find message %s in the list for the documentation generation but could not\", name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\tcase *ast.GenDecl:\n\t\t\t\tif decl.Tok == token.CONST {\n\t\t\t\t\tfor _, spec := range decl.Specs {\n\t\t\t\t\t\tvalue := spec.(*ast.ValueSpec) // safe because decl.Tok is token.CONST\n\t\t\t\t\t\tif t, ok := value.Type.(*ast.Ident); ok {\n\t\t\t\t\t\t\tif t.Name == \"ID\" {\n\t\t\t\t\t\t\t\tfor _, name := range value.Names {\n\t\t\t\t\t\t\t\t\tc := info.ObjectOf(name)\n\t\t\t\t\t\t\t\t\tif c == nil {\n\t\t\t\t\t\t\t\t\t\treturn errors.Errorf(\"expected to find const %s in text/id.go\", name.Name)\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\tusedIDs = append(usedIDs, message{\n\t\t\t\t\t\t\t\t\t\tID: c.(*types.Const).Val().ExactString(),\n\t\t\t\t\t\t\t\t\t\tName: name.Name,\n\t\t\t\t\t\t\t\t\t})\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tsort.Slice(usedIDs, func(i, j int) bool {\n\t\treturn usedIDs[i].ID < usedIDs[j].ID\n\t})\n\tfor i := 1; i < len(usedIDs); i++ {\n\t\tif usedIDs[i].ID == usedIDs[i-1].ID {\n\t\t\treturn errors.Errorf(\"message ID %s is used more than once: %s %s\", usedIDs[i].ID, usedIDs[i].Name, usedIDs[i-1].Name)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc generateElements(messageFilePath string) error {\n\t// If the file at messageFilePath does not exist, create it\n\tf, err := os.OpenFile(messageFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644) // #nosec\n\tif err != nil {\n\t\treturn errors.Wrapf(err, \"unable to open or create message file at %s\", messageFilePath)\n\t}\n\tif err := f.Close(); err != nil {\n\t\treturn errors.Wrapf(err, \"unable to close message file at %s\", messageFilePath)\n\t}\n\n\tsortedMessages := sortMessages()\n\tif err := writeMessagesJson(messageFilePath, sortedMessages); err != nil {\n\t\treturn errors.Wrapf(err, \"unable to write messages json to %s\", messageFilePath)\n\t}\n\treturn nil\n}\n" }, { "path": "cmd/clidoc/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestMessages(t *testing.T) {\n\trequire.NoError(t, validateAllMessages(\"../../text\"))\n}\n" }, { "path": "cmd/courier/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/x/configx\"\n)\n\n// NewCourierCmd creates a new courier command\nfunc NewCourierCmd() *cobra.Command {\n\tc := &cobra.Command{\n\t\tUse: \"courier\",\n\t\tShort: \"Commands related to the Ory Kratos message courier\",\n\t}\n\tconfigx.RegisterFlags(c.PersistentFlags())\n\treturn c\n}\n\nfunc RegisterCommandRecursive(parent *cobra.Command, dOpts []driver.RegistryOption) {\n\tc := NewCourierCmd()\n\tparent.AddCommand(c)\n\tc.AddCommand(NewWatchCmd(dOpts))\n}\n" }, { "path": "cmd/courier/watch.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\t\"github.com/prometheus/client_golang/prometheus/promhttp\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/urfave/negroni\"\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/ory/graceful\"\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/prometheusx\"\n\t\"github.com/ory/x/reqlog\"\n)\n\nfunc NewWatchCmd(dOpts []driver.RegistryOption) *cobra.Command {\n\tc := &cobra.Command{\n\t\tUse: \"watch\",\n\t\tShort: \"Starts the Ory Kratos message courier\",\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tr, err := driver.New(cmd.Context(), cmd.ErrOrStderr(), append(dOpts, driver.WithConfigOptions(configx.WithFlags(cmd.Flags())))...)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\treturn StartCourier(cmd.Context(), r)\n\t\t},\n\t}\n\tc.PersistentFlags().Int(\"expose-metrics-port\", 0, \"The port to expose the metrics endpoint on (not exposed by default)\")\n\treturn c\n}\n\nfunc StartCourier(ctx context.Context, r driver.Registry) error {\n\teg, ctx := errgroup.WithContext(ctx)\n\n\tif port := r.Config().CourierExposeMetricsPort(ctx); port != 0 {\n\t\teg.Go(func() error {\n\t\t\treturn ServeMetrics(ctx, r, port)\n\t\t})\n\t}\n\n\teg.Go(func() error {\n\t\treturn Watch(ctx, r)\n\t})\n\n\treturn eg.Wait()\n}\n\nfunc ServeMetrics(ctx context.Context, r driver.Registry, port int) error {\n\tcfg := r.Config().ServeAdmin(ctx)\n\tl := r.Logger()\n\tn := negroni.New()\n\n\trouter := http.NewServeMux()\n\n\trouter.Handle(prometheusx.MetricsPrometheusPath, promhttp.Handler())\n\tn.Use(reqlog.NewMiddlewareFromLogger(l, \"admin#\"+cfg.BaseURL.String()))\n\n\tn.UseHandler(router)\n\n\tvar handler http.Handler = n\n\n\t//#nosec G112 -- the correct settings are set by graceful.WithDefaults\n\tserver := graceful.WithDefaults(&http.Server{\n\t\tAddr: configx.GetAddress(cfg.Host, port),\n\t\tHandler: handler,\n\t})\n\n\tl.WithField(\"addr\", server.Addr).Info(\"Starting the metrics httpd\")\n\tif err := graceful.GracefulContext(ctx, server.ListenAndServe, server.Shutdown); err != nil {\n\t\tl.Errorln(\"Failed to gracefully shutdown metrics httpd\")\n\t\treturn err\n\t}\n\tl.Println(\"Metrics httpd was shutdown gracefully\")\n\treturn nil\n}\n\nfunc Watch(ctx context.Context, r driver.Registry) error {\n\tctx, cancel := context.WithCancel(ctx)\n\n\tr.Logger().Println(\"Courier worker started.\")\n\tif err := graceful.Graceful(func() error {\n\t\tc, err := r.Courier(ctx)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\treturn c.Work(ctx)\n\t}, func(_ context.Context) error {\n\t\tcancel()\n\t\treturn nil\n\t}); err != nil {\n\t\tr.Logger().WithError(err).Error(\"Failed to run courier worker.\")\n\t\treturn err\n\t}\n\n\tr.Logger().Println(\"Courier worker was shutdown gracefully.\")\n\treturn nil\n}\n" }, { "path": "cmd/courier/watch_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/phayes/freeport\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/x/configx\"\n)\n\nfunc TestStartCourier(t *testing.T) {\n\tt.Run(\"case=without metrics\", func(t *testing.T) {\n\t\t_, r := pkg.NewFastRegistryWithMocks(t)\n\t\tgo func() { _ = StartCourier(t.Context(), r) }()\n\t\ttime.Sleep(time.Second)\n\t\trequire.Equal(t, r.Config().CourierExposeMetricsPort(t.Context()), 0)\n\t})\n\n\tt.Run(\"case=with metrics\", func(t *testing.T) {\n\t\tport, err := freeport.GetFreePort()\n\t\trequire.NoError(t, err)\n\t\t_, r := pkg.NewFastRegistryWithMocks(t, configx.WithValue(\"expose-metrics-port\", port))\n\t\tgo func() { _ = StartCourier(t.Context(), r) }()\n\t\ttime.Sleep(time.Second)\n\t\tres, err := http.Get(fmt.Sprintf(\"http://127.0.0.1:%d/metrics/prometheus\", port))\n\t\trequire.NoError(t, err)\n\t\trequire.Equal(t, 200, res.StatusCode)\n\t})\n}\n" }, { "path": "cmd/daemon/serve.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage daemon\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/rs/cors\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/urfave/negroni\"\n\t\"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/ory/analytics-go/v5\"\n\t\"github.com/ory/graceful\"\n\t\"github.com/ory/kratos/cmd/courier\"\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/selfservice/errorx\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/kratos/selfservice/flow/logout\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n\t\"github.com/ory/kratos/selfservice/strategy/oidc\"\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/kratos/x/nosurfx\"\n\t\"github.com/ory/x/healthx\"\n\t\"github.com/ory/x/httprouterx\"\n\t\"github.com/ory/x/metricsx\"\n\t\"github.com/ory/x/networkx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/otelx/semconv\"\n\t\"github.com/ory/x/prometheusx\"\n\t\"github.com/ory/x/reqlog\"\n\t\"github.com/ory/x/urlx\"\n)\n\nfunc init() {\n\tgraceful.DefaultShutdownTimeout = 120 * time.Second\n}\n\nvar httpMetrics = prometheusx.NewHTTPMetrics(\"kratos\", prometheusx.HTTPPrefix, config.Version, config.Commit, config.Date)\n\nfunc servePublic(ctx context.Context, r *driver.RegistryDefault, cmd *cobra.Command) (func() error, error) {\n\tcfg := r.Config().ServePublic(ctx)\n\tl := r.Logger()\n\tn := negroni.New()\n\n\tfor _, mw := range r.HTTPMiddlewares() {\n\t\tn.Use(mw)\n\t}\n\n\tpublicLogger := reqlog.NewMiddlewareFromLogger(l, \"public#\"+cfg.BaseURL.String())\n\n\tif cfg.RequestLog.DisableHealth {\n\t\tpublicLogger.ExcludePaths(healthx.AliveCheckPath, healthx.ReadyCheckPath)\n\t}\n\n\tn.UseFunc(semconv.Middleware)\n\tn.Use(publicLogger)\n\tn.Use(x.HTTPLoaderContextMiddleware(r))\n\tn.UseFunc(httprouterx.NoCacheNegroni)\n\tn.Use(sqa(ctx, cmd, r))\n\n\trouter := httprouterx.NewRouterPublic(httpMetrics)\n\tcsrf := nosurfx.NewCSRFHandler(otelx.SpanNameRecorderMiddleware(router), r)\n\n\t// we need to always load the CORS middleware even if it is disabled, to allow hot-enabling CORS\n\tn.UseFunc(func(w http.ResponseWriter, req *http.Request, next http.HandlerFunc) {\n\t\tcfg, enabled := r.Config().CORSPublic(req.Context())\n\t\tif !enabled {\n\t\t\tnext(w, req)\n\t\t\treturn\n\t\t}\n\t\tcors.New(cfg).ServeHTTP(w, req, next)\n\t})\n\n\tr.WithCSRFHandler(csrf)\n\tn.UseHandler(r.CSRFHandler())\n\n\t// Disable CSRF for these endpoints\n\tcsrf.DisablePath(healthx.AliveCheckPath)\n\tcsrf.DisablePath(healthx.ReadyCheckPath)\n\tcsrf.DisablePath(healthx.VersionPath)\n\tcsrf.DisablePath(prometheusx.MetricsPrometheusPath)\n\n\tr.RegisterPublicRoutes(ctx, router)\n\n\tvar handler http.Handler = n\n\tif tracer := r.Tracer(ctx); tracer.IsLoaded() {\n\t\thandler = otelx.NewMiddleware(handler, \"servePublic\",\n\t\t\totelhttp.WithTracerProvider(tracer.Provider()),\n\t\t)\n\t}\n\n\thandler = http.MaxBytesHandler(handler, 5*1024*1024 /* 5 MB */) // Important: this must be the outermost handler or our tracing breaks\n\n\tcertFunc, err := cfg.TLS.GetCertFunc(ctx, l, \"public\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t//#nosec G112 -- the correct settings are set by graceful.WithDefaults\n\tserver := graceful.WithDefaults(&http.Server{\n\t\tHandler: handler,\n\t\tTLSConfig: &tls.Config{GetCertificate: certFunc, MinVersion: tls.VersionTLS12},\n\t\tReadHeaderTimeout: 5 * time.Second,\n\t\tReadTimeout: 15 * time.Second,\n\t\tWriteTimeout: 60 * time.Second,\n\t\tIdleTimeout: 120 * time.Second,\n\t})\n\taddr := cfg.GetAddress()\n\n\treturn func() error {\n\t\tl.WithField(\"addr\", addr).Info(\"Starting the public httpd\")\n\t\tif err := graceful.GracefulContext(ctx, func() error {\n\t\t\tlistener, err := networkx.MakeListener(addr, &cfg.Socket)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif certFunc == nil {\n\t\t\t\treturn server.Serve(listener)\n\t\t\t}\n\t\t\treturn server.ServeTLS(listener, \"\", \"\")\n\t\t}, server.Shutdown); err != nil {\n\t\t\tif !errors.Is(err, context.Canceled) {\n\t\t\t\tl.Errorf(\"Failed to gracefully shutdown public httpd: %s\", err)\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t\tl.Println(\"Public httpd was shutdown gracefully\")\n\t\treturn nil\n\t}, nil\n}\n\nfunc serveAdmin(ctx context.Context, r *driver.RegistryDefault, cmd *cobra.Command) (func() error, error) {\n\tcfg := r.Config().ServeAdmin(ctx)\n\tl := r.Logger()\n\tn := negroni.New()\n\n\tfor _, mw := range r.HTTPMiddlewares() {\n\t\tn.Use(mw)\n\t}\n\n\tadminLogger := reqlog.NewMiddlewareFromLogger(l, \"admin#\"+cfg.BaseURL.String())\n\n\tif cfg.RequestLog.DisableHealth {\n\t\tadminLogger.ExcludePaths(\n\t\t\thttprouterx.AdminPrefix+healthx.AliveCheckPath,\n\t\t\thttprouterx.AdminPrefix+healthx.ReadyCheckPath,\n\t\t\thttprouterx.AdminPrefix+prometheusx.MetricsPrometheusPath,\n\t\t)\n\t}\n\tn.UseFunc(semconv.Middleware)\n\tn.Use(adminLogger)\n\tn.UseFunc(httprouterx.AddAdminPrefixIfNotPresentNegroni)\n\tn.UseFunc(httprouterx.NoCacheNegroni)\n\tn.Use(x.HTTPLoaderContextMiddleware(r))\n\tn.Use(sqa(ctx, cmd, r))\n\n\trouter := httprouterx.NewRouterAdminWithPrefix(httpMetrics)\n\tr.RegisterAdminRoutes(ctx, router)\n\n\tn.UseHandler(router)\n\n\tn.UseFunc(otelx.SpanNameRecorderNegroniFunc)\n\n\tvar handler http.Handler = n\n\tif tracer := r.Tracer(ctx); tracer.IsLoaded() {\n\t\thandler = otelx.NewMiddleware(handler, \"serveAdmin\",\n\t\t\totelhttp.WithTracerProvider(tracer.Provider()),\n\t\t)\n\t}\n\n\thandler = http.MaxBytesHandler(handler, 5*1024*1024 /* 5 MB */) // Important: this must be the outermost handler or our tracing breaks\n\n\tcertFunc, err := cfg.TLS.GetCertFunc(ctx, l, \"admin\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t//#nosec G112 -- the correct settings are set by graceful.WithDefaults\n\tserver := graceful.WithDefaults(&http.Server{\n\t\tHandler: handler,\n\t\tTLSConfig: &tls.Config{GetCertificate: certFunc, MinVersion: tls.VersionTLS12},\n\t\tReadHeaderTimeout: 5 * time.Second,\n\t\tReadTimeout: 30 * time.Second,\n\t\tWriteTimeout: 120 * time.Second,\n\t\tIdleTimeout: 600 * time.Second,\n\t})\n\n\taddr := cfg.GetAddress()\n\n\treturn func() error {\n\t\tl.WithField(\"addr\", addr).Info(\"Starting the admin httpd\")\n\t\tif err := graceful.GracefulContext(ctx, func() error {\n\t\t\tlistener, err := networkx.MakeListener(addr, &cfg.Socket)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif certFunc == nil {\n\t\t\t\treturn server.Serve(listener)\n\t\t\t}\n\t\t\treturn server.ServeTLS(listener, \"\", \"\")\n\t\t}, server.Shutdown); err != nil {\n\t\t\tif !errors.Is(err, context.Canceled) {\n\t\t\t\tl.Errorf(\"Failed to gracefully shutdown admin httpd: %s\", err)\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t\tl.Println(\"Admin httpd was shutdown gracefully\")\n\t\treturn nil\n\t}, nil\n}\n\nfunc sqa(ctx context.Context, cmd *cobra.Command, d driver.Registry) *metricsx.Service {\n\turls := []string{\n\t\td.Config().ServePublic(ctx).BaseURL.Host,\n\t\td.Config().ServeAdmin(ctx).BaseURL.Host,\n\t\td.Config().SelfServiceFlowLoginUI(ctx).Host,\n\t\td.Config().SelfServiceFlowSettingsUI(ctx).Host,\n\t\td.Config().SelfServiceFlowErrorURL(ctx).Host,\n\t\td.Config().SelfServiceFlowRegistrationUI(ctx).Host,\n\t\td.Config().SelfServiceFlowRecoveryUI(ctx).Host,\n\t\td.Config().ServePublic(ctx).Host,\n\t\td.Config().ServeAdmin(ctx).Host,\n\t}\n\tif c, y := d.Config().CORSPublic(ctx); y {\n\t\turls = append(urls, c.AllowedOrigins...)\n\t}\n\thost := urlx.ExtractPublicAddress(urls...)\n\n\t// Creates only ones\n\t// instance\n\treturn metricsx.New(\n\t\tcmd,\n\t\td.Logger(),\n\t\td.Config().GetProvider(ctx),\n\t\t&metricsx.Options{\n\t\t\tService: \"kratos\",\n\t\t\tDeploymentId: metricsx.Hash(d.Persister().NetworkID(ctx).String()),\n\t\t\tDBDialect: d.Persister().GetConnection(ctx).Dialect.Details().Dialect,\n\t\t\tIsDevelopment: d.Config().IsInsecureDevMode(ctx),\n\t\t\tWriteKey: \"qQlI6q8Q4WvkzTjKQSor4sHYOikHIvvi\",\n\t\t\tWhitelistedPaths: []string{\n\t\t\t\t\"/\",\n\t\t\t\thealthx.AliveCheckPath,\n\t\t\t\thealthx.ReadyCheckPath,\n\t\t\t\thealthx.VersionPath,\n\n\t\t\t\toidc.RouteBase,\n\n\t\t\t\tlogin.RouteInitBrowserFlow,\n\t\t\t\tlogin.RouteInitAPIFlow,\n\t\t\t\tlogin.RouteGetFlow,\n\t\t\t\tlogin.RouteSubmitFlow,\n\n\t\t\t\tlogout.RouteInitBrowserFlow,\n\t\t\t\tlogout.RouteSubmitFlow,\n\t\t\t\tlogout.RouteAPIFlow,\n\n\t\t\t\tregistration.RouteInitBrowserFlow,\n\t\t\t\tregistration.RouteInitAPIFlow,\n\t\t\t\tregistration.RouteGetFlow,\n\t\t\t\tregistration.RouteSubmitFlow,\n\n\t\t\t\tsession.RouteWhoami,\n\n\t\t\t\thttprouterx.AdminPrefix + \"/\" + schema.SchemasPath,\n\t\t\t\thttprouterx.AdminPrefix + identity.RouteCollection,\n\n\t\t\t\tsettings.RouteInitBrowserFlow,\n\t\t\t\tsettings.RouteInitAPIFlow,\n\t\t\t\tsettings.RouteGetFlow,\n\t\t\t\tsettings.RouteSubmitFlow,\n\n\t\t\t\tverification.RouteInitAPIFlow,\n\t\t\t\tverification.RouteInitBrowserFlow,\n\t\t\t\tverification.RouteGetFlow,\n\t\t\t\tverification.RouteSubmitFlow,\n\n\t\t\t\trecovery.RouteInitAPIFlow,\n\t\t\t\trecovery.RouteInitBrowserFlow,\n\t\t\t\trecovery.RouteGetFlow,\n\t\t\t\trecovery.RouteSubmitFlow,\n\n\t\t\t\tlink.RouteAdminCreateRecoveryLink,\n\n\t\t\t\terrorx.RouteGet,\n\t\t\t\tprometheusx.MetricsPrometheusPath,\n\t\t\t},\n\t\t\tBuildVersion: config.Version,\n\t\t\tBuildHash: config.Commit,\n\t\t\tBuildTime: config.Date,\n\t\t\tConfig: &analytics.Config{\n\t\t\t\tEndpoint: \"https://sqa.ory.sh\",\n\t\t\t\tGzipCompressionLevel: 6,\n\t\t\t\tBatchMaxSize: 500 * 1000,\n\t\t\t\tBatchSize: 1000,\n\t\t\t\tInterval: time.Hour * 6,\n\t\t\t},\n\t\t\tHostname: host,\n\t\t},\n\t)\n}\n\nfunc courierTask(ctx context.Context, d driver.Registry) func() error {\n\treturn func() error {\n\t\tif d.Config().IsBackgroundCourierEnabled(ctx) {\n\t\t\treturn courier.Watch(ctx, d)\n\t\t}\n\t\treturn nil\n\t}\n}\n\nfunc ServeAll(d *driver.RegistryDefault) func(cmd *cobra.Command, args []string) error {\n\treturn func(cmd *cobra.Command, _ []string) error {\n\t\tctx := cmd.Context()\n\t\tg, ctx := errgroup.WithContext(ctx)\n\t\tcmd.SetContext(ctx)\n\n\t\t// construct all tasks upfront to avoid race conditions\n\t\tpublicSrv, err := servePublic(ctx, d, cmd)\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tadminSrv, err := serveAdmin(ctx, d, cmd)\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\ttasks := []func() error{\n\t\t\tpublicSrv,\n\t\t\tadminSrv,\n\t\t\tcourierTask(ctx, d),\n\t\t}\n\t\tfor _, task := range tasks {\n\t\t\tg.Go(task)\n\t\t}\n\t\treturn g.Wait()\n\t}\n}\n" }, { "path": "cmd/daemon/serve_test.go", "content": "// Copyright © 2026 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage daemon\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/phayes/freeport\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestMetricsRouterPaths(t *testing.T) {\n\t// TODO refactor this test to be parallelizable once we rewrite the server setup to be properly testable\n\tports, err := freeport.GetFreePorts(2)\n\trequire.NoError(t, err)\n\tadminPort, publicPort := ports[0], ports[1]\n\tcmd := &cobra.Command{}\n\tcmd.Flags().Bool(\"sqa-opt-out\", true, \"\")\n\t_, reg := pkg.NewFastRegistryWithMocks(t, configx.WithValues(map[string]any{\n\t\t\"serve.admin.port\": adminPort,\n\t\t\"serve.public.port\": publicPort,\n\t}))\n\n\tstartAdmin, err := serveAdmin(t.Context(), reg, cmd)\n\trequire.NoError(t, err)\n\tstartPublic, err := servePublic(t.Context(), reg, cmd)\n\trequire.NoError(t, err)\n\teg, _ := errgroup.WithContext(t.Context())\n\teg.Go(startAdmin)\n\teg.Go(startPublic)\n\n\trequire.EventuallyWithT(t, func(t *assert.CollectT) {\n\t\tresp, err := http.Get(fmt.Sprintf(\"http://127.0.0.1:%d/health/ready\", publicPort))\n\t\trequire.NoError(t, err)\n\t\tbody, err := io.ReadAll(resp.Body)\n\t\trequire.NoError(t, err)\n\t\tassert.Equalf(t, http.StatusOK, resp.StatusCode, \"%s\", body)\n\t}, 2*time.Second, 10*time.Millisecond)\n\n\t// Make some requests that should be recorded in the metrics\n\treq, _ := http.NewRequest(http.MethodDelete, fmt.Sprintf(\"http://127.0.0.1:%d/sessions/session-id\", publicPort), nil)\n\t_, err = http.DefaultClient.Do(req)\n\trequire.NoError(t, err)\n\t_, err = http.Get(fmt.Sprintf(\"http://127.0.0.1:%d/admin/identities/some-id/sessions\", adminPort))\n\trequire.NoError(t, err)\n\n\tres, err := http.Get(fmt.Sprintf(\"http://127.0.0.1:%d/admin/metrics/prometheus\", adminPort))\n\trequire.NoError(t, err)\n\trequire.EqualValues(t, http.StatusOK, res.StatusCode)\n\trespBody, err := io.ReadAll(res.Body)\n\tbody := string(respBody)\n\n\trequire.NoError(t, err)\n\tassert.Contains(t, body, `endpoint=\"/sessions/{param}\"`)\n\tassert.Contains(t, body, `endpoint=\"/admin/identities/{param}/sessions\"`)\n}\n" }, { "path": "cmd/hashers/argon2/calibrate.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage argon2\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"runtime\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/ory/x/cmdx\"\n\n\t\"github.com/fatih/color\"\n\t\"github.com/inhies/go-bytesize\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/hash\"\n)\n\nconst (\n\tFlagStartMemory = \"start-memory\"\n\tFlagMaxMemory = \"max-memory\"\n\tFlagAdjustMemory = \"adjust-memory-by\"\n\tFlagStartIterations = \"start-iterations\"\n\tFlagMaxConcurrent = \"max-concurrent\"\n\n\tFlagRuns = \"probe-runs\"\n)\n\ntype (\n\tcolorWriter struct {\n\t\tc *color.Color\n\t\tw io.Writer\n\t}\n\tloadResult struct {\n\t\tr *resultTable\n\t\tv *config.Argon2\n\t}\n\tloadResults []*loadResult\n)\n\nvar _ cmdx.Table = loadResults{}\n\nfunc (l loadResults) Header() []string {\n\treturn append((&resultTable{}).Header(), \"MEMOry PARAM\", \"ITERATIONS PARAM\")\n}\n\nfunc (l loadResults) Table() [][]string {\n\tt := make([][]string, len(l))\n\n\tfor i, r := range l {\n\t\tt[i] = append(r.r.Columns(), fmt.Sprintf(\"%d\", r.v.Memory), fmt.Sprintf(\"%d\", r.v.Iterations))\n\t}\n\n\treturn t\n}\n\nfunc (l loadResults) Interface() interface{} {\n\treturn l\n}\n\nfunc (l loadResults) Len() int {\n\treturn len(l)\n}\n\nfunc (c *colorWriter) Write(o []byte) (int, error) {\n\treturn c.c.Fprintf(c.w, \"%s\", o)\n}\n\nfunc newCalibrateCmd() *cobra.Command {\n\tvar (\n\t\tmaxMemory, adjustMemory bytesize.ByteSize = 0, 512 * bytesize.MB\n\t\truns int\n\t)\n\n\tflagConfig := &argon2Config{\n\t\tlocalConfig: config.Argon2{},\n\t}\n\n\tcmd := &cobra.Command{\n\t\tUse: \"calibrate \",\n\t\tArgs: cobra.ExactArgs(1),\n\t\tShort: \"Computes Optimal Argon2 Parameters\",\n\t\tLong: `This command helps you calibrate the configuration parameters for Argon2. Password hashing is a trade-off between security, resource consumption, and user experience. Resource consumption should not be too high and the login should not take too long.\n\nWe recommend that the login process takes between half a second and one second for password hashing, giving a good balance between security and user experience.\n\nPlease note that the values depend on the machine you run the hashing on. If you have RAM constraints, please set the memory dedicated to Ory Kratos to avoid out of memory panics.`,\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tprogressPrinter := cmdx.NewLoudErrPrinter(cmd)\n\t\t\tresultPrinter := cmdx.NewLoudPrinter(cmd, &colorWriter{c: color.New(color.FgGreen), w: cmd.ErrOrStderr()})\n\n\t\t\tconf, err := configProvider(cmd, flagConfig)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\t// always take start flags, or their default\n\t\t\tconf.localConfig.Memory = flagConfig.localConfig.Memory\n\t\t\tconf.localConfig.Iterations = flagConfig.localConfig.Iterations\n\n\t\t\tdesiredDuration := conf.localConfig.ExpectedDuration\n\n\t\t\treqPerMin, err := strconv.ParseInt(args[0], 0, 0)\n\t\t\tif err != nil {\n\t\t\t\t// we want the error and usage string printed so just return\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\thasher := hash.NewHasherArgon2(conf)\n\n\t\t\tvar currentDuration time.Duration\n\n\t\t\t_, _ = progressPrinter.Printf(\"Increasing memory to get over %s:\\n\", desiredDuration)\n\n\t\t\tfor {\n\t\t\t\tif maxMemory != 0 && conf.localConfig.Memory > maxMemory {\n\t\t\t\t\t// don't further increase memory\n\t\t\t\t\t_, _ = progressPrinter.Println(\" ouch, hit the memory limit there\")\n\t\t\t\t\tconf.localConfig.Memory = maxMemory\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tcurrentDuration, err = probe(cmd, hasher, runs, progressPrinter)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\t_, _ = progressPrinter.Printf(\" took %s with %s of memory\\n\", currentDuration, conf.localConfig.Memory)\n\n\t\t\t\tif currentDuration > desiredDuration {\n\t\t\t\t\tif conf.localConfig.Memory <= adjustMemory {\n\t\t\t\t\t\t// adjusting the memory would now result in <= 0B\n\t\t\t\t\t\tadjustMemory = adjustMemory >> 1\n\t\t\t\t\t}\n\t\t\t\t\tconf.localConfig.Memory -= adjustMemory\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\t// adjust config\n\t\t\t\tconf.localConfig.Memory += adjustMemory\n\t\t\t}\n\n\t\t\t_, _ = progressPrinter.Printf(\"Decreasing memory to get under %s:\\n\", desiredDuration)\n\n\t\t\tfor {\n\t\t\t\tcurrentDuration, err = probe(cmd, hasher, runs, progressPrinter)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\t_, _ = progressPrinter.Printf(\" took %s with %s of memory\\n\", currentDuration, conf.localConfig.Memory)\n\n\t\t\t\tif currentDuration < desiredDuration {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tfor conf.localConfig.Memory <= adjustMemory {\n\t\t\t\t\t// adjusting the memory would now result in <= 0B\n\t\t\t\t\tadjustMemory = adjustMemory >> 1\n\t\t\t\t}\n\n\t\t\t\t// adjust config\n\t\t\t\tconf.localConfig.Memory -= adjustMemory\n\t\t\t}\n\n\t\t\t_, _ = resultPrinter.Printf(\"Settled on %s of memory.\\n\", conf.localConfig.Memory)\n\t\t\t_, _ = progressPrinter.Printf(\"Increasing iterations to get over %s:\\n\", desiredDuration)\n\n\t\t\tfor {\n\t\t\t\tcurrentDuration, err = probe(cmd, hasher, runs, progressPrinter)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\t_, _ = progressPrinter.Printf(\" took %s with %d iterations\\n\", currentDuration, conf.localConfig.Iterations)\n\n\t\t\t\tif currentDuration > desiredDuration {\n\t\t\t\t\tif conf.localConfig.Iterations > 1 {\n\t\t\t\t\t\tconf.localConfig.Iterations -= 1\n\t\t\t\t\t}\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\t// adjust config\n\t\t\t\tconf.localConfig.Iterations += 1\n\t\t\t}\n\n\t\t\t_, _ = progressPrinter.Printf(\"Decreasing iterations to get under %s:\\n\", desiredDuration)\n\n\t\t\tfor {\n\t\t\t\tcurrentDuration, err = probe(cmd, hasher, runs, progressPrinter)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\t_, _ = progressPrinter.Printf(\" took %s with %d iterations\\n\", currentDuration, conf.localConfig.Iterations)\n\n\t\t\t\t// break also when iterations is 1; this catches the case where 1 was only slightly under the desired time and took longer a bit longer on another run\n\t\t\t\tif currentDuration < desiredDuration || conf.localConfig.Iterations == 1 {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\t// adjust config\n\t\t\t\tconf.localConfig.Iterations -= 1\n\t\t\t}\n\t\t\t_, _ = resultPrinter.Printf(\"Settled on %d iterations.\\n\", conf.localConfig.Iterations)\n\n\t\t\tresults := make(loadResults, 5)\n\t\t\tfor i := 0; i < len(results); i++ {\n\t\t\t\t_, _ = progressPrinter.Printf(\"\\nRunning load test to simulate %d login requests per minute.\\n\", reqPerMin)\n\n\t\t\t\tres, err := runLoadTest(cmd, conf, int(reqPerMin))\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\tcv, _ := conf.HasherArgon2()\n\t\t\t\tccv := *cv\n\t\t\t\tresults[i] = &loadResult{r: res, v: &ccv}\n\n\t\t\t\t_, _ = progressPrinter.Println(\"The load test result is:\")\n\t\t\t\t_, _ = progressPrinter.Println()\n\t\t\t\tcmdx.PrintRow(cmd, res)\n\n\t\t\t\tswitch {\n\t\t\t\t// too fast\n\t\t\t\tcase res.MedianTime < conf.localConfig.ExpectedDuration:\n\t\t\t\t\t_, _ = progressPrinter.Printf(\"The median was %s under the minimal duration of %s, going to increase the hash cost.\\n\", conf.localConfig.ExpectedDuration-res.MedianTime, conf.localConfig.ExpectedDuration)\n\n\t\t\t\t\t// try to increase memory first\n\t\t\t\t\tif res.MaxMem+64*bytesize.MB < maxMemory {\n\t\t\t\t\t\t// only small amounts of memory are sensible as we already benchmarked a single, non-concurrent request\n\t\t\t\t\t\tconf.localConfig.Memory += 64 * bytesize.MB\n\t\t\t\t\t\t_, _ = progressPrinter.Printf(\"Increasing memory to %s\\n\", conf.localConfig.Memory)\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// increasing memory is not allowed by maxMemory, therefore increase CPU load\n\t\t\t\t\t\tconf.localConfig.Iterations++\n\t\t\t\t\t\t_, _ = progressPrinter.Printf(\"Increasing iterations to %d\\n\", conf.localConfig.Iterations)\n\t\t\t\t\t}\n\t\t\t\t// too much memory\n\t\t\t\tcase res.MaxMem > conf.localConfig.DedicatedMemory:\n\t\t\t\t\t_, _ = progressPrinter.Printf(\"The required memory was %s more than the maximum allowed of %s.\\n\", res.MaxMem-maxMemory, conf.localConfig.DedicatedMemory)\n\n\t\t\t\t\t//nolint:gosec // disable G115\n\t\t\t\t\tconf.localConfig.Memory -= (res.MaxMem - conf.localConfig.DedicatedMemory) / bytesize.ByteSize(reqPerMin)\n\t\t\t\t\t_, _ = progressPrinter.Printf(\"Decreasing memory to %s\\n\", conf.localConfig.Memory)\n\t\t\t\t// too slow\n\t\t\t\tcase res.MaxTime > conf.localConfig.ExpectedDeviation+conf.localConfig.ExpectedDuration:\n\t\t\t\t\t_, _ = progressPrinter.Printf(\"The longest request took %s longer than the longest acceptable time of %s, going to decrease the hash cost.\\n\", res.MaxTime-conf.localConfig.ExpectedDeviation+conf.localConfig.ExpectedDuration, conf.localConfig.ExpectedDeviation+conf.localConfig.ExpectedDuration)\n\n\t\t\t\t\t// try to decrease iterations first\n\t\t\t\t\tif conf.localConfig.Iterations > 1 {\n\t\t\t\t\t\tconf.localConfig.Iterations--\n\t\t\t\t\t\t_, _ = progressPrinter.Printf(\"Decreasing iterations to %d\\n\", conf.localConfig.Iterations)\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// decreasing iterations is not possible anymore, decreasing memory\n\t\t\t\t\t\t// only small amounts of memory are sensible as we already benchmarked a single, non-concurrent request\n\t\t\t\t\t\tconf.localConfig.Memory -= 64 * bytesize.MB\n\t\t\t\t\t\t_, _ = progressPrinter.Printf(\"Decreasing memory to %s\\n\", conf.localConfig.Memory)\n\t\t\t\t\t}\n\t\t\t\t// too high deviation\n\t\t\t\tcase res.StdDev > conf.localConfig.ExpectedDeviation:\n\t\t\t\t\t_, _ = progressPrinter.Printf(\"The deviation was %s more than the expected deviation of %s.\\n\", res.StdDev-conf.localConfig.ExpectedDeviation, conf.localConfig.ExpectedDeviation)\n\n\t\t\t\t\t// try to decrease iterations first\n\t\t\t\t\tif conf.localConfig.Iterations > 1 {\n\t\t\t\t\t\tconf.localConfig.Iterations--\n\t\t\t\t\t\t_, _ = progressPrinter.Printf(\"Decreasing iterations to %d\\n\", conf.localConfig.Iterations)\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// decreasing iterations is not possible anymore, decreasing memory\n\t\t\t\t\t\t// only small amounts of memory are sensible as we already benchmarked a single, non-concurrent request\n\t\t\t\t\t\tconf.localConfig.Memory -= 64 * bytesize.MB\n\t\t\t\t\t\t_, _ = progressPrinter.Printf(\"Decreasing memory to %s\\n\", conf.localConfig.Memory)\n\t\t\t\t\t}\n\t\t\t\t// all values seem reasonable\n\t\t\t\tdefault:\n\t\t\t\t\t_, _ = progressPrinter.Println(\"These values look good to me.\")\n\t\t\t\t\t_, _ = progressPrinter.Println()\n\t\t\t\t\tcmdx.PrintRow(cmd, conf)\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"Could not automatically determine good parameters. Have a look at all the measurements taken and select acceptable values yourself. Have a look in the docs for more information: https://www.ory.sh/kratos/docs/debug/performance-out-of-memory-password-hashing-argon2\")\n\t\t\tcmdx.PrintTable(cmd, results)\n\t\t\treturn nil\n\t\t},\n\t}\n\n\tflags := cmd.Flags()\n\n\tflags.IntVarP(&runs, FlagRuns, \"r\", 2, \"Runs per probe, median of all runs is taken as the result.\")\n\n\tflags.VarP(&flagConfig.localConfig.Memory, FlagStartMemory, \"m\", \"Amount of memory to start probing at.\")\n\tflags.Var(&maxMemory, FlagMaxMemory, \"Maximum memory allowed (0 means no limit).\")\n\tflags.Var(&adjustMemory, FlagAdjustMemory, \"Amount by which the memory is adjusted in every step while probing.\")\n\n\tflags.Uint32VarP(&flagConfig.localConfig.Iterations, FlagStartIterations, \"i\", 1, \"Number of iterations to start probing at.\")\n\n\tflags.Uint8(FlagMaxConcurrent, 16, \"Maximum number of concurrent hashing operations.\")\n\n\tregisterArgon2ConstantConfigFlags(flags, flagConfig)\n\tcmdx.RegisterFormatFlags(flags)\n\tconfigx.RegisterFlags(flags)\n\n\treturn cmd\n}\n\nfunc probe(cmd *cobra.Command, hasher hash.Hasher, runs int, progressPrinter *cmdx.ConditionalPrinter) (time.Duration, error) {\n\t// force GC at the start of the experiment\n\truntime.GC()\n\n\tstart := time.Now()\n\n\tvar mid time.Time\n\tfor i := 0; i < runs; i++ {\n\t\tmid = time.Now()\n\t\t_, err := hasher.Generate(cmd.Context(), []byte(\"password\"))\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not generate a hash: %s\\n\", err)\n\t\t\treturn 0, cmdx.FailSilently(cmd)\n\t\t}\n\n\t\t_, _ = progressPrinter.Printf(\" took %s in try %d\\n\", time.Since(mid), i)\n\t}\n\treturn time.Duration(int64(time.Since(start)) / int64(runs)), nil\n}\n" }, { "path": "cmd/hashers/argon2/hash.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage argon2\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/flagx\"\n)\n\nconst (\n\tFlagParallel = \"parallel\"\n)\n\nfunc newHashCmd() *cobra.Command {\n\tflagConfig := &argon2Config{}\n\n\tcmd := &cobra.Command{\n\t\tUse: \"hash [ ...]\",\n\t\tShort: \"Hash a list of passwords for benchmarking the hashing parameters\",\n\t\tArgs: cobra.MinimumNArgs(1),\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tconf, err := configProvider(cmd, flagConfig)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tflagConfig.ctx = cmd.Context()\n\n\t\t\thasher := hash.NewHasherArgon2(conf)\n\t\t\thashes := make([][]byte, len(args))\n\t\t\terrs := make(chan error, len(args))\n\n\t\t\tstart := time.Now()\n\n\t\t\tfor i, pw := range args {\n\t\t\t\tgo func(i int, pw string) {\n\t\t\t\t\tstart := time.Now()\n\t\t\t\t\th, err := hasher.Generate(cmd.Context(), []byte(pw))\n\t\t\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"password %d: %s\\n\", i, time.Since(start))\n\n\t\t\t\t\thashes[i] = h\n\t\t\t\t\terrs <- err\n\t\t\t\t}(i, pw)\n\n\t\t\t\tif !flagx.MustGetBool(cmd, FlagParallel) {\n\t\t\t\t\tif err := <-errs; err != nil {\n\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not generate hash: %s\\n\", err.Error())\n\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif flagx.MustGetBool(cmd, FlagParallel) {\n\t\t\t\tfor i := 0; i < len(args); i++ {\n\t\t\t\t\tif err := <-errs; err != nil {\n\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not generate hash: %s\\n\", err.Error())\n\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"total: %s\\n\", time.Since(start))\n\t\t\treturn nil\n\t\t},\n\t}\n\n\tflags := cmd.Flags()\n\n\tflags.Bool(FlagParallel, false, \"Run all hashing operations in parallel.\")\n\n\tregisterArgon2ConfigFlags(flags, flagConfig)\n\tconfigx.RegisterFlags(flags)\n\n\treturn cmd\n}\n" }, { "path": "cmd/hashers/argon2/loadtest.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage argon2\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"math/rand\"\n\t\"runtime\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/ory/x/flagx\"\n\n\t\"github.com/fatih/color\"\n\t\"github.com/inhies/go-bytesize\"\n\t\"github.com/montanaflynn/stats\"\n\t\"github.com/spf13/cobra\"\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/configx\"\n)\n\ntype resultTable struct {\n\tTotalTime time.Duration `json:\"total_time\"`\n\tMedianTime time.Duration `json:\"median_request_time\"`\n\tStdDev time.Duration `json:\"std_deviation\"`\n\tMinTime time.Duration `json:\"min_request_time\"`\n\tMaxTime time.Duration `json:\"max_request_time\"`\n\tMaxMem bytesize.ByteSize `json:\"mem_used\"`\n}\n\nvar (\n\tErrSampleTimeExceeded = fmt.Errorf(\"the sample time was exceeded\")\n\tErrMemoryConsumptionExceeded = fmt.Errorf(\"the memory consumption was exceeded\")\n\n\t_ cmdx.TableRow = &resultTable{}\n)\n\nfunc (r *resultTable) Header() []string {\n\treturn []string{\"TOTAL SAMPLE TIME\", \"MEDIAN REQUEST TIME\", \"STANDARD DEVIATION\", \"MIN REQUEST TIME\", \"MAX REQUEST TIME\", \"MEMOry USED\"}\n}\n\nfunc (r *resultTable) Columns() []string {\n\treturn []string{\n\t\tr.TotalTime.String(),\n\t\tr.MedianTime.String(),\n\t\tr.StdDev.String(),\n\t\tr.MinTime.String(),\n\t\tr.MaxTime.String(),\n\t\tr.MaxMem.String(),\n\t}\n}\n\nfunc (r *resultTable) Interface() interface{} {\n\treturn r\n}\n\nfunc newLoadTestCmd() *cobra.Command {\n\tflagConf := &argon2Config{}\n\n\tcmd := &cobra.Command{\n\t\tUse: \"load-test \",\n\t\tShort: \"Simulate the password hashing with a number of concurrent requests/minute.\",\n\t\tLong: \"Simulates a number of concurrent authentication requests per minute. Gives statistical data about the measured performance and resource consumption. Can be used to tune and test the hashing parameters for peak demand situations.\",\n\t\tArgs: cobra.ExactArgs(1),\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tperMinute, err := strconv.ParseInt(args[0], 0, 0)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tflagConf.ctx = cmd.Context()\n\n\t\t\tconf, err := configProvider(cmd, flagConf)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif !flagx.MustGetBool(cmd, cmdx.FlagQuiet) {\n\t\t\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"The hashing configuration used is:\")\n\t\t\t\tcmdx.PrintRow(cmd, conf)\n\t\t\t}\n\n\t\t\tres, err := runLoadTest(cmd, conf, int(perMinute))\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tcmdx.PrintRow(cmd, res)\n\t\t\treturn nil\n\t\t},\n\t}\n\n\tregisterArgon2ConfigFlags(cmd.Flags(), flagConf)\n\tconfigx.RegisterFlags(cmd.Flags())\n\tcmdx.RegisterFormatFlags(cmd.Flags())\n\n\treturn cmd\n}\n\nfunc runLoadTest(cmd *cobra.Command, conf *argon2Config, reqPerMin int) (*resultTable, error) {\n\t// force GC at the start of the experiment\n\truntime.GC()\n\n\tsampleTime := time.Minute / 3\n\treqNum := reqPerMin / int(time.Minute/sampleTime)\n\n\tprogressPrinter := cmdx.NewLoudErrPrinter(cmd)\n\t_, _ = progressPrinter.Printf(\"It takes about %s to collect all necessary data, please be patient.\\n\", sampleTime)\n\n\tctx, cancel := context.WithCancel(cmd.Context())\n\thasher := hash.NewHasherArgon2(conf)\n\tallDone := make(chan struct{})\n\tstartAll := time.Now()\n\tvar cancelReason error\n\n\tvar memStats []uint64\n\tgo func() {\n\t\tclock := time.NewTicker(time.Second)\n\t\tdefer func() {\n\t\t\tclock.Stop()\n\t\t}()\n\n\t\tfor {\n\t\t\tselect {\n\t\t\tcase <-cmd.Context().Done():\n\t\t\t\treturn\n\t\t\tcase <-allDone:\n\t\t\t\treturn\n\t\t\tcase <-clock.C:\n\t\t\t\t// cancel if the allowed time is exceeded by 110%\n\t\t\t\tif time.Since(startAll) > ((sampleTime+conf.localConfig.ExpectedDuration+conf.localConfig.ExpectedDeviation)/100)*110 {\n\t\t\t\t\tcancelReason = ErrSampleTimeExceeded\n\t\t\t\t\tcancel()\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tms := runtime.MemStats{}\n\t\t\t\truntime.ReadMemStats(&ms)\n\n\t\t\t\t// cancel if memory is exceeded by 110%\n\t\t\t\tif ms.HeapAlloc > (uint64(conf.localConfig.DedicatedMemory)/100)*110 {\n\t\t\t\t\tcancelReason = ErrMemoryConsumptionExceeded\n\t\t\t\t\tcancel()\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tmemStats = append(memStats, ms.HeapAlloc)\n\t\t\t}\n\t\t}\n\t}()\n\n\tgo func() {\n\t\t// don't read std_in when quiet\n\t\tif flagx.MustGetBool(cmd, cmdx.FlagQuiet) {\n\t\t\treturn\n\t\t}\n\n\t\tinput := make([]byte, 1)\n\t\tfor {\n\t\t\tn, err := cmd.InOrStdin().Read(input)\n\t\t\tif err != nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t\tif n != 0 {\n\t\t\t\t_, _ = color.New(color.FgRed).Fprintln(cmd.ErrOrStderr(), \"I SAID BE PATIENT!!!\")\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\tselect {\n\t\t\tcase <-allDone:\n\t\t\t\treturn\n\t\t\tcase <-cmd.Context().Done():\n\t\t\t\treturn\n\t\t\tcase <-time.After(time.Millisecond):\n\t\t\t}\n\t\t}\n\t}()\n\n\tcalcTimes := make([]time.Duration, reqNum)\n\teg, _ := errgroup.WithContext(ctx)\n\n\tfor i := 0; i < reqNum; i++ {\n\t\teg.Go(func(i int) func() error {\n\t\t\treturn func() error {\n\t\t\t\t// wait randomly before starting, max. sample time\n\t\t\t\t//#nosec G404 -- just a timeout to collect statistical data\n\t\t\t\tt := time.Duration(rand.Intn(int(sampleTime)))\n\t\t\t\ttimer := time.NewTimer(t)\n\t\t\t\tdefer timer.Stop()\n\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn nil\n\t\t\t\tcase <-timer.C:\n\t\t\t\t}\n\n\t\t\t\tstart := time.Now()\n\t\t\t\tdone := make(chan struct{})\n\t\t\t\tvar err error\n\n\t\t\t\tgo func() {\n\t\t\t\t\t_, err = hasher.Generate(ctx, []byte(\"password\"))\n\t\t\t\t\tclose(done)\n\t\t\t\t}()\n\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn nil\n\t\t\t\tcase <-done:\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tcalcTimes[i] = time.Since(start)\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t}\n\t\t}(i))\n\t}\n\n\tif err := eg.Wait(); err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Error during hashing: %+v\\n\", err)\n\t\treturn nil, cmdx.FailSilently(cmd)\n\t}\n\tswitch cancelReason {\n\tcase ErrSampleTimeExceeded:\n\t\tmemUsed, err2 := stats.LoadRawData(memStats).Max()\n\t\tif err2 != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Unexpected maths error: %+v\\nRaw Data: %+v\\n\", cancelReason, memStats)\n\t\t}\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"The hashing load test took too long. This indicates that you don't have enough resources to handle %d login requests per minute with the desired minimal time of %s. The memory used was %s. Either dedicate more CPU/memory, or decrease the hashing cost (memory and iterations parameters).\\n\", reqPerMin, conf.localConfig.ExpectedDuration, bytesize.ByteSize(memUsed))\n\t\treturn nil, cmdx.FailSilently(cmd)\n\tcase ErrMemoryConsumptionExceeded:\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"The hashing load test exceeded the memory limit of %s. This indicates that you don't have enough resources to handle %d login requests per minute with the desired minimal time of %s. Either dedicate more memory, or decrease the hashing cost (memory and iterations parameters).\\n\", conf.localConfig.DedicatedMemory, reqPerMin, conf.localConfig.ExpectedDuration)\n\t\treturn nil, cmdx.FailSilently(cmd)\n\t}\n\n\ttotalTime := time.Since(startAll)\n\tclose(allDone)\n\n\tcalcData := stats.LoadRawData(calcTimes)\n\n\tduration := func(f func() (float64, error)) time.Duration {\n\t\tv, err := f()\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Unexpected maths error: %+v\\nRaw Data: %+v\\n\", err, calcTimes)\n\t\t}\n\t\treturn time.Duration(int64(v))\n\t}\n\n\tmemUsed, err := stats.LoadRawData(memStats).Max()\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Unexpected maths error: %+v\\nRaw Data: %+v\\n\", err, memStats)\n\t}\n\n\treturn &resultTable{\n\t\tTotalTime: totalTime,\n\t\tMedianTime: duration(calcData.Mean),\n\t\tStdDev: duration(calcData.StandardDeviation),\n\t\tMinTime: duration(calcData.Min),\n\t\tMaxTime: duration(calcData.Max),\n\t\tMaxMem: bytesize.ByteSize(memUsed),\n\t}, nil\n}\n" }, { "path": "cmd/hashers/argon2/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage argon2\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"strings\"\n\n\t\"github.com/ory/x/contextx\"\n\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/logrusx\"\n)\n\nconst (\n\tFlagIterations = \"iterations\"\n\tFlagParallelism = \"parallelism\"\n\tFlagSaltLength = \"salt-length\"\n\tFlagKeyLength = \"key-length\"\n\tFlagMemory = \"memory\"\n\tFlagDedicatedMemory = \"dedicated-memory\"\n\tFlagMinimalDuration = \"min-duration\"\n\tFlagExpectedDeviation = \"expected-deviation\"\n)\n\nvar rootCmd = &cobra.Command{\n\tUse: \"argon2\",\n}\n\nfunc RegisterCommandRecursive(parent *cobra.Command) {\n\tparent.AddCommand(rootCmd)\n\n\trootCmd.AddCommand(newCalibrateCmd(), newHashCmd(), newLoadTestCmd())\n}\n\nfunc registerArgon2ConstantConfigFlags(flags *pflag.FlagSet, c *argon2Config) {\n\t// set default value first\n\tc.localConfig.DedicatedMemory = config.Argon2DefaultDedicatedMemory\n\tflags.Var(&c.localConfig.DedicatedMemory, FlagDedicatedMemory, \"Amount of memory dedicated for password hashing. Kratos will try to not consume more memory.\")\n\tflags.DurationVar(&c.localConfig.ExpectedDuration, FlagMinimalDuration, config.Argon2DefaultDuration, \"Minimal duration a hashing operation (~login request) takes.\")\n\tflags.DurationVar(&c.localConfig.ExpectedDeviation, FlagExpectedDeviation, config.Argon2DefaultDeviation, \"Expected deviation of the time a hashing operation (~login request) takes.\")\n\n\tflags.Uint8Var(&c.localConfig.Parallelism, FlagParallelism, config.Argon2DefaultParallelism, \"Number of threads to use.\")\n\n\tflags.Uint32Var(&c.localConfig.SaltLength, FlagSaltLength, config.Argon2DefaultSaltLength, \"Length of the salt in bytes.\")\n\tflags.Uint32Var(&c.localConfig.KeyLength, FlagKeyLength, config.Argon2DefaultKeyLength, \"Length of the key in bytes.\")\n}\n\nfunc registerArgon2ConfigFlags(flags *pflag.FlagSet, c *argon2Config) {\n\tflags.Uint32Var(&c.localConfig.Iterations, FlagIterations, 1, \"Number of iterations to start probing at.\")\n\n\t// set default value first\n\tc.localConfig.Memory = config.Argon2DefaultMemory\n\tflags.Var(&c.localConfig.Memory, FlagMemory, \"Memory to use.\")\n\n\tregisterArgon2ConstantConfigFlags(flags, c)\n}\n\nfunc configProvider(cmd *cobra.Command, flagConf *argon2Config) (*argon2Config, error) {\n\tl := logrusx.New(\"Ory Kratos\", config.Version)\n\tconf := &argon2Config{}\n\tvar err error\n\tconf.config, err = config.New(\n\t\tcmd.Context(),\n\t\tl,\n\t\tcmd.ErrOrStderr(),\n\t\t&contextx.Default{},\n\t\tconfigx.WithFlags(cmd.Flags()),\n\t\tconfigx.SkipValidation(),\n\t\tconfigx.WithContext(cmd.Context()),\n\t\tconfigx.WithImmutables(\"hashers\"),\n\t)\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Unable to initialize the config provider: %s\\n\", err)\n\t\treturn nil, cmdx.FailSilently(cmd)\n\t}\n\tconf.localConfig = *conf.config.HasherArgon2(cmd.Context())\n\n\tif cmd.Flags().Changed(FlagIterations) {\n\t\tconf.localConfig.Iterations = flagConf.localConfig.Iterations\n\t}\n\tif cmd.Flags().Changed(FlagParallelism) {\n\t\tconf.localConfig.Parallelism = flagConf.localConfig.Parallelism\n\t}\n\tif cmd.Flags().Changed(FlagMemory) {\n\t\tconf.localConfig.Memory = flagConf.localConfig.Memory\n\t}\n\tif cmd.Flags().Changed(FlagDedicatedMemory) {\n\t\tconf.localConfig.DedicatedMemory = flagConf.localConfig.DedicatedMemory\n\t}\n\tif cmd.Flags().Changed(FlagKeyLength) {\n\t\tconf.localConfig.KeyLength = flagConf.localConfig.KeyLength\n\t}\n\tif cmd.Flags().Changed(FlagSaltLength) {\n\t\tconf.localConfig.SaltLength = flagConf.localConfig.SaltLength\n\t}\n\tif cmd.Flags().Changed(FlagExpectedDeviation) {\n\t\tconf.localConfig.ExpectedDeviation = flagConf.localConfig.ExpectedDeviation\n\t}\n\tif cmd.Flags().Changed(FlagMinimalDuration) {\n\t\tconf.localConfig.ExpectedDuration = flagConf.localConfig.ExpectedDuration\n\t}\n\n\treturn conf, nil\n}\n\ntype (\n\targon2Config struct {\n\t\tlocalConfig config.Argon2\n\t\tconfig *config.Config\n\t\tctx context.Context\n\t}\n)\n\nvar _ cmdx.TableRow = (*argon2Config)(nil)\n\nfunc (c *argon2Config) Header() []string {\n\tvar header []string\n\n\tt := reflect.TypeOf(c.localConfig)\n\tfor i := 0; i < t.NumField(); i++ {\n\t\theader = append(header, strings.ReplaceAll(strings.ToUpper(t.Field(i).Tag.Get(\"json\")), \"_\", \" \"))\n\t}\n\n\treturn header\n}\n\nfunc (c *argon2Config) Columns() []string {\n\tconf, _ := c.HasherArgon2()\n\treturn []string{\n\t\tconf.Memory.String(),\n\t\tfmt.Sprintf(\"%d\", conf.Iterations),\n\t\tfmt.Sprintf(\"%d\", conf.Parallelism),\n\t\tfmt.Sprintf(\"%d\", conf.SaltLength),\n\t\tfmt.Sprintf(\"%d\", conf.KeyLength),\n\t\tconf.ExpectedDuration.String(),\n\t\tconf.ExpectedDeviation.String(),\n\t\tconf.DedicatedMemory.String(),\n\t}\n}\n\nfunc (c *argon2Config) Interface() interface{} {\n\ti, _ := c.HasherArgon2()\n\treturn i\n}\n\nfunc (c *argon2Config) Config() *config.Config {\n\tac, _ := c.HasherArgon2()\n\tfor k, v := range map[string]interface{}{\n\t\tconfig.ViperKeyHasherArgon2ConfigIterations: ac.Iterations,\n\t\tconfig.ViperKeyHasherArgon2ConfigMemory: ac.Memory,\n\t\tconfig.ViperKeyHasherArgon2ConfigParallelism: ac.Parallelism,\n\t\tconfig.ViperKeyHasherArgon2ConfigDedicatedMemory: ac.DedicatedMemory,\n\t\tconfig.ViperKeyHasherArgon2ConfigKeyLength: ac.KeyLength,\n\t\tconfig.ViperKeyHasherArgon2ConfigSaltLength: ac.SaltLength,\n\t\tconfig.ViperKeyHasherArgon2ConfigExpectedDuration: ac.ExpectedDuration,\n\t\tconfig.ViperKeyHasherArgon2ConfigExpectedDeviation: ac.ExpectedDeviation,\n\t} {\n\t\t_ = c.config.Set(c.ctx, k, v)\n\t}\n\treturn c.config\n}\n\nfunc (c *argon2Config) HasherArgon2() (*config.Argon2, error) {\n\tif c.localConfig.Memory == 0 {\n\t\tc.localConfig.Memory = config.Argon2DefaultMemory\n\t}\n\treturn &c.localConfig, nil\n}\n" }, { "path": "cmd/hashers/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hashers\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/hashers/argon2\"\n)\n\nfunc NewRootCmd() *cobra.Command {\n\tc := &cobra.Command{\n\t\tUse: \"hashers\",\n\t\tShort: \"This command contains helpers around hashing\",\n\t}\n\treturn c\n}\n\nfunc RegisterCommandRecursive(parent *cobra.Command) {\n\trootCmd := NewRootCmd()\n\tparent.AddCommand(rootCmd)\n\n\targon2.RegisterCommandRecursive(rootCmd)\n}\n" }, { "path": "cmd/identities/definitions.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities\n\nimport (\n\t\"strings\"\n\n\tkratos \"github.com/ory/kratos/pkg/httpclient\"\n\n\t\"github.com/ory/x/cmdx\"\n)\n\ntype (\n\toutputIdentity kratos.Identity\n\toutputIdentityCollection struct {\n\t\tIdentities []kratos.Identity `json:\"identities\"`\n\t\tNextPageToken string `json:\"next_page_token\"`\n\t\tincludePageToken bool\n\t}\n)\n\nfunc (outputIdentity) Header() []string {\n\treturn []string{\"ID\", \"VERIFIED ADDRESSES\", \"RECOVERY ADDRESSES\", \"SCHEMA ID\", \"SCHEMA URL\"}\n}\n\nfunc (i outputIdentity) Columns() []string {\n\tdata := [5]string{\n\t\ti.Id,\n\t\tcmdx.None,\n\t\tcmdx.None,\n\t\tcmdx.None,\n\t\tcmdx.None,\n\t}\n\n\taddresses := make([]string, 0, len(i.VerifiableAddresses))\n\tfor _, a := range i.VerifiableAddresses {\n\t\tif len(a.Value) > 0 {\n\t\t\taddresses = append(addresses, a.Value)\n\t\t}\n\t}\n\tdata[1] = strings.Join(addresses, \", \")\n\n\taddresses = addresses[:0]\n\tfor _, a := range i.RecoveryAddresses {\n\t\tif len(a.Value) > 0 {\n\t\t\taddresses = append(addresses, a.Value)\n\t\t}\n\t}\n\tdata[2] = strings.Join(addresses, \", \")\n\tdata[3] = i.SchemaId\n\tdata[4] = i.SchemaUrl\n\n\treturn data[:]\n}\n\nfunc (i outputIdentity) Interface() interface{} {\n\treturn i\n}\n\nfunc (outputIdentityCollection) Header() []string {\n\treturn outputIdentity{}.Header()\n}\n\nfunc (c outputIdentityCollection) Table() [][]string {\n\trows := make([][]string, len(c.Identities))\n\tfor i, ident := range c.Identities {\n\t\trows[i] = outputIdentity(ident).Columns()\n\t}\n\treturn append(rows,\n\t\t[]string{\"\"},\n\t\t[]string{\"NEXT PAGE TOKEN\", c.NextPageToken},\n\t)\n}\n\nfunc (c outputIdentityCollection) Interface() interface{} {\n\tif c.includePageToken {\n\t\treturn c\n\t}\n\treturn c.Identities\n}\n\nfunc (c *outputIdentityCollection) Len() int {\n\treturn len(c.Identities)\n}\n" }, { "path": "cmd/identities/delete.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n\t\"github.com/ory/kratos/pkg/clihelpers\"\n\t\"github.com/ory/x/cmdx\"\n)\n\nfunc NewDeleteCmd() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"delete\",\n\t\tShort: \"Delete resources\",\n\t}\n\tcmd.AddCommand(NewDeleteIdentityCmd())\n\tcliclient.RegisterClientFlags(cmd.PersistentFlags())\n\tcmdx.RegisterFormatFlags(cmd.PersistentFlags())\n\treturn cmd\n}\n\nfunc NewDeleteIdentityCmd() *cobra.Command {\n\treturn &cobra.Command{\n\t\tUse: \"identity id-0 [id-1] [id-2] [id-n]\",\n\t\tShort: \"Delete one or more identities by their ID(s)\",\n\t\tLong: fmt.Sprintf(`This command deletes one or more identities by ID. To delete an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.\n\n%s`, clihelpers.WarningJQIsComplicated),\n\t\tExample: `To delete the identity with the recovery email address \"foo@bar.com\", run:\n\n\t{{ .CommandPath }} $({{ .Root.Name }} list identities --format json | jq -r 'map(select(.recovery_addresses[].value == \"foo@bar.com\")) | .[].id')`,\n\t\tArgs: cobra.MinimumNArgs(1),\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tc, err := cliclient.NewClient(cmd)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tvar (\n\t\t\t\tdeleted = make([]cmdx.OutputIder, 0, len(args))\n\t\t\t\tfailed = make(map[string]error)\n\t\t\t)\n\n\t\t\tfor _, a := range args {\n\t\t\t\t_, err := c.IdentityAPI.DeleteIdentity(cmd.Context(), a).Execute()\n\t\t\t\tif err != nil {\n\t\t\t\t\tfailed[a] = cmdx.PrintOpenAPIError(cmd, err)\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\tdeleted = append(deleted, cmdx.OutputIder(a))\n\t\t\t}\n\n\t\t\tif len(deleted) == 1 {\n\t\t\t\tcmdx.PrintRow(cmd, &deleted[0])\n\t\t\t} else if len(deleted) > 1 {\n\t\t\t\tcmdx.PrintTable(cmd, &cmdx.OutputIderCollection{Items: deleted})\n\t\t\t}\n\n\t\t\tcmdx.PrintErrors(cmd, failed)\n\t\t\tif len(failed) != 0 {\n\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t},\n\t}\n}\n" }, { "path": "cmd/identities/delete_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities_test\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/kratos/cmd/identities\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nfunc TestDeleteCmd(t *testing.T) {\n\treg, cmd := setup(t, identities.NewDeleteIdentityCmd)\n\n\tt.Run(\"case=deletes successfully\", func(t *testing.T) {\n\t\t// create identity to delete\n\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\trequire.NoError(t, reg.Persister().CreateIdentity(context.Background(), i))\n\n\t\tstdOut := cmd.ExecNoErr(t, i.ID.String())\n\n\t\t// expect ID and no error\n\t\tassert.Equal(t, i.ID.String(), gjson.Parse(stdOut).String())\n\n\t\t// expect identity to be deleted\n\t\t_, err := reg.Persister().GetIdentity(context.Background(), i.ID, identity.ExpandNothing)\n\t\tassert.True(t, errors.Is(err, sqlcon.ErrNoRows))\n\t})\n\n\tt.Run(\"case=deletes three identities\", func(t *testing.T) {\n\t\tis, ids := makeIdentities(t, reg, 3)\n\n\t\tstdOut := cmd.ExecNoErr(t, ids...)\n\n\t\tassert.Equal(t, `[\"`+strings.Join(ids, \"\\\",\\\"\")+\"\\\"]\\n\", stdOut)\n\n\t\tfor _, i := range is {\n\t\t\t_, err := reg.Persister().GetIdentity(context.Background(), i.ID, identity.ExpandNothing)\n\t\t\tassert.Error(t, err)\n\t\t}\n\t})\n\n\tt.Run(\"case=fails with unknown ID\", func(t *testing.T) {\n\t\tstdErr := cmd.ExecExpectedErr(t, x.NewUUID().String())\n\n\t\tassert.Contains(t, stdErr, \"Unable to locate the resource\", stdErr)\n\t})\n}\n" }, { "path": "cmd/identities/get.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities\n\nimport (\n\t\"fmt\"\n\n\tkratos \"github.com/ory/kratos/pkg/httpclient\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/stringsx\"\n\n\t\"github.com/ory/kratos/pkg/clihelpers\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n)\n\nconst (\n\tFlagIncludeCreds = \"include-credentials\"\n)\n\nfunc NewGetCmd() *cobra.Command {\n\tvar cmd = &cobra.Command{\n\t\tUse: \"get\",\n\t\tShort: \"Get resources\",\n\t}\n\tcmd.AddCommand(NewGetIdentityCmd())\n\tcliclient.RegisterClientFlags(cmd.PersistentFlags())\n\tcmdx.RegisterFormatFlags(cmd.PersistentFlags())\n\treturn cmd\n}\n\nfunc NewGetIdentityCmd() *cobra.Command {\n\tvar (\n\t\tincludeCreds []string\n\t)\n\n\tcmd := &cobra.Command{\n\t\tUse: \"identity [id-1] [id-2] [id-n]\",\n\t\tShort: \"Get one or more identities by their ID(s)\",\n\t\tLong: fmt.Sprintf(`This command gets all the details about an identity. To get an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.\n\n%s`, clihelpers.WarningJQIsComplicated),\n\t\tExample: `To get the identities with the recovery email address at the domain \"ory.sh\", run:\n\n\t{{ .CommandPath }} $({{ .Root.Name }} ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith(\"@ory.sh\"))) | .[].id')`,\n\t\tArgs: cobra.MinimumNArgs(1),\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tc, err := cliclient.NewClient(cmd)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\t// we check includeCreds argument is valid\n\t\t\tfor _, opt := range includeCreds {\n\t\t\t\te := stringsx.SwitchExact(opt)\n\t\t\t\tif !e.AddCase(\"oidc\") {\n\t\t\t\t\tcmd.PrintErrln(`You have to put a valid value of credentials type to be included, try --help for details.`)\n\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tidentities := make([]kratos.Identity, 0, len(args))\n\t\t\tfailed := make(map[string]error)\n\t\t\tfor _, id := range args {\n\t\t\t\tidentity, _, err := c.IdentityAPI.\n\t\t\t\t\tGetIdentity(cmd.Context(), id).\n\t\t\t\t\tIncludeCredential(includeCreds).\n\t\t\t\t\tExecute()\n\n\t\t\t\tif x.SDKError(err) != nil {\n\t\t\t\t\tfailed[id] = cmdx.PrintOpenAPIError(cmd, err)\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tidentities = append(identities, *identity)\n\t\t\t}\n\n\t\t\tif len(identities) == 1 {\n\t\t\t\tcmdx.PrintRow(cmd, (*outputIdentity)(&identities[0]))\n\t\t\t} else if len(identities) > 1 {\n\t\t\t\tcmdx.PrintTable(cmd, &outputIdentityCollection{Identities: identities, includePageToken: false})\n\t\t\t}\n\t\t\tcmdx.PrintErrors(cmd, failed)\n\n\t\t\tif len(failed) != 0 {\n\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t}\n\n\tflags := cmd.Flags()\n\t// include credential flag to add third party tokens in returned data\n\tflags.StringArrayVarP(&includeCreds, FlagIncludeCreds, \"i\", []string{}, `Include third party tokens (only \"oidc\" supported) `)\n\treturn cmd\n}\n" }, { "path": "cmd/identities/get_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/cmd/identities\"\n\t\"github.com/ory/x/assertx\"\n\n\t\"github.com/ory/kratos/x\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n)\n\nfunc TestGetCmd(t *testing.T) {\n\treg, cmd := setup(t, identities.NewGetIdentityCmd)\n\n\tt.Run(\"case=gets a single identity\", func(t *testing.T) {\n\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\ti.MetadataPublic = []byte(`\"public\"`)\n\t\ti.MetadataAdmin = []byte(`\"admin\"`)\n\t\trequire.NoError(t, reg.Persister().CreateIdentity(context.Background(), i))\n\n\t\tstdOut := cmd.ExecNoErr(t, i.ID.String())\n\n\t\tij, err := json.Marshal(identity.WithCredentialsNoConfigAndAdminMetadataInJSON(*i))\n\t\trequire.NoError(t, err)\n\n\t\tassertx.EqualAsJSONExcept(t, json.RawMessage(ij), json.RawMessage(stdOut), []string{\"created_at\", \"updated_at\", \"AdditionalProperties\"})\n\t})\n\n\tt.Run(\"case=gets three identities\", func(t *testing.T) {\n\t\tis, ids := makeIdentities(t, reg, 3)\n\n\t\tstdOut := cmd.ExecNoErr(t, ids...)\n\n\t\tisj, err := json.Marshal(is)\n\t\trequire.NoError(t, err)\n\n\t\tassertx.EqualAsJSONExcept(t, json.RawMessage(isj), json.RawMessage(stdOut), []string{\"created_at\", \"updated_at\", \"AdditionalProperties\"})\n\t})\n\n\tt.Run(\"case=fails with unknown ID\", func(t *testing.T) {\n\t\tstdErr := cmd.ExecExpectedErr(t, x.NewUUID().String())\n\n\t\tassert.Contains(t, stdErr, \"Unable to locate the resource\", stdErr)\n\t})\n\n\tt.Run(\"case=gets a single identity with oidc credentials\", func(t *testing.T) {\n\t\tapplyCredentials := func(identifier, accessToken, refreshToken, idToken string, encrypt bool) identity.Credentials {\n\t\t\ttoJson := func(c identity.CredentialsOIDC) []byte {\n\t\t\t\tout, err := json.Marshal(&c)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\treturn out\n\t\t\t}\n\t\t\ttransform := func(token string) string {\n\t\t\t\tif encrypt {\n\t\t\t\t\ts, err := reg.Cipher(context.Background()).Encrypt(context.Background(), []byte(token))\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\treturn s\n\t\t\t\t}\n\t\t\t\treturn token\n\t\t\t}\n\t\t\treturn identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"bar:\" + identifier},\n\t\t\t\tConfig: toJson(identity.CredentialsOIDC{Providers: []identity.CredentialsOIDCProvider{\n\t\t\t\t\t{\n\t\t\t\t\t\tSubject: \"foo\",\n\t\t\t\t\t\tProvider: \"bar\",\n\t\t\t\t\t\tInitialAccessToken: transform(accessToken + \"0\"),\n\t\t\t\t\t\tInitialRefreshToken: transform(refreshToken + \"0\"),\n\t\t\t\t\t\tInitialIDToken: transform(idToken + \"0\"),\n\t\t\t\t\t\tOrganization: \"foo-org-id\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tSubject: \"baz\",\n\t\t\t\t\t\tProvider: \"zab\",\n\t\t\t\t\t\tInitialAccessToken: transform(accessToken + \"1\"),\n\t\t\t\t\t\tInitialRefreshToken: transform(refreshToken + \"1\"),\n\t\t\t\t\t\tInitialIDToken: transform(idToken + \"1\"),\n\t\t\t\t\t\tOrganization: \"bar-org-id\",\n\t\t\t\t\t},\n\t\t\t\t}}),\n\t\t\t}\n\t\t}\n\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\ti.MetadataPublic = []byte(`\"public\"`)\n\t\ti.MetadataAdmin = []byte(`\"admin\"`)\n\t\ti.SetCredentials(identity.CredentialsTypeOIDC, applyCredentials(\"uniqueIdentifier\", \"accessBar\", \"refreshBar\", \"idBar\", true))\n\t\t// duplicate identity with decrypted tokens\n\t\tdi := i.CopyWithoutCredentials()\n\t\tdi.SetCredentials(identity.CredentialsTypeOIDC, applyCredentials(\"uniqueIdentifier\", \"accessBar\", \"refreshBar\", \"idBar\", false))\n\n\t\trequire.NoError(t, reg.Persister().CreateIdentity(context.Background(), i))\n\n\t\tstdOut := cmd.ExecNoErr(t, \"--\"+identities.FlagIncludeCreds, \"oidc\", i.ID.String())\n\t\tij, err := json.Marshal(identity.WithCredentialsAndAdminMetadataInJSON(*di))\n\t\trequire.NoError(t, err)\n\n\t\tii := []string{\"id\", \"schema_url\", \"state_changed_at\", \"created_at\", \"updated_at\", \"credentials.oidc.created_at\", \"credentials.oidc.updated_at\", \"credentials.oidc.version\", \"AdditionalProperties\"}\n\t\tassertx.EqualAsJSONExcept(t, json.RawMessage(ij), json.RawMessage(stdOut), ii)\n\t})\n}\n" }, { "path": "cmd/identities/helpers.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\n\t\"github.com/spf13/cobra\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/x/cmdx\"\n)\n\nfunc parseIdentities(raw []byte) (rawIdentities []string) {\n\tres := gjson.ParseBytes(raw)\n\tif !res.IsArray() {\n\t\treturn []string{res.Raw}\n\t}\n\tres.ForEach(func(_, v gjson.Result) bool {\n\t\trawIdentities = append(rawIdentities, v.Raw)\n\t\treturn true\n\t})\n\treturn\n}\n\nfunc readIdentities(cmd *cobra.Command, args []string) (map[string]string, error) {\n\trawIdentities := make(map[string]string)\n\tif len(args) == 0 {\n\t\tfc, err := io.ReadAll(cmd.InOrStdin())\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"STD_IN: Could not read: %s\\n\", err)\n\t\t\treturn nil, cmdx.FailSilently(cmd)\n\t\t}\n\t\tfor i, id := range parseIdentities(fc) {\n\t\t\trawIdentities[fmt.Sprintf(\"STD_IN[%d]\", i)] = id\n\t\t}\n\t\treturn rawIdentities, nil\n\t}\n\tfor _, fn := range args {\n\t\tfc, err := os.ReadFile(fn) // #nosec G304 -- file is supplied by user\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"%s: Could not open identity file: %s\\n\", fn, err)\n\t\t\treturn nil, cmdx.FailSilently(cmd)\n\t\t}\n\t\tfor i, id := range parseIdentities(fc) {\n\t\t\trawIdentities[fmt.Sprintf(\"%s[%d]\", fn, i)] = id\n\t\t}\n\t}\n\treturn rawIdentities, nil\n}\n" }, { "path": "cmd/identities/helpers_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/x/cmdx\"\n\n\t\"github.com/ory/kratos/identity\"\n\n\t\"github.com/spf13/cobra\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n)\n\nfunc setup(t *testing.T, newCmd func() *cobra.Command) (*driver.RegistryDefault, *cmdx.CommandExecuter) {\n\tconf, reg := pkg.NewFastRegistryWithMocks(t)\n\t_, admin := testhelpers.NewKratosServerWithCSRF(t, reg)\n\ttesthelpers.SetDefaultIdentitySchema(conf, \"file://./stubs/identity.schema.json\")\n\t// setup command\n\treturn reg, &cmdx.CommandExecuter{\n\t\tNew: func() *cobra.Command {\n\t\t\tcmd := newCmd()\n\t\t\tcliclient.RegisterClientFlags(cmd.Flags())\n\t\t\tcmdx.RegisterFormatFlags(cmd.Flags())\n\t\t\treturn cmd\n\t\t},\n\t\tPersistentArgs: []string{\"--\" + cliclient.FlagEndpoint, admin.URL, \"--\" + cmdx.FlagFormat, string(cmdx.FormatJSON)},\n\t}\n}\n\nfunc makeIdentities(t *testing.T, reg driver.Registry, n int) (is []*identity.Identity, ids []string) {\n\tfor j := 0; j < n; j++ {\n\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\ti.MetadataPublic = []byte(`{\"foo\":\"bar\"}`)\n\t\trequire.NoError(t, reg.Persister().CreateIdentity(context.Background(), i))\n\t\tis = append(is, i)\n\t\tids = append(ids, i.ID.String())\n\t}\n\treturn\n}\n" }, { "path": "cmd/identities/import.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identities\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\tkratos \"github.com/ory/kratos/pkg/httpclient\"\n\n\t\"github.com/ory/x/cmdx\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n)\n\nfunc NewImportCmd() *cobra.Command {\n\tvar cmd = &cobra.Command{\n\t\tUse: \"import\",\n\t\tShort: \"Import resources\",\n\t}\n\tcmd.AddCommand(NewImportIdentitiesCmd())\n\tcliclient.RegisterClientFlags(cmd.PersistentFlags())\n\tcmdx.RegisterFormatFlags(cmd.PersistentFlags())\n\treturn cmd\n}\n\n// NewImportIdentitiesCmd represents the import command\nfunc NewImportIdentitiesCmd() *cobra.Command {\n\treturn &cobra.Command{\n\t\tUse: \"identities file-1.json [file-2.json] [file-3.json] [file-n.json]\",\n\t\tShort: \"Import one or more identities from files or STD_IN\",\n\t\tExample: `Create an example identity:\n\n\tcat > ./file.json <\",\n\t\tDeprecated: \"Please use `kratos migrate sql` instead.\",\n\t\tShort: \"Create SQL schemas and apply migration plans\",\n\t\tLong: `Run this command on a fresh SQL installation and when you upgrade Ory Kratos to a new minor version.\n\nIt is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet.\nThis decreases risk of failure and decreases time required.\n\nYou can read in the database URL using the -e flag, for example:\n\texport DSN=...\n\tkratos migrate sql -e\n\n### WARNING ###\n\nBefore running this command on an existing database, create a back up!\n`,\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\treturn cliclient.NewMigrateHandler().MigrateSQLUp(cmd, args, opts...)\n\t\t},\n\t}\n\n\tconfigx.RegisterFlags(c.PersistentFlags())\n\tc.PersistentFlags().BoolP(\"read-from-env\", \"e\", false, \"If set, reads the database connection string from the environment variable DSN or config file key dsn.\")\n\tc.Flags().BoolP(\"yes\", \"y\", false, \"If set all confirmation requests are accepted without user interaction.\")\n\n\tc.AddCommand(NewMigrateSQLStatusCmd(opts...))\n\tc.AddCommand(NewMigrateSQLUpCmd(opts...))\n\tc.AddCommand(NewMigrateSQLDownCmd(opts...))\n\n\treturn c\n}\n" }, { "path": "cmd/remote/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage remote\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/x/cmdx\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n)\n\nvar remoteCmd = &cobra.Command{\n\tUse: \"remote\",\n\tShort: \"Helpers and management for remote Ory Kratos instances\",\n}\n\nfunc RegisterCommandRecursive(parent *cobra.Command) {\n\tparent.AddCommand(remoteCmd)\n\n\tremoteCmd.AddCommand(versionCmd)\n\tremoteCmd.AddCommand(statusCmd)\n}\n\nfunc init() {\n\tcliclient.RegisterClientFlags(remoteCmd.PersistentFlags())\n\tcmdx.RegisterFormatFlags(remoteCmd.PersistentFlags())\n}\n" }, { "path": "cmd/remote/status.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage remote\n\nimport (\n\t\"github.com/ory/x/cmdx\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n)\n\ntype statusState struct {\n\tAlive bool `json:\"alive\"`\n\tReady bool `json:\"ready\"`\n}\n\nfunc (s *statusState) Header() []string {\n\treturn []string{\"ALIVE\", \"READY\"}\n}\n\nfunc (s *statusState) Columns() []string {\n\tf := [2]string{\n\t\t\"false\",\n\t\t\"false\",\n\t}\n\tif s.Alive {\n\t\tf[0] = \"true\"\n\t}\n\tif s.Ready {\n\t\tf[1] = \"true\"\n\t}\n\treturn f[:]\n}\n\nfunc (s *statusState) Interface() interface{} {\n\treturn s\n}\n\nvar statusCmd = &cobra.Command{\n\tUse: \"status\",\n\tShort: \"Print the alive and readiness status of a Ory Kratos instance\",\n\tArgs: cobra.NoArgs,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tc, err := cliclient.NewClient(cmd)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tstate := &statusState{}\n\t\tdefer cmdx.PrintRow(cmd, state)\n\n\t\talive, _, err := c.MetadataAPI.IsAlive(cmd.Context()).Execute()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tstate.Alive = alive.Status == \"ok\"\n\n\t\tready, _, err := c.MetadataAPI.IsReady(cmd.Context()).Execute()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tstate.Ready = ready.Status == \"ok\"\n\t\treturn nil\n\t},\n}\n" }, { "path": "cmd/remote/version.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage remote\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/cliclient\"\n\t\"github.com/ory/x/cmdx\"\n)\n\ntype versionValue struct {\n\tVersion string `json:\"version\"`\n}\n\nfunc (v *versionValue) Header() []string {\n\treturn []string{\"VERSION\"}\n}\n\nfunc (v *versionValue) Columns() []string {\n\treturn []string{v.Version}\n}\n\nfunc (v *versionValue) Interface() interface{} {\n\treturn v\n}\n\nvar versionCmd = &cobra.Command{\n\tUse: \"version\",\n\tShort: \"Print the version of an Ory Kratos instance\",\n\tArgs: cobra.NoArgs,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tc, err := cliclient.NewClient(cmd)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tresp, _, err := c.MetadataAPI.GetVersion(cmd.Context()).Execute()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcmdx.PrintRow(cmd, &versionValue{Version: resp.Version})\n\t\treturn nil\n\t},\n}\n" }, { "path": "cmd/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmd\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"runtime\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/cleanup\"\n\t\"github.com/ory/kratos/cmd/courier\"\n\t\"github.com/ory/kratos/cmd/hashers\"\n\t\"github.com/ory/kratos/cmd/identities\"\n\t\"github.com/ory/kratos/cmd/jsonnet\"\n\t\"github.com/ory/kratos/cmd/migrate\"\n\t\"github.com/ory/kratos/cmd/remote\"\n\t\"github.com/ory/kratos/cmd/serve\"\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/jsonnetsecure\"\n\t\"github.com/ory/x/profilex\"\n)\n\nfunc NewRootCmd(driverOpts ...driver.RegistryOption) (cmd *cobra.Command) {\n\tcmd = &cobra.Command{\n\t\tUse: \"kratos\",\n\t}\n\tcmdx.EnableUsageTemplating(cmd)\n\n\tcourier.RegisterCommandRecursive(cmd, driverOpts)\n\tcmd.AddCommand(identities.NewGetCmd())\n\tcmd.AddCommand(identities.NewDeleteCmd())\n\tcmd.AddCommand(jsonnet.NewFormatCmd())\n\thashers.RegisterCommandRecursive(cmd)\n\tcmd.AddCommand(identities.NewImportCmd())\n\tcmd.AddCommand(jsonnet.NewLintCmd())\n\tcmd.AddCommand(identities.NewListCmd())\n\tmigrate.RegisterCommandRecursive(cmd)\n\tserve.RegisterCommandRecursive(cmd, driverOpts)\n\tcleanup.RegisterCommandRecursive(cmd)\n\tremote.RegisterCommandRecursive(cmd)\n\tcmd.AddCommand(identities.NewValidateCmd())\n\tcmd.AddCommand(cmdx.Version(&config.Version, &config.Commit, &config.Date))\n\n\t// Registers a hidden \"jsonnet\" subcommand for process-isolated Jsonnet VMs.\n\tcmd.AddCommand(jsonnetsecure.NewJsonnetCmd())\n\n\treturn cmd\n}\n\n// Execute adds all child commands to the root command and sets flags appropriately.\n// This is called by main.main(). It only needs to happen once to the RootCmd.\nfunc Execute() int {\n\tdefer profilex.Profile().Stop()\n\n\tjsonnetPool := jsonnetsecure.NewProcessPool(runtime.GOMAXPROCS(0))\n\tdefer jsonnetPool.Close()\n\n\tc := NewRootCmd(driver.WithJsonnetPool(jsonnetPool))\n\n\tif err := c.Execute(); err != nil {\n\t\tif !errors.Is(err, cmdx.ErrNoPrintButFail) {\n\t\t\t_, _ = fmt.Fprintln(c.ErrOrStderr(), err)\n\t\t}\n\t\treturn 1\n\t}\n\treturn 0\n}\n" }, { "path": "cmd/root_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmd\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/x/cmdx\"\n)\n\nfunc TestUsageStrings(t *testing.T) {\n\tcmdx.AssertUsageTemplates(t, NewRootCmd())\n}\n" }, { "path": "cmd/serve/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage serve\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/kratos/cmd/daemon\"\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/configx\"\n)\n\n// NewServeCmd returns the serve command\nfunc NewServeCmd(dOpts ...driver.RegistryOption) (serveCmd *cobra.Command) {\n\tserveCmd = &cobra.Command{\n\t\tUse: \"serve\",\n\t\tShort: \"Run the Ory Kratos server\",\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tctx := cmd.Context()\n\t\t\td, err := driver.New(ctx, cmd.ErrOrStderr(), append(dOpts, driver.WithConfigOptions(configx.WithFlags(cmd.Flags())))...)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif d.Config().IsInsecureDevMode(ctx) {\n\t\t\t\td.Logger().Warn(`\n\nYOU ARE RUNNING Ory KRATOS IN DEV MODE.\nSECURITY IS DISABLED.\nDON'T DO THIS IN PRODUCTION!\n\n`)\n\t\t\t}\n\n\t\t\tconfigVersion := d.Config().ConfigVersion(ctx)\n\t\t\tif configVersion == config.UnknownVersion {\n\t\t\t\td.Logger().Warn(\"The config has no version specified. Add the version to improve your development experience.\")\n\t\t\t} else if config.Version != \"\" &&\n\t\t\t\tconfigVersion != config.Version {\n\t\t\t\td.Logger().Warnf(\"Config version is '%s' but kratos runs on version '%s'\", configVersion, config.Version)\n\t\t\t}\n\n\t\t\treturn daemon.ServeAll(d)(cmd, args)\n\t\t},\n\t}\n\tconfigx.RegisterFlags(serveCmd.PersistentFlags())\n\n\tserveCmd.PersistentFlags().Bool(\"sqa-opt-out\", false, \"Disable anonymized telemetry reports - for more information please visit https://www.ory.sh/docs/ecosystem/sqa\")\n\tserveCmd.PersistentFlags().Bool(\"dev\", false, \"Disables critical security features to make development easier\")\n\tserveCmd.PersistentFlags().Bool(\"watch-courier\", false, \"Run the message courier as a background task, to simplify single-instance setup\")\n\treturn serveCmd\n}\n\nfunc RegisterCommandRecursive(parent *cobra.Command, dOpts []driver.RegistryOption) {\n\tparent.AddCommand(NewServeCmd(dOpts...))\n}\n" }, { "path": "cmd/serve/root_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage serve_test\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n)\n\nfunc TestServe(t *testing.T) {\n\t_, _ = testhelpers.StartE2EServer(t, \"./stub/kratos.yml\", nil)\n}\n\nfunc TestServeTLSBase64(t *testing.T) {\n\t_, _, certBase64, keyBase64 := testhelpers.GenerateTLSCertificateFilesForTests(t)\n\tpublicPort, adminPort := testhelpers.StartE2EServerOnly(t,\n\t\t\"./stub/kratos.yml\",\n\t\ttrue,\n\t\ttesthelpers.ConfigOptions{\n\t\t\t\"serve.public.tls.key.base64\": keyBase64,\n\t\t\t\"serve.public.tls.cert.base64\": certBase64,\n\t\t\t\"serve.admin.tls.key.base64\": keyBase64,\n\t\t\t\"serve.admin.tls.cert.base64\": certBase64,\n\t\t},\n\t)\n\ttesthelpers.CheckE2EServerOnHTTPS(t, publicPort, adminPort)\n}\n\nfunc TestServeTLSPaths(t *testing.T) {\n\tcertPath, keyPath, _, _ := testhelpers.GenerateTLSCertificateFilesForTests(t)\n\n\tpublicPort, adminPort := testhelpers.StartE2EServerOnly(t,\n\t\t\"./stub/kratos.yml\",\n\t\ttrue,\n\t\ttesthelpers.ConfigOptions{\n\t\t\t\"serve.public.tls.key.path\": keyPath,\n\t\t\t\"serve.public.tls.cert.path\": certPath,\n\t\t\t\"serve.admin.tls.key.path\": keyPath,\n\t\t\t\"serve.admin.tls.cert.path\": certPath,\n\t\t},\n\t)\n\ttesthelpers.CheckE2EServerOnHTTPS(t, publicPort, adminPort)\n}\n" }, { "path": "cmd/serve/stub/identity.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n },\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"title\": \"First Name\",\n \"type\": \"string\"\n },\n \"last\": {\n \"title\": \"Last Name\",\n \"type\": \"string\"\n }\n }\n }\n },\n \"required\": [\n \"email\"\n ],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "cmd/serve/stub/kratos.yml", "content": "dsn: memory\n\nserve:\n public:\n base_url: http://127.0.0.1:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://127.0.0.1:4455/\n allowed_return_urls:\n - http://127.0.0.1:4455\n\n methods:\n password:\n enabled: true\n\n flows:\n error:\n ui_url: http://127.0.0.1:4455/error\n\n settings:\n ui_url: http://127.0.0.1:4455/settings\n privileged_session_max_age: 15m\n\n recovery:\n enabled: true\n ui_url: http://127.0.0.1:4455/recovery\n\n verification:\n enabled: true\n ui_url: http://127.0.0.1:4455/verify\n after:\n default_browser_return_url: http://127.0.0.1:4455/\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/auth/login\n\n login:\n ui_url: http://127.0.0.1:4455/auth/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://127.0.0.1:4455/auth/registration\n after:\n password:\n hooks:\n -\n hook: session\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n pagination:\n - \"test pagination secret\"\n\nhashers:\n argon2:\n parallelism: 1\n memory: 128MB\n iterations: 2\n salt_length: 16\n key_length: 16\n\nidentity:\n schemas:\n - id: default\n url: file://stub/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true\n" }, { "path": "codecov.yml", "content": "coverage:\n status:\n project:\n default:\n target: 60%\n threshold: 10%\n only_pulls: true\nignore:\n - \"test\"\n - \"pkg\"\n - \"docs\"\n - \"proto\"\n - \"gen\"\n - \"examples\"\n - \"contrib\"\n - \"selfservice/strategy/oidc/provider_netid.go\" # No way to test this provider automatically\n - \"**/*_test.go\"\n" }, { "path": "continuity/container.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage continuity\n\nimport (\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/x/pointerx\"\n\t\"github.com/ory/x/sqlxx\"\n\n\t\"github.com/ory/kratos/x\"\n)\n\ntype Container struct {\n\tID uuid.UUID `json:\"id\" db:\"id\" rw:\"r\"`\n\tNID uuid.UUID `json:\"-\" db:\"nid\"`\n\tName string `json:\"name\" db:\"name\"`\n\tIdentityID *uuid.UUID `json:\"identity_id\" db:\"identity_id\"`\n\n\t// ExpiresAt defines when this container expires.\n\tExpiresAt time.Time `json:\"expires_at\" db:\"expires_at\"`\n\n\t// Payload is the container's payload.\n\tPayload sqlxx.NullJSONRawMessage `json:\"payload\" db:\"payload\"`\n\n\t// CreatedAt is a helper struct field for gobuffalo.pop.\n\tCreatedAt time.Time `json:\"created_at\" db:\"created_at\"`\n\n\t// UpdatedAt is a helper struct field for gobuffalo.pop.\n\tUpdatedAt time.Time `json:\"updated_at\" db:\"updated_at\"`\n}\n\nfunc (c *Container) UTC() *Container {\n\tc.CreatedAt = c.CreatedAt.UTC()\n\tc.UpdatedAt = c.UpdatedAt.UTC()\n\tc.ExpiresAt = c.ExpiresAt.UTC()\n\treturn c\n}\n\nfunc (Container) TableName() string { return \"continuity_containers\" }\n\nfunc NewContainer(name string, o managerOptions) *Container {\n\treturn &Container{\n\t\tID: uuid.Nil,\n\t\tName: name,\n\t\tIdentityID: x.PointToUUID(o.iid),\n\t\tExpiresAt: time.Now().Add(o.ttl).UTC().Truncate(time.Second),\n\t\tPayload: sqlxx.NullJSONRawMessage(o.payload),\n\t}\n}\n\nfunc (c *Container) Valid(identity uuid.UUID) error {\n\tif c.ExpiresAt.Before(time.Now()) {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"You must restart the flow because the resumable session has expired.\"))\n\t}\n\n\tif identity != uuid.Nil && pointerx.Deref(c.IdentityID) != identity {\n\t\treturn errors.WithStack(herodot.ErrForbidden.WithReasonf(\"The flow has been blocked for security reasons because it was initiated by another person..\"))\n\t}\n\n\treturn nil\n}\n" }, { "path": "continuity/container_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage continuity\n\nimport (\n\t\"fmt\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/x\"\n)\n\nfunc TestContainer(t *testing.T) {\n\tid := x.NewUUID()\n\tfor k, tc := range []struct {\n\t\tc *Container\n\t\ti uuid.UUID\n\t\tpass bool\n\t}{\n\t\t{\n\t\t\tc: &Container{\n\t\t\t\tExpiresAt: time.Now().Add(-time.Minute),\n\t\t\t},\n\t\t\tpass: false,\n\t\t},\n\t\t{\n\t\t\tc: &Container{\n\t\t\t\tExpiresAt: time.Now().Add(-time.Minute),\n\t\t\t},\n\t\t\ti: x.NewUUID(),\n\t\t\tpass: false,\n\t\t},\n\t\t{\n\t\t\tc: &Container{\n\t\t\t\tIdentityID: x.PointToUUID(x.NewUUID()),\n\t\t\t\tExpiresAt: time.Now().Add(-time.Minute),\n\t\t\t},\n\t\t\ti: x.NewUUID(),\n\t\t\tpass: false,\n\t\t},\n\t\t{\n\t\t\tc: &Container{\n\t\t\t\tExpiresAt: time.Now().Add(time.Minute),\n\t\t\t},\n\t\t\tpass: true,\n\t\t},\n\t\t{\n\t\t\tc: &Container{\n\t\t\t\tIdentityID: x.PointToUUID(id),\n\t\t\t\tExpiresAt: time.Now().Add(time.Minute),\n\t\t\t},\n\t\t\ti: id,\n\t\t\tpass: true,\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\terr := tc.c.Valid(tc.i)\n\t\t\tif tc.pass {\n\t\t\t\trequire.NoError(t, err)\n\t\t\t} else {\n\t\t\t\trequire.Error(t, err)\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "continuity/manager.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage continuity\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/identity\"\n)\n\ntype ManagementProvider interface {\n\tContinuityManager() Manager\n}\n\ntype Manager interface {\n\tPause(ctx context.Context, w http.ResponseWriter, r *http.Request, name string, opts ...ManagerOption) error\n\tContinue(ctx context.Context, w http.ResponseWriter, r *http.Request, name string, opts ...ManagerOption) (*Container, error)\n\tAbort(ctx context.Context, w http.ResponseWriter, r *http.Request, name string) error\n}\n\ntype managerOptions struct {\n\tiid uuid.UUID\n\tttl time.Duration\n\tsetExpiresIn time.Duration\n\tpayload json.RawMessage\n\tpayloadRaw interface{}\n}\n\ntype ManagerOption func(*managerOptions) error\n\nfunc newManagerOptions(opts []ManagerOption) (*managerOptions, error) {\n\tvar o = &managerOptions{\n\t\tttl: time.Minute * 10,\n\t}\n\tfor _, opt := range opts {\n\t\tif err := opt(o); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\treturn o, nil\n}\n\nfunc WithIdentity(i *identity.Identity) ManagerOption {\n\treturn func(o *managerOptions) error {\n\t\tif i != nil {\n\t\t\to.iid = i.ID\n\t\t}\n\t\treturn nil\n\t}\n}\n\nfunc WithLifespan(ttl time.Duration) ManagerOption {\n\treturn func(o *managerOptions) error {\n\t\to.ttl = ttl\n\t\treturn nil\n\t}\n}\n\nfunc WithPayload(payload interface{}) ManagerOption {\n\treturn func(o *managerOptions) error {\n\t\tvar b bytes.Buffer\n\t\tif err := json.NewEncoder(&b).Encode(payload); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\to.payload = b.Bytes()\n\t\to.payloadRaw = payload\n\t\treturn nil\n\t}\n}\n\nfunc WithExpireInsteadOfDelete(duration time.Duration) ManagerOption {\n\treturn func(o *managerOptions) error {\n\t\to.setExpiresIn = duration\n\t\treturn nil\n\t}\n}\n" }, { "path": "continuity/manager_cookie.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage continuity\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/kratos/x\"\n)\n\nvar (\n\t_ Manager = new(ManagerCookie)\n\tErrNotResumable = *herodot.ErrBadRequest.WithError(\"no resumable session found\").WithReasonf(\"The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!\")\n)\n\nconst CookieName = \"ory_kratos_continuity\"\n\ntype (\n\tmanagerCookieDependencies interface {\n\t\tPersistenceProvider\n\t\tx.CookieProvider\n\t\tsession.ManagementProvider\n\t\totelx.Provider\n\t}\n\tManagerCookie struct {\n\t\td managerCookieDependencies\n\t}\n)\n\nfunc NewManagerCookie(d managerCookieDependencies) *ManagerCookie {\n\treturn &ManagerCookie{d: d}\n}\n\nfunc (m *ManagerCookie) Pause(ctx context.Context, w http.ResponseWriter, r *http.Request, name string, opts ...ManagerOption) (err error) {\n\tctx, span := m.d.Tracer(ctx).Tracer().Start(ctx, \"continuity.ManagerCookie.Pause\")\n\tdefer otelx.End(span, &err)\n\tif len(name) == 0 {\n\t\treturn errors.Errorf(\"continuity container name must be set\")\n\t}\n\n\to, err := newManagerOptions(opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\tc := NewContainer(name, *o)\n\n\tif err := m.d.ContinuityPersister().SaveContinuitySession(ctx, c); err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tif err := x.SessionPersistValues(w, r, m.d.ContinuityCookieManager(ctx), CookieName, map[string]interface{}{\n\t\tname: c.ID.String(),\n\t}); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (m *ManagerCookie) Continue(ctx context.Context, w http.ResponseWriter, r *http.Request, name string, opts ...ManagerOption) (container *Container, err error) {\n\tctx, span := m.d.Tracer(ctx).Tracer().Start(ctx, \"continuity.ManagerCookie.Continue\")\n\tdefer otelx.End(span, &err)\n\n\tcontainer, err = m.container(ctx, w, r, name)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\to, err := newManagerOptions(opts)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif err := container.Valid(o.iid); err != nil {\n\t\treturn nil, err\n\t}\n\n\tif o.payloadRaw != nil && container.Payload != nil {\n\t\tif err := json.NewDecoder(bytes.NewBuffer(container.Payload)).Decode(o.payloadRaw); err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t}\n\n\tif o.setExpiresIn > 0 {\n\t\tif err := m.d.ContinuityPersister().SetContinuitySessionExpiry(\n\t\t\tctx,\n\t\t\tcontainer.ID,\n\t\t\ttime.Now().UTC().Add(o.setExpiresIn).Truncate(time.Second),\n\t\t); err != nil && !errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\treturn nil, err\n\t\t}\n\t} else {\n\t\tif err := x.SessionUnsetKey(w, r, m.d.ContinuityCookieManager(ctx), CookieName, name); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif err := m.d.ContinuityPersister().DeleteContinuitySession(ctx, container.ID); err != nil && !errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\treturn container, nil\n}\n\nfunc (m *ManagerCookie) sessionID(ctx context.Context, w http.ResponseWriter, r *http.Request, name string) (uuid.UUID, error) {\n\ts, err := x.SessionGetString(r, m.d.ContinuityCookieManager(ctx), CookieName, name)\n\tif err != nil {\n\t\t_ = x.SessionUnsetKey(w, r, m.d.ContinuityCookieManager(ctx), CookieName, name)\n\t\treturn uuid.Nil, errors.WithStack(ErrNotResumable.WithDebugf(\"%+v\", err))\n\t}\n\n\tsid, err := uuid.FromString(s)\n\tif err != nil {\n\t\t_ = x.SessionUnsetKey(w, r, m.d.ContinuityCookieManager(ctx), CookieName, name)\n\t\treturn uuid.Nil, errors.WithStack(ErrNotResumable.WithDebug(\"session id is not a valid uuid\"))\n\t}\n\n\treturn sid, nil\n}\n\nfunc (m *ManagerCookie) container(ctx context.Context, w http.ResponseWriter, r *http.Request, name string) (*Container, error) {\n\tsid, err := m.sessionID(ctx, w, r, name)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tcontainer, err := m.d.ContinuityPersister().GetContinuitySession(ctx, sid)\n\t// If an error happens, we need to clean up the cookie.\n\tif err != nil {\n\t\t_ = x.SessionUnsetKey(w, r, m.d.ContinuityCookieManager(ctx), CookieName, name)\n\t}\n\n\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\treturn nil, errors.WithStack(ErrNotResumable.WithDebugf(\"Resumable ID from cookie could not be found in the datastore: %+v\", err))\n\t} else if err != nil {\n\t\treturn nil, err\n\t} else if container.ExpiresAt.Before(time.Now()) {\n\t\t_ = x.SessionUnsetKey(w, r, m.d.ContinuityCookieManager(ctx), CookieName, name)\n\t\treturn nil, errors.WithStack(ErrNotResumable.WithDebugf(\"Resumable session has expired\"))\n\t}\n\n\treturn container, err\n}\n\nfunc (m ManagerCookie) Abort(ctx context.Context, w http.ResponseWriter, r *http.Request, name string) (err error) {\n\tctx, span := m.d.Tracer(ctx).Tracer().Start(ctx, \"continuity.ManagerCookie.Abort\")\n\tdefer otelx.End(span, &err)\n\tsid, err := m.sessionID(ctx, w, r, name)\n\tif errors.Is(err, &ErrNotResumable) {\n\t\t// We do not care about an error here\n\t\treturn nil\n\t} else if err != nil {\n\t\treturn err\n\t}\n\n\tif err := x.SessionUnsetKey(w, r, m.d.ContinuityCookieManager(ctx), CookieName, name); err != nil {\n\t\treturn err\n\t}\n\n\tif err := m.d.ContinuityPersister().DeleteContinuitySession(ctx, sid); err != nil && !errors.Is(err, sqlcon.ErrNoRows) {\n\t\treturn errors.WithStack(err)\n\t}\n\n\treturn nil\n}\n" }, { "path": "continuity/manager_options_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage continuity\n\nimport (\n\t\"fmt\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestManagerOptions(t *testing.T) {\n\tfor k, tc := range []struct {\n\t\terr bool\n\t\te func(t *testing.T, actual *managerOptions)\n\t\topts []ManagerOption\n\t}{\n\t\t{\n\t\t\te: func(t *testing.T, actual *managerOptions) {\n\t\t\t\tassert.EqualValues(t, time.Minute*10, actual.ttl)\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\topts: []ManagerOption{WithLifespan(time.Minute * 5)},\n\t\t\te: func(t *testing.T, actual *managerOptions) {\n\t\t\t\tassert.EqualValues(t, time.Minute*5, actual.ttl)\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\topts: []ManagerOption{WithPayload(map[string]interface{}{\"foo\": \"bar\"})},\n\t\t\te: func(t *testing.T, actual *managerOptions) {\n\t\t\t\tassert.EqualValues(t, map[string]interface{}{\"foo\": \"bar\"}, actual.payloadRaw)\n\t\t\t\tassert.JSONEq(t, `{\"foo\":\"bar\"}`, string(actual.payload))\n\t\t\t},\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\to, err := newManagerOptions(tc.opts)\n\t\t\tif tc.err {\n\t\t\t\trequire.Error(t, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\trequire.NoError(t, err)\n\t\t\ttc.e(t, o)\n\t\t})\n\t}\n}\n" }, { "path": "continuity/manager_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage continuity_test\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/continuity\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/ioutilx\"\n\t\"github.com/ory/x/logrusx\"\n)\n\ntype persisterTestCase struct {\n\tro []continuity.ManagerOption\n\two []continuity.ManagerOption\n\texpected *persisterTestPayload\n\texpectedErr error\n}\n\ntype persisterTestPayload struct {\n\tFoo string `json:\"foo\"`\n}\n\nfunc TestManager(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t,\n\t\tconfigx.WithValues(testhelpers.DefaultIdentitySchemaConfig(\"file://../test/stub/identity/empty.schema.json\")),\n\t)\n\n\ti := identity.NewIdentity(\"\")\n\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(t.Context(), i))\n\n\tnewServer := func(t *testing.T, p continuity.Manager, tc *persisterTestCase) *httptest.Server {\n\t\twriter := herodot.NewJSONWriter(logrusx.New(\"\", \"\"))\n\t\trouter := http.NewServeMux()\n\t\trouter.HandleFunc(\"PUT /{name}\", func(w http.ResponseWriter, r *http.Request) {\n\t\t\tif err := p.Pause(r.Context(), w, r, r.PathValue(\"name\"), tc.ro...); err != nil {\n\t\t\t\twriter.WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tw.WriteHeader(http.StatusNoContent)\n\t\t})\n\n\t\trouter.HandleFunc(\"POST /{name}\", func(w http.ResponseWriter, r *http.Request) {\n\t\t\tif err := p.Pause(r.Context(), w, r, r.PathValue(\"name\"), tc.ro...); err != nil {\n\t\t\t\twriter.WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\tc, err := p.Continue(r.Context(), w, r, r.PathValue(\"name\"), tc.wo...)\n\t\t\tif err != nil {\n\t\t\t\twriter.WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\twriter.Write(w, r, c)\n\t\t})\n\n\t\trouter.HandleFunc(\"GET /{name}\", func(w http.ResponseWriter, r *http.Request) {\n\t\t\tc, err := p.Continue(r.Context(), w, r, r.PathValue(\"name\"), tc.ro...)\n\t\t\tif err != nil {\n\t\t\t\twriter.WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\twriter.Write(w, r, c)\n\t\t})\n\n\t\trouter.HandleFunc(\"DELETE /{name}\", func(w http.ResponseWriter, r *http.Request) {\n\t\t\terr := p.Abort(r.Context(), w, r, r.PathValue(\"name\"))\n\t\t\tif err != nil {\n\t\t\t\twriter.WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tw.WriteHeader(http.StatusNoContent)\n\t\t})\n\n\t\tts := httptest.NewServer(router)\n\t\tt.Cleanup(ts.Close)\n\t\treturn ts\n\t}\n\n\tnewClient := func() *http.Client {\n\t\treturn &http.Client{Jar: testhelpers.EasyCookieJar(t, nil)}\n\t}\n\n\tp := reg.ContinuityManager()\n\tcl := newClient()\n\n\tt.Run(\"case=continue cookie resets when signature is invalid\", func(t *testing.T) {\n\t\tts := newServer(t, p, new(persisterTestCase))\n\t\thref := ts.URL + \"/\" + x.NewUUID().String()\n\n\t\tres, err := cl.Do(testhelpers.NewTestHTTPRequest(t, \"PUT\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\treq := testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil)\n\t\trequire.Len(t, res.Cookies(), 1)\n\t\tfor _, c := range res.Cookies() {\n\t\t\t// Change something in the string\n\t\t\tc.Value = strings.Replace(c.Value, \"a\", \"b\", 1)\n\t\t\treq.AddCookie(c)\n\t\t}\n\t\tres, err = http.DefaultClient.Do(req)\n\t\trequire.NoError(t, err)\n\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\n\t\trequire.Equal(t, http.StatusBadRequest, res.StatusCode)\n\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\tassert.Contains(t, gjson.GetBytes(body, \"error.reason\").String(), continuity.ErrNotResumable.ReasonField)\n\n\t\trequire.Len(t, res.Cookies(), 1, \"continuing the flow with a broken cookie should instruct the browser to forget it\")\n\t\tassert.EqualValues(t, res.Cookies()[0].Name, continuity.CookieName)\n\t})\n\n\tt.Run(\"case=can deal with duplicate cookies\", func(t *testing.T) {\n\t\ttc := &persisterTestCase{expected: &persisterTestPayload{\"bar\"}}\n\t\tts := newServer(t, p, tc)\n\t\thref := ts.URL + \"/\" + x.NewUUID().String()\n\n\t\tres, err := http.DefaultClient.Do(testhelpers.NewTestHTTPRequest(t, \"PUT\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\t// We change the key to another one\n\t\thref = ts.URL + \"/\" + x.NewUUID().String()\n\t\treq := testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil)\n\t\trequire.Len(t, res.Cookies(), 1)\n\t\tfor _, c := range res.Cookies() {\n\t\t\treq.AddCookie(c)\n\t\t}\n\n\t\ttc.ro = []continuity.ManagerOption{continuity.WithPayload(&persisterTestPayload{\"bar\"})}\n\t\tres, err = http.DefaultClient.Do(testhelpers.NewTestHTTPRequest(t, \"PUT\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\trequire.Len(t, res.Cookies(), 1)\n\t\tfor _, c := range res.Cookies() {\n\t\t\treq.AddCookie(c)\n\t\t}\n\n\t\tres, err = http.DefaultClient.Do(req)\n\t\trequire.NoError(t, err)\n\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\n\t\trequire.Len(t, res.Cookies(), 1, \"continuing the flow with a broken cookie should instruct the browser to forget it\")\n\t\tassert.EqualValues(t, res.Cookies()[0].Name, continuity.CookieName)\n\n\t\tvar b bytes.Buffer\n\t\trequire.NoError(t, json.NewEncoder(&b).Encode(tc.expected))\n\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\tassert.JSONEq(t, b.String(), gjson.GetBytes(body, \"payload\").Raw, \"%s\", body)\n\t\tassert.Contains(t, href, gjson.GetBytes(body, \"name\").String(), \"%s\", body)\n\t})\n\n\tt.Run(\"case=pause and use session with expiry\", func(t *testing.T) {\n\t\tcl := newClient()\n\n\t\ttc := &persisterTestCase{\n\t\t\tro: []continuity.ManagerOption{continuity.WithPayload(&persisterTestPayload{\"bar\"}), continuity.WithExpireInsteadOfDelete(time.Minute)},\n\t\t\two: []continuity.ManagerOption{continuity.WithPayload(&persisterTestPayload{}), continuity.WithExpireInsteadOfDelete(time.Minute)},\n\t\t}\n\t\tts := newServer(t, p, tc)\n\t\tgenid := func() string {\n\t\t\treturn ts.URL + \"/\" + x.NewUUID().String()\n\t\t}\n\n\t\thref := genid()\n\t\tres, err := cl.Do(testhelpers.NewTestHTTPRequest(t, \"PUT\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\t\trequire.Equal(t, http.StatusOK, res.StatusCode)\n\n\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\t\trequire.Equal(t, http.StatusOK, res.StatusCode)\n\n\t\ttc.ro = []continuity.ManagerOption{continuity.WithPayload(&persisterTestPayload{\"bar\"}), continuity.WithExpireInsteadOfDelete(-time.Minute)}\n\t\ttc.wo = []continuity.ManagerOption{continuity.WithPayload(&persisterTestPayload{\"\"}), continuity.WithExpireInsteadOfDelete(-time.Minute)}\n\n\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\t\trequire.Equal(t, http.StatusOK, res.StatusCode)\n\n\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\trequire.NoError(t, err)\n\t\trequire.Equal(t, http.StatusBadRequest, res.StatusCode)\n\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\trequire.NoError(t, res.Body.Close())\n\t\tassert.Contains(t, gjson.GetBytes(body, \"error.reason\").String(), continuity.ErrNotResumable.ReasonField)\n\t})\n\n\tfor k, tc := range []persisterTestCase{\n\t\t{},\n\t\t{\n\t\t\tro: []continuity.ManagerOption{continuity.WithPayload(&persisterTestPayload{\"bar\"})},\n\t\t\two: []continuity.ManagerOption{continuity.WithPayload(&persisterTestPayload{})},\n\t\t\texpected: &persisterTestPayload{\"bar\"},\n\t\t},\n\t\t{\n\t\t\tro: []continuity.ManagerOption{continuity.WithIdentity(i)},\n\t\t\two: []continuity.ManagerOption{continuity.WithIdentity(i)},\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\tcl := newClient()\n\t\t\tts := newServer(t, p, &tc)\n\t\t\tgenid := func() string {\n\t\t\t\treturn ts.URL + \"/\" + x.NewUUID().String()\n\t\t\t}\n\n\t\t\tt.Run(\"case=resume non-existing session\", func(t *testing.T) {\n\t\t\t\thref := genid()\n\t\t\t\tres, err := cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\n\t\t\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\t\t\trequire.Equal(t, http.StatusBadRequest, res.StatusCode)\n\t\t\t\tassert.Contains(t, gjson.GetBytes(body, \"error.reason\").String(), continuity.ErrNotResumable.ReasonField)\n\t\t\t})\n\n\t\t\tt.Run(\"case=pause and resume session\", func(t *testing.T) {\n\t\t\t\thref := genid()\n\t\t\t\tres, err := cl.Do(testhelpers.NewTestHTTPRequest(t, \"PUT\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.NoError(t, res.Body.Close())\n\t\t\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\t\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\n\t\t\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\t\t\tif tc.expectedErr != nil {\n\t\t\t\t\trequire.Equal(t, http.StatusGone, res.StatusCode, \"%s\", body)\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\trequire.Equal(t, http.StatusOK, res.StatusCode, \"%s\", body)\n\n\t\t\t\tvar b bytes.Buffer\n\t\t\t\trequire.NoError(t, json.NewEncoder(&b).Encode(tc.expected))\n\t\t\t\tassert.JSONEq(t, b.String(), gjson.GetBytes(body, \"payload\").Raw, \"%s\", body)\n\t\t\t\tassert.Contains(t, href, gjson.GetBytes(body, \"name\").String(), \"%s\", body)\n\t\t\t})\n\n\t\t\tt.Run(\"case=pause and retry session\", func(t *testing.T) {\n\t\t\t\thref := genid()\n\t\t\t\tres, err := cl.Do(testhelpers.NewTestHTTPRequest(t, \"PUT\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.NoError(t, res.Body.Close())\n\t\t\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\t\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\n\t\t\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Equal(t, http.StatusBadRequest, res.StatusCode)\n\t\t\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\t\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\t\t\t\tassert.Contains(t, gjson.GetBytes(body, \"error.reason\").String(), continuity.ErrNotResumable.ReasonField)\n\t\t\t})\n\n\t\t\tt.Run(\"case=pause and resume session in the same request\", func(t *testing.T) {\n\t\t\t\thref := genid()\n\t\t\t\tres, err := cl.Do(testhelpers.NewTestHTTPRequest(t, \"POST\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Equal(t, http.StatusOK, res.StatusCode)\n\t\t\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\n\t\t\t\tvar b bytes.Buffer\n\t\t\t\trequire.NoError(t, json.NewEncoder(&b).Encode(tc.expected))\n\n\t\t\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\t\t\tassert.JSONEq(t, b.String(), gjson.GetBytes(body, \"payload\").Raw, \"%s\", body)\n\t\t\t\tassert.Contains(t, href, gjson.GetBytes(body, \"name\").String(), \"%s\", body)\n\t\t\t})\n\n\t\t\tt.Run(\"case=pause, abort, and continue session with failure\", func(t *testing.T) {\n\t\t\t\thref := genid()\n\t\t\t\tres, err := cl.Do(testhelpers.NewTestHTTPRequest(t, \"PUT\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.NoError(t, res.Body.Close())\n\t\t\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\t\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"DELETE\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\t\t\t\trequire.Equal(t, http.StatusNoContent, res.StatusCode)\n\n\t\t\t\tres, err = cl.Do(testhelpers.NewTestHTTPRequest(t, \"GET\", href, nil))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tt.Cleanup(func() { require.NoError(t, res.Body.Close()) })\n\n\t\t\t\trequire.Equal(t, http.StatusBadRequest, res.StatusCode)\n\t\t\t\tbody := ioutilx.MustReadAll(res.Body)\n\t\t\t\tassert.Contains(t, gjson.GetBytes(body, \"error.reason\").String(), continuity.ErrNotResumable.ReasonField)\n\t\t\t})\n\t\t})\n\t}\n}\n" }, { "path": "continuity/persistence.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage continuity\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n)\n\ntype PersistenceProvider interface {\n\tContinuityPersister() Persister\n}\n\ntype Persister interface {\n\tSaveContinuitySession(ctx context.Context, c *Container) error\n\tGetContinuitySession(ctx context.Context, id uuid.UUID) (*Container, error)\n\tDeleteContinuitySession(ctx context.Context, id uuid.UUID) error\n\tSetContinuitySessionExpiry(ctx context.Context, id uuid.UUID, expiresAt time.Time) error\n\tDeleteExpiredContinuitySessions(ctx context.Context, deleteOlder time.Time, pageSize int) error\n}\n" }, { "path": "continuity/test/persistence.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/continuity\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\nfunc TestPersister(ctx context.Context, p interface {\n\tpersistence.Persister\n\tcontinuity.Persister\n\tidentity.PrivilegedPool\n}) func(t *testing.T) {\n\tvar createIdentity = func(t *testing.T) *identity.Identity {\n\t\tid := identity.Identity{}\n\t\trequire.NoError(t, p.CreateIdentity(ctx, &id))\n\t\treturn &id\n\t}\n\n\tvar createContainer = func(t *testing.T) continuity.Container {\n\t\tm := sqlxx.NullJSONRawMessage(`{\"foo\": \"bar\"}`)\n\t\treturn continuity.Container{Name: \"foo\", IdentityID: x.PointToUUID(createIdentity(t).ID),\n\t\t\tExpiresAt: time.Now().Add(time.Hour).UTC().Truncate(time.Second),\n\t\t\tPayload: m,\n\t\t}\n\t}\n\n\treturn func(t *testing.T) {\n\t\tnid, p := testhelpers.NewNetworkUnlessExisting(t, ctx, p)\n\n\t\tt.Run(\"case=not found\", func(t *testing.T) {\n\t\t\t_, err := p.GetContinuitySession(ctx, x.NewUUID())\n\t\t\trequire.EqualError(t, err, sqlcon.ErrNoRows.Error())\n\t\t})\n\n\t\tt.Run(\"case=save and find\", func(t *testing.T) {\n\t\t\texpected := createContainer(t)\n\t\t\trequire.NoError(t, p.SaveContinuitySession(ctx, &expected))\n\n\t\t\tactual, err := p.GetContinuitySession(ctx, expected.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\tactual.UpdatedAt, actual.CreatedAt, expected.UpdatedAt, expected.CreatedAt = time.Time{}, time.Time{}, time.Time{}, time.Time{}\n\t\t\tassert.EqualValues(t, expected.UTC(), actual.UTC())\n\t\t})\n\n\t\tt.Run(\"case=save and delete\", func(t *testing.T) {\n\t\t\texpected := createContainer(t)\n\n\t\t\trequire.NoError(t, p.SaveContinuitySession(ctx, &expected))\n\t\t\trequire.NotEqual(t, uuid.Nil, expected.ID)\n\t\t\trequire.NoError(t, p.DeleteContinuitySession(ctx, expected.ID))\n\n\t\t\t_, err := p.GetContinuitySession(ctx, expected.ID)\n\t\t\trequire.EqualError(t, err, sqlcon.ErrNoRows.Error())\n\t\t})\n\n\t\tt.Run(\"case=network\", func(t *testing.T) {\n\t\t\tid := x.NewUUID()\n\n\t\t\tt.Run(\"sets id on creation\", func(t *testing.T) {\n\t\t\t\texpected := createContainer(t)\n\t\t\t\texpected.ID = id\n\t\t\t\trequire.NoError(t, p.SaveContinuitySession(ctx, &expected))\n\n\t\t\t\tassert.EqualValues(t, id, expected.ID)\n\t\t\t\tassert.EqualValues(t, nid, expected.NID)\n\n\t\t\t\tactual, err := p.GetContinuitySession(ctx, id)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.EqualValues(t, id, actual.ID)\n\t\t\t\tassert.EqualValues(t, nid, actual.NID)\n\t\t\t})\n\n\t\t\tt.Run(\"can not get on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, err := p.GetLoginFlow(ctx, id)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\n\t\t\tt.Run(\"can not delete on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\terr := p.DeleteContinuitySession(ctx, id)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=set expiry\", func(t *testing.T) {\n\t\t\t// Create a new continuity session\n\t\t\texpected := createContainer(t)\n\t\t\trequire.NoError(t, p.SaveContinuitySession(ctx, &expected))\n\n\t\t\t// Set the expiry of the continuity session\n\t\t\tnewExpiry := time.Now().Add(48 * time.Hour).UTC().Truncate(time.Second)\n\t\t\trequire.NoError(t, p.SetContinuitySessionExpiry(ctx, expected.ID, newExpiry))\n\n\t\t\t// Retrieve the continuity session\n\t\t\tactual, err := p.GetContinuitySession(ctx, expected.ID)\n\t\t\trequire.NoError(t, err)\n\n\t\t\t// Check if the expiry has been updated\n\t\t\tassert.EqualValues(t, newExpiry, actual.ExpiresAt)\n\n\t\t\tt.Run(\"can not update on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\tnewExpiry := time.Now().Add(12 * time.Hour).UTC().Truncate(time.Second)\n\t\t\t\terr := p.SetContinuitySessionExpiry(ctx, expected.ID, newExpiry)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=cleanup\", func(t *testing.T) {\n\t\t\tid := x.NewUUID()\n\t\t\tyesterday := time.Now().Add(-24 * time.Hour).UTC().Truncate(time.Second)\n\t\t\tm := sqlxx.NullJSONRawMessage(`{\"foo\": \"bar\"}`)\n\t\t\texpected := continuity.Container{Name: \"foo\", IdentityID: x.PointToUUID(createIdentity(t).ID),\n\t\t\t\tExpiresAt: yesterday,\n\t\t\t\tPayload: m,\n\t\t\t}\n\t\t\texpected.ID = id\n\n\t\t\tt.Run(\"can cleanup\", func(t *testing.T) {\n\t\t\t\trequire.NoError(t, p.SaveContinuitySession(ctx, &expected))\n\n\t\t\t\tassert.EqualValues(t, id, expected.ID)\n\t\t\t\tassert.EqualValues(t, nid, expected.NID)\n\n\t\t\t\trequire.NoError(t, p.DeleteExpiredContinuitySessions(ctx, time.Now(), 5))\n\n\t\t\t\t_, err := p.GetContinuitySession(ctx, id)\n\t\t\t\trequire.Error(t, err)\n\t\t\t})\n\t\t})\n\t}\n}\n" }, { "path": "contrib/quickstart/.dockerignore", "content": "*" }, { "path": "contrib/quickstart/kratos/all-strategies/identity.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"email\"\n },\n \"passkey\": {\n \"display_name\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n },\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"title\": \"First Name\",\n \"type\": \"string\"\n },\n \"last\": {\n \"title\": \"Last Name\",\n \"type\": \"string\"\n }\n }\n }\n },\n \"required\": [\"email\"],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "contrib/quickstart/kratos/all-strategies/kratos.yml", "content": "version: v0.13.0\n\ndsn: memory\n\nserve:\n public:\n base_url: http://localhost:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nsession:\n whoami:\n required_aal: aal1\n\nselfservice:\n default_browser_return_url: http://localhost:4455/\n allowed_return_urls:\n - http://localhost:4455\n - http://localhost:19006/Callback\n - exp://localhost:8081/--/Callback\n\n methods:\n password:\n enabled: true\n webauthn:\n enabled: true\n config:\n passwordless: true\n rp:\n display_name: Your Application name\n # Set 'id' to the top-level domain.\n id: localhost\n # Set 'origin' to the exact URL of the page that prompts the user to use WebAuthn. You must include the scheme, host, and port.\n origin: http://localhost:4455\n passkey:\n enabled: true\n config:\n rp:\n display_name: Your Application name\n # Set 'id' to the top-level domain.\n id: localhost\n # Set 'origin' to the exact URL of the page that prompts the user to use WebAuthn. You must include the scheme, host, and port.\n origins:\n - http://localhost:4455\n\n flows:\n error:\n ui_url: http://localhost:4455/error\n\n settings:\n ui_url: http://localhost:4455/settings\n privileged_session_max_age: 15m\n required_aal: aal1\n\n recovery:\n enabled: true\n ui_url: http://localhost:4455/recovery\n use: code\n\n verification:\n enabled: false\n ui_url: http://localhost:4455/verification\n use: code\n after:\n default_browser_return_url: http://localhost:4455/\n\n logout:\n after:\n default_browser_return_url: http://localhost:4455/login\n\n login:\n ui_url: http://localhost:4455/login\n lifespan: 10m\n\n registration:\n enable_legacy_one_step: false\n lifespan: 10m\n ui_url: http://localhost:4455/registration\n after:\n passkey:\n hooks:\n - hook: session\n webauthn:\n hooks:\n - hook: session\n password:\n hooks:\n - hook: session\n - hook: show_verification_ui\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n cipher:\n - 32-LONG-SECRET-NOT-SECURE-AT-ALL\n\nciphers:\n algorithm: xchacha20-poly1305\n\nhashers:\n algorithm: bcrypt\n bcrypt:\n cost: 8\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: file://./contrib/quickstart/kratos/all-strategies/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "contrib/quickstart/kratos/cloud/Caddyfile", "content": "{\n http_port 4455\n\tauto_https off\n\n}\n\n:4455 {\n route /ui/* {\n uri strip_prefix /ui\n reverse_proxy kratos-selfservice-ui-node:4438 {\n header_up Host {http.request.hostport}\n }\n }\n reverse_proxy /* kratos:4433 {\n header_up Host {http.request.hostport}\n }\n}\n" }, { "path": "contrib/quickstart/kratos/cloud/identity.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n },\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"title\": \"First Name\",\n \"type\": \"string\"\n },\n \"last\": {\n \"title\": \"Last Name\",\n \"type\": \"string\"\n }\n }\n }\n },\n \"required\": [\n \"email\"\n ],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "contrib/quickstart/kratos/cloud/kratos.yml", "content": "version: v0.13.0\n\ndsn: memory\n\nserve:\n public:\n base_url: http://localhost:4455/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://localhost:4455/ui/welcome\n allowed_return_urls:\n - http://localhost:4455\n\n methods:\n password:\n enabled: true\n\n flows:\n error:\n ui_url: http://localhost:4455/ui/error\n\n settings:\n ui_url: http://localhost:4455/ui/settings\n privileged_session_max_age: 15m\n\n recovery:\n enabled: true\n ui_url: http://localhost:4455/ui/recovery\n\n verification:\n enabled: true\n ui_url: http://localhost:4455/ui/verification\n after:\n default_browser_return_url: http://localhost:4455/ui/welcome\n\n logout:\n after:\n default_browser_return_url: http://localhost:4455/ui/login\n\n login:\n ui_url: http://localhost:4455/ui/login\n\n registration:\n ui_url: http://localhost:4455/ui/registration\n after:\n password:\n hooks:\n -\n hook: session\n\nlog:\n level: info\n format: text\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n\nhashers:\n algorithm: bcrypt\n bcrypt:\n cost: 8\n\nidentity:\n default_schema_id: preset://email\n schemas:\n - id: preset://email\n url: file:///etc/config/kratos/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "contrib/quickstart/kratos/cloud/quickstart.yml", "content": "version: '3.7'\n\nservices:\n kratos:\n volumes:\n - type: volume\n source: kratos-sqlite\n target: /var/lib/sqlite\n read_only: false\n - type: bind\n source: ./contrib/quickstart/kratos/cloud\n target: /etc/config/kratos\n kratos-migrate:\n volumes:\n - type: volume\n source: kratos-sqlite\n target: /var/lib/sqlite\n read_only: false\n - type: bind\n source: ./contrib/quickstart/kratos/cloud\n target: /etc/config/kratos\n\n kratos-selfservice-ui-node:\n ports:\n - \"4438:4438\"\n environment:\n - PORT=4438\n - KRATOS_BROWSER_URL=http://localhost:4455/\n\n kratos-caddy:\n image: caddy:2.4.5-alpine\n ports:\n - \"4455:4455\"\n volumes:\n - type: bind\n source: ./contrib/quickstart/kratos/cloud/Caddyfile\n target: /etc/caddy/Caddyfile\n command: caddy run -watch -config /etc/caddy/Caddyfile\n restart: on-failure\n networks:\n - intranet\n\n" }, { "path": "contrib/quickstart/kratos/email-password/identity.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n },\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"title\": \"First Name\",\n \"type\": \"string\"\n },\n \"last\": {\n \"title\": \"Last Name\",\n \"type\": \"string\"\n }\n }\n }\n },\n \"required\": [\n \"email\"\n ],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "contrib/quickstart/kratos/email-password/kratos.yml", "content": "version: v0.13.0\n\ndsn: memory\n\nserve:\n public:\n base_url: http://127.0.0.1:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://127.0.0.1:4455/welcome\n allowed_return_urls:\n - http://127.0.0.1:4455\n - http://localhost:19006/Callback\n - exp://localhost:8081/--/Callback\n\n methods:\n password:\n enabled: true\n totp:\n config:\n issuer: Kratos\n enabled: true\n lookup_secret:\n enabled: true\n link:\n enabled: true\n code:\n enabled: true\n\n flows:\n error:\n ui_url: http://127.0.0.1:4455/error\n\n settings:\n ui_url: http://127.0.0.1:4455/settings\n privileged_session_max_age: 15m\n required_aal: highest_available\n\n recovery:\n enabled: true\n ui_url: http://127.0.0.1:4455/recovery\n use: code\n\n verification:\n enabled: true\n ui_url: http://127.0.0.1:4455/verification\n use: code\n after:\n default_browser_return_url: http://127.0.0.1:4455/welcome\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/login\n\n login:\n ui_url: http://127.0.0.1:4455/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://127.0.0.1:4455/registration\n after:\n password:\n hooks:\n - hook: session\n - hook: show_verification_ui\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n cipher:\n - 32-LONG-SECRET-NOT-SECURE-AT-ALL\n\nciphers:\n algorithm: xchacha20-poly1305\n\nhashers:\n algorithm: bcrypt\n bcrypt:\n cost: 8\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: file:///etc/config/kratos/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n\nfeature_flags:\n use_continue_with_transitions: true\n" }, { "path": "contrib/quickstart/kratos/passkey/identity.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"Your E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"passkey\": {\n \"display_name\": true\n }\n }\n }\n }\n },\n \"required\": [\"email\"],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "contrib/quickstart/kratos/passkey/kratos.yml", "content": "serve:\n public:\n base_url: http://localhost:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nsession:\n whoami:\n required_aal: aal1\n\nselfservice:\n default_browser_return_url: http://localhost:4455/welcome\n allowed_return_urls:\n - http://localhost:4455\n - http://localhost:19006/Callback\n - exp://example.com/Callback\n - https://www.ory.sh/\n - https://example.org/\n - https://www.example.org/\n methods:\n link:\n config:\n lifespan: 1h\n code:\n config:\n lifespan: 1h\n totp:\n enabled: true\n config:\n issuer: issuer.ory.sh\n lookup_secret:\n enabled: true\n webauthn:\n enabled: true\n config:\n passwordless: true\n rp:\n id: localhost\n origins:\n - http://localhost:4455\n display_name: Ory\n passkey:\n enabled: true\n config:\n rp:\n id: localhost\n origins:\n - http://localhost:4455\n display_name: Ory\n flows:\n settings:\n ui_url: http://localhost:4455/settings\n privileged_session_max_age: 5m\n required_aal: aal1\n logout:\n after:\n default_browser_return_url: http://localhost:4455/login\n registration:\n ui_url: http://localhost:4455/registration\n after:\n password:\n hooks:\n - hook: session\n webauthn:\n hooks:\n - hook: session\n passkey:\n hooks:\n - hook: session\n login:\n ui_url: http://localhost:4455/login\n error:\n ui_url: http://localhost:4455/error\n verification:\n ui_url: http://localhost:4455/verify\n recovery:\n ui_url: http://localhost:4455/recovery\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n cipher:\n - 32-LONG-SECRET-NOT-SECURE-AT-ALL\n\nciphers:\n algorithm: xchacha20-poly1305\n\nhashers:\n algorithm: bcrypt\n bcrypt:\n cost: 8\n\nidentity:\n schemas:\n - id: default\n url: file://contrib/quickstart/kratos/passkey/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "contrib/quickstart/kratos/phone-password/identity.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/phone-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"email\"\n }\n },\n \"verification\": {\n \"via\": \"email\"\n }\n }\n },\n \"phone\": {\n \"type\": \"string\",\n \"format\": \"tel\",\n \"title\": \"Phone number\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"sms\"\n }\n }\n }\n },\n \"required\": [\"email\", \"phone\"],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "contrib/quickstart/kratos/phone-password/kratos.yml", "content": "version: v0.13.0\n\ndsn: memory\n\nserve:\n public:\n base_url: http://127.0.0.1:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://127.0.0.1:4455/welcome\n allowed_return_urls:\n - http://127.0.0.1:4455\n - http://localhost:19006/Callback\n - exp://localhost:8081/--/Callback\n\n methods:\n password:\n enabled: true\n totp:\n config:\n issuer: Kratos\n enabled: true\n lookup_secret:\n enabled: true\n link:\n enabled: true\n code:\n enabled: true\n\n flows:\n error:\n ui_url: http://127.0.0.1:4455/error\n\n settings:\n ui_url: http://127.0.0.1:4455/settings\n privileged_session_max_age: 15m\n required_aal: highest_available\n\n recovery:\n enabled: true\n ui_url: http://127.0.0.1:4455/recovery\n use: code\n\n verification:\n enabled: true\n ui_url: http://127.0.0.1:4455/verification\n use: code\n after:\n default_browser_return_url: http://127.0.0.1:4455/welcome\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/login\n\n login:\n ui_url: http://127.0.0.1:4455/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://127.0.0.1:4455/registration\n after:\n password:\n hooks:\n - hook: session\n - hook: show_verification_ui\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n cipher:\n - 32-LONG-SECRET-NOT-SECURE-AT-ALL\n\nciphers:\n algorithm: xchacha20-poly1305\n\nhashers:\n algorithm: bcrypt\n bcrypt:\n cost: 8\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: file:///etc/config/kratos/identity.schema.json\n\ncourier:\n channels:\n - id: sms\n type: http\n request_config:\n url: https://api.twilio.com/2010-04-01/Accounts/AXXXXXXXXXXXXXX/Messages.json\n method: POST\n body: base64://ZnVuY3Rpb24oY3R4KSB7ClRvOiBjdHguUmVjaXBpZW50LApCb2R5OiBjdHguQm9keSwKfQ==\n headers:\n Content-Type: application/x-www-form-urlencoded\n auth:\n type: basic_auth\n config:\n user: AXXXXXXX\n password: XXXX\n\nfeature_flags:\n use_continue_with_transitions: true\n" }, { "path": "contrib/quickstart/kratos/webauthn/identity.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n },\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"title\": \"First Name\",\n \"type\": \"string\"\n },\n \"last\": {\n \"title\": \"Last Name\",\n \"type\": \"string\"\n }\n }\n }\n },\n \"required\": [\"email\"],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "contrib/quickstart/kratos/webauthn/kratos.yml", "content": "version: v0.13.0\n\ndsn: memory\n\nserve:\n public:\n base_url: http://localhost:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://localhost:4455/welcome\n allowed_return_urls:\n - http://localhost:4455\n\n methods:\n password:\n enabled: false\n totp:\n config:\n issuer: Kratos\n enabled: true\n lookup_secret:\n enabled: true\n link:\n enabled: true\n code:\n enabled: true\n webauthn:\n config:\n passwordless: true\n rp:\n display_name: Your Application name\n # Set 'id' to the top-level domain.\n id: localhost\n # Set 'origin' to the exact URL of the page that prompts the user to use WebAuthn. You must include the scheme, host, and port.\n origin: http://localhost:4455\n enabled: true\n\n flows:\n error:\n ui_url: http://localhost:4455/error\n\n settings:\n ui_url: http://localhost:4455/settings\n privileged_session_max_age: 15m\n required_aal: highest_available\n\n recovery:\n enabled: true\n ui_url: http://localhost:4455/recovery\n use: code\n\n verification:\n enabled: true\n ui_url: http://localhost:4455/verification\n use: code\n after:\n default_browser_return_url: http://localhost:4455/welcome\n\n logout:\n after:\n default_browser_return_url: http://localhost:4455/login\n\n login:\n ui_url: http://localhost:4455/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://localhost:4455/registration\n after:\n password:\n hooks:\n - hook: session\n - hook: show_verification_ui\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n cipher:\n - 32-LONG-SECRET-NOT-SECURE-AT-ALL\n\nciphers:\n algorithm: xchacha20-poly1305\n\nhashers:\n algorithm: bcrypt\n bcrypt:\n cost: 8\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: file:///etc/config/kratos/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "contrib/quickstart/oathkeeper/access-rules.yml", "content": "-\n id: \"ory:kratos:public\"\n upstream:\n preserve_host: true\n url: \"http://kratos:4433\"\n strip_path: /.ory/kratos/public\n match:\n url: \"http://127.0.0.1:4455/.ory/kratos/public/<**>\"\n methods:\n - GET\n - POST\n - PUT\n - DELETE\n - PATCH\n authenticators:\n -\n handler: noop\n authorizer:\n handler: allow\n mutators:\n - handler: noop\n\n-\n id: \"ory:kratos-selfservice-ui-node:anonymous\"\n upstream:\n preserve_host: true\n url: \"http://kratos-selfservice-ui-node:4435\"\n match:\n url: \"http://127.0.0.1:4455/<{registration,welcome,recovery,verification,login,error,health/{alive,ready},**.css,**.js,**.png,**.svg,**.woff*}>\"\n methods:\n - GET\n authenticators:\n -\n handler: anonymous\n authorizer:\n handler: allow\n mutators:\n -\n handler: noop\n\n-\n id: \"ory:kratos-selfservice-ui-node:protected\"\n upstream:\n preserve_host: true\n url: \"http://kratos-selfservice-ui-node:4435\"\n match:\n url: \"http://127.0.0.1:4455/<{sessions,settings}>\"\n methods:\n - GET\n authenticators:\n -\n handler: cookie_session\n authorizer:\n handler: allow\n mutators:\n - handler: id_token\n errors:\n - handler: redirect\n config:\n to: http://127.0.0.1:4455/login\n" }, { "path": "contrib/quickstart/oathkeeper/id_token.jwks.json", "content": "{\n \"keys\": [\n {\n \"use\": \"sig\",\n \"kty\": \"RSA\",\n \"kid\": \"a2aa9739-d753-4a0d-87ee-61f101050277\",\n \"alg\": \"RS256\",\n \"n\": \"zpjSl0ySsdk_YC4ZJYYV-cSznWkzndTo0lyvkYmeBkW60YHuHzXaviHqonY_DjFBdnZC0Vs_QTWmBlZvPzTp4Oni-eOetP-Ce3-B8jkGWpKFOjTLw7uwR3b3jm_mFNiz1dV_utWiweqx62Se0SyYaAXrgStU8-3P2Us7_kz5NnBVL1E7aEP40aB7nytLvPhXau-YhFmUfgykAcov0QrnNY0DH0eTcwL19UysvlKx6Uiu6mnbaFE1qx8X2m2xuLpErfiqj6wLCdCYMWdRTHiVsQMtTzSwuPuXfH7J06GTo3I1cEWN8Mb-RJxlosJA_q7hEd43yYisCO-8szX0lgCasw\",\n \"e\": \"AQAB\",\n \"d\": \"x3dfY_rna1UQTmFToBoMn6Edte47irhkra4VSNPwwaeTTvI-oN2TO51td7vo91_xD1nw-0c5FFGi4V2UfRcudBv9LD1rHt_O8EPUh7QtAUeT3_XXgjx1Xxpqu5goMZpkTyGZ-B6JzOY3L8lvWQ_Qeia1EXpvxC-oTOjJnKZeuwIPlcoNKMRU-mIYOnkRFfnUvrDm7N9UZEp3PfI3vhE9AquP1PEvz5KTUYkubsfmupqqR6FmMUm6ulGT7guhBw9A3vxIYbYGKvXLdBvn68mENrEYxXrwmu6ITMh_y208M5rC-hgEHIAIvMu1aVW6jNgyQTunsGST3UyrSbwjI0K9UQ\",\n \"p\": \"77fDvnfHRFEgyi7mh0c6fAdtMEMJ05W8NwTG_D-cSwfWipfTwJJrroWoRwEgdAg5AWGq-MNUzrubTVXoJdC2T4g1o-VRZkKKYoMvav3CvOIMzCBxBs9I_GAKr5NCSk7maksMqiCTMhmkoZ5RPuMYMY_YzxKNAbjBd9qFLfaVAqs\",\n \"q\": \"3KEmPA2XQkf7dvtpY1Xkp1IfMV_UBdmYk7J6dB5BYqzviQWdEFvWaSATJ_7qV1dw0JDZynOgipp8gvoL-RepfjtArhPz41wB3J2xmBYrBr1sJ-x5eqAvMkQk2bd5KTor44e79TRIkmkFYAIdUQ5JdVXPA13S8WUZfb_bAbwaCBk\",\n \"dp\": \"5uyy32AJkNFKchqeLsE6INMSp0RdSftbtfCfM86fZFQno5lA_qjOnO_avJPkTILDT4ZjqoKYxxJJOEXCffNCPPltGvbE5GrDXsUbP8k2-LgWNeoml7XFjIGEqcCFQoohQ1IK4DTDN6cmRh76C0e_Pbdh15D6TydJEIlsdGuu_kM\",\n \"dq\": \"aegFNYCEojFxeTzX6vIZL2RRSt8oJKK-Be__reu0EUzYMtr5-RdMhev6phFMph54LfXKRc9ZOg9MQ4cJ5klAeDKzKpyzTukkj6U20b2aa8LTvxpZec6YuTVSxxu2Ul71IGRQijTNvVIiXWLGddk409Ub6Q7JqkyQfvdwhpWnnUk\",\n \"qi\": \"P68-EwgcRy9ce_PZ75c909cU7dzCiaGcTX1psJiXmQAFBcG0msWfsyHGbllOZG27pKde78ORGJDYDNk1FqTwsogZyCP87EiBmOoqXWnMvKYfJ1DOx7x42LMAGwMD3bgQj9jgRACxFJG4n3NI6uFlFruyl_CLQzwW_rQFHshLK7Q\"\n }\n ]\n}\n" }, { "path": "contrib/quickstart/oathkeeper/oathkeeper.yml", "content": "log:\n level: debug\n format: json\n\nserve:\n proxy:\n cors:\n enabled: true\n allowed_origins:\n - \"*\"\n allowed_methods:\n - POST\n - GET\n - PUT\n - PATCH\n - DELETE\n allowed_headers:\n - Authorization\n - Content-Type\n exposed_headers:\n - Content-Type\n allow_credentials: true\n debug: true\n\nerrors:\n fallback:\n - json\n\n handlers:\n redirect:\n enabled: true\n config:\n to: http://127.0.0.1:4455/login\n when:\n -\n error:\n - unauthorized\n - forbidden\n request:\n header:\n accept:\n - text/html\n json:\n enabled: true\n config:\n verbose: true\n\naccess_rules:\n matching_strategy: glob\n repositories:\n - file:///etc/config/oathkeeper/access-rules.yml\n\nauthenticators:\n anonymous:\n enabled: true\n config:\n subject: guest\n\n cookie_session:\n enabled: true\n config:\n check_session_url: http://kratos:4433/sessions/whoami\n preserve_path: true\n extra_from: \"@this\"\n subject_from: \"identity.id\"\n only:\n - ory_kratos_session\n\n noop:\n enabled: true\n\nauthorizers:\n allow:\n enabled: true\n\nmutators:\n noop:\n enabled: true\n\n id_token:\n enabled: true\n config:\n issuer_url: http://127.0.0.1:4455/\n jwks_url: file:///etc/config/oathkeeper/id_token.jwks.json\n claims: |\n {\n \"session\": {{ .Extra | toJson }}\n }\n" }, { "path": "corpx/faker.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// #nosec G404 -- used in tests only\npackage corpx\n\nimport (\n\t\"math/rand\"\n\t\"net/http\"\n\t\"reflect\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-faker/faker/v4\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/selfservice/flow\"\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/kratos/ui/node\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/randx\"\n)\n\nvar setup sync.Once\n\nfunc RegisterFakes() {\n\tsetup.Do(registerFakes)\n}\n\nfunc registerFakes() {\n\t_ = faker.SetRandomMapAndSliceSize(4)\n\n\tif err := faker.AddProvider(\"ptr_geo_location\", func(v reflect.Value) (interface{}, error) {\n\t\treturn new(\"Munich, Germany\"), nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"ptr_ipv4\", func(v reflect.Value) (interface{}, error) {\n\t\treturn new(faker.IPv4()), nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"birthdate\", func(v reflect.Value) (interface{}, error) {\n\t\treturn time.Now().Add(time.Duration(rand.Int())).Round(time.Second).UTC(), nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"time_types\", func(v reflect.Value) (interface{}, error) {\n\t\tes := make([]time.Time, rand.Intn(5))\n\t\tfor k := range es {\n\t\t\tes[k] = time.Now().Add(time.Duration(rand.Int())).Round(time.Second).UTC()\n\t\t}\n\t\treturn es, nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"http_header\", func(v reflect.Value) (interface{}, error) {\n\t\theaders := http.Header{}\n\t\tfor i := 0; i <= rand.Intn(5); i++ {\n\t\t\tvalues := make([]string, rand.Intn(4)+1)\n\t\t\tfor k := range values {\n\t\t\t\tvalues[k] = randx.MustString(8, randx.AlphaNum)\n\t\t\t}\n\t\t\theaders[randx.MustString(8, randx.AlphaNum)] = values\n\t\t}\n\n\t\treturn headers, nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"http_method\", func(v reflect.Value) (interface{}, error) {\n\t\tmethods := []string{\"POST\", \"PUT\", \"GET\", \"PATCH\"}\n\t\treturn methods[rand.Intn(len(methods))], nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"identity_credentials_type\", func(v reflect.Value) (interface{}, error) {\n\t\tmethods := []identity.CredentialsType{identity.CredentialsTypePassword, identity.CredentialsTypePassword}\n\t\treturn string(methods[rand.Intn(len(methods))]), nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"string\", func(v reflect.Value) (interface{}, error) {\n\t\treturn randx.MustString(25, randx.AlphaNum), nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"time_type\", func(v reflect.Value) (interface{}, error) {\n\t\treturn time.Now().Add(time.Duration(rand.Int())).Round(time.Second).UTC(), nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"ui_node_attributes\", func(v reflect.Value) (interface{}, error) {\n\t\tvar a node.Attributes\n\t\tswitch rand.Intn(4) {\n\t\tcase 0:\n\t\t\ta = new(node.InputAttributes)\n\t\tcase 1:\n\t\t\ta = new(node.ImageAttributes)\n\t\tcase 2:\n\t\t\ta = new(node.AnchorAttributes)\n\t\tcase 3:\n\t\t\ta = new(node.TextAttributes)\n\t\t}\n\n\t\tif err := faker.FakeData(a); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn a, nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"uuid\", func(v reflect.Value) (interface{}, error) {\n\t\treturn x.NewUUID(), nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"identity\", func(v reflect.Value) (interface{}, error) {\n\t\tvar i identity.Identity\n\t\treturn &i, faker.FakeData(&i)\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"flow_type\", func(v reflect.Value) (interface{}, error) {\n\t\tif rand.Intn(2) == 0 {\n\t\t\treturn flow.TypeAPI, nil\n\t\t}\n\t\treturn flow.TypeBrowser, nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"session_device\", func(v reflect.Value) (interface{}, error) {\n\t\tvar d session.Device\n\t\treturn &d, faker.FakeData(&d)\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := faker.AddProvider(\"aal_type\", func(v reflect.Value) (interface{}, error) {\n\t\treturn \"aal1\", nil\n\t}); err != nil {\n\t\tpanic(err)\n\t}\n}\n" }, { "path": "courier/.snapshots/TestHandler-handler=getCourierMessage-case=returns_an_error_if_no_message_is_found-endpoint=admin.json", "content": "{\n \"error\": {\n \"code\": 404,\n \"status\": \"Not Found\",\n \"message\": \"Unable to locate the resource\"\n }\n}\n" }, { "path": "courier/.snapshots/TestHandler-handler=getCourierMessage-case=returns_an_error_if_no_message_is_found-endpoint=public.json", "content": "{\n \"error\": {\n \"code\": 404,\n \"status\": \"Not Found\",\n \"message\": \"Unable to locate the resource\"\n }\n}\n" }, { "path": "courier/.snapshots/TestHandler-handler=getCourierMessage-case=returns_an_error_if_parameter_is_malformed-endpoint=admin.json", "content": "{\n \"error\": {\n \"code\": 400,\n \"status\": \"Bad Request\",\n \"message\": \"uuid: incorrect UUID length 10 in string \\\"not-a-uuid\\\"\"\n }\n}\n" }, { "path": "courier/.snapshots/TestHandler-handler=getCourierMessage-case=returns_an_error_if_parameter_is_malformed-endpoint=public.json", "content": "{\n \"error\": {\n \"code\": 400,\n \"status\": \"Bad Request\",\n \"message\": \"uuid: incorrect UUID length 10 in string \\\"not-a-uuid\\\"\"\n }\n}\n" }, { "path": "courier/channel.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n)\n\ntype Channel interface {\n\tID() string\n\tDispatch(ctx context.Context, msg Message) error\n}\n" }, { "path": "courier/courier.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/cenkalti/backoff\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/jsonnetsecure\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/driver/config\"\n)\n\ntype (\n\tDependencies interface {\n\t\tPersistenceProvider\n\t\totelx.Provider\n\t\tlogrusx.Provider\n\t\tConfigProvider\n\t\thttpx.ClientProvider\n\t\tjsonnetsecure.VMProvider\n\t}\n\n\tCourier interface {\n\t\tWork(ctx context.Context) error\n\t\tQueueEmail(ctx context.Context, t EmailTemplate) (uuid.UUID, error)\n\t\tQueueSMS(ctx context.Context, t SMSTemplate) (uuid.UUID, error)\n\t\tDispatchQueue(ctx context.Context) error\n\t\tDispatchMessage(ctx context.Context, msg Message) error\n\t\tUseBackoff(b backoff.BackOff)\n\t\tFailOnDispatchError()\n\t}\n\n\tProvider interface {\n\t\tCourier(ctx context.Context) (Courier, error)\n\t}\n\n\tConfigProvider interface {\n\t\tCourierConfig() config.CourierConfigs\n\t}\n\n\tcourier struct {\n\t\tdeps Dependencies\n\t\tfailOnDispatchError bool\n\t\tbackoff backoff.BackOff\n\t\tnewEmailTemplateFromMessage func(d template.Dependencies, msg Message) (EmailTemplate, error)\n\t}\n)\n\nfunc NewCourier(ctx context.Context, deps Dependencies) (Courier, error) {\n\treturn NewCourierWithCustomTemplates(ctx, deps, NewEmailTemplateFromMessage)\n}\n\nfunc NewCourierWithCustomTemplates(_ context.Context, deps Dependencies, newEmailTemplateFromMessage func(d template.Dependencies, msg Message) (EmailTemplate, error)) (Courier, error) {\n\treturn &courier{\n\t\tdeps: deps,\n\t\tbackoff: backoff.NewExponentialBackOff(),\n\t\tnewEmailTemplateFromMessage: newEmailTemplateFromMessage,\n\t}, nil\n}\n\nfunc (c *courier) FailOnDispatchError() {\n\tc.failOnDispatchError = true\n}\n\nfunc (c *courier) Work(ctx context.Context) error {\n\terrChan := make(chan error)\n\tdefer close(errChan)\n\n\tgo c.watchMessages(ctx, errChan)\n\n\tselect {\n\tcase <-ctx.Done():\n\t\tif errors.Is(ctx.Err(), context.Canceled) {\n\t\t\treturn nil\n\t\t}\n\t\treturn ctx.Err()\n\tcase err := <-errChan:\n\t\treturn errors.WithStack(err)\n\t}\n}\n\nfunc (c *courier) UseBackoff(b backoff.BackOff) {\n\tc.backoff = b\n}\n\nfunc (c *courier) watchMessages(ctx context.Context, errChan chan error) {\n\twait := c.deps.CourierConfig().CourierWorkerPullWait(ctx)\n\tc.backoff.Reset()\n\tfor {\n\t\tif err := backoff.Retry(func() error {\n\t\t\treturn c.DispatchQueue(ctx)\n\t\t}, c.backoff); err != nil {\n\t\t\terrChan <- errors.WithStack(err)\n\t\t\treturn\n\t\t}\n\t\ttime.Sleep(wait)\n\t}\n}\n" }, { "path": "courier/courier_dispatcher.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/kratos/x/events\"\n\t\"github.com/ory/x/otelx\"\n)\n\nfunc (c *courier) channels(ctx context.Context, id string) (Channel, error) {\n\tcs, err := c.deps.CourierConfig().CourierChannels(ctx)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tfor _, channel := range cs {\n\t\tif channel.ID != id {\n\t\t\tcontinue\n\t\t}\n\t\tswitch channel.Type {\n\t\tcase \"smtp\":\n\t\t\tcourierChannel, err := NewSMTPChannelWithCustomTemplates(c.deps, channel.SMTPConfig, c.newEmailTemplateFromMessage)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\treturn courierChannel, nil\n\t\tcase \"http\":\n\t\t\treturn newHttpChannel(channel.ID, &channel.RequestConfig, c.deps), nil\n\t\tdefault:\n\t\t\treturn nil, errors.Errorf(\"unknown courier channel type: %s\", channel.Type)\n\t\t}\n\t}\n\n\treturn nil, errors.Errorf(\"no courier channels configured for: %s\", id)\n}\n\nfunc (c *courier) DispatchMessage(ctx context.Context, msg Message) (err error) {\n\tctx, span := c.deps.Tracer(ctx).Tracer().Start(ctx, \"courier.DispatchMessage\", trace.WithAttributes(\n\t\tattribute.Stringer(\"message.id\", msg.ID),\n\t\tattribute.Stringer(\"message.nid\", msg.NID),\n\t\tattribute.Stringer(\"message.type\", msg.Type),\n\t\tattribute.String(\"message.template_type\", string(msg.TemplateType)),\n\t\tattribute.Int(\"message.send_count\", msg.SendCount),\n\t))\n\tdefer otelx.End(span, &err)\n\n\tlogger := c.deps.Logger().\n\t\tWithField(\"message_id\", msg.ID).\n\t\tWithField(\"message_nid\", msg.NID).\n\t\tWithField(\"message_type\", msg.Type).\n\t\tWithField(\"message_template_type\", msg.TemplateType).\n\t\tWithField(\"message_subject\", msg.Subject).\n\t\tWithField(\"trace_id\", span.SpanContext().TraceID())\n\n\tif err := c.deps.CourierPersister().IncrementMessageSendCount(ctx, msg.ID); err != nil {\n\t\tlogger.\n\t\t\tWithError(err).\n\t\t\tError(`Unable to increment the message's \"send_count\" field`)\n\t\treturn err\n\t}\n\n\tchannel, err := c.channels(ctx, msg.Channel.String())\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tspan.SetAttributes(attribute.String(\"channel.id\", channel.ID()))\n\tlogger = logger.\n\t\tWithField(\"channel\", channel.ID())\n\n\tif err := channel.Dispatch(ctx, msg); err != nil {\n\t\treturn err\n\t}\n\tspan.AddEvent(events.NewCourierMessageDispatched(ctx, msg.ID, msg.Channel.String(), string(msg.TemplateType)))\n\n\tif err := c.deps.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusSent); err != nil {\n\t\tlogger.\n\t\t\tWithError(err).\n\t\t\tError(`Unable to set the message status to \"sent\".`)\n\t\treturn err\n\t}\n\n\tdispatchDuration := time.Since(msg.CreatedAt).Milliseconds()\n\tlogger.WithField(\"dispatch_duration_ms\", dispatchDuration).Debug(\"Courier sent out message.\")\n\n\treturn nil\n}\n\nfunc (c *courier) DispatchQueue(ctx context.Context) (err error) {\n\tctx, span := c.deps.Tracer(ctx).Tracer().Start(ctx, \"courier.DispatchQueue\")\n\tdefer otelx.End(span, &err)\n\tmaxRetries := c.deps.CourierConfig().CourierMessageRetries(ctx)\n\tpullCount := c.deps.CourierConfig().CourierWorkerPullCount(ctx)\n\n\t//nolint:gosec // disable G115\n\tmessages, err := c.deps.CourierPersister().NextMessages(ctx, uint8(pullCount))\n\tif err != nil {\n\t\tif errors.Is(err, ErrQueueEmpty) {\n\t\t\treturn nil\n\t\t}\n\t\treturn err\n\t}\n\tspan.SetAttributes(attribute.Int(\"messages_count\", len(messages)))\n\n\tfor k, msg := range messages {\n\t\tlogger := c.deps.Logger().\n\t\t\tWithField(\"message_id\", msg.ID).\n\t\t\tWithField(\"message_nid\", msg.NID).\n\t\t\tWithField(\"message_type\", msg.Type).\n\t\t\tWithField(\"message_template_type\", msg.TemplateType).\n\t\t\tWithField(\"message_subject\", msg.Subject)\n\n\t\tif msg.SendCount > maxRetries {\n\t\t\tif err := c.deps.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusAbandoned); err != nil {\n\t\t\t\tlogger.\n\t\t\t\t\tWithError(err).\n\t\t\t\t\tError(`Unable to set the retried message's status to \"abandoned\".`)\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tspan.AddEvent(events.NewCourierMessageAbandoned(ctx, msg.ID, msg.Channel.String(), string(msg.TemplateType)))\n\n\t\t\t// Skip the message\n\t\t\tlogger.\n\t\t\t\tWarnf(`Message was abandoned because it did not deliver after %d attempts`, msg.SendCount)\n\t\t} else if err := c.DispatchMessage(ctx, msg); err != nil {\n\t\t\tlogger.\n\t\t\t\tWithError(err).\n\t\t\t\tWarn(`Unable to dispatch message.`)\n\t\t\tif err := c.deps.CourierPersister().RecordDispatch(ctx, msg.ID, CourierMessageDispatchStatusFailed, err); err != nil {\n\t\t\t\tlogger.\n\t\t\t\t\tWithError(err).\n\t\t\t\t\tError(`Unable to record failure log entry.`)\n\t\t\t\tif c.failOnDispatchError {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfor _, replace := range messages[k:] {\n\t\t\t\tif err := c.deps.CourierPersister().SetMessageStatus(ctx, replace.ID, MessageStatusQueued); err != nil {\n\t\t\t\t\tlogger.\n\t\t\t\t\t\tWithError(err).\n\t\t\t\t\t\tError(`Unable to reset the failed message's status to \"queued\".`)\n\t\t\t\t\tif c.failOnDispatchError {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif c.failOnDispatchError {\n\t\t\t\treturn err\n\t\t\t}\n\t\t} else if err := c.deps.CourierPersister().RecordDispatch(ctx, msg.ID, CourierMessageDispatchStatusSuccess, nil); err != nil {\n\t\t\tlogger.\n\t\t\t\tWithError(err).\n\t\t\t\tError(`Unable to record success log entry.`)\n\t\t\t// continue with execution, as the message was successfully dispatched\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "courier/courier_dispatcher_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/kratos/courier\"\n\ttemplates \"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/x/configx\"\n)\n\nfunc queueNewMessage(t *testing.T, c courier.Courier) uuid.UUID {\n\tt.Helper()\n\tid, err := c.QueueEmail(t.Context(), templates.NewTestStub(&templates.TestStubModel{\n\t\tTo: \"test-recipient-1@example.org\",\n\t\tSubject: \"test-subject-1\",\n\t\tBody: \"test-body-1\",\n\t}))\n\trequire.NoError(t, err)\n\treturn id\n}\n\nfunc TestDispatchMessageWithInvalidSMTP(t *testing.T) {\n\t_, reg := pkg.NewRegistryDefaultWithDSN(t, \"\", configx.WithValues(map[string]any{\n\t\tconfig.ViperKeyCourierMessageRetries: 5,\n\t\tconfig.ViperKeyCourierSMTPURL: \"http://foo.url\",\n\t}))\n\n\tc, err := reg.Courier(t.Context())\n\trequire.NoError(t, err)\n\n\tt.Run(\"case=failed sending\", func(t *testing.T) {\n\t\tid := queueNewMessage(t, c)\n\t\tmessage, err := reg.CourierPersister().LatestQueuedMessage(t.Context())\n\t\trequire.NoError(t, err)\n\t\trequire.Equal(t, id, message.ID)\n\n\t\terr = c.DispatchMessage(t.Context(), *message)\n\t\t// sending the email fails, because there is no SMTP server at foo.url\n\t\trequire.Error(t, err)\n\n\t\tmessages, err := reg.CourierPersister().NextMessages(t.Context(), 10)\n\t\trequire.NoError(t, err)\n\t\trequire.Len(t, messages, 1)\n\t})\n}\n\nfunc TestDispatchMessage(t *testing.T) {\n\t_, reg := pkg.NewRegistryDefaultWithDSN(t, \"\", configx.WithValues(map[string]any{\n\t\tconfig.ViperKeyCourierMessageRetries: 5,\n\t\tconfig.ViperKeyCourierSMTPURL: \"http://foo.url\",\n\t}))\n\n\tc, err := reg.Courier(t.Context())\n\trequire.NoError(t, err)\n\tt.Run(\"case=invalid channel\", func(t *testing.T) {\n\t\tmessage := courier.Message{\n\t\t\tChannel: \"invalid-channel\",\n\t\t\tStatus: courier.MessageStatusQueued,\n\t\t\tType: courier.MessageTypeEmail,\n\t\t\tRecipient: testhelpers.RandomEmail(),\n\t\t\tSubject: \"test-subject-1\",\n\t\t\tBody: \"test-body-1\",\n\t\t\tTemplateType: \"stub\",\n\t\t}\n\t\trequire.NoError(t, reg.CourierPersister().AddMessage(t.Context(), &message))\n\t\tassert.ErrorContains(t, c.DispatchMessage(t.Context(), message), \"no courier channels configured for: invalid-channel\")\n\t})\n}\n\nfunc TestDispatchQueue(t *testing.T) {\n\t_, reg := pkg.NewRegistryDefaultWithDSN(t, \"\", configx.WithValue(config.ViperKeyCourierMessageRetries, 1))\n\n\tc, err := reg.Courier(t.Context())\n\trequire.NoError(t, err)\n\tc.FailOnDispatchError()\n\n\tid := queueNewMessage(t, c)\n\trequire.NotEqual(t, uuid.Nil, id)\n\n\t// Fails to deliver the first time\n\terr = c.DispatchQueue(t.Context())\n\trequire.Error(t, err)\n\n\t// Retry once, as we set above - still fails\n\terr = c.DispatchQueue(t.Context())\n\trequire.Error(t, err)\n\n\t// Now it has been retried once, which means 2 > 1 is true and it is no longer tried\n\terr = c.DispatchQueue(t.Context())\n\trequire.NoError(t, err)\n\n\tvar message courier.Message\n\terr = reg.Persister().GetConnection(t.Context()).\n\t\tWhere(\"status = ?\", courier.MessageStatusAbandoned).\n\t\tEager(\"Dispatches\").\n\t\tFirst(&message)\n\n\trequire.NoError(t, err)\n\trequire.Equal(t, id, message.ID)\n\n\trequire.Len(t, message.Dispatches, 2)\n\trequire.Contains(t, gjson.GetBytes(message.Dispatches[0].Error, \"reason\").String(), \"failed to send email via smtp\")\n\trequire.Contains(t, gjson.GetBytes(message.Dispatches[1].Error, \"reason\").String(), \"failed to send email via smtp\")\n}\n" }, { "path": "courier/email_templates.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/courier/template/email\"\n)\n\ntype (\n\tTemplate interface {\n\t\tjson.Marshaler\n\t\tTemplateType() template.TemplateType\n\t}\n\n\tEmailTemplate interface {\n\t\tTemplate\n\t\tEmailSubject(context.Context) (string, error)\n\t\tEmailBody(context.Context) (string, error)\n\t\tEmailBodyPlaintext(context.Context) (string, error)\n\t\tEmailRecipient() (string, error)\n\t}\n\n\tRequestHeadersCarrier interface {\n\t\tRequestHeaders() http.Header\n\t}\n)\n\nfunc NewEmailTemplateFromMessage(d template.Dependencies, msg Message) (EmailTemplate, error) {\n\tswitch msg.TemplateType {\n\tcase template.TypeRecoveryInvalid:\n\t\tvar t email.RecoveryInvalidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewRecoveryInvalid(d, &t), nil\n\tcase template.TypeRecoveryValid:\n\t\tvar t email.RecoveryValidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewRecoveryValid(d, &t), nil\n\tcase template.TypeRecoveryCodeInvalid:\n\t\tvar t email.RecoveryCodeInvalidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewRecoveryCodeInvalid(d, &t), nil\n\tcase template.TypeRecoveryCodeValid:\n\t\tvar t email.RecoveryCodeValidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewRecoveryCodeValid(d, &t), nil\n\tcase template.TypeVerificationInvalid:\n\t\tvar t email.VerificationInvalidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewVerificationInvalid(d, &t), nil\n\tcase template.TypeVerificationValid:\n\t\tvar t email.VerificationValidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewVerificationValid(d, &t), nil\n\tcase template.TypeVerificationCodeInvalid:\n\t\tvar t email.VerificationCodeInvalidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewVerificationCodeInvalid(d, &t), nil\n\tcase template.TypeVerificationCodeValid:\n\t\tvar t email.VerificationCodeValidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewVerificationCodeValid(d, &t), nil\n\tcase template.TypeTestStub:\n\t\tvar t email.TestStubModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewTestStub(&t), nil\n\tcase template.TypeLoginCodeValid:\n\t\tvar t email.LoginCodeValidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewLoginCodeValid(d, &t), nil\n\tcase template.TypeRegistrationCodeValid:\n\t\tvar t email.RegistrationCodeValidModel\n\t\tif err := json.Unmarshal(msg.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn email.NewRegistrationCodeValid(d, &t), nil\n\tdefault:\n\t\treturn nil, errors.Errorf(\"received unexpected message template type: %s\", msg.TemplateType)\n\t}\n}\n" }, { "path": "courier/email_templates_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestNewEmailTemplateFromMessage(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tctx := context.Background()\n\n\tfor tmplType, expectedTmpl := range map[template.TemplateType]courier.EmailTemplate{\n\t\ttemplate.TypeRecoveryInvalid: email.NewRecoveryInvalid(reg, &email.RecoveryInvalidModel{To: \"foo\"}),\n\t\ttemplate.TypeRecoveryValid: email.NewRecoveryValid(reg, &email.RecoveryValidModel{To: \"bar\", RecoveryURL: \"http://foo.bar\"}),\n\t\ttemplate.TypeRecoveryCodeValid: email.NewRecoveryCodeValid(reg, &email.RecoveryCodeValidModel{To: \"bar\", RecoveryCode: \"12345678\"}),\n\t\ttemplate.TypeRecoveryCodeInvalid: email.NewRecoveryCodeInvalid(reg, &email.RecoveryCodeInvalidModel{To: \"bar\"}),\n\t\ttemplate.TypeVerificationInvalid: email.NewVerificationInvalid(reg, &email.VerificationInvalidModel{To: \"baz\"}),\n\t\ttemplate.TypeVerificationValid: email.NewVerificationValid(reg, &email.VerificationValidModel{To: \"faz\", VerificationURL: \"http://bar.foo\"}),\n\t\ttemplate.TypeVerificationCodeInvalid: email.NewVerificationCodeInvalid(reg, &email.VerificationCodeInvalidModel{To: \"baz\"}),\n\t\ttemplate.TypeVerificationCodeValid: email.NewVerificationCodeValid(reg, &email.VerificationCodeValidModel{To: \"faz\", VerificationURL: \"http://bar.foo\", VerificationCode: \"123456678\"}),\n\t\ttemplate.TypeTestStub: email.NewTestStub(&email.TestStubModel{To: \"far\", Subject: \"test subject\", Body: \"test body\"}),\n\t\ttemplate.TypeLoginCodeValid: email.NewLoginCodeValid(reg, &email.LoginCodeValidModel{To: \"far\", LoginCode: \"123456\"}),\n\t\ttemplate.TypeRegistrationCodeValid: email.NewRegistrationCodeValid(reg, &email.RegistrationCodeValidModel{To: \"far\", RegistrationCode: \"123456\"}),\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%s\", tmplType), func(t *testing.T) {\n\t\t\ttmplData, err := json.Marshal(expectedTmpl)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tm := courier.Message{TemplateType: tmplType, TemplateData: tmplData}\n\t\t\tactualTmpl, err := courier.NewEmailTemplateFromMessage(reg, m)\n\t\t\trequire.NoError(t, err)\n\n\t\t\trequire.IsType(t, expectedTmpl, actualTmpl)\n\n\t\t\texpectedRecipient, err := expectedTmpl.EmailRecipient()\n\t\t\trequire.NoError(t, err)\n\t\t\tactualRecipient, err := actualTmpl.EmailRecipient()\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, expectedRecipient, actualRecipient)\n\n\t\t\texpectedSubject, err := expectedTmpl.EmailSubject(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tactualSubject, err := actualTmpl.EmailSubject(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, expectedSubject, actualSubject)\n\n\t\t\texpectedBody, err := expectedTmpl.EmailBody(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tactualBody, err := actualTmpl.EmailBody(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, expectedBody, actualBody)\n\n\t\t\texpectedBodyPlaintext, err := expectedTmpl.EmailBodyPlaintext(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tactualBodyPlaintext, err := actualTmpl.EmailBodyPlaintext(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, expectedBodyPlaintext, actualBodyPlaintext)\n\t\t})\n\t}\n}\n" }, { "path": "courier/handler.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/x/nosurfx\"\n\t\"github.com/ory/kratos/x/redir\"\n\t\"github.com/ory/x/httprouterx\"\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/logrusx\"\n\tkeysetpagination \"github.com/ory/x/pagination/keysetpagination_v2\"\n)\n\nconst (\n\tAdminRouteCourier = \"/courier\"\n\tAdminRouteListMessages = AdminRouteCourier + \"/messages\"\n\tAdminRouteGetMessage = AdminRouteCourier + \"/messages/{msgID}\"\n)\n\ntype (\n\thandlerDependencies interface {\n\t\thttpx.WriterProvider\n\t\tlogrusx.Provider\n\t\tnosurfx.CSRFProvider\n\t\tPersistenceProvider\n\t\tconfig.Provider\n\t}\n\tHandler struct {\n\t\tr handlerDependencies\n\t}\n\tHandlerProvider interface {\n\t\tCourierHandler() *Handler\n\t}\n)\n\nfunc NewHandler(r handlerDependencies) *Handler {\n\treturn &Handler{r: r}\n}\n\nfunc (h *Handler) RegisterPublicRoutes(public *httprouterx.RouterPublic) {\n\th.r.CSRFHandler().IgnoreGlobs(httprouterx.AdminPrefix+AdminRouteListMessages, AdminRouteListMessages)\n\tpublic.GET(httprouterx.AdminPrefix+AdminRouteListMessages, redir.RedirectToAdminRoute(h.r))\n\tpublic.GET(httprouterx.AdminPrefix+AdminRouteGetMessage, redir.RedirectToAdminRoute(h.r))\n}\n\nfunc (h *Handler) RegisterAdminRoutes(admin *httprouterx.RouterAdmin) {\n\tadmin.GET(AdminRouteListMessages, h.listCourierMessages)\n\tadmin.GET(AdminRouteGetMessage, h.getCourierMessage)\n}\n\n// Paginated Courier Message List Response\n//\n// swagger:response listCourierMessages\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype listCourierMessagesResponse struct {\n\tkeysetpagination.ResponseHeaders\n\n\t// List of identities\n\t//\n\t// in:body\n\tBody []Message\n}\n\n// Paginated List Courier Message Parameters\n//\n// swagger:parameters listCourierMessages\ntype ListCourierMessagesParameters struct {\n\tkeysetpagination.RequestParameters\n\n\t// Status filters out messages based on status.\n\t// If no value is provided, it doesn't take effect on filter.\n\t//\n\t// required: false\n\t// in: query\n\tStatus *MessageStatus `json:\"status\"`\n\n\t// Recipient filters out messages based on recipient.\n\t// If no value is provided, it doesn't take effect on filter.\n\t//\n\t// required: false\n\t// in: query\n\tRecipient string `json:\"recipient\"`\n}\n\n// swagger:route GET /admin/courier/messages courier listCourierMessages\n//\n// # List Messages\n//\n// Lists all messages by given status and recipient.\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tSchemes: http, https\n//\n//\tResponses:\n//\t 200: listCourierMessages\n//\t 400: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-high\nfunc (h *Handler) listCourierMessages(w http.ResponseWriter, r *http.Request) {\n\tkeys := h.r.Config().SecretsPagination(r.Context())\n\tfilter, paginator, err := parseMessagesFilter(r, keys)\n\tif err != nil {\n\t\th.r.Writer().WriteErrorCode(w, r, http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tmessages, nextPage, err := h.r.CourierPersister().ListMessages(r.Context(), filter, paginator)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tif !h.r.Config().IsInsecureDevMode(r.Context()) {\n\t\tfor i := range messages {\n\t\t\tmessages[i].Body = \"\"\n\t\t\tmessages[i].Subject = \"\"\n\t\t}\n\t}\n\n\tu := *r.URL\n\tkeysetpagination.SetLinkHeader(w, keys, &u, nextPage)\n\th.r.Writer().Write(w, r, messages)\n}\n\nfunc parseMessagesFilter(r *http.Request, keys [][32]byte) (ListCourierMessagesParameters, []keysetpagination.Option, error) {\n\tvar status *MessageStatus\n\n\tif r.URL.Query().Has(\"status\") {\n\t\tms, err := ToMessageStatus(r.URL.Query().Get(\"status\"))\n\t\tif err != nil {\n\t\t\treturn ListCourierMessagesParameters{}, nil, errors.WithStack(err)\n\t\t}\n\n\t\tstatus = &ms\n\t}\n\n\topts, err := keysetpagination.ParseQueryParams(keys, r.URL.Query())\n\tif err != nil {\n\t\treturn ListCourierMessagesParameters{}, nil, errors.WithStack(err)\n\t}\n\n\treturn ListCourierMessagesParameters{\n\t\tStatus: status,\n\t\tRecipient: r.URL.Query().Get(\"recipient\"),\n\t}, opts, nil\n}\n\n// Get Courier Message Parameters\n//\n// swagger:parameters getCourierMessage\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype getCourierMessage struct {\n\t// MessageID is the ID of the message.\n\t//\n\t// required: true\n\t// in: path\n\tMessageID string `json:\"id\"`\n}\n\n// swagger:route GET /admin/courier/messages/{id} courier getCourierMessage\n//\n// # Get a Message\n//\n// Gets a specific messages by the given ID.\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSecurity:\n//\t\toryAccessToken:\n//\n//\tSchemes: http, https\n//\n//\tResponses:\n//\t\t200: message\n//\t\t400: errorGeneric\n//\t\tdefault: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-medium\nfunc (h *Handler) getCourierMessage(w http.ResponseWriter, r *http.Request) {\n\tmsgID, err := uuid.FromString(r.PathValue(\"msgID\"))\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, herodot.ErrBadRequest.WithError(err.Error()).WithDebugf(\"could not parse parameter {id} as UUID, got %s\", r.PathValue(\"id\")))\n\t\treturn\n\t}\n\n\tmessage, err := h.r.CourierPersister().FetchMessage(r.Context(), msgID)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tif !h.r.Config().IsInsecureDevMode(r.Context()) {\n\t\tmessage.Body = \"\"\n\t\tmessage.Subject = \"\"\n\t}\n\n\th.r.Writer().Write(w, r, message)\n}\n" }, { "path": "courier/handler_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"testing\"\n\n\t\"github.com/go-faker/faker/v4\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/x/httprouterx\"\n\t\"github.com/ory/x/ioutilx\"\n\t\"github.com/ory/x/snapshotx\"\n\t\"github.com/ory/x/urlx\"\n\t\"github.com/ory/x/uuidx\"\n)\n\nvar defaultPageToken = courier.Message{}.DefaultPageToken().Encrypt(nil)\n\nfunc TestHandler(t *testing.T) {\n\tctx := context.Background()\n\tconf, reg := pkg.NewFastRegistryWithMocks(t)\n\t// Start kratos server\n\tpublicTS, adminTS := testhelpers.NewKratosServerWithCSRF(t, reg)\n\n\ttss := []struct {\n\t\tname string\n\t\ts *httptest.Server\n\t}{\n\t\t{\n\t\t\tname: \"public\",\n\t\t\ts: publicTS,\n\t\t},\n\t\t{\n\t\t\tname: \"admin\",\n\t\t\ts: adminTS,\n\t\t},\n\t}\n\n\tmockServerURL := urlx.ParseOrPanic(publicTS.URL)\n\tconf.MustSet(ctx, config.ViperKeyAdminBaseURL, adminTS.URL)\n\tconf.MustSet(ctx, config.ViperKeyPublicBaseURL, mockServerURL.String())\n\n\tget := func(t *testing.T, base *httptest.Server, href string, expectCode int) gjson.Result {\n\t\tt.Helper()\n\t\tres, err := base.Client().Get(base.URL + href)\n\t\trequire.NoError(t, err)\n\t\tbody, err := io.ReadAll(res.Body)\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\n\t\tassert.EqualValuesf(t, expectCode, res.StatusCode, \"%s\", body)\n\t\treturn gjson.ParseBytes(body)\n\t}\n\n\tgetList := func(t *testing.T, tsName string, qs string) gjson.Result {\n\t\tt.Helper()\n\t\thref := courier.AdminRouteListMessages + qs\n\t\tts := adminTS\n\n\t\tif tsName == \"public\" {\n\t\t\thref = httprouterx.AdminPrefix + href\n\t\t\tts = publicTS\n\t\t}\n\n\t\tparsed := get(t, ts, href, http.StatusOK)\n\t\trequire.Truef(t, parsed.IsArray(), \"%s\", parsed.Raw)\n\t\treturn parsed\n\t}\n\n\tt.Run(\"case=should return an empty list of messages\", func(t *testing.T) {\n\t\tfor _, name := range []string{\"public\", \"admin\"} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tparsed := getList(t, name, \"\")\n\t\t\t\tassert.Len(t, parsed.Array(), 0)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=list messages\", func(t *testing.T) {\n\t\t// Arrange test data\n\t\tconst msgCount = 10 // total message count\n\t\tconst procCount = 5 // how many messages' status should be equal to `processing`\n\t\tconst rcptOryCount = 2 // how many messages' recipient should be equal to `noreply@ory.sh`\n\t\tmessages := make([]courier.Message, msgCount)\n\n\t\tfor i := range messages {\n\t\t\trequire.NoError(t, faker.FakeData(&messages[i]))\n\t\t\tmessages[i].Type = courier.MessageTypeEmail\n\t\t\tmessages[i].Body = \"body content\"\n\t\t\tif i < rcptOryCount {\n\t\t\t\tmessages[i].Recipient = \"noreply@ory.sh\"\n\t\t\t}\n\t\t\trequire.NoError(t, reg.CourierPersister().AddMessage(context.Background(), &messages[i]))\n\t\t}\n\t\tfor i := range procCount {\n\t\t\trequire.NoError(t, reg.CourierPersister().SetMessageStatus(context.Background(), messages[i].ID, courier.MessageStatusProcessing))\n\t\t}\n\n\t\tt.Run(\"paging\", func(t *testing.T) {\n\t\t\tt.Run(\"case=should return first half of the messages\", func(t *testing.T) {\n\t\t\t\tqs := fmt.Sprintf(\"?page_token=%s&page_size=%d\", defaultPageToken, msgCount/2)\n\n\t\t\t\tfor _, tc := range tss {\n\t\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\t\tparsed := getList(t, tc.name, qs)\n\t\t\t\t\t\tassert.Len(t, parsed.Array(), msgCount/2)\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\t\t\tt.Run(\"case=should error with random page token\", func(t *testing.T) {\n\t\t\t\tqs := fmt.Sprintf(`?page_token=%s&page_size=%s`, uuidx.NewV4().String(), \"250\")\n\n\t\t\t\tfor _, tc := range tss {\n\t\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\t\tpath := courier.AdminRouteListMessages + qs\n\t\t\t\t\t\tif tc.name == \"public\" {\n\t\t\t\t\t\t\tpath = httprouterx.AdminPrefix + path\n\t\t\t\t\t\t}\n\t\t\t\t\t\tresp, err := tc.s.Client().Get(tc.s.URL + path)\n\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\tassert.Equal(t, http.StatusBadRequest, resp.StatusCode)\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\t\t})\n\t\tt.Run(\"filtering\", func(t *testing.T) {\n\t\t\tt.Run(\"case=should return all queued messages\", func(t *testing.T) {\n\t\t\t\tqs := fmt.Sprintf(`?page_token=%s&page_size=250&status=queued`, defaultPageToken)\n\n\t\t\t\tfor _, tc := range tss {\n\t\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\t\tparsed := getList(t, tc.name, qs)\n\t\t\t\t\t\tassert.Len(t, parsed.Array(), msgCount-procCount)\n\n\t\t\t\t\t\tfor _, item := range parsed.Array() {\n\t\t\t\t\t\t\tassert.Equal(t, \"queued\", item.Get(\"status\").String())\n\t\t\t\t\t\t}\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\t\t\tt.Run(\"case=should return all processing messages\", func(t *testing.T) {\n\t\t\t\tqs := fmt.Sprintf(`?page_token=%s&page_size=250&status=processing`, defaultPageToken)\n\n\t\t\t\tfor _, tc := range tss {\n\t\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\t\tparsed := getList(t, tc.name, qs)\n\t\t\t\t\t\tassert.Len(t, parsed.Array(), procCount)\n\n\t\t\t\t\t\tfor _, item := range parsed.Array() {\n\t\t\t\t\t\t\tassert.Equal(t, \"processing\", item.Get(\"status\").String())\n\t\t\t\t\t\t}\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\t\t\tt.Run(\"case=should return all messages with recipient equals to noreply@ory.sh\", func(t *testing.T) {\n\t\t\t\tqs := fmt.Sprintf(`?page_token=%s&page_size=250&recipient=noreply@ory.sh`, defaultPageToken)\n\n\t\t\t\tfor _, tc := range tss {\n\t\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\t\tparsed := getList(t, tc.name, qs)\n\t\t\t\t\t\tassert.Len(t, parsed.Array(), rcptOryCount)\n\n\t\t\t\t\t\tfor _, item := range parsed.Array() {\n\t\t\t\t\t\t\tassert.Equal(t, \"noreply@ory.sh\", item.Get(\"recipient\").String())\n\t\t\t\t\t\t}\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\t\t})\n\t\tt.Run(\"case=body should be redacted if kratos is not in dev mode\", func(t *testing.T) {\n\t\t\tconf.MustSet(ctx, \"dev\", false)\n\t\t\tfor _, tc := range tss {\n\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\tparsed := getList(t, tc.name, \"\")\n\t\t\t\t\trequire.Lenf(t, parsed.Array(), msgCount, \"%s\", parsed.Raw)\n\n\t\t\t\t\tfor _, item := range parsed.Array() {\n\t\t\t\t\t\tassert.Equal(t, \"\", item.Get(\"body\").String())\n\t\t\t\t\t\tassert.Equal(t, \"\", item.Get(\"subject\").String())\n\t\t\t\t\t}\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t\tt.Run(\"case=body should not be redacted if kratos is in dev mode\", func(t *testing.T) {\n\t\t\tconf.MustSet(ctx, \"dev\", true)\n\t\t\tfor _, tc := range tss {\n\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\tparsed := getList(t, tc.name, \"\")\n\t\t\t\t\trequire.Lenf(t, parsed.Array(), msgCount, \"%s\", parsed.Raw)\n\n\t\t\t\t\tfor _, item := range parsed.Array() {\n\t\t\t\t\t\tassert.Equal(t, \"body content\", item.Get(\"body\").String())\n\t\t\t\t\t\tassert.NotEqual(t, \"\", item.Get(\"subject\").String())\n\t\t\t\t\t}\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t\tt.Run(\"case=should return with http status BadRequest when given status is invalid\", func(t *testing.T) {\n\t\t\tqs := fmt.Sprintf(`?page_token=%s&page_size=250&status=invalid_status`, defaultPageToken)\n\n\t\t\tres, err := adminTS.Client().Get(adminTS.URL + courier.AdminRouteListMessages + qs)\n\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, http.StatusBadRequest, res.StatusCode, \"status code should be equal to StatusBadRequest\")\n\t\t})\n\n\t})\n\tt.Run(\"handler=getCourierMessage\", func(t *testing.T) {\n\n\t\tmessage := courier.Message{}\n\t\trequire.NoError(t, faker.FakeData(&message))\n\t\tmessage.Type = courier.MessageTypeEmail\n\t\tmessage.Body = \"body content\"\n\t\trequire.NoError(t, reg.CourierPersister().AddMessage(context.Background(), &message))\n\t\trequire.NoError(t, reg.CourierPersister().RecordDispatch(ctx, message.ID, courier.CourierMessageDispatchStatusSuccess, errors.New(\"some error\")))\n\n\t\tgetCourierMessag := func(s *httptest.Server, id string) gjson.Result {\n\n\t\t\tr, err := s.Client().Get(s.URL + \"/admin/courier/messages/\" + id)\n\t\t\trequire.NoError(t, err)\n\t\t\treturn gjson.ParseBytes(ioutilx.MustReadAll(r.Body))\n\t\t}\n\n\t\tt.Run(\"case=should return a message by id\", func(t *testing.T) {\n\t\t\tconf.MustSet(ctx, \"dev\", true)\n\n\t\t\tfor _, tc := range tss {\n\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\tbody := getCourierMessag(tc.s, message.ID.String())\n\t\t\t\t\tassert.Equal(t, message.ID.String(), body.Get(\"id\").String())\n\t\t\t\t\tassert.Equal(t, message.Recipient, body.Get(\"recipient\").String())\n\t\t\t\t\tassert.Equal(t, message.Body, body.Get(\"body\").String())\n\t\t\t\t\tassert.Equal(t, message.Subject, body.Get(\"subject\").String())\n\n\t\t\t\t\t// assert Eager works\n\t\t\t\t\tassert.NotEmpty(t, body.Get(\"dispatches\").Array())\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t\tt.Run(\"case=does not contain body if not in production\", func(t *testing.T) {\n\t\t\tconf.MustSet(ctx, \"dev\", false)\n\n\t\t\tfor _, tc := range tss {\n\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\tbody := getCourierMessag(tc.s, message.ID.String())\n\t\t\t\t\tassert.Equal(t, message.ID.String(), body.Get(\"id\").String())\n\t\t\t\t\tassert.Equal(t, \"\", body.Get(\"body\").String())\n\t\t\t\t\tassert.Equal(t, \"\", body.Get(\"subject\").String())\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t\tt.Run(\"case=returns an error if parameter is malformed\", func(t *testing.T) {\n\t\t\tfor _, tc := range tss {\n\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\tbody := getCourierMessag(tc.s, \"not-a-uuid\")\n\n\t\t\t\t\tsnapshotx.SnapshotTJSON(t, body.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t\tt.Run(\"case=returns an error if no message is found\", func(t *testing.T) {\n\t\t\tfor _, tc := range tss {\n\t\t\t\tt.Run(\"endpoint=\"+tc.name, func(t *testing.T) {\n\t\t\t\t\tbody := getCourierMessag(tc.s, uuid.Nil.String())\n\t\t\t\t\tsnapshotx.SnapshotTJSON(t, body.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t})\n}\n" }, { "path": "courier/http_channel.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/logrusx\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/request\"\n\t\"github.com/ory/x/jsonnetsecure\"\n\t\"github.com/ory/x/otelx\"\n)\n\ntype (\n\thttpChannel struct {\n\t\tid string\n\t\trequestConfig *request.Config\n\t\td channelDependencies\n\t}\n\tchannelDependencies interface {\n\t\totelx.Provider\n\t\tlogrusx.Provider\n\t\thttpx.ClientProvider\n\t\tjsonnetsecure.VMProvider\n\t\tConfigProvider\n\t}\n)\n\nvar _ Channel = new(httpChannel)\n\nfunc newHttpChannel(id string, requestConfig *request.Config, d channelDependencies) *httpChannel {\n\treturn &httpChannel{\n\t\tid: id,\n\t\trequestConfig: requestConfig,\n\t\td: d,\n\t}\n}\n\nfunc (c *httpChannel) ID() string {\n\treturn c.id\n}\n\ntype httpDataModel struct {\n\tRecipient string `json:\"recipient\"`\n\tSubject string `json:\"subject\"`\n\tBody string `json:\"body\"`\n\t// HTMLBody optionally contains the HTML version of an email template when available.\n\tHTMLBody string `json:\"html_body,omitempty\"`\n\tTemplateType template.TemplateType `json:\"template_type\"`\n\tTemplateData Template `json:\"template_data\"`\n\tMessageType string `json:\"message_type\"`\n\tRequestHeaders json.RawMessage `json:\"request_headers\"`\n}\n\nfunc (c *httpChannel) Dispatch(ctx context.Context, msg Message) (err error) {\n\tctx, span := c.d.Tracer(ctx).Tracer().Start(ctx, \"courier.httpChannel.Dispatch\")\n\tdefer otelx.End(span, &err)\n\n\tbuilder, err := request.NewBuilder(ctx, c.requestConfig, c.d)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\ttmpl, err := newTemplate(c.d, msg)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\ttd := httpDataModel{\n\t\tRecipient: msg.Recipient,\n\t\tSubject: msg.Subject,\n\t\tBody: msg.Body,\n\t\tTemplateType: msg.TemplateType,\n\t\tTemplateData: tmpl,\n\t\tRequestHeaders: msg.RequestHeaders,\n\t\tMessageType: msg.Type.String(),\n\t}\n\n\tc.tryPopulateHTMLBody(ctx, tmpl, &td)\n\n\treq, err := builder.BuildRequest(ctx, td)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\treq = req.WithContext(ctx)\n\n\tres, err := c.d.HTTPClient(ctx,\n\t\t// fail fast and let the courier retry if needed instead of blocking the queue\n\t\thttpx.ResilientClientWithMaxRetry(0),\n\t\thttpx.ResilientClientWithConnectionTimeout(10*time.Second),\n\t).Do(req)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\tdefer func() { _ = res.Body.Close() }()\n\tres.Body = io.NopCloser(io.LimitReader(res.Body, 1024))\n\n\tlogger := c.d.Logger().\n\t\tWithField(\"http_server\", c.requestConfig.URL).\n\t\tWithField(\"message_id\", msg.ID).\n\t\tWithField(\"message_nid\", msg.NID).\n\t\tWithField(\"message_type\", msg.Type).\n\t\tWithField(\"message_template_type\", msg.TemplateType).\n\t\tWithField(\"message_subject\", msg.Subject)\n\n\tif res.StatusCode >= 200 && res.StatusCode < 300 {\n\t\tlogger.Debug(\"Courier sent out mailer.\")\n\t\treturn nil\n\t}\n\n\terr = errors.Errorf(\n\t\t\"unable to dispatch mail delivery because upstream server replied with status code %d\",\n\t\tres.StatusCode,\n\t)\n\n\tbody, _ := io.ReadAll(res.Body)\n\tlogger.\n\t\tWithError(err).\n\t\tWithField(\"http_response_body\", string(body)).\n\t\tError(\"sending mail via HTTP failed.\")\n\n\treturn errors.WithStack(err)\n}\n\nfunc (c *httpChannel) tryPopulateHTMLBody(ctx context.Context, tmpl Template, td *httpDataModel) {\n\tif emailTmpl, ok := tmpl.(EmailTemplate); ok {\n\t\t// Only get the HTML body from the template; plaintext body comes from msg.Body\n\t\t// to maintain backward compatibility with existing behavior\n\t\tif htmlBody, err := emailTmpl.EmailBody(ctx); err != nil {\n\t\t\tc.d.Logger().WithError(err).Error(\"Unable to get email HTML body from template.\")\n\t\t} else {\n\t\t\ttd.HTMLBody = htmlBody\n\t\t}\n\t}\n}\n\nfunc newTemplate(d template.Dependencies, msg Message) (Template, error) {\n\tswitch msg.Type {\n\tcase MessageTypeEmail:\n\t\treturn NewEmailTemplateFromMessage(d, msg)\n\tcase MessageTypeSMS:\n\t\treturn NewSMSTemplateFromMessage(d, msg)\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"received unexpected message type: %s\", msg.Type)\n\t}\n}\n" }, { "path": "courier/http_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/x/configx\"\n)\n\nfunc TestQueueHTTPEmail(t *testing.T) {\n\ttype sendEmailRequestBody struct {\n\t\tIdentityID string `json:\"identity_id\"`\n\t\tIdentityEmail string `json:\"identity_email\"`\n\t\tRecipient string `json:\"recipient\"`\n\t\tTemplateType string `json:\"template_type\"`\n\t\tTo string `json:\"to\"`\n\t\tRecoveryCode string `json:\"recovery_code\"`\n\t\tRecoveryURL string `json:\"recovery_url\"`\n\t\tVerificationURL string `json:\"verification_url\"`\n\t\tVerificationCode string `json:\"verification_code\"`\n\t\tBody string `json:\"body\"`\n\t\tHTMLBody string `json:\"html_body\"`\n\t\tSubject string `json:\"subject\"`\n\t}\n\n\texpectedEmail := []*email.TestStubModel{\n\t\t{\n\t\t\tTo: \"test-2@test.com\",\n\t\t\tSubject: \"test-mailer-subject-1\",\n\t\t\tBody: \"test-mailer-body-1\",\n\t\t\tHTMLBody: \"test-mailer-body-html-1\",\n\t\t},\n\t\t{\n\t\t\tTo: \"test-2@test.com\",\n\t\t\tSubject: \"test-mailer-subject-2\",\n\t\t\tBody: \"test-mailer-body-2\",\n\t\t},\n\t}\n\n\tactual := make(chan sendEmailRequestBody, len(expectedEmail))\n\tsrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n\t\trb, err := io.ReadAll(r.Body)\n\t\trequire.NoError(t, err)\n\n\t\tvar body sendEmailRequestBody\n\n\t\terr = json.Unmarshal(rb, &body)\n\t\trequire.NoError(t, err)\n\n\t\tassert.NotEmpty(t, r.Header[\"Authorization\"])\n\t\tassert.Equal(t, \"Basic bWU6MTIzNDU=\", r.Header[\"Authorization\"][0])\n\n\t\tactual <- body\n\t}))\n\tt.Cleanup(srv.Close)\n\n\trequestConfig := fmt.Sprintf(`{\n\t\t\"url\": \"%s\",\n\t\t\"method\": \"POST\",\n\t\t\"auth\": {\n\t\t\t\"type\": \"basic_auth\",\n\t\t\t\"config\": {\n\t\t\t\t\"user\": \"me\",\n\t\t\t\t\"password\": \"12345\"\n\t\t\t}\n\t\t},\n\t\t\"body\": \"file://./stub/request.config.mailer.jsonnet\"\n\t}`, srv.URL)\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t, configx.WithValues(map[string]any{\n\t\tconfig.ViperKeyCourierDeliveryStrategy: \"http\",\n\t\tconfig.ViperKeyCourierHTTPRequestConfig: requestConfig,\n\t\tconfig.ViperKeyCourierSMTPURL: \"http://foo.url\",\n\t}))\n\n\tcourier, err := reg.Courier(t.Context())\n\trequire.NoError(t, err)\n\n\tfor _, message := range expectedEmail {\n\t\tid, err := courier.QueueEmail(t.Context(), email.NewTestStub(message))\n\t\trequire.NoError(t, err)\n\t\trequire.NotEqual(t, uuid.Nil, id)\n\t}\n\n\trequire.NoError(t, courier.DispatchQueue(t.Context()))\n\tclose(actual)\n\n\trequire.Len(t, actual, len(expectedEmail))\n\n\ti := 0\n\tfor message := range actual {\n\t\texpected := expectedEmail[i]\n\n\t\tassert.Equal(t, expected.To, message.To)\n\t\tassert.Equal(t, expected.Body, message.Body)\n\t\tassert.Equal(t, expected.HTMLBody, message.HTMLBody)\n\t\tassert.Equal(t, expected.Subject, message.Subject)\n\n\t\ti++\n\t}\n}\n" }, { "path": "courier/message.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"encoding/json\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/courier/template\"\n\tkeysetpagination \"github.com/ory/x/pagination/keysetpagination_v2\"\n\t\"github.com/ory/x/sqlxx\"\n\t\"github.com/ory/x/stringsx\"\n)\n\n// A Message's Status\n//\n// swagger:model courierMessageStatus\ntype MessageStatus int\n\nconst (\n\tMessageStatusQueued MessageStatus = iota + 1\n\tMessageStatusSent\n\tMessageStatusProcessing\n\tMessageStatusAbandoned\n)\n\nconst (\n\tmessageStatusQueuedText = \"queued\"\n\tmessageStatusSentText = \"sent\"\n\tmessageStatusProcessingText = \"processing\"\n\tmessageStatusAbandonedText = \"abandoned\"\n)\n\nfunc ToMessageStatus(str string) (MessageStatus, error) {\n\tswitch s := stringsx.SwitchExact(str); {\n\tcase s.AddCase(MessageStatusQueued.String()):\n\t\treturn MessageStatusQueued, nil\n\tcase s.AddCase(MessageStatusSent.String()):\n\t\treturn MessageStatusSent, nil\n\tcase s.AddCase(MessageStatusProcessing.String()):\n\t\treturn MessageStatusProcessing, nil\n\tcase s.AddCase(MessageStatusAbandoned.String()):\n\t\treturn MessageStatusAbandoned, nil\n\tdefault:\n\t\treturn 0, errors.WithStack(herodot.ErrBadRequest.WithWrap(s.ToUnknownCaseErr()).WithReason(\"Message status is not valid\"))\n\t}\n}\n\nfunc (ms MessageStatus) String() string {\n\tswitch ms {\n\tcase MessageStatusQueued:\n\t\treturn messageStatusQueuedText\n\tcase MessageStatusSent:\n\t\treturn messageStatusSentText\n\tcase MessageStatusProcessing:\n\t\treturn messageStatusProcessingText\n\tcase MessageStatusAbandoned:\n\t\treturn messageStatusAbandonedText\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (ms MessageStatus) IsValid() error {\n\tswitch ms {\n\tcase MessageStatusQueued, MessageStatusSent, MessageStatusProcessing, MessageStatusAbandoned:\n\t\treturn nil\n\tdefault:\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReason(\"Message status is not valid\"))\n\t}\n}\n\nfunc (ms MessageStatus) MarshalJSON() ([]byte, error) {\n\tif err := ms.IsValid(); err != nil {\n\t\treturn nil, err\n\t}\n\treturn json.Marshal(ms.String())\n}\n\nfunc (ms *MessageStatus) UnmarshalJSON(data []byte) error {\n\tvar str string\n\tif err := json.Unmarshal(data, &str); err != nil {\n\t\treturn err\n\t}\n\n\ts, err := ToMessageStatus(str)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t*ms = s\n\treturn nil\n}\n\n// A Message's Type\n//\n// It can either be `email` or `phone`\n//\n// swagger:model courierMessageType\ntype MessageType int\n\nconst (\n\tMessageTypeEmail MessageType = iota + 1\n\tMessageTypeSMS\n)\n\nconst (\n\tmessageTypeEmailText = \"email\"\n\tmessageTypeSMSText = \"sms\"\n)\n\nfunc ToMessageType(str string) (MessageType, error) {\n\tswitch s := stringsx.SwitchExact(str); {\n\tcase s.AddCase(messageTypeEmailText):\n\t\treturn MessageTypeEmail, nil\n\tcase s.AddCase(messageTypeSMSText):\n\t\treturn MessageTypeSMS, nil\n\tdefault:\n\t\treturn 0, errors.WithStack(herodot.ErrBadRequest.WithWrap(s.ToUnknownCaseErr()).WithReason(\"Message type is not valid\"))\n\t}\n}\n\nfunc (mt MessageType) String() string {\n\tswitch mt {\n\tcase MessageTypeEmail:\n\t\treturn messageTypeEmailText\n\tcase MessageTypeSMS:\n\t\treturn messageTypeSMSText\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (mt MessageType) IsValid() error {\n\tswitch mt {\n\tcase MessageTypeEmail, MessageTypeSMS:\n\t\treturn nil\n\tdefault:\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReason(\"Message type is not valid\"))\n\t}\n}\n\nfunc (mt MessageType) MarshalJSON() ([]byte, error) {\n\tif err := mt.IsValid(); err != nil {\n\t\treturn nil, err\n\t}\n\treturn json.Marshal(mt.String())\n}\n\nfunc (mt *MessageType) UnmarshalJSON(data []byte) error {\n\tvar str string\n\tif err := json.Unmarshal(data, &str); err != nil {\n\t\treturn err\n\t}\n\n\tt, err := ToMessageType(str)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t*mt = t\n\treturn nil\n}\n\n// swagger:model message\ntype Message struct {\n\t// required: true\n\tID uuid.UUID `json:\"id\" faker:\"-\" db:\"id\"`\n\n\tNID uuid.UUID `json:\"-\" faker:\"-\" db:\"nid\"`\n\t// required: true\n\tStatus MessageStatus `json:\"status\" db:\"status\"`\n\t// required: true\n\tType MessageType `json:\"type\" db:\"type\"`\n\t// required: true\n\tRecipient string `json:\"recipient\" db:\"recipient\"`\n\t// required: true\n\tBody string `json:\"body\" db:\"body\"`\n\t// required: true\n\tSubject string `json:\"subject\" db:\"subject\"`\n\t// required: true\n\tTemplateType template.TemplateType `json:\"template_type\" db:\"template_type\"`\n\n\tChannel sqlxx.NullString `json:\"channel\" db:\"channel\"`\n\n\tTemplateData []byte `json:\"-\" db:\"template_data\"`\n\tRequestHeaders []byte `json:\"-\" faker:\"-\" db:\"request_headers\"`\n\t// required: true\n\tSendCount int `json:\"send_count\" db:\"send_count\"`\n\n\t// Dispatches store information about the attempts of delivering a message\n\t// May contain an error if any happened, or just the `success` state.\n\tDispatches []MessageDispatch `json:\"dispatches,omitempty\" has_many:\"courier_message_dispatches\" order_by:\"created_at desc\" faker:\"-\"`\n\n\t// CreatedAt is a helper struct field for gobuffalo.pop.\n\t// required: true\n\tCreatedAt time.Time `json:\"created_at\" faker:\"-\" db:\"created_at\"`\n\t// UpdatedAt is a helper struct field for gobuffalo.pop.\n\t// required: true\n\tUpdatedAt time.Time `json:\"updated_at\" faker:\"-\" db:\"updated_at\"`\n}\n\nfunc (m Message) PageToken() keysetpagination.PageToken {\n\treturn keysetpagination.NewPageToken(\n\t\tkeysetpagination.Column{\n\t\t\tName: \"created_at\",\n\t\t\tOrder: keysetpagination.OrderDescending,\n\t\t\tValue: m.CreatedAt,\n\t\t}, keysetpagination.Column{\n\t\t\tName: \"id\",\n\t\t\tValue: m.ID,\n\t\t},\n\t)\n}\n\nfunc (m Message) DefaultPageToken() keysetpagination.PageToken {\n\treturn Message{ID: uuid.Nil, CreatedAt: time.Date(2200, 12, 31, 23, 59, 59, 0, time.UTC)}.PageToken()\n}\n\nfunc (m Message) TableName() string { return \"courier_messages\" }\nfunc (m *Message) GetID() uuid.UUID { return m.ID }\n" }, { "path": "courier/message_dispatch.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/sqlxx\"\n)\n\n// swagger:enum CourierMessageDispatchStatus\ntype CourierMessageDispatchStatus string\n\nconst (\n\tCourierMessageDispatchStatusFailed CourierMessageDispatchStatus = \"failed\"\n\tCourierMessageDispatchStatusSuccess CourierMessageDispatchStatus = \"success\"\n)\n\n// MessageDispatch represents an attempt of sending a courier message\n// It contains the status of the attempt (failed or successful) and the error if any occured\n//\n// swagger:model messageDispatch\ntype MessageDispatch struct {\n\t// The ID of this message dispatch\n\t// required: true\n\tID uuid.UUID `json:\"id\" db:\"id\"`\n\n\t// The ID of the message being dispatched\n\t// required: true\n\tMessageID uuid.UUID `json:\"message_id\" db:\"message_id\"`\n\n\t// The status of this dispatch\n\t// Either \"failed\" or \"success\"\n\t// required: true\n\tStatus CourierMessageDispatchStatus `json:\"status\" db:\"status\"`\n\n\t// An optional error\n\tError sqlxx.JSONRawMessage `json:\"error,omitempty\" db:\"error\"`\n\n\t// CreatedAt is a helper struct field for gobuffalo.pop.\n\t// required: true\n\tCreatedAt time.Time `json:\"created_at\" db:\"created_at\"`\n\t// UpdatedAt is a helper struct field for gobuffalo.pop.\n\t// required: true\n\tUpdatedAt time.Time `json:\"updated_at\" db:\"updated_at\"`\n\n\tNID uuid.UUID `json:\"-\" db:\"nid\"`\n}\n\nfunc (MessageDispatch) TableName() string {\n\treturn \"courier_message_dispatches\"\n}\n" }, { "path": "courier/message_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/courier\"\n)\n\nfunc TestMessageStatusValidity(t *testing.T) {\n\tinvalid := courier.MessageStatus(0)\n\trequire.ErrorIs(t, invalid.IsValid(), herodot.ErrBadRequest, \"IsValid() should return an error when message status is invalid\")\n}\n\nfunc TestToMessageStatus(t *testing.T) {\n\tt.Run(\"case=should return corresponding MessageStatus for given str\", func(t *testing.T) {\n\t\tfor str, exp := range map[string]courier.MessageStatus{\n\t\t\t\"queued\": courier.MessageStatusQueued,\n\t\t\t\"sent\": courier.MessageStatusSent,\n\t\t\t\"processing\": courier.MessageStatusProcessing,\n\t\t\t\"abandoned\": courier.MessageStatusAbandoned,\n\t\t} {\n\t\t\tresult, err := courier.ToMessageStatus(str)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, exp, result)\n\t\t}\n\t})\n\tt.Run(\"case=should return error for invalid message status str\", func(t *testing.T) {\n\t\tresult, err := courier.ToMessageStatus(\"invalid\")\n\t\trequire.Error(t, err, herodot.ErrBadRequest)\n\t\trequire.Error(t, result.IsValid(), herodot.ErrBadRequest)\n\t})\n}\n\nfunc TestMessageTypeValidity(t *testing.T) {\n\tinvalid := courier.MessageType(0)\n\trequire.ErrorIs(t, invalid.IsValid(), herodot.ErrBadRequest, \"IsValid() should return an error when message type is invalid\")\n}\n\nfunc TestToMessageType(t *testing.T) {\n\tt.Run(\"case=should return corresponding MessageType for given str\", func(t *testing.T) {\n\t\tfor str, exp := range map[string]courier.MessageType{\n\t\t\t\"email\": courier.MessageTypeEmail,\n\t\t\t\"sms\": courier.MessageTypeSMS,\n\t\t} {\n\t\t\tresult, err := courier.ToMessageType(str)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, exp, result)\n\t\t}\n\t})\n\tt.Run(\"case=should return error for invalid message type str\", func(t *testing.T) {\n\t\tresult, err := courier.ToMessageType(\"invalid\")\n\t\trequire.ErrorIs(t, err, herodot.ErrBadRequest)\n\t\trequire.ErrorIs(t, result.IsValid(), herodot.ErrBadRequest)\n\t})\n}\n" }, { "path": "courier/persistence.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\tkeysetpagination \"github.com/ory/x/pagination/keysetpagination_v2\"\n)\n\nvar ErrQueueEmpty = errors.New(\"queue is empty\")\n\ntype (\n\tPersister interface {\n\t\tAddMessage(context.Context, *Message) error\n\n\t\tNextMessages(context.Context, uint8) ([]Message, error)\n\n\t\tSetMessageStatus(context.Context, uuid.UUID, MessageStatus) error\n\n\t\tLatestQueuedMessage(ctx context.Context) (*Message, error)\n\n\t\tIncrementMessageSendCount(context.Context, uuid.UUID) error\n\n\t\t// ListMessages lists all messages in the store given the page, itemsPerPage, status and recipient.\n\t\t// Returns list of messages, total count of messages satisfied by given filter, and error if any\n\t\tListMessages(context.Context, ListCourierMessagesParameters, []keysetpagination.Option) ([]Message, *keysetpagination.Paginator, error)\n\n\t\t// FetchMessage returns a message with the id or nil and an error if not found\n\t\tFetchMessage(context.Context, uuid.UUID) (*Message, error)\n\n\t\t// Records an attempt of sending out a courier message\n\t\t// Returns an error if it fails\n\t\tRecordDispatch(ctx context.Context, msgID uuid.UUID, status CourierMessageDispatchStatus, err error) error\n\t}\n\tPersistenceProvider interface {\n\t\tCourierPersister() Persister\n\t}\n)\n" }, { "path": "courier/sms.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\n\t\"github.com/gofrs/uuid\"\n)\n\nfunc (c *courier) QueueSMS(ctx context.Context, t SMSTemplate) (uuid.UUID, error) {\n\trecipient, err := t.PhoneNumber()\n\tif err != nil {\n\t\treturn uuid.Nil, err\n\t}\n\n\ttemplateData, err := json.Marshal(t)\n\tif err != nil {\n\t\treturn uuid.Nil, err\n\t}\n\n\tbody, err := t.SMSBody(ctx)\n\tif err != nil {\n\t\treturn uuid.Nil, err\n\t}\n\n\trequestHeaders := []byte(`{}`)\n\tif t, ok := t.(RequestHeadersCarrier); ok {\n\t\trequestHeaders, err = json.Marshal(t.RequestHeaders())\n\t\tif err != nil {\n\t\t\treturn uuid.Nil, err\n\t\t}\n\t}\n\n\tmessage := &Message{\n\t\tStatus: MessageStatusQueued,\n\t\tType: MessageTypeSMS,\n\t\tChannel: \"sms\",\n\t\tRecipient: recipient,\n\t\tTemplateType: t.TemplateType(),\n\t\tTemplateData: templateData,\n\t\tRequestHeaders: requestHeaders,\n\t\tBody: body,\n\t}\n\tif err := c.deps.CourierPersister().AddMessage(ctx, message); err != nil {\n\t\treturn uuid.Nil, err\n\t}\n\n\treturn message.ID, nil\n}\n" }, { "path": "courier/sms_templates.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/sms\"\n)\n\ntype SMSTemplate interface {\n\tTemplate\n\tSMSBody(context.Context) (string, error)\n\tPhoneNumber() (string, error)\n}\n\nfunc NewSMSTemplateFromMessage(d template.Dependencies, m Message) (SMSTemplate, error) {\n\tswitch m.TemplateType {\n\tcase template.TypeVerificationCodeValid:\n\t\tvar t sms.VerificationCodeValidModel\n\t\tif err := json.Unmarshal(m.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn sms.NewVerificationCodeValid(d, &t), nil\n\tcase template.TypeRecoveryCodeValid:\n\t\tvar t sms.RecoveryCodeValidModel\n\t\tif err := json.Unmarshal(m.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn sms.NewRecoveryCodeValid(d, &t), nil\n\tcase template.TypeTestStub:\n\t\tvar t sms.TestStubModel\n\t\tif err := json.Unmarshal(m.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn sms.NewTestStub(&t), nil\n\tcase template.TypeLoginCodeValid:\n\t\tvar t sms.LoginCodeValidModel\n\t\tif err := json.Unmarshal(m.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn sms.NewLoginCodeValid(d, &t), nil\n\tcase template.TypeRegistrationCodeValid:\n\t\tvar t sms.RegistrationCodeValidModel\n\t\tif err := json.Unmarshal(m.TemplateData, &t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn sms.NewRegistrationCodeValid(d, &t), nil\n\n\tdefault:\n\t\treturn nil, errors.Errorf(\"received unexpected message template type: %s\", m.TemplateType)\n\t}\n}\n" }, { "path": "courier/sms_templates_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/sms\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestSMSTemplateType(t *testing.T) {\n\tfor expectedType, tmpl := range map[template.TemplateType]courier.SMSTemplate{\n\t\ttemplate.TypeVerificationCodeValid: &sms.VerificationCodeValid{},\n\t\ttemplate.TypeTestStub: &sms.TestStub{},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%s\", expectedType), func(t *testing.T) {\n\t\t\trequire.Equal(t, expectedType, tmpl.TemplateType())\n\t\t})\n\t}\n}\n\nfunc TestNewSMSTemplateFromMessage(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tctx := context.Background()\n\n\tfor tmplType, expectedTmpl := range map[template.TemplateType]courier.SMSTemplate{\n\t\ttemplate.TypeVerificationCodeValid: sms.NewVerificationCodeValid(reg, &sms.VerificationCodeValidModel{To: \"+12345678901\"}),\n\t\ttemplate.TypeTestStub: sms.NewTestStub(&sms.TestStubModel{To: \"+12345678901\", Body: \"test body\"}),\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%s\", tmplType), func(t *testing.T) {\n\t\t\ttmplData, err := json.Marshal(expectedTmpl)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tm := courier.Message{TemplateType: tmplType, TemplateData: tmplData}\n\t\t\tactualTmpl, err := courier.NewSMSTemplateFromMessage(reg, m)\n\t\t\trequire.NoError(t, err)\n\n\t\t\trequire.IsType(t, expectedTmpl, actualTmpl)\n\n\t\t\texpectedRecipient, err := expectedTmpl.PhoneNumber()\n\t\t\trequire.NoError(t, err)\n\t\t\tactualRecipient, err := actualTmpl.PhoneNumber()\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, expectedRecipient, actualRecipient)\n\n\t\t\texpectedBody, err := expectedTmpl.SMSBody(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tactualBody, err := actualTmpl.SMSBody(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, expectedBody, actualBody)\n\t\t})\n\t}\n}\n" }, { "path": "courier/sms_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier/template/sms\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/x/configx\"\n)\n\nfunc TestQueueSMS(t *testing.T) {\n\texpectedSender := \"Kratos Test\"\n\texpectedSMS := []*sms.TestStubModel{\n\t\t{\n\t\t\tTo: \"+12065550101\",\n\t\t\tBody: \"test-sms-body-1\",\n\t\t},\n\t\t{\n\t\t\tTo: \"+12065550102\",\n\t\t\tBody: \"test-sms-body-2\",\n\t\t},\n\t}\n\n\tactual := make(chan *sms.TestStubModel, len(expectedSMS))\n\tsrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n\t\ttype sendSMSRequestBody struct {\n\t\t\tTo string\n\t\t\tFrom string\n\t\t\tBody string\n\t\t}\n\n\t\trb, err := io.ReadAll(r.Body)\n\t\trequire.NoError(t, err)\n\n\t\tvar body sendSMSRequestBody\n\n\t\terr = json.Unmarshal(rb, &body)\n\t\trequire.NoError(t, err)\n\n\t\tassert.NotEmpty(t, r.Header[\"Authorization\"])\n\t\tassert.Equal(t, \"Basic bWU6MTIzNDU=\", r.Header[\"Authorization\"][0])\n\n\t\tassert.Equal(t, body.From, expectedSender)\n\t\tactual <- &sms.TestStubModel{\n\t\t\tTo: body.To,\n\t\t\tBody: body.Body,\n\t\t}\n\t}))\n\tt.Cleanup(srv.Close)\n\n\trequestConfig := fmt.Sprintf(`{\n\t\t\"url\": \"%s\",\n\t\t\"method\": \"POST\",\n\t\t\"body\": \"file://./stub/request.config.twilio.jsonnet\",\n\t\t\"auth\": {\n\t\t\t\"type\": \"basic_auth\",\n\t\t\t\"config\": {\n\t\t\t\t\"user\": \"me\",\n\t\t\t\t\"password\": \"12345\"\n\t\t\t}\n\t\t}\n\t}`, srv.URL)\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t, configx.WithValues(map[string]any{\n\t\tconfig.ViperKeyCourierChannels: fmt.Sprintf(`[{\n\t\t\t\"id\": \"sms\",\n\t\t\t\"type\": \"http\",\n\t\t\t\"request_config\": %s\n\t\t}]`, requestConfig),\n\t\tconfig.ViperKeyCourierSMTPURL: \"http://foo.url\",\n\t}))\n\n\tc, err := reg.Courier(t.Context())\n\trequire.NoError(t, err)\n\n\tfor _, message := range expectedSMS {\n\t\tid, err := c.QueueSMS(t.Context(), sms.NewTestStub(message))\n\t\trequire.NoError(t, err)\n\t\trequire.NotEqual(t, uuid.Nil, id)\n\t}\n\n\trequire.NoError(t, c.DispatchQueue(t.Context()))\n\tclose(actual)\n\n\trequire.Len(t, actual, len(expectedSMS))\n\n\ti := 0\n\tfor message := range actual {\n\t\texpected := expectedSMS[i]\n\n\t\tassert.Equal(t, expected.To, message.To)\n\t\tassert.Equal(t, expected.Body, message.Body)\n\t\ti++\n\t}\n}\n\nfunc TestDisallowedInternalNetwork(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t, configx.WithValues(map[string]any{\n\t\tconfig.ViperKeyCourierChannels: `[\n\t\t\t{\n\t\t\t\t\"id\": \"sms\",\n\t\t\t\t\"type\": \"http\",\n\t\t\t\t\"request_config\": {\n\t\t\t\t\t\"url\": \"http://127.0.0.1/\",\n\t\t\t\t\t\"method\": \"GET\",\n\t\t\t\t\t\"body\": \"file://./stub/request.config.twilio.jsonnet\"\n\t\t\t\t}\n\t\t\t}\n\t\t]`,\n\t\tconfig.ViperKeyCourierSMTPURL: \"http://foo.url\",\n\t\tconfig.ViperKeyClientHTTPNoPrivateIPRanges: true,\n\t}))\n\n\tc, err := reg.Courier(t.Context())\n\trequire.NoError(t, err)\n\tc.(interface {\n\t\tFailOnDispatchError()\n\t}).FailOnDispatchError()\n\t_, err = c.QueueSMS(t.Context(), sms.NewTestStub(&sms.TestStubModel{\n\t\tTo: \"+12065550101\",\n\t\tBody: \"test-sms-body-1\",\n\t}))\n\trequire.NoError(t, err)\n\n\terr = c.DispatchQueue(t.Context())\n\tassert.ErrorContains(t, err, \"is not a permitted destination\")\n}\n" }, { "path": "courier/smtp.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"net/mail\"\n\t\"net/url\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/driver/config\"\n\n\t\"github.com/gofrs/uuid\"\n\n\tgomail \"github.com/ory/mail/v3\"\n)\n\ntype SMTPClient struct {\n\t*gomail.Dialer\n}\n\nfunc NewSMTPClient(deps Dependencies, cfg *config.SMTPConfig) (*SMTPClient, error) {\n\turi, err := url.Parse(cfg.ConnectionURI)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(herodot.ErrMisconfiguration.WithReasonf(\"The SMTP connection URI is malformed. Please contact a system administrator.\"))\n\t}\n\n\tvar tlsCertificates []tls.Certificate\n\n\tif cfg.ClientCertPath != \"\" && cfg.ClientKeyPath != \"\" {\n\t\tclientCert, err := tls.LoadX509KeyPair(cfg.ClientCertPath, cfg.ClientKeyPath)\n\t\tif err == nil {\n\t\t\ttlsCertificates = append(tlsCertificates, clientCert)\n\t\t} else {\n\t\t\tdeps.Logger().\n\t\t\t\tWithError(err).\n\t\t\t\tError(\"Unable to load tls certificate and private key for smtp client.\")\n\t\t}\n\t}\n\n\tpassword, _ := uri.User.Password()\n\tport, _ := strconv.ParseInt(uri.Port(), 10, 0)\n\n\tdialer := &gomail.Dialer{\n\t\tHost: uri.Hostname(),\n\t\tPort: int(port),\n\t\tUsername: uri.User.Username(),\n\t\tPassword: password,\n\t\tLocalName: cfg.LocalName,\n\n\t\tTimeout: time.Second * 10,\n\t\tRetryFailure: true,\n\t}\n\n\tsslSkipVerify, _ := strconv.ParseBool(uri.Query().Get(\"skip_ssl_verify\"))\n\n\tserverName := uri.Query().Get(\"server_name\")\n\tif serverName == \"\" {\n\t\tserverName = uri.Hostname()\n\t}\n\n\ttlsConfig := &tls.Config{\n\t\tInsecureSkipVerify: sslSkipVerify, // #nosec G402 -- This is ok (and required!) because it is configurable and disabled by default.\n\t\tCertificates: tlsCertificates,\n\t\tServerName: serverName,\n\t\tMinVersion: tls.VersionTLS12,\n\t}\n\n\t// SMTP schemes\n\t// smtp: smtp clear text (with uri parameter) or with StartTLS (enforced by default)\n\t// smtps: smtp with implicit TLS (recommended way in 2021 to avoid StartTLS downgrade attacks\n\t// and defaulting to fully-encrypted protocols https://datatracker.ietf.org/doc/html/rfc8314)\n\tswitch uri.Scheme {\n\tcase \"smtp\":\n\t\t// Enforcing StartTLS by default for security best practices (config review, etc.)\n\t\tskipStartTLS, _ := strconv.ParseBool(uri.Query().Get(\"disable_starttls\"))\n\t\tif !skipStartTLS {\n\t\t\tdialer.TLSConfig = tlsConfig\n\t\t\t// Enforcing StartTLS\n\t\t\tdialer.StartTLSPolicy = gomail.MandatoryStartTLS\n\t\t}\n\tcase \"smtps\":\n\t\tdialer.TLSConfig = tlsConfig\n\t\tdialer.SSL = true\n\t}\n\n\treturn &SMTPClient{\n\t\tDialer: dialer,\n\t}, nil\n}\n\nfunc (c *courier) QueueEmail(ctx context.Context, t EmailTemplate) (uuid.UUID, error) {\n\trecipient, err := t.EmailRecipient()\n\tif err != nil {\n\t\treturn uuid.Nil, errors.WithStack(err)\n\t}\n\tif _, err := mail.ParseAddress(recipient); err != nil {\n\t\treturn uuid.Nil, errors.WithStack(err)\n\t}\n\n\tsubject, err := t.EmailSubject(ctx)\n\tif err != nil {\n\t\treturn uuid.Nil, errors.WithStack(err)\n\t}\n\n\tbodyPlaintext, err := t.EmailBodyPlaintext(ctx)\n\tif err != nil {\n\t\treturn uuid.Nil, errors.WithStack(err)\n\t}\n\n\ttemplateData, err := json.Marshal(t)\n\tif err != nil {\n\t\treturn uuid.Nil, errors.WithStack(err)\n\t}\n\n\trequestHeaders := []byte(`{}`)\n\tif t, ok := t.(RequestHeadersCarrier); ok {\n\t\trequestHeaders, err = json.Marshal(t.RequestHeaders())\n\t\tif err != nil {\n\t\t\treturn uuid.Nil, err\n\t\t}\n\t}\n\n\tmessage := &Message{\n\t\tStatus: MessageStatusQueued,\n\t\tType: MessageTypeEmail,\n\t\tChannel: \"email\",\n\t\tRecipient: recipient,\n\t\tBody: bodyPlaintext,\n\t\tSubject: subject,\n\t\tTemplateType: t.TemplateType(),\n\t\tTemplateData: templateData,\n\t\tRequestHeaders: requestHeaders,\n\t}\n\n\tif err := c.deps.CourierPersister().AddMessage(ctx, message); err != nil {\n\t\treturn uuid.Nil, errors.WithStack(err)\n\t}\n\n\treturn message.ID, nil\n}\n" }, { "path": "courier/smtp_channel.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier\n\nimport (\n\t\"context\"\n\t\"net\"\n\t\"net/textproto\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\tsemconv \"go.opentelemetry.io/otel/semconv/v1.20.0\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/mail/v3\"\n\t\"github.com/ory/x/otelx\"\n)\n\ntype (\n\tSMTPChannel struct {\n\t\tsmtpClient *SMTPClient\n\t\td Dependencies\n\n\t\tnewEmailTemplateFromMessage func(d template.Dependencies, msg Message) (EmailTemplate, error)\n\t}\n)\n\nvar _ Channel = new(SMTPChannel)\n\nfunc NewSMTPChannel(deps Dependencies, cfg *config.SMTPConfig) (*SMTPChannel, error) {\n\treturn NewSMTPChannelWithCustomTemplates(deps, cfg, NewEmailTemplateFromMessage)\n}\n\nfunc NewSMTPChannelWithCustomTemplates(deps Dependencies, cfg *config.SMTPConfig, newEmailTemplateFromMessage func(d template.Dependencies, msg Message) (EmailTemplate, error)) (*SMTPChannel, error) {\n\tsmtpClient, err := NewSMTPClient(deps, cfg)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn &SMTPChannel{\n\t\tsmtpClient: smtpClient,\n\t\td: deps,\n\t\tnewEmailTemplateFromMessage: newEmailTemplateFromMessage,\n\t}, nil\n}\n\nfunc (c *SMTPChannel) ID() string {\n\treturn \"email\"\n}\n\nfunc (c *SMTPChannel) Dispatch(ctx context.Context, msg Message) (err error) {\n\tctx, span := c.d.Tracer(ctx).Tracer().Start(ctx, \"courier.SMTPChannel.Dispatch\")\n\tdefer otelx.End(span, &err)\n\n\tif c.smtpClient.Host == \"\" {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithErrorf(\"Courier tried to deliver an email but %s is not set!\", config.ViperKeyCourierSMTPURL))\n\t}\n\n\tchannels, err := c.d.CourierConfig().CourierChannels(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tvar cfg *config.SMTPConfig\n\tfor _, channel := range channels {\n\t\tif channel.ID == \"email\" && channel.SMTPConfig != nil {\n\t\t\tcfg = channel.SMTPConfig\n\t\t\tbreak\n\t\t}\n\t}\n\n\tif cfg == nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithErrorf(\"Courier tried to deliver an email but SMTP channel is misconfigured.\"))\n\t}\n\n\tgm := mail.NewMessage()\n\tif cfg.FromName == \"\" {\n\t\tgm.SetHeader(\"From\", cfg.FromAddress)\n\t} else {\n\t\tgm.SetAddressHeader(\"From\", cfg.FromAddress, cfg.FromName)\n\t}\n\n\tgm.SetHeader(\"To\", msg.Recipient)\n\tgm.SetHeader(\"Subject\", msg.Subject)\n\n\theaders := cfg.Headers\n\tfor k, v := range headers {\n\t\tgm.SetHeader(k, v)\n\t}\n\n\tgm.SetBody(\"text/plain\", msg.Body)\n\n\tlogger := c.d.Logger().\n\t\tWithField(\"smtp_server\", net.JoinHostPort(c.smtpClient.Host, strconv.Itoa(c.smtpClient.Port))).\n\t\tWithField(\"smtp_ssl_enabled\", c.smtpClient.SSL).\n\t\tWithField(\"message_from\", cfg.FromAddress).\n\t\tWithField(\"message_id\", msg.ID).\n\t\tWithField(\"message_nid\", msg.NID).\n\t\tWithField(\"message_type\", msg.Type).\n\t\tWithField(\"message_template_type\", msg.TemplateType).\n\t\tWithField(\"message_subject\", msg.Subject).\n\t\tWithField(\"trace_id\", span.SpanContext().TraceID())\n\n\ttmpl, err := c.newEmailTemplateFromMessage(c.d, msg)\n\tif err != nil {\n\t\tlogger.\n\t\t\tWithError(err).Error(`Unable to get email template from message.`)\n\t} else if htmlBody, err := tmpl.EmailBody(ctx); err != nil {\n\t\tlogger.\n\t\t\tWithError(err).Error(`Unable to get email body from template.`)\n\t} else {\n\t\tgm.AddAlternative(\"text/html\", htmlBody)\n\t}\n\n\tdialCtx, dialSpan := c.d.Tracer(ctx).Tracer().Start(ctx, \"courier.SMTPChannel.Dispatch.Dial\", trace.WithAttributes(\n\t\tsemconv.NetPeerName(c.smtpClient.Host),\n\t\tsemconv.NetPeerPort(c.smtpClient.Port),\n\t\tsemconv.NetProtocolName(\"smtp\"),\n\t))\n\tsnd, err := c.smtpClient.Dial(dialCtx)\n\totelx.End(dialSpan, &err)\n\n\tif err != nil {\n\t\tlogger.\n\t\t\tWithError(err).\n\t\t\tWithField(\"smtp_host\", c.smtpClient.Host).\n\t\t\tWithField(\"smtp_port\", c.smtpClient.Port).\n\t\t\tError(\"Unable to dial SMTP connection.\")\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.\n\t\t\tWithError(err.Error()).WithReason(\"failed to send email via smtp\"))\n\t}\n\tdefer func() { _ = snd.Close() }()\n\n\tsendCtx, sendSpan := c.d.Tracer(ctx).Tracer().Start(ctx, \"courier.SMTPChannel.Dispatch.Send\")\n\terr = mail.Send(sendCtx, snd, gm)\n\totelx.End(sendSpan, &err)\n\n\tif err != nil {\n\t\tlogger.\n\t\t\tWithError(err).\n\t\t\tError(\"Unable to send email using SMTP connection.\")\n\n\t\tvar protoErr *textproto.Error\n\t\tvar mailErr *mail.SendError\n\n\t\tswitch {\n\t\tcase errors.As(err, &mailErr) && errors.As(mailErr.Cause, &protoErr) && protoErr.Code >= 500:\n\t\t\tfallthrough\n\t\tcase errors.As(err, &protoErr) && protoErr.Code >= 500:\n\t\t\t// See https://en.wikipedia.org/wiki/List_of_SMTP_server_return_codes\n\t\t\t// If the SMTP server responds with 5xx, sending the message should not be retried (without changing something about the request)\n\t\t\tif err := c.d.CourierPersister().SetMessageStatus(ctx, msg.ID, MessageStatusAbandoned); err != nil {\n\t\t\t\tlogger.\n\t\t\t\t\tWithError(err).\n\t\t\t\t\tError(`Unable to reset the retried message's status to \"abandoned\".`)\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\t\t}\n\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.\n\t\t\tWithError(err.Error()).WithReason(\"failed to send email via smtp\"))\n\t}\n\n\tdispatchDuration := time.Since(msg.CreatedAt).Milliseconds()\n\tlogger.WithField(\"dispatch_duration_ms\", dispatchDuration).Debug(\"Courier sent out message.\")\n\n\treturn nil\n}\n" }, { "path": "courier/smtp_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage courier_test\n\nimport (\n\t\"context\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"crypto/x509/pkix\"\n\t\"encoding/pem\"\n\t\"flag\"\n\t\"fmt\"\n\t\"io\"\n\t\"math/big\"\n\t\"net/http\"\n\t\"os\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/kratos/courier\"\n\ttemplates \"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/x\"\n\tgomail \"github.com/ory/mail/v3\"\n\t\"github.com/ory/x/configx\"\n)\n\nfunc TestNewSMTPClientPreventLeak(t *testing.T) {\n\t// Test for https://hackerone.com/reports/2384028\n\n\tinvalidURL := \"sm<>t>p://f%oo::bar:baz@my-server:1234:122/\"\n\tconf, reg := pkg.NewFastRegistryWithMocks(t, configx.WithValue(config.ViperKeyCourierSMTPURL, invalidURL))\n\n\tchannels, err := conf.CourierChannels(t.Context())\n\trequire.NoError(t, err)\n\trequire.Len(t, channels, 1)\n\n\t_, err = courier.NewSMTPClient(reg, channels[0].SMTPConfig)\n\trequire.Error(t, err)\n\tassert.NotContains(t, err.Error(), invalidURL)\n}\n\nfunc TestNewSMTP(t *testing.T) {\n\tconf, reg := pkg.NewFastRegistryWithMocks(t)\n\n\tsetupSMTPClient := func(stringURL string) *courier.SMTPClient {\n\t\tconf.MustSet(t.Context(), config.ViperKeyCourierSMTPURL, stringURL)\n\n\t\tchannels, err := conf.CourierChannels(t.Context())\n\t\trequire.NoError(t, err)\n\t\trequire.Len(t, channels, 1)\n\t\tc, err := courier.NewSMTPClient(reg, channels[0].SMTPConfig)\n\t\trequire.NoError(t, err)\n\t\treturn c\n\t}\n\n\t// Should enforce StartTLS => dialer.StartTLSPolicy = gomail.MandatoryStartTLS and dialer.SSL = false\n\tsmtp := setupSMTPClient(\"smtp://foo:bar@my-server:1234/\")\n\tassert.Equal(t, smtp.StartTLSPolicy, gomail.MandatoryStartTLS, \"StartTLS not enforced\")\n\tassert.Equal(t, smtp.SSL, false, \"Implicit TLS should not be enabled\")\n\n\t// Should enforce TLS => dialer.SSL = true\n\tsmtp = setupSMTPClient(\"smtps://foo:bar@my-server:1234/\")\n\tassert.Equal(t, smtp.SSL, true, \"Implicit TLS should be enabled\")\n\n\t// Should allow cleartext => dialer.StartTLSPolicy = gomail.OpportunisticStartTLS and dialer.SSL = false\n\tsmtp = setupSMTPClient(\"smtp://foo:bar@my-server:1234/?disable_starttls=true\")\n\tassert.Equal(t, smtp.StartTLSPolicy, gomail.OpportunisticStartTLS, \"StartTLS is enforced\")\n\tassert.Equal(t, smtp.SSL, false, \"Implicit TLS should not be enabled\")\n\n\t// Test cert based SMTP client auth\n\tclientCert, clientKey, err := generateTestClientCert(t)\n\trequire.NoError(t, err)\n\tt.Cleanup(func() { _ = os.Remove(clientCert.Name()) }) //nolint:gosec\n\tt.Cleanup(func() { _ = os.Remove(clientKey.Name()) }) //nolint:gosec\n\n\tconf.MustSet(t.Context(), config.ViperKeyCourierSMTPClientCertPath, clientCert.Name())\n\tconf.MustSet(t.Context(), config.ViperKeyCourierSMTPClientKeyPath, clientKey.Name())\n\n\tclientPEM, err := tls.LoadX509KeyPair(clientCert.Name(), clientKey.Name())\n\trequire.NoError(t, err)\n\n\tsmtpWithCert := setupSMTPClient(\"smtps://subdomain.my-server:1234/?server_name=my-server\")\n\tassert.Equal(t, smtpWithCert.SSL, true, \"Implicit TLS should be enabled\")\n\tassert.Equal(t, smtpWithCert.Host, \"subdomain.my-server\", \"SMTP Dialer host should match\")\n\tassert.Equal(t, smtpWithCert.TLSConfig.ServerName, \"my-server\", \"TLS config server name should match\")\n\tassert.Equal(t, smtpWithCert.TLSConfig.ServerName, \"my-server\", \"TLS config server name should match\")\n\tassert.Contains(t, smtpWithCert.TLSConfig.Certificates, clientPEM, \"TLS config should contain client pem\")\n\n\t// error case: invalid client key\n\trequire.NoError(t, conf.Set(t.Context(), config.ViperKeyCourierSMTPClientKeyPath, clientCert.Name())) // mixup client key and client cert\n\tsmtpWithCert = setupSMTPClient(\"smtps://subdomain.my-server:1234/?server_name=my-server\")\n\tassert.Equal(t, len(smtpWithCert.TLSConfig.Certificates), 0, \"TLS config certificates should be empty\")\n}\n\nfunc TestQueueEmail(t *testing.T) {\n\tsmtp, api := x.StartMailhog(t, true)\n\n\t_, reg := pkg.NewRegistryDefaultWithDSN(t, \"\", configx.WithValues(map[string]any{\n\t\tconfig.ViperKeyCourierSMTPURL: smtp,\n\t\tconfig.ViperKeyCourierSMTPFrom: \"test-stub@ory.sh\",\n\t\tconfig.ViperKeyCourierSMTPFromName: \"Bob\",\n\t\tconfig.ViperKeyCourierSMTPHeaders + \".test-stub-header1\": \"foo\",\n\t\tconfig.ViperKeyCourierSMTPHeaders + \".test-stub-header2\": \"bar\",\n\t\tconfig.ViperKeyCourierMessageRetries: 50,\n\t}))\n\n\tc, err := reg.Courier(t.Context())\n\trequire.NoError(t, err)\n\tc.FailOnDispatchError()\n\n\t_, err = c.QueueEmail(t.Context(), templates.NewTestStub(&templates.TestStubModel{\n\t\tTo: \"invalid-email\",\n\t\tSubject: \"test-subject-1\",\n\t\tBody: \"test-body-1\",\n\t}))\n\trequire.Error(t, err)\n\n\tid, err := c.QueueEmail(t.Context(), templates.NewTestStub(&templates.TestStubModel{\n\t\tTo: \"test-recipient-1@example.org\",\n\t\tSubject: \"test-subject-1\",\n\t\tBody: \"test-body-1\",\n\t}))\n\trequire.NoError(t, err)\n\trequire.NotZero(t, id)\n\n\tid, err = c.QueueEmail(t.Context(), templates.NewTestStub(&templates.TestStubModel{\n\t\tTo: \"test-recipient-2@example.org\",\n\t\tSubject: \"test-subject-2\",\n\t\tBody: \"test-body-2\",\n\t}))\n\trequire.NoError(t, err)\n\trequire.NotZero(t, id)\n\n\tid, err = c.QueueEmail(t.Context(), templates.NewTestStub(&templates.TestStubModel{\n\t\tTo: \"test-recipient-3@example.org\",\n\t\tSubject: \"test-subject-3\",\n\t\tBody: \"test-body-3\",\n\t}))\n\trequire.NoError(t, err)\n\trequire.NotZero(t, id)\n\n\trequire.EventuallyWithT(t, func(t *assert.CollectT) {\n\t\trequire.NoError(t, c.DispatchQueue(context.Background()))\n\t}, time.Second, 10*time.Millisecond)\n\n\tres, err := http.Get(api + \"/api/v2/messages\")\n\trequire.NoError(t, err)\n\tdefer func() { _ = res.Body.Close() }()\n\n\tbody, err := io.ReadAll(res.Body)\n\trequire.NoError(t, err)\n\trequire.Equalf(t, http.StatusOK, res.StatusCode, \"%s\", body)\n\trequire.EqualValues(t, 3, gjson.GetBytes(body, \"total\").Int())\n\n\tfor k := 1; k <= 3; k++ {\n\t\tassert.Contains(t, string(body), fmt.Sprintf(\"test-subject-%d\", k))\n\t\tassert.Contains(t, string(body), fmt.Sprintf(\"test-body-%d\", k))\n\t\tassert.Contains(t, string(body), fmt.Sprintf(\"test-recipient-%d@example.org\", k))\n\t\tassert.Contains(t, string(body), \"test-stub@ory.sh\")\n\t}\n\n\tassert.Contains(t, string(body), \"Bob\")\n\tassert.Contains(t, string(body), `\"test-stub-header1\":[\"foo\"]`)\n\tassert.Contains(t, string(body), `\"test-stub-header2\":[\"bar\"]`)\n}\n\nfunc generateTestClientCert(t *testing.T) (clientCert *os.File, clientKey *os.File, err error) {\n\thostName := flag.String(\"host\", \"127.0.0.1\", \"Hostname to certify\")\n\tpriv, err := rsa.GenerateKey(rand.Reader, 1024) // #nosec G403 -- test code\n\trequire.NoError(t, err)\n\tnow := time.Now()\n\tcertTemplate := x509.Certificate{\n\t\tSerialNumber: big.NewInt(1234),\n\t\tSubject: pkix.Name{\n\t\t\tCommonName: *hostName,\n\t\t\tOrganization: []string{\"myorg\"},\n\t\t},\n\t\tNotBefore: now.Add(-300 * time.Second),\n\t\tNotAfter: now.Add(24 * time.Hour),\n\t\tSubjectKeyId: []byte{1, 2, 3, 4},\n\t\tKeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,\n\t}\n\tcert, err := x509.CreateCertificate(rand.Reader, &certTemplate, &certTemplate, &priv.PublicKey, priv)\n\trequire.NoError(t, err)\n\tclientCert, err = os.CreateTemp(\"./test\", \"testCert\")\n\trequire.NoError(t, err)\n\tdefer func() { _ = clientCert.Close() }()\n\n\trequire.NoError(t, pem.Encode(clientCert, &pem.Block{Type: \"CERTIFICATE\", Bytes: cert}))\n\n\tclientKey, err = os.CreateTemp(\"./test\", \"testKey\")\n\trequire.NoError(t, err)\n\tdefer func() { _ = clientKey.Close() }()\n\trequire.NoError(t, pem.Encode(clientKey, &pem.Block{Type: \"RSA PRIVATE KEY\", Bytes: x509.MarshalPKCS1PrivateKey(priv)}))\n\n\treturn clientCert, clientKey, nil\n}\n" }, { "path": "courier/stub/request.config.mailer.jsonnet", "content": "function(ctx) {\n recipient: ctx.recipient,\n template_type: ctx.template_type,\n to: if \"template_data\" in ctx && \"to\" in ctx.template_data then ctx.template_data.to else null,\n recovery_code: if \"template_data\" in ctx && \"recovery_code\" in ctx.template_data then ctx.template_data.recovery_code else null,\n recovery_url: if \"template_data\" in ctx && \"recovery_url\" in ctx.template_data then ctx.template_data.recovery_url else null,\n verification_url: if \"template_data\" in ctx && \"verification_url\" in ctx.template_data then ctx.template_data.verification_url else null,\n verification_code: if \"template_data\" in ctx && \"verification_code\" in ctx.template_data then ctx.template_data.verification_code else null,\n subject: if \"template_data\" in ctx && \"subject\" in ctx.template_data then ctx.template_data.subject else null,\n body: if \"template_data\" in ctx && \"body\" in ctx.template_data then ctx.template_data.body else null,\n html_body: if \"template_data\" in ctx && \"html_body\" in ctx.template_data then ctx.template_data.html_body else null\n}\n" }, { "path": "courier/stub/request.config.twilio.jsonnet", "content": "function(ctx) {\n from: \"Kratos Test\",\n to: ctx.recipient,\n body: ctx.body\n}\n" }, { "path": "courier/template/courier/builtin/templates/login_code/valid/email.body.gotmpl", "content": "Login to your account with the following code:\n\n{{ .LoginCode }}\n\nIt expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/login_code/valid/email.body.plaintext.gotmpl", "content": "Login to your account with the following code:\n\n{{ .LoginCode }}\n\nIt expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/login_code/valid/email.subject.gotmpl", "content": "Use code {{ .LoginCode }} to log in\n" }, { "path": "courier/template/courier/builtin/templates/login_code/valid/sms.body.gotmpl", "content": "Your login code is: {{ .LoginCode }}\n\nIt expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/otp/sms.body.gotmpl", "content": "Your verification code is: {{ .Code }}\n" }, { "path": "courier/template/courier/builtin/templates/recovery/invalid/email.body.gotmpl", "content": "Hi,\n\nyou (or someone else) entered this email address when trying to recover access to an account.\n\nHowever, this email address is not on our database of registered users and therefore the attempt has failed.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/recovery/invalid/email.body.plaintext.gotmpl", "content": "Hi,\n\nyou (or someone else) entered this email address when trying to recover access to an account.\n\nHowever, this email address is not on our database of registered users and therefore the attempt has failed.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/recovery/invalid/email.subject.gotmpl", "content": "Account access attempted\n" }, { "path": "courier/template/courier/builtin/templates/recovery/valid/email.body.gotmpl", "content": "Recover access to your account by clicking the following link:\n\n{{ .RecoveryURL }}\n\nIf this was not you, do nothing. This link expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/recovery/valid/email.body.plaintext.gotmpl", "content": "Recover access to your account by clicking the following link:\n\n{{ .RecoveryURL }}\n\nIf this was not you, do nothing. This link expires in {{ .ExpiresInMinutes }} minutes.\n\n" }, { "path": "courier/template/courier/builtin/templates/recovery/valid/email.subject.gotmpl", "content": "Recover access to your account\n" }, { "path": "courier/template/courier/builtin/templates/recovery_code/invalid/email.body.gotmpl", "content": "Hi,\n\nyou (or someone else) entered this email address when trying to recover access to an account.\n\nHowever, this email address is not on our database of registered users and therefore the attempt has failed.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/recovery_code/invalid/email.body.plaintext.gotmpl", "content": "Hi,\n\nyou (or someone else) entered this email address when trying to recover access to an account.\n\nHowever, this email address is not on our database of registered users and therefore the attempt has failed.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/recovery_code/invalid/email.subject.gotmpl", "content": "Account access attempted\n" }, { "path": "courier/template/courier/builtin/templates/recovery_code/valid/email.body.gotmpl", "content": "Recover access to your account by entering the following code:\n\n{{ .RecoveryCode }}\n\nIf this was not you, do nothing. This code expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/recovery_code/valid/email.body.plaintext.gotmpl", "content": "Recover access to your account by entering the following code:\n\n{{ .RecoveryCode }}\n\nIf this was not you, do nothing. This code expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/recovery_code/valid/email.subject.gotmpl", "content": "Use code {{ .RecoveryCode }} to recover access to your account\n" }, { "path": "courier/template/courier/builtin/templates/recovery_code/valid/sms.body.gotmpl", "content": "Your recovery code is: {{ .RecoveryCode }}\n\n@{{ .RequestURLDomain }} #{{ .RecoveryCode }}\n" }, { "path": "courier/template/courier/builtin/templates/registration_code/valid/email.body.gotmpl", "content": "Complete your account registration with the following code:\n\n{{ .RegistrationCode }}\n\nThis code expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/registration_code/valid/email.body.plaintext.gotmpl", "content": "Complete your account registration with the following code:\n\n{{ .RegistrationCode }}\n\nThis code expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/registration_code/valid/email.subject.gotmpl", "content": "Use code {{ .RegistrationCode }} to complete your account registration\n" }, { "path": "courier/template/courier/builtin/templates/registration_code/valid/sms.body.gotmpl", "content": "Your registration code is: {{ .RegistrationCode }}\n\nIt expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/test_stub/email.body.gotmpl", "content": "stub email body {{ if .HTMLBody }}{{ .HTMLBody }}{{ else }}{{ .Body }}{{ end }}" }, { "path": "courier/template/courier/builtin/templates/test_stub/email.body.html.en_US.gotmpl", "content": "{{ $l := cat \"lang=\" .lang }}\n{{ nospace $l }}\n" }, { "path": "courier/template/courier/builtin/templates/test_stub/email.body.html.gotmpl", "content": "{{- if eq .lang \"en_US\" -}}\n{{ template \"email.body.html.en_US.gotmpl\" . }}\n{{- end -}}\n" }, { "path": "courier/template/courier/builtin/templates/test_stub/email.body.plaintext.gotmpl", "content": "stub email body {{ .Body }}" }, { "path": "courier/template/courier/builtin/templates/test_stub/email.body.sprig.gotmpl", "content": "{{ $t1 := title .input }}\n{{ $t1 := nospace $t1 }}\n{{ $t2 := upper $t1 }}\n{{ $t3 := cat $t1 \",\" $t2 }}\n{{ nospace $t3 }}\n" }, { "path": "courier/template/courier/builtin/templates/test_stub/email.subject.gotmpl", "content": "stub email subject {{ .Subject }}" }, { "path": "courier/template/courier/builtin/templates/verification/invalid/email.body.gotmpl", "content": "Someone asked to verify this email address, but we were unable to find an account for this address.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/verification/invalid/email.body.plaintext.gotmpl", "content": "Someone asked to verify this email address, but we were unable to find an account for this address.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/verification/invalid/email.subject.gotmpl", "content": "Someone tried to verify this email address\n" }, { "path": "courier/template/courier/builtin/templates/verification/valid/email.body.gotmpl", "content": "Verify your account by opening the following link:\n\n{{ .VerificationURL }}\n\nIf this was not you, do nothing. This link expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/verification/valid/email.body.plaintext.gotmpl", "content": "Verify your account by opening the following link:\n\n{{ .VerificationURL }}\n\nIf this was not you, do nothing. This link expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/verification/valid/email.subject.gotmpl", "content": "Please verify your email address\n" }, { "path": "courier/template/courier/builtin/templates/verification_code/invalid/email.body.gotmpl", "content": "Hi,\n\nsomeone asked to verify this email address, but we were unable to find an account for this address.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/verification_code/invalid/email.body.plaintext.gotmpl", "content": "Hi,\n\nsomeone asked to verify this email address, but we were unable to find an account for this address.\n\nIf this was you, check if you signed up using a different address.\n\nIf this was not you, please ignore this email.\n" }, { "path": "courier/template/courier/builtin/templates/verification_code/invalid/email.subject.gotmpl", "content": "Someone tried to verify this email address\n" }, { "path": "courier/template/courier/builtin/templates/verification_code/valid/email.body.gotmpl", "content": "Verify your account with the following code:\n\n{{ .VerificationCode }}\n\nor clicking the following link:\n\n{{ .VerificationURL }}\n\nIf this was not you, do nothing. This code / link expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/verification_code/valid/email.body.plaintext.gotmpl", "content": "Verify your account with the following code:\n\n{{ .VerificationCode }}\n\nor clicking the following link:\n\n{{ .VerificationURL }}\n\nIf this was not you, do nothing. This code / link expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/courier/builtin/templates/verification_code/valid/email.subject.gotmpl", "content": "Use code {{ .VerificationCode }} to verify your account\n" }, { "path": "courier/template/courier/builtin/templates/verification_code/valid/sms.body.gotmpl", "content": "Your verification code is: {{ .VerificationCode }}\n\nIf this was not you, do nothing. It expires in {{ .ExpiresInMinutes }} minutes.\n" }, { "path": "courier/template/email/login_code_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tLoginCodeValid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *LoginCodeValidModel\n\t}\n\tLoginCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tLoginCode string `json:\"login_code\"`\n\t\tIdentity map[string]interface{} `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t\tUserRequestHeaders http.Header `json:\"-\"`\n\t}\n)\n\nfunc NewLoginCodeValid(d template.Dependencies, m *LoginCodeValidModel) *LoginCodeValid {\n\treturn &LoginCodeValid{deps: d, model: m}\n}\n\nfunc (t *LoginCodeValid) EmailRecipient() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *LoginCodeValid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"login_code/valid/email.subject.gotmpl\", \"login_code/valid/email.subject*\", t.model, t.deps.CourierConfig().CourierTemplatesLoginCodeValid(ctx).Subject)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *LoginCodeValid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"login_code/valid/email.body.gotmpl\", \"login_code/valid/email.body*\", t.model, t.deps.CourierConfig().CourierTemplatesLoginCodeValid(ctx).Body.HTML)\n}\n\nfunc (t *LoginCodeValid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"login_code/valid/email.body.plaintext.gotmpl\", \"login_code/valid/email.body.plaintext*\", t.model, t.deps.CourierConfig().CourierTemplatesLoginCodeValid(ctx).Body.PlainText)\n}\n\nfunc (t *LoginCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\n\nfunc (t *LoginCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeLoginCodeValid\n}\nfunc (t *LoginCodeValid) RequestHeaders() http.Header {\n\treturn t.model.UserRequestHeaders\n}\n" }, { "path": "courier/template/email/login_code_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestLoginCodeValid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewLoginCodeValid(reg, &email.LoginCodeValidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/login_code/valid\", template.TypeLoginCodeValid)\n\t})\n}\n" }, { "path": "courier/template/email/recovery_code_invalid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tRecoveryCodeInvalid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *RecoveryCodeInvalidModel\n\t}\n\tRecoveryCodeInvalidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t}\n)\n\nfunc NewRecoveryCodeInvalid(d template.Dependencies, m *RecoveryCodeInvalidModel) *RecoveryCodeInvalid {\n\treturn &RecoveryCodeInvalid{deps: d, model: m}\n}\n\nfunc (t *RecoveryCodeInvalid) EmailRecipient() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *RecoveryCodeInvalid) EmailSubject(ctx context.Context) (string, error) {\n\tfilesystem := os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx))\n\tremoteURL := t.deps.CourierConfig().CourierTemplatesRecoveryCodeInvalid(ctx).Subject\n\n\tsubject, err := template.LoadText(ctx, t.deps, filesystem, \"recovery_code/invalid/email.subject.gotmpl\", \"recovery_code/invalid/email.subject*\", t.model, remoteURL)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *RecoveryCodeInvalid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery_code/invalid/email.body.gotmpl\", \"recovery_code/invalid/email.body*\", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeInvalid(ctx).Body.HTML)\n}\n\nfunc (t *RecoveryCodeInvalid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery_code/invalid/email.body.plaintext.gotmpl\", \"recovery_code/invalid/email.body.plaintext*\", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeInvalid(ctx).Body.PlainText)\n}\n\nfunc (t *RecoveryCodeInvalid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\n\nfunc (t *RecoveryCodeInvalid) TemplateType() template.TemplateType {\n\treturn template.TypeRecoveryCodeInvalid\n}\n" }, { "path": "courier/template/email/recovery_code_invalid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestRecoveryCodeInvalid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewRecoveryCodeInvalid(reg, &email.RecoveryCodeInvalidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"case=test remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/recovery_code/invalid\", template.TypeRecoveryCodeInvalid)\n\t})\n}\n" }, { "path": "courier/template/email/recovery_code_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tRecoveryCodeValid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *RecoveryCodeValidModel\n\t}\n\tRecoveryCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRecoveryCode string `json:\"recovery_code\"`\n\t\tIdentity map[string]interface{} `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t\tUserRequestHeaders http.Header `json:\"-\"`\n\t}\n)\n\nfunc NewRecoveryCodeValid(d template.Dependencies, m *RecoveryCodeValidModel) *RecoveryCodeValid {\n\treturn &RecoveryCodeValid{deps: d, model: m}\n}\n\nfunc (t *RecoveryCodeValid) EmailRecipient() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *RecoveryCodeValid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery_code/valid/email.subject.gotmpl\", \"recovery_code/valid/email.subject*\", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeValid(ctx).Subject)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *RecoveryCodeValid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery_code/valid/email.body.gotmpl\", \"recovery_code/valid/email.body*\", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeValid(ctx).Body.HTML)\n}\n\nfunc (t *RecoveryCodeValid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery_code/valid/email.body.plaintext.gotmpl\", \"recovery_code/valid/email.body.plaintext*\", t.model, t.deps.CourierConfig().CourierTemplatesRecoveryCodeValid(ctx).Body.PlainText)\n}\n\nfunc (t *RecoveryCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\n\nfunc (t *RecoveryCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeRecoveryCodeValid\n}\nfunc (t *RecoveryCodeValid) RequestHeaders() http.Header {\n\treturn t.model.UserRequestHeaders\n}\n" }, { "path": "courier/template/email/recovery_code_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestRecoveryCodeValid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewRecoveryCodeValid(reg, &email.RecoveryCodeValidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/recovery_code/valid\", template.TypeRecoveryCodeValid)\n\t})\n}\n" }, { "path": "courier/template/email/recovery_invalid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tRecoveryInvalid struct {\n\t\td template.Dependencies\n\t\tm *RecoveryInvalidModel\n\t}\n\tRecoveryInvalidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t}\n)\n\nfunc NewRecoveryInvalid(d template.Dependencies, m *RecoveryInvalidModel) *RecoveryInvalid {\n\treturn &RecoveryInvalid{d: d, m: m}\n}\n\nfunc (t *RecoveryInvalid) EmailRecipient() (string, error) {\n\treturn t.m.To, nil\n}\n\nfunc (t *RecoveryInvalid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery/invalid/email.subject.gotmpl\", \"recovery/invalid/email.subject*\", t.m, t.d.CourierConfig().CourierTemplatesRecoveryInvalid(ctx).Subject)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *RecoveryInvalid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery/invalid/email.body.gotmpl\", \"recovery/invalid/email.body*\", t.m, t.d.CourierConfig().CourierTemplatesRecoveryInvalid(ctx).Body.HTML)\n}\n\nfunc (t *RecoveryInvalid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery/invalid/email.body.plaintext.gotmpl\", \"recovery/invalid/email.body.plaintext*\", t.m, t.d.CourierConfig().CourierTemplatesRecoveryInvalid(ctx).Body.PlainText)\n}\n\nfunc (t *RecoveryInvalid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.m)\n}\n\nfunc (t *RecoveryInvalid) TemplateType() template.TemplateType {\n\treturn template.TypeRecoveryInvalid\n}\n" }, { "path": "courier/template/email/recovery_invalid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestRecoverInvalid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewRecoveryInvalid(reg, &email.RecoveryInvalidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"case=test remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/recovery/invalid\", template.TypeRecoveryInvalid)\n\t})\n}\n" }, { "path": "courier/template/email/recovery_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tRecoveryValid struct {\n\t\td template.Dependencies\n\t\tm *RecoveryValidModel\n\t}\n\tRecoveryValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRecoveryURL string `json:\"recovery_url\"`\n\t\tIdentity map[string]interface{} `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t}\n)\n\nfunc NewRecoveryValid(d template.Dependencies, m *RecoveryValidModel) *RecoveryValid {\n\treturn &RecoveryValid{d: d, m: m}\n}\n\nfunc (t *RecoveryValid) EmailRecipient() (string, error) {\n\treturn t.m.To, nil\n}\n\nfunc (t *RecoveryValid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery/valid/email.subject.gotmpl\", \"recovery/valid/email.subject*\", t.m, t.d.CourierConfig().CourierTemplatesRecoveryValid(ctx).Subject)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *RecoveryValid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery/valid/email.body.gotmpl\", \"recovery/valid/email.body*\", t.m, t.d.CourierConfig().CourierTemplatesRecoveryValid(ctx).Body.HTML)\n}\n\nfunc (t *RecoveryValid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"recovery/valid/email.body.plaintext.gotmpl\", \"recovery/valid/email.body.plaintext*\", t.m, t.d.CourierConfig().CourierTemplatesRecoveryValid(ctx).Body.PlainText)\n}\n\nfunc (t *RecoveryValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.m)\n}\n\nfunc (t *RecoveryValid) TemplateType() template.TemplateType {\n\treturn template.TypeRecoveryValid\n}\n" }, { "path": "courier/template/email/recovery_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestRecoverValid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewRecoveryValid(reg, &email.RecoveryValidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/recovery/valid\", template.TypeRecoveryValid)\n\t})\n}\n" }, { "path": "courier/template/email/registration_code_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tRegistrationCodeValid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *RegistrationCodeValidModel\n\t}\n\tRegistrationCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tTraits map[string]interface{} `json:\"traits\"`\n\t\tRegistrationCode string `json:\"registration_code\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t\tUserRequestHeaders http.Header `json:\"-\"`\n\t}\n)\n\nfunc NewRegistrationCodeValid(d template.Dependencies, m *RegistrationCodeValidModel) *RegistrationCodeValid {\n\treturn &RegistrationCodeValid{deps: d, model: m}\n}\n\nfunc (t *RegistrationCodeValid) EmailRecipient() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *RegistrationCodeValid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"registration_code/valid/email.subject.gotmpl\", \"registration_code/valid/email.subject*\", t.model, t.deps.CourierConfig().CourierTemplatesRegistrationCodeValid(ctx).Subject)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *RegistrationCodeValid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"registration_code/valid/email.body.gotmpl\", \"registration_code/valid/email.body*\", t.model, t.deps.CourierConfig().CourierTemplatesRegistrationCodeValid(ctx).Body.HTML)\n}\n\nfunc (t *RegistrationCodeValid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.deps, os.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)), \"registration_code/valid/email.body.plaintext.gotmpl\", \"registration_code/valid/email.body.plaintext*\", t.model, t.deps.CourierConfig().CourierTemplatesRegistrationCodeValid(ctx).Body.PlainText)\n}\n\nfunc (t *RegistrationCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\n\nfunc (t *RegistrationCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeRegistrationCodeValid\n}\nfunc (t *RegistrationCodeValid) RequestHeaders() http.Header {\n\treturn t.model.UserRequestHeaders\n\n}\n" }, { "path": "courier/template/email/registration_code_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestRegistrationCodeValid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewRegistrationCodeValid(reg, &email.RegistrationCodeValidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/registration_code/valid\", template.TypeRegistrationCodeValid)\n\t})\n}\n" }, { "path": "courier/template/email/stub.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tTestStub struct {\n\t\tm *TestStubModel\n\t}\n\tTestStubModel struct {\n\t\tTo string `json:\"to\"`\n\t\tSubject string `json:\"subject\"`\n\t\tBody string `json:\"body\"`\n\t\tHTMLBody string `json:\"html_body,omitempty\"`\n\t}\n)\n\nfunc NewTestStub(m *TestStubModel) *TestStub {\n\treturn &TestStub{m: m}\n}\n\nfunc (t *TestStub) EmailRecipient() (string, error) { return t.m.To, nil }\nfunc (t *TestStub) EmailSubject(context.Context) (string, error) { return t.m.Subject, nil }\n\nfunc (t *TestStub) EmailBody(ctx context.Context) (string, error) {\n\tif t.m.HTMLBody != \"\" {\n\t\treturn t.m.HTMLBody, nil\n\t}\n\treturn t.EmailBodyPlaintext(ctx)\n}\n\nfunc (t *TestStub) EmailBodyPlaintext(context.Context) (string, error) { return t.m.Body, nil }\nfunc (t *TestStub) MarshalJSON() ([]byte, error) { return json.Marshal(t.m) }\nfunc (t *TestStub) TemplateType() template.TemplateType { return template.TypeTestStub }\n" }, { "path": "courier/template/email/verification_code_invalid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tVerificationCodeInvalid struct {\n\t\td template.Dependencies\n\t\tm *VerificationCodeInvalidModel\n\t}\n\tVerificationCodeInvalidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t}\n)\n\nfunc NewVerificationCodeInvalid(d template.Dependencies, m *VerificationCodeInvalidModel) *VerificationCodeInvalid {\n\treturn &VerificationCodeInvalid{d: d, m: m}\n}\n\nfunc (t *VerificationCodeInvalid) EmailRecipient() (string, error) {\n\treturn t.m.To, nil\n}\n\nfunc (t *VerificationCodeInvalid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(\n\t\tctx,\n\t\tt.d,\n\t\tos.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"verification_code/invalid/email.subject.gotmpl\",\n\t\t\"verification_code/invalid/email.subject*\",\n\t\tt.m,\n\t\tt.d.CourierConfig().CourierTemplatesVerificationCodeInvalid(ctx).Subject,\n\t)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *VerificationCodeInvalid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(\n\t\tctx,\n\t\tt.d,\n\t\tos.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"verification_code/invalid/email.body.gotmpl\",\n\t\t\"verification_code/invalid/email.body*\",\n\t\tt.m,\n\t\tt.d.CourierConfig().CourierTemplatesVerificationCodeInvalid(ctx).Body.HTML,\n\t)\n}\n\nfunc (t *VerificationCodeInvalid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(\n\t\tctx,\n\t\tt.d,\n\t\tos.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"verification_code/invalid/email.body.plaintext.gotmpl\",\n\t\t\"verification_code/invalid/email.body.plaintext*\",\n\t\tt.m,\n\t\tt.d.CourierConfig().CourierTemplatesVerificationCodeInvalid(ctx).Body.PlainText,\n\t)\n}\n\nfunc (t *VerificationCodeInvalid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.m)\n}\n\nfunc (t *VerificationCodeInvalid) TemplateType() template.TemplateType {\n\treturn template.TypeVerificationCodeInvalid\n}\n" }, { "path": "courier/template/email/verification_code_invalid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestVerifyCodeInvalid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewVerificationCodeInvalid(reg, &email.VerificationCodeInvalidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/verification_code/invalid\", template.TypeVerificationCodeInvalid)\n\t})\n}\n" }, { "path": "courier/template/email/verification_code_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tVerificationCodeValid struct {\n\t\td template.Dependencies\n\t\tm *VerificationCodeValidModel\n\t}\n\tVerificationCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tVerificationURL string `json:\"verification_url\"`\n\t\tVerificationCode string `json:\"verification_code\"`\n\t\tIdentity map[string]interface{} `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t}\n)\n\nfunc NewVerificationCodeValid(d template.Dependencies, m *VerificationCodeValidModel) *VerificationCodeValid {\n\treturn &VerificationCodeValid{d: d, m: m}\n}\n\nfunc (t *VerificationCodeValid) EmailRecipient() (string, error) {\n\treturn t.m.To, nil\n}\n\nfunc (t *VerificationCodeValid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(\n\t\tctx,\n\t\tt.d,\n\t\tos.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"verification_code/valid/email.subject.gotmpl\",\n\t\t\"verification_code/valid/email.subject*\",\n\t\tt.m,\n\t\tt.d.CourierConfig().CourierTemplatesVerificationCodeValid(ctx).Subject,\n\t)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *VerificationCodeValid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx,\n\t\tt.d,\n\t\tos.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"verification_code/valid/email.body.gotmpl\",\n\t\t\"verification_code/valid/email.body*\",\n\t\tt.m,\n\t\tt.d.CourierConfig().CourierTemplatesVerificationCodeValid(ctx).Body.HTML,\n\t)\n}\n\nfunc (t *VerificationCodeValid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx,\n\t\tt.d,\n\t\tos.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"verification_code/valid/email.body.plaintext.gotmpl\",\n\t\t\"verification_code/valid/email.body.plaintext*\",\n\t\tt.m,\n\t\tt.d.CourierConfig().CourierTemplatesVerificationCodeValid(ctx).Body.PlainText,\n\t)\n}\n\nfunc (t *VerificationCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.m)\n}\n\nfunc (t *VerificationCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeVerificationCodeValid\n}\n" }, { "path": "courier/template/email/verification_code_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestVerifyCodeValid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewVerificationCodeValid(reg, &email.VerificationCodeValidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/verification_code/valid\", template.TypeVerificationCodeValid)\n\t})\n}\n" }, { "path": "courier/template/email/verification_invalid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tVerificationInvalid struct {\n\t\td template.Dependencies\n\t\tm *VerificationInvalidModel\n\t}\n\tVerificationInvalidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t}\n)\n\nfunc NewVerificationInvalid(d template.Dependencies, m *VerificationInvalidModel) *VerificationInvalid {\n\treturn &VerificationInvalid{d: d, m: m}\n}\n\nfunc (t *VerificationInvalid) EmailRecipient() (string, error) {\n\treturn t.m.To, nil\n}\n\nfunc (t *VerificationInvalid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"verification/invalid/email.subject.gotmpl\", \"verification/invalid/email.subject*\", t.m, t.d.CourierConfig().CourierTemplatesVerificationInvalid(ctx).Subject)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *VerificationInvalid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"verification/invalid/email.body.gotmpl\", \"verification/invalid/email.body*\", t.m, t.d.CourierConfig().CourierTemplatesVerificationInvalid(ctx).Body.HTML)\n}\n\nfunc (t *VerificationInvalid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"verification/invalid/email.body.plaintext.gotmpl\", \"verification/invalid/email.body.plaintext*\", t.m, t.d.CourierConfig().CourierTemplatesVerificationInvalid(ctx).Body.PlainText)\n}\n\nfunc (t *VerificationInvalid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.m)\n}\n\nfunc (t *VerificationInvalid) TemplateType() template.TemplateType {\n\treturn template.TypeVerificationInvalid\n}\n" }, { "path": "courier/template/email/verification_invalid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestVerifyInvalid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewVerificationInvalid(reg, &email.VerificationInvalidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/verification/invalid\", template.TypeVerificationInvalid)\n\t\t})\n\t})\n}\n" }, { "path": "courier/template/email/verification_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tVerificationValid struct {\n\t\td template.Dependencies\n\t\tm *VerificationValidModel\n\t}\n\tVerificationValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tVerificationURL string `json:\"verification_url\"`\n\t\tIdentity map[string]interface{} `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t}\n)\n\nfunc NewVerificationValid(d template.Dependencies, m *VerificationValidModel) *VerificationValid {\n\treturn &VerificationValid{d: d, m: m}\n}\n\nfunc (t *VerificationValid) EmailRecipient() (string, error) {\n\treturn t.m.To, nil\n}\n\nfunc (t *VerificationValid) EmailSubject(ctx context.Context) (string, error) {\n\tsubject, err := template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"verification/valid/email.subject.gotmpl\", \"verification/valid/email.subject*\", t.m, t.d.CourierConfig().CourierTemplatesVerificationValid(ctx).Subject)\n\n\treturn strings.TrimSpace(subject), err\n}\n\nfunc (t *VerificationValid) EmailBody(ctx context.Context) (string, error) {\n\treturn template.LoadHTML(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"verification/valid/email.body.gotmpl\", \"verification/valid/email.body*\", t.m, t.d.CourierConfig().CourierTemplatesVerificationValid(ctx).Body.HTML)\n}\n\nfunc (t *VerificationValid) EmailBodyPlaintext(ctx context.Context) (string, error) {\n\treturn template.LoadText(ctx, t.d, os.DirFS(t.d.CourierConfig().CourierTemplatesRoot(ctx)), \"verification/valid/email.body.plaintext.gotmpl\", \"verification/valid/email.body.plaintext*\", t.m, t.d.CourierConfig().CourierTemplatesVerificationValid(ctx).Body.PlainText)\n}\n\nfunc (t *VerificationValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.m)\n}\n\nfunc (t *VerificationValid) TemplateType() template.TemplateType {\n\treturn template.TypeVerificationValid\n}\n" }, { "path": "courier/template/email/verification_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage email_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/courier/template/email\"\n\t\"github.com/ory/kratos/courier/template/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestVerifyValid(t *testing.T) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"test=with courier templates directory\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttpl := email.NewVerificationValid(reg, &email.VerificationValidModel{})\n\n\t\ttesthelpers.TestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"test=with remote resources\", func(t *testing.T) {\n\t\ttesthelpers.TestRemoteTemplates(t, \"../courier/builtin/templates/verification/valid\", template.TypeVerificationValid)\n\t})\n}\n" }, { "path": "courier/template/load_template.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage template\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"embed\"\n\thtemplate \"html/template\"\n\t\"io\"\n\t\"io/fs\"\n\t\"path/filepath\"\n\t\"text/template\"\n\n\t\"github.com/ory/x/fetcher\"\n\t\"github.com/ory/x/httpx\"\n\n\t\"github.com/Masterminds/sprig/v3\"\n\tlru \"github.com/hashicorp/golang-lru/v2\"\n\t\"github.com/pkg/errors\"\n)\n\n//go:embed courier/builtin/templates/*\nvar templates embed.FS\n\nvar Cache, _ = lru.New[string, Template](16)\n\ntype Template interface {\n\tExecute(wr io.Writer, data interface{}) error\n}\n\ntype templateDependencies interface {\n\thttpx.ClientProvider\n}\n\nfunc loadBuiltInTemplate(filesystem fs.FS, name string, html bool) (Template, error) {\n\tif t, found := Cache.Get(name); found {\n\t\treturn t, nil\n\t}\n\n\tfile, err := filesystem.Open(name)\n\tif err != nil {\n\t\t// try to fallback to bundled templates\n\t\tvar fallbackErr error\n\t\tfile, fallbackErr = templates.Open(filepath.Join(\"courier/builtin/templates\", name))\n\t\tif fallbackErr != nil {\n\t\t\t// return original error from os.DirFS\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t}\n\n\tdefer func() { _ = file.Close() }()\n\n\tvar b bytes.Buffer\n\tif _, err := io.Copy(&b, file); err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\tvar tpl Template\n\tif html {\n\t\tt, err := htemplate.New(name).Funcs(sprig.HtmlFuncMap()).Parse(b.String())\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\ttpl = t\n\t} else {\n\t\tt, err := template.New(name).Funcs(sprig.TxtFuncMap()).Parse(b.String())\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\ttpl = t\n\t}\n\n\t_ = Cache.Add(name, tpl)\n\treturn tpl, nil\n}\n\nfunc loadRemoteTemplate(ctx context.Context, d templateDependencies, url string, html bool) (t Template, err error) {\n\tif t, found := Cache.Get(url); found {\n\t\treturn t, nil\n\t}\n\n\tf := fetcher.NewFetcher(fetcher.WithClient(d.HTTPClient(ctx)))\n\tbb, err := f.FetchContext(ctx, url)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\tb := bb.Bytes()\n\n\tif html {\n\t\tt, err = htemplate.New(url).Funcs(sprig.HermeticHtmlFuncMap()).Parse(string(b))\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t} else {\n\t\tt, err = template.New(url).Funcs(sprig.HermeticTxtFuncMap()).Parse(string(b))\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t}\n\tCache.Add(url, t)\n\n\treturn t, nil\n}\n\nfunc loadTemplate(filesystem fs.FS, name, pattern string, html bool) (Template, error) {\n\tif t, found := Cache.Get(name); found {\n\t\treturn t, nil\n\t}\n\n\tmatches, _ := fs.Glob(filesystem, name)\n\t// make sure the file exists in the fs, otherwise fallback to built in templates\n\tif matches == nil {\n\t\treturn loadBuiltInTemplate(filesystem, name, html)\n\t}\n\n\tglob := name\n\tif pattern != \"\" {\n\t\t// pattern matching is used when we have more than one gotmpl for different use cases, such as i18n support\n\t\t// e.g. some_template/template_name* will match some_template/template_name.body.en_US.gotmpl\n\t\tmatches, _ = fs.Glob(filesystem, pattern)\n\t\t// set the glob string to match patterns\n\t\tif matches != nil {\n\t\t\tglob = pattern\n\t\t}\n\t}\n\n\tvar tpl Template\n\tif html {\n\t\tt, err := htemplate.New(filepath.Base(name)).Funcs(sprig.HermeticHtmlFuncMap()).ParseFS(filesystem, glob)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\ttpl = t\n\t} else {\n\t\tt, err := template.New(filepath.Base(name)).Funcs(sprig.HermeticTxtFuncMap()).ParseFS(filesystem, glob)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\ttpl = t\n\t}\n\n\t_ = Cache.Add(name, tpl)\n\treturn tpl, nil\n}\n\nfunc LoadText(ctx context.Context, d templateDependencies, filesystem fs.FS, name, pattern string, model interface{}, remoteURL string) (string, error) {\n\tvar t Template\n\tvar err error\n\tif remoteURL != \"\" {\n\t\tt, err = loadRemoteTemplate(ctx, d, remoteURL, false)\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t} else {\n\t\tt, err = loadTemplate(filesystem, name, pattern, false)\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t}\n\n\tvar b bytes.Buffer\n\tif err := t.Execute(&b, model); err != nil {\n\t\treturn \"\", err\n\t}\n\treturn b.String(), nil\n}\n\nfunc LoadHTML(ctx context.Context, d templateDependencies, filesystem fs.FS, name, pattern string, model interface{}, remoteURL string) (string, error) {\n\tvar t Template\n\tvar err error\n\tif remoteURL != \"\" {\n\t\tt, err = loadRemoteTemplate(ctx, d, remoteURL, true)\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t} else {\n\t\tt, err = loadTemplate(filesystem, name, pattern, true)\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t}\n\n\tvar b bytes.Buffer\n\tif err := t.Execute(&b, model); err != nil {\n\t\treturn \"\", err\n\t}\n\treturn b.String(), nil\n}\n" }, { "path": "courier/template/load_template_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage template_test\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/x/fetcher\"\n\n\tlru \"github.com/hashicorp/golang-lru/v2\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/x\"\n)\n\nfunc TestLoadTextTemplate(t *testing.T) {\n\texecuteTextTemplate := func(t *testing.T, dir, name, pattern string, model map[string]interface{}) string {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttp, err := template.LoadText(t.Context(), reg, os.DirFS(dir), name, pattern, model, \"\")\n\t\trequire.NoError(t, err)\n\t\treturn tp\n\t}\n\n\texecuteHTMLTemplate := func(t *testing.T, dir, name, pattern string, model map[string]interface{}) string {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\t\ttp, err := template.LoadHTML(t.Context(), reg, os.DirFS(dir), name, pattern, model, \"\")\n\t\trequire.NoError(t, err)\n\t\treturn tp\n\t}\n\n\tt.Run(\"method=from bundled\", func(t *testing.T) {\n\t\tactual := executeTextTemplate(t, \"courier/builtin/templates/test_stub\", \"email.body.gotmpl\", \"\", nil)\n\t\tassert.Contains(t, actual, \"stub email\")\n\t})\n\n\tt.Run(\"method=fallback to bundled\", func(t *testing.T) {\n\t\ttemplate.Cache, _ = lru.New[string, template.Template](16) // prevent Cache hit\n\t\tactual := executeTextTemplate(t, \"some/inexistent/dir\", \"test_stub/email.body.gotmpl\", \"\", nil)\n\t\tassert.Contains(t, actual, \"stub email\")\n\t})\n\n\tt.Run(\"method=with Sprig functions\", func(t *testing.T) {\n\t\ttemplate.Cache, _ = lru.New[string, template.Template](16) // prevent Cache hit\n\t\tm := map[string]interface{}{\"input\": \"hello world\"} // create a simple model\n\t\tactual := executeTextTemplate(t, \"courier/builtin/templates/test_stub\", \"email.body.sprig.gotmpl\", \"\", m)\n\t\tassert.Contains(t, actual, \"HelloWorld,HELLOWORLD\")\n\t})\n\n\tt.Run(\"method=sprig should not support non-hermetic\", func(t *testing.T) {\n\t\ttemplate.Cache, _ = lru.New[string, template.Template](16)\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\n\t\tnonhermetic := []string{\"date\", \"date_in_zone\", \"date_modify\", \"now\", \"htmlDate\", \"htmlDateInZone\", \"dateInZone\", \"dateModify\", \"env\", \"expandenv\", \"getHostByName\", \"uuidv4\", \"randNumeric\", \"randAscii\", \"randAlpha\", \"randAlphaNum\"}\n\n\t\tfor _, tc := range nonhermetic {\n\t\t\tt.Run(\"case=should not support function: \"+tc, func(t *testing.T) {\n\t\t\t\t_, err := template.LoadText(t.Context(), reg, x.NewStubFS(tc, []byte(fmt.Sprintf(\"{{ %s }}\", tc))), tc, \"\", map[string]interface{}{}, \"\")\n\t\t\t\tassert.ErrorContains(t, err, fmt.Sprintf(\"function %q not defined\", tc))\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"method=html with nested templates\", func(t *testing.T) {\n\t\ttemplate.Cache, _ = lru.New[string, template.Template](16) // prevent Cache hit\n\t\tm := map[string]interface{}{\"lang\": \"en_US\"} // create a simple model\n\t\tactual := executeHTMLTemplate(t, \"courier/builtin/templates/test_stub\", \"email.body.html.gotmpl\", \"email.body.html*\", m)\n\t\tassert.Contains(t, actual, \"lang=en_US\")\n\t})\n\n\tt.Run(\"method=Cache works\", func(t *testing.T) {\n\t\tdir := os.TempDir()\n\t\tname := x.NewUUID().String() + \".body.gotmpl\"\n\t\tfp := filepath.Join(dir, name)\n\n\t\trequire.NoError(t, os.WriteFile(fp, []byte(\"cached stub body\"), 0o600))\n\t\tassert.Contains(t, executeTextTemplate(t, dir, name, \"\", nil), \"cached stub body\")\n\n\t\trequire.NoError(t, os.RemoveAll(fp))\n\t\tassert.Contains(t, executeTextTemplate(t, dir, name, \"\", nil), \"cached stub body\")\n\t})\n\n\tt.Run(\"method=remote resource\", func(t *testing.T) {\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\n\t\tctx, cancel := context.WithCancel(context.Background())\n\t\tt.Cleanup(cancel)\n\n\t\tt.Run(\"case=base64 encoded data\", func(t *testing.T) {\n\t\t\tt.Run(\"html template\", func(t *testing.T) {\n\t\t\t\tm := map[string]interface{}{\"lang\": \"en_US\"}\n\t\t\t\tf, err := os.ReadFile(\"courier/builtin/templates/test_stub/email.body.html.en_US.gotmpl\")\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tb64 := base64.StdEncoding.EncodeToString(f)\n\t\t\t\ttp, err := template.LoadHTML(ctx, reg, nil, \"\", \"\", m, \"base64://\"+b64)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Contains(t, tp, \"lang=en_US\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=plaintext\", func(t *testing.T) {\n\t\t\t\tm := map[string]interface{}{\"Body\": \"something\"}\n\t\t\t\tf, err := os.ReadFile(\"courier/builtin/templates/test_stub/email.body.plaintext.gotmpl\")\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tb64 := base64.StdEncoding.EncodeToString(f)\n\n\t\t\t\ttp, err := template.LoadText(ctx, reg, nil, \"\", \"\", m, \"base64://\"+b64)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Contains(t, tp, \"stub email body something\")\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=file resource\", func(t *testing.T) {\n\t\t\tt.Run(\"case=html template\", func(t *testing.T) {\n\t\t\t\tm := map[string]interface{}{\"lang\": \"en_US\"}\n\t\t\t\ttp, err := template.LoadHTML(ctx, reg, nil, \"\", \"\", m, \"file://courier/builtin/templates/test_stub/email.body.html.en_US.gotmpl\")\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Contains(t, tp, \"lang=en_US\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=plaintext\", func(t *testing.T) {\n\t\t\t\tm := map[string]interface{}{\"Body\": \"something\"}\n\t\t\t\ttp, err := template.LoadText(ctx, reg, nil, \"\", \"\", m, \"file://courier/builtin/templates/test_stub/email.body.plaintext.gotmpl\")\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Contains(t, tp, \"stub email body something\")\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=http resource\", func(t *testing.T) {\n\t\t\trouter := http.NewServeMux()\n\t\t\trouter.HandleFunc(\"GET /html\", func(writer http.ResponseWriter, request *http.Request) {\n\t\t\t\thttp.ServeFile(writer, request, \"courier/builtin/templates/test_stub/email.body.html.en_US.gotmpl\")\n\t\t\t})\n\t\t\trouter.HandleFunc(\"GET /plaintext\", func(writer http.ResponseWriter, request *http.Request) {\n\t\t\t\thttp.ServeFile(writer, request, \"courier/builtin/templates/test_stub/email.body.plaintext.gotmpl\")\n\t\t\t})\n\t\t\tts := httptest.NewServer(router)\n\t\t\tt.Cleanup(ts.Close)\n\n\t\t\tt.Run(\"case=html template\", func(t *testing.T) {\n\t\t\t\tm := map[string]interface{}{\"lang\": \"en_US\"}\n\t\t\t\ttp, err := template.LoadHTML(ctx, reg, nil, \"\", \"\", m, ts.URL+\"/html\")\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Contains(t, tp, \"lang=en_US\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=plaintext\", func(t *testing.T) {\n\t\t\t\tm := map[string]interface{}{\"Body\": \"something\"}\n\t\t\t\ttp, err := template.LoadText(ctx, reg, nil, \"\", \"\", m, ts.URL+\"/plaintext\")\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Contains(t, tp, \"stub email body something\")\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=unsupported resource\", func(t *testing.T) {\n\t\t\ttp, err := template.LoadHTML(ctx, reg, nil, \"\", \"\", map[string]interface{}{}, \"grpc://unsupported-url\")\n\t\t\trequire.ErrorIs(t, err, fetcher.ErrUnknownScheme)\n\t\t\trequire.Empty(t, tp)\n\n\t\t\ttp, err = template.LoadText(ctx, reg, nil, \"\", \"\", map[string]interface{}{}, \"grpc://unsupported-url\")\n\t\t\trequire.ErrorIs(t, err, fetcher.ErrUnknownScheme)\n\t\t\trequire.Empty(t, tp)\n\t\t})\n\n\t\tt.Run(\"case=disallowed resources\", func(t *testing.T) {\n\t\t\trequire.NoError(t, reg.Config().Set(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true))\n\t\t\treg.HTTPClient(ctx).RetryMax = 1\n\t\t\treg.HTTPClient(ctx).RetryWaitMax = time.Millisecond\n\n\t\t\t_, err := template.LoadHTML(ctx, reg, nil, \"\", \"\", map[string]interface{}{}, \"http://localhost:8080/1234\")\n\t\t\tassert.ErrorContains(t, err, \"is not a permitted destination\")\n\n\t\t\t_, err = template.LoadText(ctx, reg, nil, \"\", \"\", map[string]interface{}{}, \"http://localhost:8080/1234\")\n\t\t\tassert.ErrorContains(t, err, \"is not a permitted destination\")\n\t\t})\n\n\t\tt.Run(\"method=cache works\", func(t *testing.T) {\n\t\t\ttp1, err := template.LoadText(ctx, reg, nil, \"\", \"\", map[string]interface{}{}, \"base64://e3sgJGwgOj0gY2F0ICJsYW5nPSIgLmxhbmcgfX0Ke3sgbm9zcGFjZSAkbCB9fQ==\")\n\t\t\trequire.NoError(t, err)\n\n\t\t\ttp2, err := template.LoadText(ctx, reg, nil, \"\", \"\", map[string]interface{}{}, \"base64://c3R1YiBlbWFpbCBib2R5IHt7IC5Cb2R5IH19\")\n\t\t\trequire.NoError(t, err)\n\n\t\t\tassert.NotEqualf(t, tp1, tp2, \"Expected remote template 1 and remote template 2 to not be equal\")\n\t\t})\n\t})\n}\n" }, { "path": "courier/template/sms/login_code_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"os\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tLoginCodeValid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *LoginCodeValidModel\n\t}\n\tLoginCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tLoginCode string `json:\"login_code\"`\n\t\tIdentity map[string]any `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]any `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t\tUserRequestHeaders http.Header `json:\"-\"`\n\t}\n)\n\nfunc NewLoginCodeValid(d template.Dependencies, m *LoginCodeValidModel) *LoginCodeValid {\n\treturn &LoginCodeValid{deps: d, model: m}\n}\n\nfunc (t *LoginCodeValid) PhoneNumber() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *LoginCodeValid) SMSBody(ctx context.Context) (string, error) {\n\treturn template.LoadText(\n\t\tctx,\n\t\tt.deps,\n\t\tos.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"login_code/valid/sms.body.gotmpl\",\n\t\t\"login_code/valid/sms.body*\",\n\t\tt.model,\n\t\tt.deps.CourierConfig().CourierSMSTemplatesLoginCodeValid(ctx).Body.PlainText,\n\t)\n}\n\nfunc (t *LoginCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\n\nfunc (t *LoginCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeLoginCodeValid\n}\nfunc (t *LoginCodeValid) RequestHeaders() http.Header {\n\treturn t.model.UserRequestHeaders\n\n}\n" }, { "path": "courier/template/sms/login_code_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms_test\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier/template/sms\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestNewLoginCodeValid(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\n\tconst (\n\t\texpectedPhone = \"+12345678901\"\n\t\totp = \"012345\"\n\t)\n\n\ttpl := sms.NewLoginCodeValid(reg, &sms.LoginCodeValidModel{To: expectedPhone, LoginCode: otp})\n\n\texpectedBody := fmt.Sprintf(\"Your login code is: %s\\n\\nIt expires in 0 minutes.\\n\", otp)\n\n\tactualBody, err := tpl.SMSBody(context.Background())\n\trequire.NoError(t, err)\n\tassert.Equal(t, expectedBody, actualBody)\n\n\tactualPhone, err := tpl.PhoneNumber()\n\trequire.NoError(t, err)\n\tassert.Equal(t, expectedPhone, actualPhone)\n}\n" }, { "path": "courier/template/sms/recovery_code.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"os\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tRecoveryCodeValid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *RecoveryCodeValidModel\n\t}\n\n\tRecoveryCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRecoveryCode string `json:\"verification_code\"`\n\t\tIdentity map[string]any `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tRequestURLDomain string `json:\"request_url_domain\"`\n\t\tTransientPayload map[string]any `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t\tUserRequestHeaders http.Header `json:\"-\"`\n\t}\n)\n\nfunc NewRecoveryCodeValid(d template.Dependencies, m *RecoveryCodeValidModel) *RecoveryCodeValid {\n\treturn &RecoveryCodeValid{deps: d, model: m}\n}\n\nfunc (t *RecoveryCodeValid) PhoneNumber() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *RecoveryCodeValid) SMSBody(ctx context.Context) (string, error) {\n\treturn template.LoadText(\n\t\tctx,\n\t\tt.deps,\n\t\tos.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"recovery_code/valid/sms.body.gotmpl\",\n\t\t\"recovery_code/valid/sms.body*\",\n\t\tt.model,\n\t\tt.deps.CourierConfig().CourierSMSTemplatesRecoveryCodeValid(ctx).Body.PlainText,\n\t)\n}\n\nfunc (t *RecoveryCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\nfunc (t *RecoveryCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeRecoveryCodeValid\n}\nfunc (t *RecoveryCodeValid) RequestHeaders() http.Header {\n\treturn t.model.UserRequestHeaders\n\n}\n" }, { "path": "courier/template/sms/registration_code_valid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"os\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tRegistrationCodeValid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *RegistrationCodeValidModel\n\t}\n\tRegistrationCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tRegistrationCode string `json:\"registration_code\"`\n\t\tIdentity map[string]any `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]any `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t\tUserRequestHeaders http.Header `json:\"-\"`\n\t}\n)\n\nfunc NewRegistrationCodeValid(d template.Dependencies, m *RegistrationCodeValidModel) *RegistrationCodeValid {\n\treturn &RegistrationCodeValid{deps: d, model: m}\n}\n\nfunc (t *RegistrationCodeValid) PhoneNumber() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *RegistrationCodeValid) SMSBody(ctx context.Context) (string, error) {\n\treturn template.LoadText(\n\t\tctx,\n\t\tt.deps,\n\t\tos.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"registration_code/valid/sms.body.gotmpl\",\n\t\t\"registration_code/valid/sms.body*\",\n\t\tt.model,\n\t\tt.deps.CourierConfig().CourierSMSTemplatesRegistrationCodeValid(ctx).Body.PlainText,\n\t)\n}\n\nfunc (t *RegistrationCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\n\nfunc (t *RegistrationCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeRegistrationCodeValid\n}\n\nfunc (t *RegistrationCodeValid) RequestHeaders() http.Header {\n\treturn t.model.UserRequestHeaders\n\n}\n" }, { "path": "courier/template/sms/registration_code_valid_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms_test\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier/template/sms\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestNewRegistrationCodeValid(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\n\tconst (\n\t\texpectedPhone = \"+12345678901\"\n\t\totp = \"012345\"\n\t)\n\n\ttpl := sms.NewRegistrationCodeValid(reg, &sms.RegistrationCodeValidModel{To: expectedPhone, RegistrationCode: otp})\n\n\texpectedBody := fmt.Sprintf(\"Your registration code is: %s\\n\\nIt expires in 0 minutes.\\n\", otp)\n\n\tactualBody, err := tpl.SMSBody(context.Background())\n\trequire.NoError(t, err)\n\tassert.Equal(t, expectedBody, actualBody)\n\n\tactualPhone, err := tpl.PhoneNumber()\n\trequire.NoError(t, err)\n\tassert.Equal(t, expectedPhone, actualPhone)\n}\n" }, { "path": "courier/template/sms/stub.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tTestStub struct{ m *TestStubModel }\n\n\tTestStubModel struct {\n\t\tTo string `json:\"to\"`\n\t\tBody string `json:\"body\"`\n\t\tIdentity map[string]interface{} `json:\"identity\"`\n\t}\n)\n\nfunc NewTestStub(m *TestStubModel) *TestStub { return &TestStub{m: m} }\nfunc (t *TestStub) PhoneNumber() (string, error) { return t.m.To, nil }\nfunc (t *TestStub) SMSBody(context.Context) (string, error) { return t.m.Body, nil }\nfunc (t *TestStub) MarshalJSON() ([]byte, error) { return json.Marshal(t.m) }\nfunc (t *TestStub) TemplateType() template.TemplateType { return template.TypeTestStub }\n" }, { "path": "courier/template/sms/verification_code.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\n\t\"github.com/ory/kratos/courier/template\"\n)\n\ntype (\n\tVerificationCodeValid struct {\n\t\tdeps template.Dependencies\n\t\tmodel *VerificationCodeValidModel\n\t}\n\n\tVerificationCodeValidModel struct {\n\t\tTo string `json:\"to\"`\n\t\tVerificationCode string `json:\"verification_code\"`\n\t\tIdentity map[string]interface{} `json:\"identity\"`\n\t\tRequestURL string `json:\"request_url\"`\n\t\tTransientPayload map[string]interface{} `json:\"transient_payload\"`\n\t\tExpiresInMinutes int `json:\"expires_in_minutes\"`\n\t}\n)\n\nfunc NewVerificationCodeValid(d template.Dependencies, m *VerificationCodeValidModel) *VerificationCodeValid {\n\treturn &VerificationCodeValid{deps: d, model: m}\n}\n\nfunc (t *VerificationCodeValid) PhoneNumber() (string, error) {\n\treturn t.model.To, nil\n}\n\nfunc (t *VerificationCodeValid) SMSBody(ctx context.Context) (string, error) {\n\treturn template.LoadText(\n\t\tctx,\n\t\tt.deps,\n\t\tos.DirFS(t.deps.CourierConfig().CourierTemplatesRoot(ctx)),\n\t\t\"verification_code/valid/sms.body.gotmpl\",\n\t\t\"verification_code/valid/sms.body*\",\n\t\tt.model,\n\t\tt.deps.CourierConfig().CourierSMSTemplatesVerificationCodeValid(ctx).Body.PlainText,\n\t)\n}\n\nfunc (t *VerificationCodeValid) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(t.model)\n}\n\nfunc (t *VerificationCodeValid) TemplateType() template.TemplateType {\n\treturn template.TypeVerificationCodeValid\n}\n" }, { "path": "courier/template/sms/verification_code_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sms_test\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier/template/sms\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestNewOTPMessage(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\n\tconst (\n\t\texpectedPhone = \"+12345678901\"\n\t\totp = \"012345\"\n\t)\n\n\ttpl := sms.NewVerificationCodeValid(reg, &sms.VerificationCodeValidModel{To: expectedPhone, VerificationCode: otp})\n\n\texpectedBody := fmt.Sprintf(\"Your verification code is: %s\\n\\nIf this was not you, do nothing. It expires in 0 minutes.\\n\", otp)\n\n\tactualBody, err := tpl.SMSBody(context.Background())\n\trequire.NoError(t, err)\n\tassert.Equal(t, expectedBody, actualBody)\n\n\tactualPhone, err := tpl.PhoneNumber()\n\trequire.NoError(t, err)\n\tassert.Equal(t, expectedPhone, actualPhone)\n}\n" }, { "path": "courier/template/template.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage template\n\nimport (\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/httpx\"\n)\n\ntype Dependencies interface {\n\tCourierConfig() config.CourierConfigs\n\thttpx.ClientProvider\n}\n" }, { "path": "courier/template/testhelpers/testhelpers.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage testhelpers\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"os\"\n\t\"path\"\n\t\"testing\"\n\n\t\"github.com/ory/kratos/courier/template/email\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/courier/template\"\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc SetupRemoteConfig(t *testing.T, ctx context.Context, plaintext string, html string, subject string) *driver.RegistryDefault {\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\trequire.NoError(t, reg.Config().Set(ctx, config.ViperKeyCourierTemplatesRecoveryInvalidEmail, &config.CourierEmailTemplate{\n\t\tBody: &config.CourierEmailBodyTemplate{\n\t\t\tPlainText: plaintext,\n\t\t\tHTML: html,\n\t\t},\n\t\tSubject: subject,\n\t}))\n\treturn reg\n}\n\nfunc TestRendered(t *testing.T, ctx context.Context, tpl interface {\n\tEmailBody(context.Context) (string, error)\n\tEmailSubject(context.Context) (string, error)\n},\n) {\n\trendered, err := tpl.EmailBody(ctx)\n\trequire.NoError(t, err)\n\tassert.NotEmpty(t, rendered)\n\n\trendered, err = tpl.EmailSubject(ctx)\n\trequire.NoError(t, err)\n\tassert.NotEmpty(t, rendered)\n}\n\nfunc TestRemoteTemplates(t *testing.T, basePath string, tmplType template.TemplateType) {\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\ttoBase64 := func(filePath string) string {\n\t\tf, err := os.ReadFile(filePath) // #nosec G304 -- test code\n\t\trequire.NoError(t, err)\n\t\treturn base64.StdEncoding.EncodeToString(f)\n\t}\n\n\tgetTemplate := func(tmpl template.TemplateType, d template.Dependencies) interface {\n\t\tEmailBody(context.Context) (string, error)\n\t\tEmailSubject(context.Context) (string, error)\n\t} {\n\t\tswitch tmpl {\n\t\tcase template.TypeRecoveryInvalid:\n\t\t\treturn email.NewRecoveryInvalid(d, &email.RecoveryInvalidModel{})\n\t\tcase template.TypeRecoveryValid:\n\t\t\treturn email.NewRecoveryValid(d, &email.RecoveryValidModel{})\n\t\tcase template.TypeRecoveryCodeValid:\n\t\t\treturn email.NewRecoveryCodeValid(d, &email.RecoveryCodeValidModel{})\n\t\tcase template.TypeRecoveryCodeInvalid:\n\t\t\treturn email.NewRecoveryCodeInvalid(d, &email.RecoveryCodeInvalidModel{})\n\t\tcase template.TypeTestStub:\n\t\t\treturn email.NewTestStub(&email.TestStubModel{})\n\t\tcase template.TypeVerificationInvalid:\n\t\t\treturn email.NewVerificationInvalid(d, &email.VerificationInvalidModel{})\n\t\tcase template.TypeVerificationValid:\n\t\t\treturn email.NewVerificationValid(d, &email.VerificationValidModel{})\n\t\tcase template.TypeVerificationCodeInvalid:\n\t\t\treturn email.NewVerificationCodeInvalid(d, &email.VerificationCodeInvalidModel{})\n\t\tcase template.TypeVerificationCodeValid:\n\t\t\treturn email.NewVerificationCodeValid(d, &email.VerificationCodeValidModel{})\n\t\tcase template.TypeLoginCodeValid:\n\t\t\treturn email.NewLoginCodeValid(d, &email.LoginCodeValidModel{})\n\t\tcase template.TypeRegistrationCodeValid:\n\t\t\treturn email.NewRegistrationCodeValid(d, &email.RegistrationCodeValidModel{})\n\t\tdefault:\n\t\t\treturn nil\n\t\t}\n\t}\n\n\tt.Run(\"case=http resource\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\trouter := http.NewServeMux()\n\t\trouter.HandleFunc(\"GET /{filename}\", func(writer http.ResponseWriter, request *http.Request) {\n\t\t\thttp.ServeFile(writer, request, path.Join(basePath, request.PathValue(\"filename\")))\n\t\t})\n\t\tts := httptest.NewServer(router)\n\t\tdefer ts.Close()\n\n\t\ttpl := getTemplate(tmplType, SetupRemoteConfig(t, ctx,\n\t\t\tts.URL+\"/email.body.plaintext.gotmpl\",\n\t\t\tts.URL+\"/email.body.gotmpl\",\n\t\t\tts.URL+\"/email.subject.gotmpl\"))\n\n\t\trequire.NotNil(t, tpl, \"Expected to find template for %s in %s\", tmplType, basePath)\n\n\t\tTestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"case=base64 resource\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\ttpl := getTemplate(tmplType, SetupRemoteConfig(t, ctx,\n\t\t\t\"base64://\"+toBase64(path.Join(basePath, \"email.body.plaintext.gotmpl\")),\n\t\t\t\"base64://\"+toBase64(path.Join(basePath, \"email.body.gotmpl\")),\n\t\t\t\"base64://\"+toBase64(path.Join(basePath, \"email.subject.gotmpl\"))))\n\n\t\trequire.NotNil(t, tpl, \"Expected to find template for %s in %s\", tmplType, basePath)\n\n\t\tTestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"case=file resource\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\ttpl := getTemplate(tmplType, SetupRemoteConfig(t, ctx,\n\t\t\t\"file://\"+path.Join(basePath, \"email.body.plaintext.gotmpl\"),\n\t\t\t\"file://\"+path.Join(basePath, \"email.body.gotmpl\"),\n\t\t\t\"file://\"+path.Join(basePath, \"email.subject.gotmpl\")))\n\n\t\trequire.NotNil(t, tpl, \"Expected to find template for %s in %s\", tmplType, basePath)\n\t\tTestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"case=partial subject override\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\ttpl := getTemplate(tmplType, SetupRemoteConfig(t, ctx,\n\t\t\t\"\",\n\t\t\t\"\",\n\t\t\t\"base64://\"+toBase64(path.Join(basePath, \"email.subject.gotmpl\"))))\n\n\t\trequire.NotNil(t, tpl, \"Expected to find template for %s in %s\", tmplType, basePath)\n\t\tTestRendered(t, ctx, tpl)\n\t})\n\n\tt.Run(\"case=partial body override\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\ttpl := getTemplate(tmplType, SetupRemoteConfig(t, ctx,\n\t\t\t\"base64://\"+toBase64(path.Join(basePath, \"email.body.plaintext.gotmpl\")),\n\t\t\t\"base64://\"+toBase64(path.Join(basePath, \"email.body.gotmpl\")),\n\t\t\t\"\"))\n\n\t\trequire.NotNil(t, tpl, \"Expected to find template for %s in %s\", tmplType, basePath)\n\t\tTestRendered(t, ctx, tpl)\n\t})\n}\n" }, { "path": "courier/template/type.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage template\n\n// A Template's type\n//\n// swagger:enum TemplateType\ntype TemplateType string\n\nconst (\n\tTypeRecoveryInvalid TemplateType = \"recovery_invalid\"\n\tTypeRecoveryValid TemplateType = \"recovery_valid\"\n\tTypeRecoveryCodeInvalid TemplateType = \"recovery_code_invalid\"\n\tTypeRecoveryCodeValid TemplateType = \"recovery_code_valid\"\n\tTypeVerificationInvalid TemplateType = \"verification_invalid\"\n\tTypeVerificationValid TemplateType = \"verification_valid\"\n\tTypeVerificationCodeInvalid TemplateType = \"verification_code_invalid\"\n\tTypeVerificationCodeValid TemplateType = \"verification_code_valid\"\n\tTypeTestStub TemplateType = \"stub\"\n\tTypeLoginCodeValid TemplateType = \"login_code_valid\"\n\tTypeRegistrationCodeValid TemplateType = \"registration_code_valid\"\n)\n" }, { "path": "courier/test/persistence.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage test\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"slices\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/go-faker/faker/v4\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/pop/v6\"\n\tkeysetpagination \"github.com/ory/x/pagination/keysetpagination_v2\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\ntype PersisterWrapper interface {\n\tGetConnection(ctx context.Context) *pop.Connection\n\tNetworkID(ctx context.Context) uuid.UUID\n\tcourier.Persister\n}\n\ntype NetworkWrapper func(t *testing.T, ctx context.Context) (uuid.UUID, PersisterWrapper)\n\nfunc TestPersister(ctx context.Context, newNetworkUnlessExisting NetworkWrapper, newNetwork NetworkWrapper) func(t *testing.T) {\n\treturn func(t *testing.T) {\n\t\tnid, p := newNetworkUnlessExisting(t, ctx)\n\n\t\tt.Run(\"case=no messages in queue\", func(t *testing.T) {\n\t\t\tm, err := p.NextMessages(ctx, 10)\n\t\t\trequire.ErrorIs(t, err, courier.ErrQueueEmpty)\n\t\t\tassert.Len(t, m, 0)\n\n\t\t\t_, err = p.LatestQueuedMessage(ctx)\n\t\t\trequire.ErrorIs(t, err, courier.ErrQueueEmpty)\n\t\t})\n\n\t\tmessages := make([]courier.Message, 5)\n\t\tt.Run(\"case=add messages to the queue\", func(t *testing.T) {\n\t\t\tnow := time.Now()\n\t\t\tfor k := range messages {\n\t\t\t\trequire.NoError(t, faker.FakeData(&messages[k]))\n\t\t\t\trequire.NoError(t, p.AddMessage(ctx, &messages[k]))\n\t\t\t\trequire.NoError(t, p.GetConnection(ctx).\n\t\t\t\t\tRawQuery(\n\t\t\t\t\t\t\"UPDATE courier_messages SET created_at = ?, updated_at = ? WHERE id = ? AND nid = ?\",\n\t\t\t\t\t\tnow.Add(time.Duration(k)*time.Hour).Round(time.Second),\n\t\t\t\t\t\tnow.Add(time.Duration(k)*time.Hour).Round(time.Second),\n\t\t\t\t\t\tmessages[k].ID, nid).\n\t\t\t\t\tExec())\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=latest message in queue\", func(t *testing.T) {\n\t\t\texpected, err := p.LatestQueuedMessage(ctx)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tactual := messages[len(messages)-1]\n\t\t\tassert.Equal(t, expected.ID, actual.ID)\n\t\t\tassert.Equal(t, expected.Subject, actual.Subject)\n\t\t})\n\n\t\tt.Run(\"case=pull messages from the queue\", func(t *testing.T) {\n\t\t\tfor k, expected := range messages {\n\t\t\t\texpected.Status = courier.MessageStatusProcessing\n\t\t\t\tt.Run(fmt.Sprintf(\"message=%d\", k), func(t *testing.T) {\n\t\t\t\t\tmessages, err := p.NextMessages(ctx, 1)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.Len(t, messages, 1)\n\n\t\t\t\t\tactual := messages[0]\n\t\t\t\t\tassert.Equal(t, expected.ID, actual.ID)\n\t\t\t\t\tassert.Equal(t, expected.Subject, actual.Subject)\n\t\t\t\t\tassert.Equal(t, expected.Body, actual.Body)\n\t\t\t\t\tassert.Equal(t, expected.Status, actual.Status)\n\t\t\t\t\tassert.Equal(t, expected.Type, actual.Type)\n\t\t\t\t\tassert.Equal(t, expected.Recipient, actual.Recipient)\n\t\t\t\t})\n\t\t\t}\n\n\t\t\t_, err := p.NextMessages(ctx, 10)\n\t\t\trequire.ErrorIs(t, err, courier.ErrQueueEmpty)\n\t\t})\n\n\t\tt.Run(\"case=setting message status\", func(t *testing.T) {\n\t\t\trequire.NoError(t, p.SetMessageStatus(ctx, messages[0].ID, courier.MessageStatusQueued))\n\t\t\tms, err := p.NextMessages(ctx, 1)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Len(t, ms, 1)\n\t\t\tassert.Equal(t, messages[0].ID, ms[0].ID)\n\n\t\t\trequire.NoError(t, p.SetMessageStatus(ctx, messages[0].ID, courier.MessageStatusSent))\n\t\t\t_, err = p.NextMessages(ctx, 1)\n\t\t\trequire.ErrorIs(t, err, courier.ErrQueueEmpty)\n\n\t\t\trequire.NoError(t, p.SetMessageStatus(ctx, messages[0].ID, courier.MessageStatusAbandoned))\n\t\t\t_, err = p.NextMessages(ctx, 1)\n\t\t\trequire.ErrorIs(t, err, courier.ErrQueueEmpty)\n\t\t})\n\n\t\tt.Run(\"case=incrementing send count\", func(t *testing.T) {\n\t\t\toriginalSendCount := messages[0].SendCount\n\t\t\trequire.NoError(t, p.SetMessageStatus(ctx, messages[0].ID, courier.MessageStatusQueued))\n\n\t\t\trequire.NoError(t, p.IncrementMessageSendCount(ctx, messages[0].ID))\n\t\t\tms, err := p.NextMessages(ctx, 1)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Len(t, ms, 1)\n\t\t\tassert.Equal(t, messages[0].ID, ms[0].ID)\n\t\t\tassert.Equal(t, originalSendCount+1, ms[0].SendCount)\n\t\t})\n\n\t\tt.Run(\"case=list messages\", func(t *testing.T) {\n\t\t\t// List by status.\n\t\t\t{\n\t\t\t\tstatus := courier.MessageStatusProcessing\n\t\t\t\tfilter := courier.ListCourierMessagesParameters{\n\t\t\t\t\tStatus: &status,\n\t\t\t\t}\n\t\t\t\tms, _, err := p.ListMessages(ctx, filter, []keysetpagination.Option{})\n\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, ms, len(messages), messages)\n\t\t\t\t// Check that the 'filter by status' works.\n\t\t\t\tfor _, m := range ms {\n\t\t\t\t\trequire.Equal(t, status, m.Status)\n\t\t\t\t}\n\n\t\t\t\t// Check that the 'order by created_at desc' works.\n\t\t\t\trequire.True(t, slices.IsSortedFunc(ms, func(a, b courier.Message) int { return b.CreatedAt.Compare(a.CreatedAt) }))\n\t\t\t}\n\t\t\t// Query fewer items than the total, multiple times.\n\t\t\t{\n\t\t\t\tfilter := courier.ListCourierMessagesParameters{}\n\t\t\t\tmaxSize := 2\n\t\t\t\tms1, pagination, err := p.ListMessages(ctx, filter, []keysetpagination.Option{\n\t\t\t\t\tkeysetpagination.WithSize(2),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.NotNil(t, pagination)\n\t\t\t\trequire.False(t, pagination.IsLast())\n\t\t\t\trequire.Len(t, ms1, maxSize)\n\n\t\t\t\t// Check that the 'order by created_at desc' works.\n\t\t\t\trequire.True(t, slices.IsSortedFunc(ms1, func(a, b courier.Message) int { return b.CreatedAt.Compare(a.CreatedAt) }))\n\n\t\t\t\t// Second call.\n\t\t\t\t// Marshal -> unmarshal the pagination token to be more realistic.\n\t\t\t\tencrypted := pagination.PageToken().Encrypt(nil)\n\t\t\t\tunmarshalled, err := keysetpagination.ParsePageToken(nil, encrypted)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tms2, pagination, err := p.ListMessages(ctx, filter,\n\t\t\t\t\t[]keysetpagination.Option{\n\t\t\t\t\t\tkeysetpagination.WithSize(2),\n\t\t\t\t\t\tkeysetpagination.WithToken(unmarshalled),\n\t\t\t\t\t})\n\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.NotNil(t, pagination)\n\t\t\t\trequire.False(t, pagination.IsLast())\n\t\t\t\trequire.Len(t, ms2, maxSize)\n\t\t\t\t// Check that the 'order by created_at desc' works.\n\t\t\t\trequire.True(t, slices.IsSortedFunc(ms2, func(a, b courier.Message) int { return b.CreatedAt.Compare(a.CreatedAt) }))\n\n\t\t\t\t// Check that the second call returned different elements.\n\t\t\t\trequire.NotEqual(t, ms1[0].ID, ms2[0].ID)\n\t\t\t\trequire.NotEqual(t, ms1[1].ID, ms2[1].ID)\n\t\t\t\tallElements := append(ms1, ms2...)\n\t\t\t\trequire.True(t, slices.IsSortedFunc(allElements, func(a, b courier.Message) int { return b.CreatedAt.Compare(a.CreatedAt) }))\n\n\t\t\t\t// Last call\n\t\t\t\tms3, pagination, err := p.ListMessages(ctx, filter, pagination.ToOptions())\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.NotNil(t, pagination)\n\t\t\t\trequire.True(t, pagination.IsLast())\n\t\t\t\trequire.Len(t, ms3, 1)\n\t\t\t\t// Check that the 'order by created_at desc' works.\n\t\t\t\trequire.True(t, slices.IsSortedFunc(ms3, func(a, b courier.Message) int { return b.CreatedAt.Compare(a.CreatedAt) }))\n\n\t\t\t\t// Check that the third call returned different elements.\n\t\t\t\trequire.NotEqual(t, ms2[0].ID, ms3[0].ID)\n\t\t\t\tallElements = append(ms1, ms2...)\n\t\t\t\tallElements = append(allElements, ms3...)\n\t\t\t\trequire.True(t, slices.IsSortedFunc(allElements, func(a, b courier.Message) int { return b.CreatedAt.Compare(a.CreatedAt) }))\n\t\t\t}\n\n\t\t\tt.Run(\"on another network\", func(t *testing.T) {\n\t\t\t\tnid1, p1 := newNetwork(t, ctx)\n\t\t\t\tstatus := courier.MessageStatusProcessing\n\t\t\t\tfilter := courier.ListCourierMessagesParameters{\n\t\t\t\t\tStatus: &status,\n\t\t\t\t}\n\t\t\t\tms, _, err := p1.ListMessages(ctx, filter, []keysetpagination.Option{})\n\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, ms, 0)\n\n\t\t\t\t// Due to a bug in the pagination query definition, it was possible to retrieve messages from another `network`\n\t\t\t\t// using the pagination query. That required that 2 message's `created_at` timestamps were equal, to trigger\n\t\t\t\t// the `OR` clause of the paginated query.\n\t\t\t\t// This part of the tests \"simulates\" this behavior, by forcing the same timestamps on multiple messages across\n\t\t\t\t// different networks.\n\t\t\t\tnid2, p2 := newNetwork(t, ctx)\n\t\t\t\tmsg1 := courier.Message{\n\t\t\t\t\tID: uuid.FromStringOrNil(\"10000000-0000-0000-0000-000000000000\"),\n\t\t\t\t\tNID: nid1,\n\t\t\t\t\tStatus: courier.MessageStatusProcessing,\n\t\t\t\t}\n\t\t\t\terr = p1.GetConnection(ctx).Create(&msg1)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tmsg2 := courier.Message{\n\t\t\t\t\tID: uuid.FromStringOrNil(\"20000000-0000-0000-0000-000000000000\"),\n\t\t\t\t\tNID: nid1,\n\t\t\t\t\tStatus: courier.MessageStatusProcessing,\n\t\t\t\t}\n\t\t\t\terr = p1.GetConnection(ctx).Create(&msg2)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tmsg3 := courier.Message{\n\t\t\t\t\tID: uuid.FromStringOrNil(\"30000000-0000-0000-0000-000000000000\"),\n\t\t\t\t\tNID: nid2,\n\t\t\t\t\tStatus: courier.MessageStatusProcessing,\n\t\t\t\t}\n\t\t\t\terr = p2.GetConnection(ctx).Create(&msg3)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tnow := time.Now().UTC().Truncate(time.Second)\n\n\t\t\t\t// Set all `created_at` timestamps to the same value to force the `OR` clause of the paginated query.\n\t\t\t\t// `created_at` is set by \"pop\" and does not allow a manual override, apart from using `pop.SetNowFunc`, but that also influences the other tests in this\n\t\t\t\t// suite, as it just overrides a global function.\n\t\t\t\trequire.NoError(t, p1.GetConnection(ctx).RawQuery(\"UPDATE courier_messages SET created_at = ? WHERE id = ? AND nid = ?\", now, msg1.ID, nid1).Exec())\n\t\t\t\t// get the \"updated\" message from the\n\t\t\t\trequire.NoError(t, p1.GetConnection(ctx).Where(\"id = ? AND nid = ?\", msg1.ID, msg1.NID).First(&msg1))\n\t\t\t\trequire.NoError(t, p1.GetConnection(ctx).RawQuery(\"UPDATE courier_messages SET created_at = ? WHERE id = ? AND nid = ?\", now, msg2.ID, nid1).Exec())\n\t\t\t\trequire.NoError(t, p2.GetConnection(ctx).RawQuery(\"UPDATE courier_messages SET created_at = ? WHERE id = ? AND nid = ?\", now, msg3.ID, nid2).Exec())\n\n\t\t\t\t// Use the updated first message's PageToken as the basis for the paginated request.\n\t\t\t\tms, _, err = p1.ListMessages(ctx, filter, []keysetpagination.Option{keysetpagination.WithToken(msg1.PageToken())})\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t// The response should just contain messages from network1, and not from network2.\n\t\t\t\trequire.Len(t, ms, 1)\n\t\t\t\trequire.Equal(t, ms[0].NID, nid1)\n\t\t\t\trequire.Equal(t, ms[0].ID, msg2.ID)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=network\", func(t *testing.T) {\n\t\t\tt.Run(\"generates id on creation\", func(t *testing.T) {\n\t\t\t\texpected := courier.Message{ID: uuid.Nil}\n\t\t\t\trequire.NoError(t, p.AddMessage(ctx, &expected))\n\n\t\t\t\tassert.NotEqual(t, uuid.Nil, expected.ID)\n\t\t\t\tassert.EqualValues(t, nid, expected.NID)\n\t\t\t\tassert.EqualValues(t, nid, p.NetworkID(ctx))\n\n\t\t\t\tactual, err := p.LatestQueuedMessage(ctx)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.EqualValues(t, expected.ID, actual.ID)\n\t\t\t\tassert.EqualValues(t, nid, actual.NID)\n\n\t\t\t\tactuals, err := p.NextMessages(ctx, 255)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tactual = &actuals[0]\n\t\t\t\tassert.EqualValues(t, expected.ID, actual.ID)\n\t\t\t\tassert.EqualValues(t, nid, actual.NID)\n\t\t\t})\n\n\t\t\tid := x.NewUUID()\n\n\t\t\tt.Run(\"persists id on creation\", func(t *testing.T) {\n\t\t\t\texpected := courier.Message{ID: id}\n\t\t\t\trequire.NoError(t, p.AddMessage(ctx, &expected))\n\n\t\t\t\tassert.EqualValues(t, id, expected.ID)\n\t\t\t\tassert.EqualValues(t, nid, expected.NID)\n\t\t\t\tassert.EqualValues(t, nid, p.NetworkID(ctx))\n\n\t\t\t\tactual, err := p.LatestQueuedMessage(ctx)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.EqualValues(t, id, actual.ID)\n\t\t\t\tassert.EqualValues(t, nid, actual.NID)\n\n\t\t\t\tactuals, err := p.NextMessages(ctx, 255)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tactual = &actuals[0]\n\t\t\t\tassert.EqualValues(t, id, actual.ID)\n\t\t\t\tassert.EqualValues(t, nid, actual.NID)\n\t\t\t})\n\n\t\t\tt.Run(\"can not get on another network\", func(t *testing.T) {\n\t\t\t\t_, p := newNetwork(t, ctx)\n\n\t\t\t\t_, err := p.LatestQueuedMessage(ctx)\n\t\t\t\trequire.ErrorIs(t, err, courier.ErrQueueEmpty)\n\n\t\t\t\t_, err = p.NextMessages(ctx, 255)\n\t\t\t\trequire.ErrorIs(t, err, courier.ErrQueueEmpty)\n\t\t\t})\n\n\t\t\tt.Run(\"can not update on another network\", func(t *testing.T) {\n\t\t\t\t_, p := newNetwork(t, ctx)\n\t\t\t\terr := p.SetMessageStatus(ctx, id, courier.MessageStatusProcessing)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=FetchMessage\", func(t *testing.T) {\n\t\t\tmsgID := messages[0].ID\n\n\t\t\tmessage, err := p.FetchMessage(ctx, msgID)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, msgID, message.ID)\n\n\t\t\tt.Run(\"can not get on another network\", func(t *testing.T) {\n\t\t\t\t_, p := newNetwork(t, ctx)\n\n\t\t\t\t_, err := p.FetchMessage(ctx, msgID)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=RecordDispatch\", func(t *testing.T) {\n\t\t\tmsgID := messages[0].ID\n\n\t\t\terr := p.RecordDispatch(ctx, msgID, courier.CourierMessageDispatchStatusFailed, errors.New(\"testerror\"))\n\t\t\trequire.NoError(t, err)\n\n\t\t\tmessage, err := p.FetchMessage(ctx, msgID)\n\t\t\trequire.NoError(t, err)\n\n\t\t\trequire.Len(t, message.Dispatches, 1)\n\t\t\tassert.Equal(t, \"testerror\", gjson.GetBytes(message.Dispatches[0].Error, \"message\").String())\n\n\t\t\tt.Run(\"can not get on another network\", func(t *testing.T) {\n\t\t\t\t_, p := newNetwork(t, ctx)\n\n\t\t\t\t_, err := p.FetchMessage(ctx, msgID)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\t}\n}\n" }, { "path": "docs/README.md", "content": "# Documentation\n\nPlease find the documentation at\n[www.ory.com/docs/kratos](https://www.ory.com/docs/kratos).\n\nTo contribute to the documentation, please head over to:\n[github.com/ory/docs/tree/master/docs/kratos](https://github.com/ory/docs/tree/master/docs/kratos)\n" }, { "path": "docs/sidebar.json", "content": "[]" }, { "path": "driver/config/.snapshots/TestCourierEmailHTTP-case=configs_set.json", "content": "{\n \"auth\": {\n \"config\": {\n \"password\": \"YourPass\",\n \"user\": \"YourUsername\"\n },\n \"type\": \"basic_auth\"\n },\n \"body\": \"file://some.jsonnet\",\n \"header\": {\n \"Content-Type\": \"application/json\"\n },\n \"method\": \"POST\",\n \"url\": \"https://example.com/email\"\n}\n" }, { "path": "driver/config/.snapshots/TestCourierSMS-case=configs_set.json", "content": "{\n \"auth\": {\n \"config\": {\n \"password\": \"YourPass\",\n \"user\": \"YourUsername\"\n },\n \"type\": \"basic_auth\"\n },\n \"body\": \"base64://e30=\",\n \"header\": {\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n \"method\": \"POST\",\n \"url\": \"https://api.twilio.com/2010-04-01/Accounts/YourAccountID/Messages.json\"\n}\n" }, { "path": "driver/config/.snapshots/TestCourierSMS-case=defaults.json", "content": "null\n" }, { "path": "driver/config/.snapshots/TestDefaultWebhookHeaderAllowlist.json", "content": "[\n \"Accept\",\n \"Accept-Encoding\",\n \"Accept-Language\",\n \"Content-Length\",\n \"Content-Type\",\n \"Origin\",\n \"Priority\",\n \"Referer\",\n \"Sec-Ch-Ua\",\n \"Sec-Ch-Ua-Mobile\",\n \"Sec-Ch-Ua-Platform\",\n \"Sec-Fetch-Dest\",\n \"Sec-Fetch-Mode\",\n \"Sec-Fetch-Site\",\n \"Sec-Fetch-User\",\n \"True-Client-Ip\",\n \"User-Agent\"\n]\n" }, { "path": "driver/config/buildinfo.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage config\n\nvar (\n\tVersion = \"master\"\n\tDate = \"undefined\"\n\tCommit = \"undefined\"\n)\n" }, { "path": "driver/config/config.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage config\n\nimport (\n\t\"bytes\"\n\t\"cmp\"\n\t\"context\"\n\t\"crypto/sha512\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"runtime\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/go-webauthn/webauthn/protocol\"\n\t\"github.com/go-webauthn/webauthn/webauthn\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/inhies/go-bytesize\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/rs/cors\"\n\t\"github.com/stretchr/testify/require\"\n\t\"golang.org/x/net/publicsuffix\"\n\n\t\"github.com/ory/kratos/x\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/jsonschema/v3/httploader\"\n\t\"github.com/ory/kratos/embedx\"\n\t\"github.com/ory/kratos/request\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/crdbx\"\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/jsonschemax\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/watcherx\"\n)\n\nconst (\n\tDefaultIdentityTraitsSchemaID = \"default\"\n\tDefaultBrowserReturnURL = \"default_browser_return_url\"\n\tDefaultSQLiteMemoryDSN = \"sqlite://file::memory:?_fk=true&cache=shared\"\n\tDefaultPasswordHashingAlgorithm = \"argon2\"\n\tDefaultCipherAlgorithm = \"noop\"\n\tUnknownVersion = \"unknown version\"\n\tViperKeyDSN = \"dsn\"\n\tViperKeyCourierSMTPURL = \"courier.smtp.connection_uri\"\n\tViperKeyCourierSMTPClientCertPath = \"courier.smtp.client_cert_path\"\n\tViperKeyCourierSMTPClientKeyPath = \"courier.smtp.client_key_path\"\n\tViperKeyCourierTemplatesPath = \"courier.template_override_path\"\n\tViperKeyCourierTemplatesRecoveryInvalidEmail = \"courier.templates.recovery.invalid.email\"\n\tViperKeyCourierTemplatesRecoveryValidEmail = \"courier.templates.recovery.valid.email\"\n\tViperKeyCourierTemplatesRecoveryCodeInvalidEmail = \"courier.templates.recovery_code.invalid.email\"\n\tViperKeyCourierTemplatesRecoveryCodeValidEmail = \"courier.templates.recovery_code.valid.email\"\n\tViperKeyCourierTemplatesVerificationInvalidEmail = \"courier.templates.verification.invalid.email\"\n\tViperKeyCourierTemplatesVerificationValidEmail = \"courier.templates.verification.valid.email\"\n\tViperKeyCourierTemplatesVerificationCodeInvalidEmail = \"courier.templates.verification_code.invalid.email\"\n\tViperKeyCourierTemplatesVerificationCodeValidEmail = \"courier.templates.verification_code.valid.email\"\n\tViperKeyCourierTemplatesVerificationCodeValidSMS = \"courier.templates.verification_code.valid.sms\"\n\tViperKeyCourierTemplatesRecoveryCodeValidSMS = \"courier.templates.recovery_code.valid.sms\"\n\tViperKeyCourierTemplatesLoginCodeValidSMS = \"courier.templates.login_code.valid.sms\"\n\tViperKeyCourierTemplatesRegistrationCodeValidSMS = \"courier.templates.registration_code.valid.sms\"\n\tViperKeyCourierDeliveryStrategy = \"courier.delivery_strategy\"\n\tViperKeyCourierHTTPRequestConfig = \"courier.http.request_config\"\n\tViperKeyCourierTemplatesLoginCodeValidEmail = \"courier.templates.login_code.valid.email\"\n\tViperKeyCourierTemplatesRegistrationCodeValidEmail = \"courier.templates.registration_code.valid.email\"\n\tViperKeyCourierSMTP = \"courier.smtp\"\n\tViperKeyCourierSMTPFrom = \"courier.smtp.from_address\"\n\tViperKeyCourierSMTPFromName = \"courier.smtp.from_name\"\n\tViperKeyCourierSMTPHeaders = \"courier.smtp.headers\"\n\tViperKeyCourierSMTPLocalName = \"courier.smtp.local_name\"\n\tViperKeyCourierMessageRetries = \"courier.message_retries\"\n\tViperKeyCourierWorkerPullCount = \"courier.worker.pull_count\"\n\tViperKeyCourierWorkerPullWait = \"courier.worker.pull_wait\"\n\tViperKeyCourierChannels = \"courier.channels\"\n\tViperKeySecretsDefault = \"secrets.default\"\n\tViperKeySecretsCookie = \"secrets.cookie\"\n\tViperKeySecretsCipher = \"secrets.cipher\"\n\tViperKeySecretsPagination = \"secrets.pagination\"\n\tViperKeyPublicBaseURL = \"serve.public.base_url\"\n\tViperKeyAdminBaseURL = \"serve.admin.base_url\"\n\tViperKeySessionLifespan = \"session.lifespan\"\n\tViperKeySessionSameSite = \"session.cookie.same_site\"\n\tViperKeySessionSecure = \"session.cookie.secure\"\n\tViperKeySessionDomain = \"session.cookie.domain\"\n\tViperKeySessionName = \"session.cookie.name\"\n\tViperKeySessionPath = \"session.cookie.path\"\n\tViperKeySessionPersistentCookie = \"session.cookie.persistent\"\n\tViperKeySessionTokenizerTemplates = \"session.whoami.tokenizer.templates\"\n\tViperKeySessionWhoAmIAAL = \"session.whoami.required_aal\"\n\tViperKeySessionWhoAmICaching = \"feature_flags.cacheable_sessions\"\n\tViperKeyFeatureFlagFasterSessionExtend = \"feature_flags.faster_session_extend\"\n\tViperKeySessionWhoAmICachingMaxAge = \"feature_flags.cacheable_sessions_max_age\"\n\tViperKeyUseContinueWithTransitions = \"feature_flags.use_continue_with_transitions\"\n\tViperKeyChooseRecoveryAddress = \"feature_flags.choose_recovery_address\"\n\tViperKeyUseLegacyShowVerificationUI = \"feature_flags.legacy_continue_with_verification_ui\"\n\tViperKeyLegacyOIDCRegistrationGroup = \"feature_flags.legacy_oidc_registration_node_group\"\n\tViperKeyUseLegacyRequireVerifiedLoginError = \"feature_flags.legacy_require_verified_login_error\"\n\tViperKeySessionRefreshMinTimeLeft = \"session.earliest_possible_extend\"\n\tViperKeyCookieSameSite = \"cookies.same_site\"\n\tViperKeyCookieDomain = \"cookies.domain\"\n\tViperKeyCookiePath = \"cookies.path\"\n\tViperKeyCookieSecure = \"cookies.secure\"\n\tViperKeySelfServiceStrategyConfig = \"selfservice.methods\"\n\tViperKeySelfServiceBrowserDefaultReturnTo = \"selfservice.\" + DefaultBrowserReturnURL\n\tViperKeyURLsAllowedReturnToDomains = \"selfservice.allowed_return_urls\"\n\tViperKeySelfServiceRegistrationEnabled = \"selfservice.flows.registration.enabled\"\n\tViperKeySelfServiceRegistrationLoginHints = \"selfservice.flows.registration.login_hints\"\n\tViperKeySelfServiceRegistrationEnableLegacyOneStep = \"selfservice.flows.registration.enable_legacy_one_step\"\n\tViperKeySelfServiceRegistrationFlowStyle = \"selfservice.flows.registration.style\"\n\tViperKeySelfServiceRegistrationUI = \"selfservice.flows.registration.ui_url\"\n\tViperKeySelfServiceRegistrationRequestLifespan = \"selfservice.flows.registration.lifespan\"\n\tViperKeySelfServiceRegistrationAfter = \"selfservice.flows.registration.after\"\n\tViperKeySelfServiceRegistrationBeforeHooks = \"selfservice.flows.registration.before.hooks\"\n\tViperKeySelfServiceLoginUI = \"selfservice.flows.login.ui_url\"\n\tViperKeySelfServiceLoginFlowStyle = \"selfservice.flows.login.style\"\n\tViperKeySecurityAccountEnumerationMitigate = \"security.account_enumeration.mitigate\"\n\tViperKeySelfServiceLoginRequestLifespan = \"selfservice.flows.login.lifespan\"\n\tViperKeySelfServiceLoginAfter = \"selfservice.flows.login.after\"\n\tViperKeySelfServiceLoginBeforeHooks = \"selfservice.flows.login.before.hooks\"\n\tViperKeySelfServiceErrorUI = \"selfservice.flows.error.ui_url\"\n\tViperKeySelfServiceLogoutBrowserDefaultReturnTo = \"selfservice.flows.logout.after.\" + DefaultBrowserReturnURL\n\tViperKeySelfServiceSettingsURL = \"selfservice.flows.settings.ui_url\"\n\tViperKeySelfServiceSettingsAfter = \"selfservice.flows.settings.after\"\n\tViperKeySelfServiceSettingsBeforeHooks = \"selfservice.flows.settings.before.hooks\"\n\tViperKeySelfServiceSettingsRequestLifespan = \"selfservice.flows.settings.lifespan\"\n\tViperKeySelfServiceSettingsPrivilegedAuthenticationAfter = \"selfservice.flows.settings.privileged_session_max_age\"\n\tViperKeySelfServiceSettingsRequiredAAL = \"selfservice.flows.settings.required_aal\"\n\tViperKeySelfServiceRecoveryAfter = \"selfservice.flows.recovery.after\"\n\tViperKeySelfServiceRecoveryBeforeHooks = \"selfservice.flows.recovery.before.hooks\"\n\tViperKeySelfServiceRecoveryEnabled = \"selfservice.flows.recovery.enabled\"\n\tViperKeySelfServiceRecoveryUse = \"selfservice.flows.recovery.use\"\n\tViperKeySelfServiceRecoveryUI = \"selfservice.flows.recovery.ui_url\"\n\tViperKeySelfServiceRecoveryRequestLifespan = \"selfservice.flows.recovery.lifespan\"\n\tViperKeySelfServiceRecoveryBrowserDefaultReturnTo = \"selfservice.flows.recovery.after.\" + DefaultBrowserReturnURL\n\tViperKeySelfServiceRecoveryNotifyUnknownRecipients = \"selfservice.flows.recovery.notify_unknown_recipients\"\n\tViperKeySelfServiceVerificationEnabled = \"selfservice.flows.verification.enabled\"\n\tViperKeySelfServiceVerificationUI = \"selfservice.flows.verification.ui_url\"\n\tViperKeySelfServiceVerificationRequestLifespan = \"selfservice.flows.verification.lifespan\"\n\tViperKeySelfServiceVerificationBrowserDefaultReturnTo = \"selfservice.flows.verification.after.\" + DefaultBrowserReturnURL\n\tViperKeySelfServiceVerificationAfter = \"selfservice.flows.verification.after\"\n\tViperKeySelfServiceVerificationBeforeHooks = \"selfservice.flows.verification.before.hooks\"\n\tViperKeySelfServiceVerificationUse = \"selfservice.flows.verification.use\"\n\tViperKeySelfServiceVerificationNotifyUnknownRecipients = \"selfservice.flows.verification.notify_unknown_recipients\"\n\tViperKeyDefaultIdentitySchemaID = \"identity.default_schema_id\"\n\tViperKeyIdentitySchemas = \"identity.schemas\"\n\tViperKeyHasherAlgorithm = \"hashers.algorithm\"\n\tViperKeyHasherArgon2ConfigMemory = \"hashers.argon2.memory\"\n\tViperKeyHasherArgon2ConfigIterations = \"hashers.argon2.iterations\"\n\tViperKeyHasherArgon2ConfigParallelism = \"hashers.argon2.parallelism\"\n\tViperKeyHasherArgon2ConfigSaltLength = \"hashers.argon2.salt_length\"\n\tViperKeyHasherArgon2ConfigKeyLength = \"hashers.argon2.key_length\"\n\tViperKeyHasherArgon2ConfigExpectedDuration = \"hashers.argon2.expected_duration\"\n\tViperKeyHasherArgon2ConfigExpectedDeviation = \"hashers.argon2.expected_deviation\"\n\tViperKeyHasherArgon2ConfigDedicatedMemory = \"hashers.argon2.dedicated_memory\"\n\tViperKeyHasherBcryptCost = \"hashers.bcrypt.cost\"\n\tViperKeyCipherAlgorithm = \"ciphers.algorithm\"\n\tViperKeyDatabaseCleanupSleepTables = \"database.cleanup.sleep.tables\"\n\tViperKeyDatabaseCleanupBatchSize = \"database.cleanup.batch_size\"\n\tViperKeyLinkLifespan = \"selfservice.methods.link.config.lifespan\"\n\tViperKeyCodeLifespan = \"selfservice.methods.code.config.lifespan\"\n\tViperKeyCodeMaxSubmissions = \"selfservice.methods.code.config.max_submissions\"\n\tViperKeyCodeConfigMissingCredentialFallbackEnabled = \"selfservice.methods.code.config.missing_credential_fallback_enabled\"\n\tViperKeyPasswordHaveIBeenPwnedHost = \"selfservice.methods.password.config.haveibeenpwned_host\"\n\tViperKeyPasswordHaveIBeenPwnedEnabled = \"selfservice.methods.password.config.haveibeenpwned_enabled\"\n\tViperKeyPasswordMaxBreaches = \"selfservice.methods.password.config.max_breaches\"\n\tViperKeyPasswordMinLength = \"selfservice.methods.password.config.min_password_length\"\n\tViperKeyPasswordIdentifierSimilarityCheckEnabled = \"selfservice.methods.password.config.identifier_similarity_check_enabled\"\n\tViperKeyIgnoreNetworkErrors = \"selfservice.methods.password.config.ignore_network_errors\"\n\tViperKeyPasswordRegistrationProfileGroup = \"selfservice.methods.password.config.password_profile_registration_node_group\"\n\tViperKeyTOTPIssuer = \"selfservice.methods.totp.config.issuer\"\n\tViperKeyOIDCBaseRedirectURL = \"selfservice.methods.oidc.config.base_redirect_uri\"\n\tViperKeySAMLBaseRedirectURL = \"selfservice.methods.saml.config.base_redirect_uri\"\n\tViperKeyWebAuthnRPDisplayName = \"selfservice.methods.webauthn.config.rp.display_name\"\n\tViperKeyWebAuthnRPID = \"selfservice.methods.webauthn.config.rp.id\"\n\tViperKeyWebAuthnRPOrigin = \"selfservice.methods.webauthn.config.rp.origin\"\n\tViperKeyWebAuthnRPOrigins = \"selfservice.methods.webauthn.config.rp.origins\"\n\tViperKeyWebAuthnPasswordless = \"selfservice.methods.webauthn.config.passwordless\"\n\tViperKeyPasskeyEnabled = \"selfservice.methods.passkey.enabled\"\n\tViperKeyPasskeyRPDisplayName = \"selfservice.methods.passkey.config.rp.display_name\"\n\tViperKeyPasskeyRPID = \"selfservice.methods.passkey.config.rp.id\"\n\tViperKeyPasskeyRPOrigins = \"selfservice.methods.passkey.config.rp.origins\"\n\tViperKeyOAuth2ProviderURL = \"oauth2_provider.url\"\n\tViperKeyOAuth2ProviderHeader = \"oauth2_provider.headers\"\n\tViperKeyOAuth2ProviderOverrideReturnTo = \"oauth2_provider.override_return_to\"\n\tViperKeyClientHTTPNoPrivateIPRanges = \"clients.http.disallow_private_ip_ranges\"\n\tViperKeyClientHTTPPrivateIPExceptionURLs = \"clients.http.private_ip_exception_urls\"\n\tViperKeyWebhookHeaderAllowlist = \"clients.web_hook.header_allowlist\"\n\tViperKeyPreviewDefaultReadConsistencyLevel = \"preview.default_read_consistency_level\"\n\tViperKeyVersion = \"version\"\n\tViperKeyPasswordMigrationHook = \"selfservice.methods.password.config.migrate_hook\"\n)\n\nconst (\n\tHighestAvailableAAL = \"highest_available\"\n\tArgon2DefaultMemory = 128 * bytesize.MB\n\tArgon2DefaultIterations uint32 = 1\n\tArgon2DefaultSaltLength uint32 = 16\n\tArgon2DefaultKeyLength uint32 = 32\n\tArgon2DefaultDuration = 500 * time.Millisecond\n\tArgon2DefaultDeviation = 500 * time.Millisecond\n\tArgon2DefaultDedicatedMemory = 1 * bytesize.GB\n\tBcryptDefaultCost uint32 = 12\n)\n\n// DefaultSessionCookieName returns the default cookie name for the kratos session.\nconst DefaultSessionCookieName = \"ory_kratos_session\"\n\ntype (\n\tArgon2 struct {\n\t\tMemory bytesize.ByteSize `json:\"memory\"`\n\t\tIterations uint32 `json:\"iterations\"`\n\t\tParallelism uint8 `json:\"parallelism\"`\n\t\tSaltLength uint32 `json:\"salt_length\"`\n\t\tKeyLength uint32 `json:\"key_length\"`\n\t\tExpectedDuration time.Duration `json:\"expected_duration\"`\n\t\tExpectedDeviation time.Duration `json:\"expected_deviation\"`\n\t\tDedicatedMemory bytesize.ByteSize `json:\"dedicated_memory\"`\n\t}\n\tBcrypt struct {\n\t\tCost uint32 `json:\"cost\"`\n\t}\n\tSelfServiceHook struct {\n\t\tName string `json:\"hook\"`\n\t\tConfig json.RawMessage `json:\"config\"`\n\t}\n\tSelfServiceStrategy struct {\n\t\tEnabled bool `json:\"enabled\"`\n\t\tConfig json.RawMessage `json:\"config\"`\n\t}\n\tSelfServiceStrategyCode struct {\n\t\t*SelfServiceStrategy\n\t\tPasswordlessEnabled bool `json:\"passwordless_enabled\"`\n\t\tMFAEnabled bool `json:\"mfa_enabled\"`\n\t}\n\tSchema struct {\n\t\tID string `json:\"id\" koanf:\"id\"`\n\t\tURL string `json:\"url\" koanf:\"url\"`\n\t\tSelfserviceSelectable bool `json:\"selfservice_selectable\" koanf:\"selfservice_selectable\"`\n\t}\n\tPasswordPolicy struct {\n\t\tHaveIBeenPwnedHost string `json:\"haveibeenpwned_host\"`\n\t\tHaveIBeenPwnedEnabled bool `json:\"haveibeenpwned_enabled\"`\n\t\tMaxBreaches uint `json:\"max_breaches\"`\n\t\tIgnoreNetworkErrors bool `json:\"ignore_network_errors\"`\n\t\tMinPasswordLength uint `json:\"min_password_length\"`\n\t\tIdentifierSimilarityCheckEnabled bool `json:\"identifier_similarity_check_enabled\"`\n\t}\n\tSchemas []Schema\n\tCourierEmailBodyTemplate struct {\n\t\tPlainText string `json:\"plaintext\"`\n\t\tHTML string `json:\"html\"`\n\t}\n\tCourierEmailTemplate struct {\n\t\tBody *CourierEmailBodyTemplate `json:\"body\"`\n\t\tSubject string `json:\"subject\"`\n\t}\n\tCourierSMSTemplate struct {\n\t\tBody *CourierSMSTemplateBody `json:\"body\"`\n\t}\n\tCourierSMSTemplateBody struct {\n\t\tPlainText string `json:\"plaintext\"`\n\t}\n\tCourierChannel struct {\n\t\tID string `json:\"id\" koanf:\"id\"`\n\t\tType string `json:\"type\" koanf:\"type\"`\n\t\tSMTPConfig *SMTPConfig `json:\"smtp_config\" koanf:\"smtp_config\"`\n\t\tRequestConfig request.Config `json:\"request_config\" koanf:\"request_config\"`\n\t}\n\tSMTPConfig struct {\n\t\tConnectionURI string `json:\"connection_uri\" koanf:\"connection_uri\"`\n\t\tClientCertPath string `json:\"client_cert_path\" koanf:\"client_cert_path\"`\n\t\tClientKeyPath string `json:\"client_key_path\" koanf:\"client_key_path\"`\n\t\tFromAddress string `json:\"from_address\" koanf:\"from_address\"`\n\t\tFromName string `json:\"from_name\" koanf:\"from_name\"`\n\t\tHeaders map[string]string `json:\"headers\" koanf:\"headers\"`\n\t\tLocalName string `json:\"local_name\" koanf:\"local_name\"`\n\t}\n\tPasswordMigrationHook struct {\n\t\tEnabled bool `json:\"enabled\" koanf:\"enabled\"`\n\t\tConfig request.Config `json:\"config\" koanf:\"config\"`\n\t}\n\tConfig struct {\n\t\tl *logrusx.Logger\n\t\tp *configx.Provider\n\t\tc contextx.Contextualizer\n\t\tidentityMetaSchema *jsonschema.Schema\n\t\tstdOutOrErr io.Writer\n\t}\n\tProvider interface {\n\t\tConfig() *Config\n\t}\n\tCourierConfigs interface {\n\t\tCourierTemplatesRoot(ctx context.Context) string\n\t\tCourierTemplatesVerificationInvalid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesRecoveryCodeInvalid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesRecoveryCodeValid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesVerificationCodeInvalid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesVerificationCodeValid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesLoginCodeValid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierTemplatesRegistrationCodeValid(ctx context.Context) *CourierEmailTemplate\n\t\tCourierSMSTemplatesVerificationCodeValid(ctx context.Context) *CourierSMSTemplate\n\t\tCourierSMSTemplatesRecoveryCodeValid(ctx context.Context) *CourierSMSTemplate\n\t\tCourierSMSTemplatesLoginCodeValid(ctx context.Context) *CourierSMSTemplate\n\t\tCourierSMSTemplatesRegistrationCodeValid(ctx context.Context) *CourierSMSTemplate\n\t\tCourierMessageRetries(ctx context.Context) int\n\t\tCourierWorkerPullCount(ctx context.Context) int\n\t\tCourierWorkerPullWait(ctx context.Context) time.Duration\n\t\tCourierChannels(context.Context) ([]*CourierChannel, error)\n\t}\n)\n\nfunc (c *Argon2) MarshalJSON() ([]byte, error) {\n\ttype encoded struct {\n\t\tMemory string `json:\"memory\"`\n\t\tIterations uint32 `json:\"iterations\"`\n\t\tParallelism uint8 `json:\"parallelism\"`\n\t\tSaltLength uint32 `json:\"salt_length\"`\n\t\tKeyLength uint32 `json:\"key_length\"`\n\t\tExpectedDuration string `json:\"minimal_duration\"`\n\t\tExpectedDeviation string `json:\"expected_deviation\"`\n\t\tDedicatedMemory string `json:\"dedicated_memory\"`\n\t}\n\n\treturn json.Marshal(&encoded{\n\t\tMemory: c.Memory.String(),\n\t\tIterations: c.Iterations,\n\t\tParallelism: c.Parallelism,\n\t\tSaltLength: c.SaltLength,\n\t\tKeyLength: c.KeyLength,\n\t\tExpectedDuration: c.ExpectedDuration.String(),\n\t\tExpectedDeviation: c.ExpectedDeviation.String(),\n\t\tDedicatedMemory: c.DedicatedMemory.String(),\n\t})\n}\n\nvar Argon2DefaultParallelism = uint8(runtime.NumCPU() * 2)\n\nconst HookGlobal = \"global\"\n\nfunc HookStrategyKey(key, strategy string) string {\n\tif strategy == HookGlobal {\n\t\treturn fmt.Sprintf(\"%s.hooks\", key)\n\t} else {\n\t\treturn fmt.Sprintf(\"%s.%s.hooks\", key, strategy)\n\t}\n}\n\nfunc (s Schemas) FindSchemaByID(id string) (*Schema, error) {\n\tfor _, sc := range s {\n\t\tif sc.ID == id {\n\t\t\treturn &sc, nil\n\t\t}\n\t}\n\n\treturn nil, errors.Errorf(\"unable to find identity schema with id: %s\", id)\n}\n\nfunc MustNew(t testing.TB, l *logrusx.Logger, ctxer contextx.Contextualizer, opts ...configx.OptionModifier) *Config {\n\tp, err := New(t.Context(), l, os.Stderr, ctxer, opts...)\n\trequire.NoError(t, err)\n\treturn p\n}\n\nfunc New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, ctxer contextx.Contextualizer, opts ...configx.OptionModifier) (*Config, error) {\n\tvar c *Config\n\n\topts = append([]configx.OptionModifier{\n\t\tconfigx.WithStderrValidationReporter(),\n\t\tconfigx.OmitKeysFromTracing(\"dsn\", \"courier.smtp.connection_uri\", \"secrets.default\", \"secrets.cookie\", \"secrets.cipher\", \"client_secret\"),\n\t\tconfigx.WithImmutables(\"serve\", \"profiling\", \"log\"),\n\t\tconfigx.WithExceptImmutables(\"serve.public.cors.allowed_origins\"),\n\t\tconfigx.WithLogrusWatcher(l),\n\t\tconfigx.WithLogger(l),\n\t\tconfigx.WithContext(ctx),\n\t\tconfigx.AttachWatcher(func(event watcherx.Event, err error) {\n\t\t\tif c == nil {\n\t\t\t\tpanic(errors.New(\"the config provider did not initialise correctly in time\"))\n\t\t\t}\n\t\t\tif err := c.validateIdentitySchemas(ctx); err != nil {\n\t\t\t\tl.WithError(err).\n\t\t\t\t\tErrorf(\"The changed identity schema configuration is invalid and could not be loaded. Rolling back to the last working configuration revision. Please address the validation errors before restarting the process.\")\n\t\t\t}\n\t\t}),\n\t}, opts...)\n\n\tp, err := configx.New(ctx, embedx.ConfigSchema, opts...)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tl.UseConfig(p)\n\n\tc = NewCustom(l, p, stdOutOrErr, ctxer)\n\n\tif !p.SkipValidation() {\n\t\tif err := c.validateIdentitySchemas(ctx); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\treturn c, nil\n}\n\nfunc NewCustom(l *logrusx.Logger, p *configx.Provider, stdOutOrErr io.Writer, ctxt contextx.Contextualizer) *Config {\n\tl.UseConfig(p)\n\treturn &Config{l: l, p: p, c: ctxt, stdOutOrErr: stdOutOrErr}\n}\n\nfunc (p *Config) getIdentitySchemaValidator(ctx context.Context) (*jsonschema.Schema, error) {\n\tif p.identityMetaSchema == nil {\n\t\tc := jsonschema.NewCompiler()\n\t\terr := embedx.AddSchemaResources(c, embedx.IdentityMeta)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tp.identityMetaSchema, err = c.Compile(ctx, embedx.IdentityMeta.GetSchemaID())\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t}\n\n\treturn p.identityMetaSchema, nil\n}\n\ntype validateIdentitySchemasContextKey int\n\nconst validateIdentitySchemasClientKey validateIdentitySchemasContextKey = 1\n\nfunc SetValidateIdentitySchemaResilientClientOptions(ctx context.Context, options []httpx.ResilientOptions) context.Context {\n\treturn context.WithValue(ctx, validateIdentitySchemasClientKey, options)\n}\n\nfunc (p *Config) validateIdentitySchemas(ctx context.Context) error {\n\topts := []httpx.ResilientOptions{\n\t\thttpx.ResilientClientWithLogger(p.l),\n\t\thttpx.ResilientClientWithMaxRetry(2),\n\t\thttpx.ResilientClientWithConnectionTimeout(30 * time.Second),\n\t}\n\n\tif o, ok := ctx.Value(validateIdentitySchemasClientKey).([]httpx.ResilientOptions); ok {\n\t\topts = o\n\t}\n\n\tif p.ClientHTTPNoPrivateIPRanges(ctx) {\n\t\topts = append(opts, httpx.ResilientClientDisallowInternalIPs())\n\t}\n\n\tctx = context.WithValue(ctx, httploader.ContextKey, httpx.NewResilientClient(opts...))\n\n\tj, err := p.getIdentitySchemaValidator(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tss, err := p.IdentityTraitsSchemas(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tfor _, s := range ss {\n\t\tresource, err := jsonschema.LoadURL(ctx, s.URL)\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tdefer func() { _ = resource.Close() }()\n\n\t\tschema, err := io.ReadAll(io.LimitReader(resource, 1024*1024))\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tif err = j.Validate(bytes.NewBuffer(schema)); err != nil {\n\t\t\tp.formatJsonErrors(schema, err)\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t}\n\treturn nil\n}\n\nfunc (p *Config) formatJsonErrors(schema []byte, err error) {\n\t_, _ = fmt.Fprintln(p.stdOutOrErr, \"\")\n\tjsonschemax.FormatValidationErrorForCLI(p.stdOutOrErr, schema, err)\n}\n\nfunc (p *Config) ServePublic(ctx context.Context) *configx.Serve {\n\treturn p.GetProvider(ctx).Serve(\"serve.public\", p.IsInsecureDevMode(ctx), configx.Serve{\n\t\tPort: 4433,\n\t})\n}\n\nfunc (p *Config) ServeAdmin(ctx context.Context) *configx.Serve {\n\treturn p.GetProvider(ctx).Serve(\"serve.admin\", p.IsInsecureDevMode(ctx), configx.Serve{\n\t\tPort: 4434,\n\t})\n}\n\nfunc (p *Config) CORSPublic(ctx context.Context) (cors.Options, bool) {\n\treturn p.GetProvider(ctx).CORS(\"serve.public\", cors.Options{\n\t\tAllowedMethods: []string{\"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\"},\n\t\tAllowedHeaders: []string{\"Authorization\", \"Content-Type\", \"Cookie\"},\n\t\tExposedHeaders: []string{\"Content-Type\", \"Set-Cookie\"},\n\t\tAllowCredentials: true,\n\t})\n}\n\n// Deprecated: use context-based [contextx.WithConfigValue] instead.\nfunc (p *Config) Set(_ context.Context, key string, value interface{}) error {\n\treturn p.p.Set(key, value)\n}\n\n// Deprecated: use context-based [contextx.WithConfigValue] instead.\nfunc (p *Config) MustSet(_ context.Context, key string, value interface{}) {\n\tif err := p.p.Set(key, value); err != nil {\n\t\tp.l.WithError(err).Fatalf(\"Unable to set %q to %q.\", key, value)\n\t}\n}\n\nfunc (p *Config) SessionName(ctx context.Context) string {\n\treturn cmp.Or(p.GetProvider(ctx).String(ViperKeySessionName), DefaultSessionCookieName)\n}\n\nfunc (p *Config) HasherArgon2(ctx context.Context) *Argon2 {\n\t// warn about usage of default values and point to the docs\n\t// warning will require https://github.com/ory/viper/issues/19\n\treturn &Argon2{\n\t\tMemory: p.GetProvider(ctx).ByteSizeF(ViperKeyHasherArgon2ConfigMemory, Argon2DefaultMemory),\n\t\t//nolint:gosec // disable G115\n\t\tIterations: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigIterations, int(Argon2DefaultIterations))),\n\t\t//nolint:gosec // disable G115\n\t\tParallelism: uint8(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigParallelism, int(Argon2DefaultParallelism))),\n\t\t//nolint:gosec // disable G115\n\t\tSaltLength: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigSaltLength, int(Argon2DefaultSaltLength))),\n\t\t//nolint:gosec // disable G115\n\t\tKeyLength: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigKeyLength, int(Argon2DefaultKeyLength))),\n\t\tExpectedDuration: p.GetProvider(ctx).DurationF(ViperKeyHasherArgon2ConfigExpectedDuration, Argon2DefaultDuration),\n\t\tExpectedDeviation: p.GetProvider(ctx).DurationF(ViperKeyHasherArgon2ConfigExpectedDeviation, Argon2DefaultDeviation),\n\t\tDedicatedMemory: p.GetProvider(ctx).ByteSizeF(ViperKeyHasherArgon2ConfigDedicatedMemory, Argon2DefaultDedicatedMemory),\n\t}\n}\n\nfunc (p *Config) HasherBcrypt(ctx context.Context) *Bcrypt {\n\tcost := uint32(p.GetProvider(ctx).IntF(ViperKeyHasherBcryptCost, int(BcryptDefaultCost))) // #nosec G115 -- if the user configures a cost > MaxUint32, go falls back to MaxUint32\n\tif !p.IsInsecureDevMode(ctx) && cost < BcryptDefaultCost {\n\t\tcost = BcryptDefaultCost\n\t}\n\n\treturn &Bcrypt{Cost: cost}\n}\n\nfunc (p *Config) DefaultIdentityTraitsSchemaURL(ctx context.Context) (*url.URL, error) {\n\tss, err := p.IdentityTraitsSchemas(ctx)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tsearch := p.GetProvider(ctx).String(ViperKeyDefaultIdentitySchemaID)\n\tfound, err := ss.FindSchemaByID(search)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn p.ParseURI(found.URL)\n}\n\nfunc (p *Config) DefaultIdentityTraitsSchemaID(ctx context.Context) string {\n\treturn p.GetProvider(ctx).String(ViperKeyDefaultIdentitySchemaID)\n}\n\nfunc (p *Config) IdentityTraitsSchemaURL(ctx context.Context, schemaID string) (*url.URL, error) {\n\tss, err := p.IdentityTraitsSchemas(ctx)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tfound, err := ss.FindSchemaByID(schemaID)\n\tif err != nil {\n\t\t// default to default schema\n\t\tsearch := p.GetProvider(ctx).String(ViperKeyDefaultIdentitySchemaID)\n\t\tfound, err = ss.FindSchemaByID(search)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\treturn p.ParseURI(found.URL)\n}\n\nfunc (p *Config) TOTPIssuer(ctx context.Context) string {\n\treturn p.GetProvider(ctx).StringF(ViperKeyTOTPIssuer, p.SelfPublicURL(ctx).Hostname())\n}\n\nfunc (p *Config) OIDCRedirectURIBase(ctx context.Context) *url.URL {\n\treturn p.GetProvider(ctx).URIF(ViperKeyOIDCBaseRedirectURL, p.SelfPublicURL(ctx))\n}\n\nfunc (p *Config) SAMLRedirectURIBase(ctx context.Context) *url.URL {\n\treturn p.GetProvider(ctx).URIF(ViperKeySAMLBaseRedirectURL, p.SelfPublicURL(ctx))\n}\n\nfunc (p *Config) IdentityTraitsSchemas(ctx context.Context) (ss Schemas, err error) {\n\tif err = p.GetProvider(ctx).Unmarshal(ViperKeyIdentitySchemas, &ss); err != nil {\n\t\treturn ss, nil\n\t}\n\n\treturn ss, nil\n}\n\nfunc (p *Config) DSN(ctx context.Context) string {\n\tpp := p.GetProvider(ctx)\n\tdsn := pp.String(ViperKeyDSN)\n\n\tif dsn == \"memory\" {\n\t\treturn DefaultSQLiteMemoryDSN\n\t}\n\n\tif len(dsn) > 0 {\n\t\treturn dsn\n\t}\n\n\t// Print a stack trace to aid debugging.\n\tp.l.Fatalf(\"%+v\", errors.Errorf(\"dsn must be set\"))\n\treturn \"\"\n}\n\nfunc (p *Config) DisableAPIFlowEnforcement(ctx context.Context) bool {\n\tif p.IsInsecureDevMode(ctx) && os.Getenv(\"DEV_DISABLE_API_FLOW_ENFORCEMENT\") == \"true\" {\n\t\tp.l.Warn(\"Because \\\"DEV_DISABLE_API_FLOW_ENFORCEMENT=true\\\" and the \\\"--dev\\\" flag are set, self-service API flows will no longer check if the interaction is actually a browser flow. This is very dangerous as it allows bypassing of anti-CSRF measures, leaving the deployment highly vulnerable. This option should only be used for automated testing and never come close to real user data anywhere.\")\n\t\treturn true\n\t}\n\treturn false\n}\n\nfunc (p *Config) ClientHTTPNoPrivateIPRanges(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyClientHTTPNoPrivateIPRanges)\n}\n\nfunc (p *Config) ClientHTTPPrivateIPExceptionURLs(ctx context.Context) []string {\n\treturn p.GetProvider(ctx).Strings(ViperKeyClientHTTPPrivateIPExceptionURLs)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationEnabled(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeySelfServiceRegistrationEnabled)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationLoginHints(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeySelfServiceRegistrationLoginHints)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationPasswordMethodProfileGroup(ctx context.Context) string {\n\tswitch g := p.GetProvider(ctx).String(ViperKeyPasswordRegistrationProfileGroup); g {\n\tcase \"password\":\n\t\treturn \"password\"\n\tdefault:\n\t\treturn \"default\"\n\t}\n}\n\nfunc (p *Config) SelfServiceLegacyOIDCRegistrationGroup(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyLegacyOIDCRegistrationGroup)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationTwoSteps(ctx context.Context) bool {\n\t// The default in previous versions that legacy one-step would be disabled. If legacy is enabled, it means the\n\t// user has explicitly set the key to true, in which case we respect it.\n\tif useOneStep := p.GetProvider(ctx).Bool(ViperKeySelfServiceRegistrationEnableLegacyOneStep); useOneStep {\n\t\tp.l.Warnf(\"Found use of deprecated configuration key %q. Please use key %q instead and delete key %[1]q. Will use value from %[1]q to configure registration style.\", ViperKeySelfServiceRegistrationEnableLegacyOneStep, ViperKeySelfServiceRegistrationFlowStyle)\n\t\treturn false\n\t}\n\n\t// In all other cases, we use the new key which (like the old key) defaults to `profile_first` / two-step registration.\n\tswitch style := p.GetProvider(ctx).String(ViperKeySelfServiceRegistrationFlowStyle); style {\n\tcase \"profile_first\":\n\t\treturn true\n\tdefault:\n\t\treturn false\n\t}\n}\n\nfunc (p *Config) SelfServiceFlowIdentitySchema(ctx context.Context, requestedSchema string) (string, error) {\n\tif requestedSchema == p.GetProvider(ctx).String(ViperKeyDefaultIdentitySchemaID) {\n\t\treturn requestedSchema, nil\n\t}\n\tschemas, err := p.IdentityTraitsSchemas(ctx)\n\tif err != nil {\n\t\treturn \"\", errors.WithStack(err)\n\t}\n\tfor _, schema := range schemas {\n\t\tif schema.ID == requestedSchema {\n\t\t\tif !schema.SelfserviceSelectable {\n\t\t\t\treturn \"\", errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Requested identity schema %q is not enabled for self-service flows.\", requestedSchema))\n\t\t\t}\n\t\t\treturn requestedSchema, nil\n\t\t}\n\t}\n\treturn \"\", errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Requested identity schema %q does not exist.\", requestedSchema))\n}\n\nfunc (p *Config) SelfServiceFlowVerificationEnabled(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeySelfServiceVerificationEnabled)\n}\n\nfunc (p *Config) UseLegacyShowVerificationUI(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyUseLegacyShowVerificationUI)\n}\n\nfunc (p *Config) UseLegacyRequireVerifiedLoginError(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyUseLegacyRequireVerifiedLoginError)\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryEnabled(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeySelfServiceRecoveryEnabled)\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryUse(ctx context.Context) string {\n\treturn p.GetProvider(ctx).String(ViperKeySelfServiceRecoveryUse)\n}\n\nfunc (p *Config) SelfServiceFlowLoginBeforeHooks(ctx context.Context) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, ViperKeySelfServiceLoginBeforeHooks)\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryBeforeHooks(ctx context.Context) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, ViperKeySelfServiceRecoveryBeforeHooks)\n}\n\nfunc (p *Config) SelfServiceFlowVerificationBeforeHooks(ctx context.Context) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, ViperKeySelfServiceVerificationBeforeHooks)\n}\n\nfunc (p *Config) SelfServiceFlowVerificationUse(ctx context.Context) string {\n\treturn p.GetProvider(ctx).String(ViperKeySelfServiceVerificationUse)\n}\n\nfunc (p *Config) SelfServiceFlowVerificationNotifyUnknownRecipients(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).BoolF(ViperKeySelfServiceVerificationNotifyUnknownRecipients, false)\n}\n\nfunc (p *Config) SelfServiceFlowSettingsBeforeHooks(ctx context.Context) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, ViperKeySelfServiceSettingsBeforeHooks)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationBeforeHooks(ctx context.Context) []SelfServiceHook {\n\thooks := p.selfServiceHooks(ctx, ViperKeySelfServiceRegistrationBeforeHooks)\n\tif p.SelfServiceFlowRegistrationTwoSteps(ctx) {\n\t\thooks = append(hooks, SelfServiceHook{\"two_step_registration\", json.RawMessage(\"{}\")})\n\t}\n\n\treturn hooks\n}\n\nfunc (p *Config) selfServiceHooks(ctx context.Context, key string) []SelfServiceHook {\n\tpp := p.GetProvider(ctx)\n\tval := pp.Get(key)\n\tif val == nil {\n\t\treturn []SelfServiceHook{}\n\t}\n\n\tconfig, err := json.Marshal(val)\n\tif err != nil {\n\t\tp.l.WithError(err).Fatalf(\"Unable to decode values from configuration key: %s\", key)\n\t}\n\n\tvar hooks []SelfServiceHook\n\tif err := json.Unmarshal(config, &hooks); err != nil {\n\t\tp.l.WithError(err).Fatalf(\"Unable to encode value \\\"%s\\\" from configuration key: %s\", config, key)\n\t}\n\n\tfor k := range hooks {\n\t\tif len(hooks[k].Config) == 0 {\n\t\t\thooks[k].Config = json.RawMessage(\"{}\")\n\t\t}\n\t}\n\n\treturn hooks\n}\n\nfunc (p *Config) SelfServiceFlowLoginAfterHooks(ctx context.Context, strategy string) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceLoginAfter, strategy))\n}\n\nfunc (p *Config) SelfServiceFlowSettingsAfterHooks(ctx context.Context, strategy string) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceSettingsAfter, strategy))\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceRegistrationAfter, strategy))\n}\n\nfunc (p *Config) SelfServiceStrategy(ctx context.Context, strategy string) *SelfServiceStrategy {\n\tpp := p.GetProvider(ctx)\n\tconfig := json.RawMessage(\"{}\")\n\tbasePath := fmt.Sprintf(\"%s.%s\", ViperKeySelfServiceStrategyConfig, strategy)\n\n\tvar err error\n\tconfig, err = json.Marshal(pp.GetF(basePath+\".config\", config))\n\tif err != nil {\n\t\tp.l.WithError(err).Warn(\"Unable to marshal self-service strategy configuration.\")\n\t\tconfig = json.RawMessage(\"{}\")\n\t}\n\n\t// The default value can easily be overwritten by setting e.g. `{\"selfservice\": \"null\"}` which means that\n\t// we need to forcibly set these values here:\n\tdefaultEnabled := false\n\tswitch strategy {\n\tcase \"identifier_first\":\n\t\tdefaultEnabled = p.SelfServiceLoginFlowIdentifierFirstEnabled(ctx)\n\tcase \"code\", \"password\", \"profile\":\n\t\tdefaultEnabled = true\n\t}\n\n\t// Backwards compatibility for the old \"passwordless_enabled\" key\n\t// This force-enables the code strategy, if passwordless is enabled, because in earlier versions it was possible to\n\t// disable the code strategy, but enable passwordless\n\tenabled := pp.BoolF(basePath+\".enabled\", defaultEnabled)\n\tif strategy == \"code\" {\n\t\tenabled = enabled || pp.Bool(basePath+\".passwordless_enabled\")\n\t}\n\treturn &SelfServiceStrategy{\n\t\tEnabled: enabled,\n\t\tConfig: config,\n\t}\n}\n\nfunc (p *Config) SelfServiceCodeStrategy(ctx context.Context) *SelfServiceStrategyCode {\n\tpp := p.GetProvider(ctx)\n\tconfig := json.RawMessage(\"{}\")\n\tbasePath := ViperKeySelfServiceStrategyConfig + \".code\"\n\n\tvar err error\n\tconfig, err = json.Marshal(pp.GetF(basePath+\".config\", config))\n\tif err != nil {\n\t\tp.l.WithError(err).Warn(\"Unable to marshal self service strategy configuration.\")\n\t\tconfig = json.RawMessage(\"{}\")\n\t}\n\n\treturn &SelfServiceStrategyCode{\n\t\tSelfServiceStrategy: &SelfServiceStrategy{\n\t\t\tEnabled: pp.BoolF(basePath+\".enabled\", true),\n\t\t\tConfig: config,\n\t\t},\n\t\tPasswordlessEnabled: pp.BoolF(basePath+\".passwordless_enabled\", false),\n\t\tMFAEnabled: pp.BoolF(basePath+\".mfa_enabled\", false),\n\t}\n}\n\nfunc (p *Config) SecretsDefault(ctx context.Context) [][]byte {\n\tpp := p.GetProvider(ctx)\n\tsecrets := pp.Strings(ViperKeySecretsDefault)\n\n\tif len(secrets) == 0 {\n\t\tsecrets = []string{uuid.Must(uuid.NewV4()).String()}\n\t\tp.MustSet(ctx, ViperKeySecretsDefault, secrets)\n\t}\n\n\tresult := make([][]byte, len(secrets))\n\tfor k, v := range secrets {\n\t\tresult[k] = []byte(v)\n\t}\n\n\treturn result\n}\n\nfunc (p *Config) SecretsSession(ctx context.Context) [][]byte {\n\tsecrets := p.GetProvider(ctx).Strings(ViperKeySecretsCookie)\n\tif len(secrets) == 0 {\n\t\treturn p.SecretsDefault(ctx)\n\t}\n\n\tresult := make([][]byte, len(secrets))\n\tfor k, v := range secrets {\n\t\tresult[k] = []byte(v)\n\t}\n\n\treturn result\n}\n\nfunc (p *Config) SecretsCipher(ctx context.Context) [][32]byte {\n\tsecrets := p.GetProvider(ctx).Strings(ViperKeySecretsCipher)\n\treturn ToCipherSecrets(secrets)\n}\n\nfunc ToCipherSecrets(secrets []string) [][32]byte {\n\tvar cleanSecrets []string\n\tfor k := range secrets {\n\t\tif len(secrets[k]) == 32 {\n\t\t\tcleanSecrets = append(cleanSecrets, secrets[k])\n\t\t}\n\t}\n\tif len(cleanSecrets) == 0 {\n\t\treturn [][32]byte{}\n\t}\n\tresult := make([][32]byte, len(cleanSecrets))\n\tfor n, s := range secrets {\n\t\tfor k, v := range []byte(s) {\n\t\t\tresult[n][k] = v\n\t\t}\n\t}\n\treturn result\n}\n\nfunc (p *Config) SecretsPagination(ctx context.Context) [][32]byte {\n\tsecrets := p.GetProvider(ctx).Strings(ViperKeySecretsPagination)\n\n\tencryptionKeys := make([][32]byte, len(secrets))\n\tfor i, key := range secrets {\n\t\tencryptionKeys[i] = sha512.Sum512_256([]byte(key))\n\t}\n\n\treturn encryptionKeys\n}\n\nfunc (p *Config) SelfServiceBrowserDefaultReturnTo(ctx context.Context) *url.URL {\n\treturn p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceBrowserDefaultReturnTo)\n}\n\nfunc (p *Config) SelfPublicURL(ctx context.Context) *url.URL {\n\tserve := p.ServePublic(ctx)\n\treturn serve.BaseURL\n}\n\nfunc (p *Config) SelfAdminURL(ctx context.Context) *url.URL {\n\tserve := p.ServeAdmin(ctx)\n\treturn serve.BaseURL\n}\n\nfunc (p *Config) WebhookHeaderAllowlist(ctx context.Context) []string {\n\treturn p.GetProvider(ctx).Strings(ViperKeyWebhookHeaderAllowlist)\n}\n\nfunc (p *Config) OAuth2ProviderHeader(ctx context.Context) http.Header {\n\thh := map[string]string{}\n\tif err := p.GetProvider(ctx).Unmarshal(ViperKeyOAuth2ProviderHeader, &hh); err != nil {\n\t\tp.l.WithError(errors.WithStack(err)).\n\t\t\tErrorf(\"Configuration value from key %s could not be decoded.\", ViperKeyOAuth2ProviderHeader)\n\t\treturn nil\n\t}\n\n\th := make(http.Header)\n\tfor k, v := range hh {\n\t\th.Set(k, v)\n\t}\n\n\treturn h\n}\n\nfunc (p *Config) OAuth2ProviderOverrideReturnTo(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyOAuth2ProviderOverrideReturnTo)\n}\n\nfunc (p *Config) OAuth2ProviderURL(ctx context.Context) *url.URL {\n\tk := ViperKeyOAuth2ProviderURL\n\tv := p.GetProvider(ctx).String(k)\n\tif v == \"\" {\n\t\treturn nil\n\t}\n\tparsed, err := p.ParseAbsoluteOrRelativeURI(v)\n\tif err != nil {\n\t\tp.l.WithError(errors.WithStack(err)).\n\t\t\tErrorf(\"Configuration value from key %s is not a valid URL: %s\", k, v)\n\t\treturn nil\n\t}\n\treturn parsed\n}\n\nfunc (p *Config) SelfServiceFlowLoginUI(ctx context.Context) *url.URL {\n\treturn p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceLoginUI)\n}\n\nfunc (p *Config) SelfServiceFlowSettingsUI(ctx context.Context) *url.URL {\n\treturn p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceSettingsURL)\n}\n\nfunc (p *Config) SelfServiceFlowErrorURL(ctx context.Context) *url.URL {\n\treturn p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceErrorUI)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationUI(ctx context.Context) *url.URL {\n\treturn p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceRegistrationUI)\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryUI(ctx context.Context) *url.URL {\n\treturn p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceRecoveryUI)\n}\n\n// SessionLifespan returns time.Hour*24 when the value is not set.\nfunc (p *Config) SessionLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySessionLifespan, time.Hour*24)\n}\n\nfunc (p *Config) SessionPersistentCookie(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeySessionPersistentCookie)\n}\n\nfunc (p *Config) SelfServiceBrowserAllowedReturnToDomains(ctx context.Context) (us []url.URL) {\n\tsrc := p.GetProvider(ctx).Strings(ViperKeyURLsAllowedReturnToDomains)\n\tfor k, u := range src {\n\t\tif len(u) == 0 {\n\t\t\tcontinue\n\t\t}\n\n\t\tparsed, err := url.ParseRequestURI(u)\n\t\tif err != nil {\n\t\t\tp.l.WithError(err).Warnf(\"Ignoring URL \\\"%s\\\" from configuration key \\\"%s.%d\\\".\", u, ViperKeyURLsAllowedReturnToDomains, k)\n\t\t\tcontinue\n\t\t}\n\t\tif parsed.Host == \"*\" {\n\t\t\tp.l.Warnf(\"Ignoring wildcard \\\"%s\\\" from configuration key \\\"%s.%d\\\".\", u, ViperKeyURLsAllowedReturnToDomains, k)\n\t\t\tcontinue\n\t\t}\n\t\teTLD, icann := publicsuffix.PublicSuffix(parsed.Host)\n\t\tif len(parsed.Host) > 0 &&\n\t\t\tparsed.Host[:1] == \"*\" &&\n\t\t\ticann &&\n\t\t\tparsed.Host == fmt.Sprintf(\"*.%s\", eTLD) {\n\t\t\tp.l.Warnf(\"Ignoring wildcard \\\"%s\\\" from configuration key \\\"%s.%d\\\".\", u, ViperKeyURLsAllowedReturnToDomains, k)\n\t\t\tcontinue\n\t\t}\n\n\t\tus = append(us, *parsed)\n\t}\n\n\treturn us\n}\n\nfunc (p *Config) SelfServiceFlowLoginRequestLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySelfServiceLoginRequestLifespan, time.Hour)\n}\n\nfunc (p *Config) SelfServiceFlowSettingsFlowLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySelfServiceSettingsRequestLifespan, time.Hour)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationRequestLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySelfServiceRegistrationRequestLifespan, time.Hour)\n}\n\nfunc (p *Config) SelfServiceFlowLogoutRedirectURL(ctx context.Context) *url.URL {\n\treturn p.GetProvider(ctx).RequestURIF(ViperKeySelfServiceLogoutBrowserDefaultReturnTo, p.SelfServiceBrowserDefaultReturnTo(ctx))\n}\n\nfunc (p *Config) CourierEmailStrategy(ctx context.Context) string {\n\treturn p.GetProvider(ctx).StringF(ViperKeyCourierDeliveryStrategy, \"smtp\")\n}\n\nfunc (p *Config) CourierEmailRequestConfig(ctx context.Context) json.RawMessage {\n\tif p.CourierEmailStrategy(ctx) != \"http\" {\n\t\treturn nil\n\t}\n\n\tconfig, err := json.Marshal(p.GetProvider(ctx).Get(ViperKeyCourierHTTPRequestConfig))\n\tif err != nil {\n\t\tp.l.WithError(err).Warn(\"Unable to marshal mailer request configuration.\")\n\t\treturn nil\n\t}\n\n\treturn config\n}\n\nfunc (p *Config) CourierTemplatesRoot(ctx context.Context) string {\n\treturn p.GetProvider(ctx).StringF(ViperKeyCourierTemplatesPath, \"courier/builtin/templates\")\n}\n\nfunc (p *Config) CourierEmailTemplatesHelper(ctx context.Context, key string) *CourierEmailTemplate {\n\tcourierTemplate := &CourierEmailTemplate{\n\t\tBody: &CourierEmailBodyTemplate{\n\t\t\tPlainText: \"\",\n\t\t\tHTML: \"\",\n\t\t},\n\t\tSubject: \"\",\n\t}\n\n\tif !p.GetProvider(ctx).Exists(key) {\n\t\treturn courierTemplate\n\t}\n\n\tconfig, err := json.Marshal(p.GetProvider(ctx).Get(key))\n\tif err != nil {\n\t\tp.l.WithError(err).Fatalf(\"Unable to decode values from %s.\", key)\n\t\treturn courierTemplate\n\t}\n\n\tif err := json.Unmarshal(config, courierTemplate); err != nil {\n\t\tp.l.WithError(err).Fatalf(\"Unable to encode values from %s.\", key)\n\t\treturn courierTemplate\n\t}\n\treturn courierTemplate\n}\n\nfunc (p *Config) CourierSMSTemplatesHelper(ctx context.Context, key string) *CourierSMSTemplate {\n\tcourierTemplate := &CourierSMSTemplate{\n\t\tBody: &CourierSMSTemplateBody{\n\t\t\tPlainText: \"\",\n\t\t},\n\t}\n\n\tif !p.GetProvider(ctx).Exists(key) {\n\t\treturn courierTemplate\n\t}\n\n\tconfig, err := json.Marshal(p.GetProvider(ctx).Get(key))\n\tif err != nil {\n\t\tp.l.WithError(err).Fatalf(\"Unable to decode values from %s.\", key)\n\t\treturn courierTemplate\n\t}\n\n\tif err := json.Unmarshal(config, courierTemplate); err != nil {\n\t\tp.l.WithError(err).Fatalf(\"Unable to encode values from %s.\", key)\n\t\treturn courierTemplate\n\t}\n\treturn courierTemplate\n}\n\nfunc (p *Config) CourierTemplatesVerificationInvalid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesVerificationInvalidEmail)\n}\n\nfunc (p *Config) CourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesVerificationValidEmail)\n}\n\nfunc (p *Config) CourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryInvalidEmail)\n}\n\nfunc (p *Config) CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryValidEmail)\n}\n\nfunc (p *Config) CourierTemplatesRecoveryCodeInvalid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryCodeInvalidEmail)\n}\n\nfunc (p *Config) CourierTemplatesRecoveryCodeValid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryCodeValidEmail)\n}\n\nfunc (p *Config) CourierTemplatesVerificationCodeInvalid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesVerificationCodeInvalidEmail)\n}\n\nfunc (p *Config) CourierTemplatesVerificationCodeValid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesVerificationCodeValidEmail)\n}\n\nfunc (p *Config) CourierSMSTemplatesVerificationCodeValid(ctx context.Context) *CourierSMSTemplate {\n\treturn p.CourierSMSTemplatesHelper(ctx, ViperKeyCourierTemplatesVerificationCodeValidSMS)\n}\n\nfunc (p *Config) CourierSMSTemplatesRecoveryCodeValid(ctx context.Context) *CourierSMSTemplate {\n\treturn p.CourierSMSTemplatesHelper(ctx, ViperKeyCourierTemplatesRecoveryCodeValidSMS)\n}\n\nfunc (p *Config) CourierSMSTemplatesLoginCodeValid(ctx context.Context) *CourierSMSTemplate {\n\treturn p.CourierSMSTemplatesHelper(ctx, ViperKeyCourierTemplatesLoginCodeValidSMS)\n}\n\nfunc (p *Config) CourierSMSTemplatesRegistrationCodeValid(ctx context.Context) *CourierSMSTemplate {\n\treturn p.CourierSMSTemplatesHelper(ctx, ViperKeyCourierTemplatesRegistrationCodeValidSMS)\n}\n\nfunc (p *Config) CourierTemplatesLoginCodeValid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesLoginCodeValidEmail)\n}\n\nfunc (p *Config) CourierTemplatesRegistrationCodeValid(ctx context.Context) *CourierEmailTemplate {\n\treturn p.CourierEmailTemplatesHelper(ctx, ViperKeyCourierTemplatesRegistrationCodeValidEmail)\n}\n\nfunc (p *Config) CourierMessageRetries(ctx context.Context) int {\n\treturn p.GetProvider(ctx).IntF(ViperKeyCourierMessageRetries, 5)\n}\n\nfunc (p *Config) CourierWorkerPullCount(ctx context.Context) int {\n\treturn p.GetProvider(ctx).Int(ViperKeyCourierWorkerPullCount)\n}\n\nfunc (p *Config) CourierWorkerPullWait(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).Duration(ViperKeyCourierWorkerPullWait)\n}\n\nfunc (p *Config) CourierSMTPHeaders(ctx context.Context) map[string]string {\n\treturn p.GetProvider(ctx).StringMap(ViperKeyCourierSMTPHeaders)\n}\n\nfunc (p *Config) CourierChannels(ctx context.Context) (ccs []*CourierChannel, _ error) {\n\tif err := p.GetProvider(ctx).Unmarshal(ViperKeyCourierChannels, &ccs); err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\t// load legacy configs\n\tchannel := CourierChannel{\n\t\tID: \"email\",\n\t\tType: p.CourierEmailStrategy(ctx),\n\t}\n\tif channel.Type == \"smtp\" {\n\t\tif err := p.GetProvider(ctx).Unmarshal(ViperKeyCourierSMTP, &channel.SMTPConfig); err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t} else {\n\t\tif err := p.GetProvider(ctx).Unmarshal(ViperKeyCourierHTTPRequestConfig, &channel.RequestConfig); err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t}\n\tccs = append(ccs, &channel)\n\treturn ccs, nil\n}\n\nfunc splitUrlAndFragment(s string) (string, string) {\n\ti := strings.IndexByte(s, '#')\n\tif i < 0 {\n\t\treturn s, \"\"\n\t}\n\treturn s[:i], s[i+1:]\n}\n\nfunc (p *Config) ParseAbsoluteOrRelativeURIOrFail(ctx context.Context, key string) *url.URL {\n\tparsed, err := p.ParseAbsoluteOrRelativeURI(p.GetProvider(ctx).String(key))\n\tif err != nil {\n\t\tp.l.WithError(errors.WithStack(err)).\n\t\t\tFatalf(\"Configuration value from key %s is not a valid URL: %s\", key, p.GetProvider(ctx).String(key))\n\t}\n\treturn parsed\n}\n\nfunc (p *Config) ParseURIOrFail(ctx context.Context, key string) *url.URL {\n\tparsed, err := p.ParseURI(p.GetProvider(ctx).String(key))\n\tif err != nil {\n\t\tp.l.WithField(\"reason\", \"expected scheme to be set\").\n\t\t\tFatalf(\"Configuration value from key %s is not a valid URL: %s\", key, p.GetProvider(ctx).String(key))\n\t}\n\treturn parsed\n}\n\nfunc (p *Config) ParseAbsoluteOrRelativeURI(rawUrl string) (*url.URL, error) {\n\tu, frag := splitUrlAndFragment(rawUrl)\n\tparsed, err := url.ParseRequestURI(u)\n\tif err != nil {\n\t\treturn nil, errors.Wrapf(err, \"configuration value not a valid URL: %s\", rawUrl)\n\t}\n\n\tif frag != \"\" {\n\t\tparsed.Fragment = frag\n\t}\n\n\treturn parsed, nil\n}\n\nfunc (p *Config) ParseURI(rawUrl string) (*url.URL, error) {\n\tparsed, err := p.ParseAbsoluteOrRelativeURI(rawUrl)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif parsed.Scheme == \"\" {\n\t\treturn nil, errors.Errorf(\"configuration value is not a valid URL: %s\", rawUrl)\n\t}\n\treturn parsed, nil\n}\n\nfunc (p *Config) Tracing(ctx context.Context) *otelx.Config {\n\treturn p.GetProvider(ctx).TracingConfig(\"Ory Kratos\")\n}\n\nfunc (p *Config) IsInsecureDevMode(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(\"dev\")\n}\n\nfunc (p *Config) IsBackgroundCourierEnabled(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(\"watch-courier\")\n}\n\nfunc (p *Config) CourierExposeMetricsPort(ctx context.Context) int {\n\treturn p.GetProvider(ctx).Int(\"expose-metrics-port\")\n}\n\nfunc (p *Config) SelfServiceFlowVerificationUI(ctx context.Context) *url.URL {\n\treturn p.ParseAbsoluteOrRelativeURIOrFail(ctx, ViperKeySelfServiceVerificationUI)\n}\n\nfunc (p *Config) SelfServiceFlowVerificationRequestLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySelfServiceVerificationRequestLifespan, time.Hour)\n}\n\nfunc (p *Config) SelfServiceFlowVerificationReturnTo(ctx context.Context, defaultReturnTo *url.URL) *url.URL {\n\treturn p.GetProvider(ctx).RequestURIF(ViperKeySelfServiceVerificationBrowserDefaultReturnTo, defaultReturnTo)\n}\n\nfunc (p *Config) SelfServiceFlowVerificationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceVerificationAfter, strategy))\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryReturnTo(ctx context.Context, defaultReturnTo *url.URL) *url.URL {\n\treturn p.GetProvider(ctx).RequestURIF(ViperKeySelfServiceRecoveryBrowserDefaultReturnTo, defaultReturnTo)\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryRequestLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySelfServiceRecoveryRequestLifespan, time.Hour)\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryNotifyUnknownRecipients(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).BoolF(ViperKeySelfServiceRecoveryNotifyUnknownRecipients, false)\n}\n\nfunc (p *Config) SelfServiceLinkMethodLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeyLinkLifespan, time.Hour)\n}\n\nfunc (p *Config) SelfServiceLinkMethodBaseURL(ctx context.Context) *url.URL {\n\treturn cmp.Or(x.BaseURLFromContext(ctx), p.SelfPublicURL(ctx))\n}\n\nfunc (p *Config) SelfServiceCodeMethodLifespan(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeyCodeLifespan, time.Hour)\n}\n\nfunc (p *Config) SelfServiceCodeMethodMaxSubmissions(ctx context.Context) int {\n\treturn p.GetProvider(ctx).IntF(ViperKeyCodeMaxSubmissions, 5)\n}\n\nfunc (p *Config) SelfServiceCodeMethodMissingCredentialFallbackEnabled(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyCodeConfigMissingCredentialFallbackEnabled)\n}\n\nfunc (p *Config) DatabaseCleanupSleepTables(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).Duration(ViperKeyDatabaseCleanupSleepTables)\n}\n\nfunc (p *Config) DatabaseCleanupBatchSize(ctx context.Context) int {\n\treturn p.GetProvider(ctx).Int(ViperKeyDatabaseCleanupBatchSize)\n}\n\nfunc (p *Config) SelfServiceFlowRecoveryAfterHooks(ctx context.Context, strategy string) []SelfServiceHook {\n\treturn p.selfServiceHooks(ctx, HookStrategyKey(ViperKeySelfServiceRecoveryAfter, strategy))\n}\n\nfunc (p *Config) SelfServiceFlowSettingsPrivilegedSessionMaxAge(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter, time.Hour)\n}\n\nfunc (p *Config) SessionSameSiteMode(ctx context.Context) http.SameSite {\n\tif !p.GetProvider(ctx).Exists(ViperKeySessionSameSite) {\n\t\treturn p.CookieSameSiteMode(ctx)\n\t}\n\n\tswitch p.GetProvider(ctx).StringF(ViperKeySessionSameSite, \"Lax\") {\n\tcase \"Lax\":\n\t\treturn http.SameSiteLaxMode\n\tcase \"Strict\":\n\t\treturn http.SameSiteStrictMode\n\tcase \"None\":\n\t\treturn http.SameSiteNoneMode\n\t}\n\treturn http.SameSiteDefaultMode\n}\n\nfunc (p *Config) SessionDomain(ctx context.Context) string {\n\tif !p.GetProvider(ctx).Exists(ViperKeySessionDomain) {\n\t\treturn p.CookieDomain(ctx)\n\t}\n\treturn p.GetProvider(ctx).String(ViperKeySessionDomain)\n}\n\nfunc (p *Config) SessionCookieSecure(ctx context.Context) bool {\n\tif !p.GetProvider(ctx).Exists(ViperKeySessionSecure) {\n\t\treturn !p.IsInsecureDevMode(ctx)\n\t}\n\treturn p.GetProvider(ctx).Bool(ViperKeySessionSecure)\n}\n\nfunc (p *Config) CookieDomain(ctx context.Context) string {\n\treturn p.GetProvider(ctx).String(ViperKeyCookieDomain)\n}\n\nfunc (p *Config) SessionWhoAmIAAL(ctx context.Context) string {\n\treturn p.GetProvider(ctx).String(ViperKeySessionWhoAmIAAL)\n}\n\nfunc (p *Config) SessionWhoAmICaching(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeySessionWhoAmICaching)\n}\n\nfunc (p *Config) FeatureFlagFasterSessionExtend(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyFeatureFlagFasterSessionExtend)\n}\n\nfunc (p *Config) SessionWhoAmICachingMaxAge(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySessionWhoAmICachingMaxAge, 0)\n}\n\nfunc (p *Config) UseContinueWithTransitions(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyUseContinueWithTransitions)\n}\n\nfunc (p *Config) ChooseRecoveryAddress(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeyChooseRecoveryAddress)\n}\n\nfunc (p *Config) SessionRefreshMinTimeLeft(ctx context.Context) time.Duration {\n\treturn p.GetProvider(ctx).DurationF(ViperKeySessionRefreshMinTimeLeft, p.SessionLifespan(ctx))\n}\n\nfunc (p *Config) SelfServiceSettingsRequiredAAL(ctx context.Context) string {\n\treturn p.GetProvider(ctx).String(ViperKeySelfServiceSettingsRequiredAAL)\n}\n\nfunc (p *Config) CookieSameSiteMode(ctx context.Context) http.SameSite {\n\tswitch p.GetProvider(ctx).StringF(ViperKeyCookieSameSite, \"Lax\") {\n\tcase \"Lax\":\n\t\treturn http.SameSiteLaxMode\n\tcase \"Strict\":\n\t\treturn http.SameSiteStrictMode\n\tcase \"None\":\n\t\treturn http.SameSiteNoneMode\n\t}\n\treturn http.SameSiteDefaultMode\n}\n\nfunc (p *Config) SessionPath(ctx context.Context) string {\n\tif !p.GetProvider(ctx).Exists(ViperKeySessionPath) {\n\t\treturn p.CookiePath(ctx)\n\t}\n\treturn p.GetProvider(ctx).String(ViperKeySessionPath)\n}\n\nfunc (p *Config) CookiePath(ctx context.Context) string {\n\treturn p.GetProvider(ctx).String(ViperKeyCookiePath)\n}\n\nfunc (p *Config) CookieSecure(ctx context.Context) bool {\n\tif !p.GetProvider(ctx).Exists(ViperKeyCookieSecure) {\n\t\treturn !p.IsInsecureDevMode(ctx)\n\t}\n\treturn p.GetProvider(ctx).Bool(ViperKeyCookieSecure)\n}\n\nfunc (p *Config) SelfServiceFlowLoginReturnTo(ctx context.Context, strategy string) *url.URL {\n\treturn p.selfServiceReturnTo(ctx, ViperKeySelfServiceLoginAfter, strategy)\n}\n\nfunc (p *Config) SelfServiceFlowRegistrationReturnTo(ctx context.Context, strategy string) *url.URL {\n\treturn p.selfServiceReturnTo(ctx, ViperKeySelfServiceRegistrationAfter, strategy)\n}\n\nfunc (p *Config) SelfServiceFlowSettingsReturnTo(ctx context.Context, strategy string, defaultReturnTo *url.URL) *url.URL {\n\treturn p.GetProvider(ctx).RequestURIF(\n\t\tViperKeySelfServiceSettingsAfter+\".\"+strategy+\".\"+DefaultBrowserReturnURL,\n\t\tp.GetProvider(ctx).RequestURIF(ViperKeySelfServiceSettingsAfter+\".\"+DefaultBrowserReturnURL,\n\t\t\tdefaultReturnTo,\n\t\t),\n\t)\n}\n\nfunc (p *Config) selfServiceReturnTo(ctx context.Context, key string, strategy string) *url.URL {\n\treturn p.GetProvider(ctx).RequestURIF(\n\t\tkey+\".\"+strategy+\".\"+DefaultBrowserReturnURL,\n\t\tp.GetProvider(ctx).RequestURIF(key+\".\"+DefaultBrowserReturnURL,\n\t\t\tp.SelfServiceBrowserDefaultReturnTo(ctx),\n\t\t),\n\t)\n}\n\nfunc (p *Config) ConfigVersion(ctx context.Context) string {\n\treturn p.GetProvider(ctx).StringF(ViperKeyVersion, UnknownVersion)\n}\n\nfunc (p *Config) PasswordPolicyConfig(ctx context.Context) *PasswordPolicy {\n\treturn &PasswordPolicy{\n\t\tHaveIBeenPwnedHost: p.GetProvider(ctx).StringF(ViperKeyPasswordHaveIBeenPwnedHost, \"api.pwnedpasswords.com\"),\n\t\tHaveIBeenPwnedEnabled: p.GetProvider(ctx).BoolF(ViperKeyPasswordHaveIBeenPwnedEnabled, true),\n\t\tMaxBreaches: uint(p.GetProvider(ctx).Int(ViperKeyPasswordMaxBreaches)), // #nosec G115 -- negative values are prevented by the schema validation\n\t\tIgnoreNetworkErrors: p.GetProvider(ctx).BoolF(ViperKeyIgnoreNetworkErrors, true),\n\t\tMinPasswordLength: uint(p.GetProvider(ctx).IntF(ViperKeyPasswordMinLength, 8)), // #nosec G115 -- negative values are prevented by the schema validation\n\t\tIdentifierSimilarityCheckEnabled: p.GetProvider(ctx).BoolF(ViperKeyPasswordIdentifierSimilarityCheckEnabled, true),\n\t}\n}\n\nfunc (p *Config) WebAuthnForPasswordless(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).BoolF(ViperKeyWebAuthnPasswordless, false)\n}\n\nfunc (p *Config) WebAuthnConfig(ctx context.Context) *webauthn.Config {\n\tscheme := p.SelfPublicURL(ctx).Scheme\n\tid := p.GetProvider(ctx).String(ViperKeyWebAuthnRPID)\n\torigin := p.GetProvider(ctx).String(ViperKeyWebAuthnRPOrigin)\n\torigins := p.GetProvider(ctx).StringsF(ViperKeyWebAuthnRPOrigins, []string{cmp.Or(origin, scheme+\"://\"+id)})\n\treturn &webauthn.Config{\n\t\tRPDisplayName: p.GetProvider(ctx).String(ViperKeyWebAuthnRPDisplayName),\n\t\tRPID: id,\n\t\tRPOrigins: origins,\n\t\tAuthenticatorSelection: protocol.AuthenticatorSelection{\n\t\t\tUserVerification: protocol.VerificationDiscouraged,\n\t\t},\n\t\tEncodeUserIDAsString: false,\n\t}\n}\n\nfunc (p *Config) PasskeyConfig(ctx context.Context) *webauthn.Config {\n\tscheme := p.SelfPublicURL(ctx).Scheme\n\tid := p.GetProvider(ctx).String(ViperKeyPasskeyRPID)\n\torigins := p.GetProvider(ctx).StringsF(ViperKeyPasskeyRPOrigins, []string{scheme + \"://\" + id})\n\treturn &webauthn.Config{\n\t\tRPDisplayName: p.GetProvider(ctx).String(ViperKeyPasskeyRPDisplayName),\n\t\tRPID: id,\n\t\tRPOrigins: origins,\n\t\tAuthenticatorSelection: protocol.AuthenticatorSelection{\n\t\t\tAuthenticatorAttachment: \"platform\",\n\t\t\tRequireResidentKey: new(true),\n\t\t\tResidentKey: protocol.ResidentKeyRequirementRequired,\n\t\t\tUserVerification: protocol.VerificationPreferred,\n\t\t},\n\t\tEncodeUserIDAsString: false,\n\t}\n}\n\nfunc (p *Config) HasherPasswordHashingAlgorithm(ctx context.Context) string {\n\tconfigValue := p.GetProvider(ctx).StringF(ViperKeyHasherAlgorithm, DefaultPasswordHashingAlgorithm)\n\tswitch configValue {\n\tcase \"bcrypt\":\n\t\treturn configValue\n\tcase \"argon2\":\n\t\tfallthrough\n\tdefault:\n\t\treturn configValue\n\t}\n}\n\nfunc (p *Config) CipherAlgorithm(ctx context.Context) string {\n\tconfigValue := p.GetProvider(ctx).StringF(ViperKeyCipherAlgorithm, DefaultCipherAlgorithm)\n\tswitch configValue {\n\tcase \"noop\":\n\t\treturn configValue\n\tcase \"xchacha20-poly1305\":\n\t\treturn configValue\n\tcase \"aes\":\n\t\tfallthrough\n\tdefault:\n\t\treturn configValue\n\t}\n}\n\nfunc (p *Config) GetProvider(ctx context.Context) *configx.Provider {\n\treturn p.c.Config(ctx, p.p)\n}\n\ntype SessionTokenizeFormat struct {\n\tTTL time.Duration `koanf:\"ttl\" json:\"ttl\"`\n\tClaimsMapperURL string `koanf:\"claims_mapper_url\" json:\"claims_mapper_url\"`\n\tJWKSURL string `koanf:\"jwks_url\" json:\"jwks_url\"`\n\tSubjectSource string `koanf:\"subject_source\" json:\"subject_source\"`\n}\n\nfunc (p *Config) TokenizeTemplate(ctx context.Context, key string) (_ *SessionTokenizeFormat, err error) {\n\tvar result SessionTokenizeFormat\n\tpath := ViperKeySessionTokenizerTemplates + \".\" + key\n\tif !p.GetProvider(ctx).Exists(path) {\n\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Unable to find tokenizer template \\\"%s\\\".\", key))\n\t}\n\n\tif err := p.GetProvider(ctx).Unmarshal(path, &result); err != nil {\n\t\treturn nil, errors.WithStack(herodot.ErrMisconfiguration.WithReasonf(\"Unable to decode tokenizer template \\\"%s\\\": %s\", key, err))\n\t}\n\n\treturn &result, nil\n}\n\nfunc (p *Config) DefaultConsistencyLevel(ctx context.Context) crdbx.ConsistencyLevel {\n\treturn crdbx.ConsistencyLevelFromString(p.GetProvider(ctx).String(ViperKeyPreviewDefaultReadConsistencyLevel))\n}\n\nfunc (p *Config) PasswordMigrationHook(ctx context.Context) *PasswordMigrationHook {\n\thook := &PasswordMigrationHook{\n\t\tEnabled: p.GetProvider(ctx).BoolF(ViperKeyPasswordMigrationHook+\".enabled\", false),\n\t}\n\tif !hook.Enabled {\n\t\treturn hook\n\t}\n\n\t_ = p.GetProvider(ctx).Unmarshal(ViperKeyPasswordMigrationHook+\".config\", &hook.Config)\n\n\treturn hook\n}\n\nfunc (p *Config) SelfServiceLoginFlowIdentifierFirstEnabled(ctx context.Context) bool {\n\tswitch p.GetProvider(ctx).String(ViperKeySelfServiceLoginFlowStyle) {\n\tcase \"identifier_first\":\n\t\treturn true\n\tdefault:\n\t\treturn false\n\t}\n}\n\nfunc (p *Config) SecurityAccountEnumerationMitigate(ctx context.Context) bool {\n\treturn p.GetProvider(ctx).Bool(ViperKeySecurityAccountEnumerationMitigate)\n}\n" }, { "path": "driver/config/config_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage config_test\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"math\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/ory/x/contextx\"\n\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/randx\"\n\n\t\"github.com/ory/x/snapshotx\"\n\n\t\"github.com/ghodss/yaml\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/sirupsen/logrus/hooks/test\"\n\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/urlx\"\n\n\t_ \"github.com/ory/jsonschema/v3/fileloader\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestViperProvider(t *testing.T) {\n\tt.Parallel()\n\tctx, cancel := context.WithCancel(context.Background())\n\tt.Cleanup(cancel)\n\n\tt.Run(\"suite=loaders\", func(t *testing.T) {\n\t\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.WithConfigFiles(\"stub/.kratos.yaml\"), configx.WithContext(ctx))\n\n\t\tt.Run(\"group=client config\", func(t *testing.T) {\n\t\t\tassert.False(t, p.ClientHTTPNoPrivateIPRanges(ctx), \"Should not have private IP ranges disabled per default\")\n\t\t\tassert.Equal(t, []string{}, p.ClientHTTPPrivateIPExceptionURLs(ctx), \"Should return the correct exceptions\")\n\n\t\t\tp.MustSet(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true)\n\t\t\tassert.True(t, p.ClientHTTPNoPrivateIPRanges(ctx), \"Should disallow private IP ranges if set\")\n\n\t\t\tp.MustSet(ctx, config.ViperKeyClientHTTPPrivateIPExceptionURLs, []string{\"https://foobar.com/baz\"})\n\t\t\tassert.Equal(t, []string{\"https://foobar.com/baz\"}, p.ClientHTTPPrivateIPExceptionURLs(ctx), \"Should return the correct exceptions\")\n\t\t})\n\n\t\tt.Run(\"group=urls\", func(t *testing.T) {\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/login\", p.SelfServiceFlowLoginUI(ctx).String())\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/settings\", p.SelfServiceFlowSettingsUI(ctx).String())\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/register\", p.SelfServiceFlowRegistrationUI(ctx).String())\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/error\", p.SelfServiceFlowErrorURL(ctx).String())\n\n\t\t\tassert.Equal(t, \"http://admin.kratos.ory.sh\", p.SelfAdminURL(ctx).String())\n\t\t\tassert.Equal(t, \"http://public.kratos.ory.sh\", p.SelfPublicURL(ctx).String())\n\n\t\t\tvar ds []string\n\t\t\tfor _, v := range p.SelfServiceBrowserAllowedReturnToDomains(ctx) {\n\t\t\t\tds = append(ds, v.String())\n\t\t\t}\n\n\t\t\tassert.Equal(t, []string{\n\t\t\t\t\"http://return-to-1-test.ory.sh/\",\n\t\t\t\t\"http://return-to-2-test.ory.sh/\",\n\t\t\t\t\"http://*.wildcards.ory.sh\",\n\t\t\t\t\"/return-to-relative-test/\",\n\t\t\t}, ds)\n\n\t\t\tpWithFragments := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.WithValues(map[string]interface{}{\n\t\t\t\tconfig.ViperKeySelfServiceLoginUI: \"http://test.kratos.ory.sh/#/login\",\n\t\t\t\tconfig.ViperKeySelfServiceSettingsURL: \"http://test.kratos.ory.sh/#/settings\",\n\t\t\t\tconfig.ViperKeySelfServiceRegistrationUI: \"http://test.kratos.ory.sh/#/register\",\n\t\t\t\tconfig.ViperKeySelfServiceErrorUI: \"http://test.kratos.ory.sh/#/error\",\n\t\t\t}), configx.SkipValidation())\n\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/#/login\", pWithFragments.SelfServiceFlowLoginUI(ctx).String())\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/#/settings\", pWithFragments.SelfServiceFlowSettingsUI(ctx).String())\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/#/register\", pWithFragments.SelfServiceFlowRegistrationUI(ctx).String())\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/#/error\", pWithFragments.SelfServiceFlowErrorURL(ctx).String())\n\n\t\t\tpWithRelativeFragments := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.WithValues(map[string]interface{}{\n\t\t\t\tconfig.ViperKeySelfServiceLoginUI: \"/login\",\n\t\t\t\tconfig.ViperKeySelfServiceSettingsURL: \"/settings\",\n\t\t\t\tconfig.ViperKeySelfServiceRegistrationUI: \"/register\",\n\t\t\t\tconfig.ViperKeySelfServiceErrorUI: \"/error\",\n\t\t\t}), configx.SkipValidation())\n\n\t\t\tassert.Equal(t, \"/login\", pWithRelativeFragments.SelfServiceFlowLoginUI(ctx).String())\n\t\t\tassert.Equal(t, \"/settings\", pWithRelativeFragments.SelfServiceFlowSettingsUI(ctx).String())\n\t\t\tassert.Equal(t, \"/register\", pWithRelativeFragments.SelfServiceFlowRegistrationUI(ctx).String())\n\t\t\tassert.Equal(t, \"/error\", pWithRelativeFragments.SelfServiceFlowErrorURL(ctx).String())\n\n\t\t\tfor _, v := range []string{\n\t\t\t\t\"#/login\",\n\t\t\t\t\"test.kratos.ory.sh/login\",\n\t\t\t} {\n\t\t\t\tlogger := logrusx.New(\"\", \"\")\n\t\t\t\tlogger.Logger.ExitFunc = func(code int) { panic(\"\") }\n\t\t\t\thook := new(test.Hook)\n\t\t\t\tlogger.Logger.Hooks.Add(hook)\n\n\t\t\t\tpWithIncorrectUrls := config.MustNew(t, logger, &contextx.Default{}, configx.WithValues(map[string]interface{}{\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginUI: v,\n\t\t\t\t}), configx.SkipValidation())\n\n\t\t\t\tassert.Panics(t, func() { pWithIncorrectUrls.SelfServiceFlowLoginUI(ctx) })\n\n\t\t\t\tassert.Equal(t, logrus.FatalLevel, hook.LastEntry().Level)\n\t\t\t\tassert.Equal(t, \"Configuration value from key selfservice.flows.login.ui_url is not a valid URL: \"+v, hook.LastEntry().Message)\n\t\t\t\tassert.Equal(t, 1, len(hook.Entries))\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"group=default_return_to\", func(t *testing.T) {\n\t\t\tassert.Equal(t, \"https://self-service/login/password/return_to\", p.SelfServiceFlowLoginReturnTo(ctx, \"password\").String())\n\t\t\tassert.Equal(t, \"https://self-service/login/return_to\", p.SelfServiceFlowLoginReturnTo(ctx, \"oidc\").String())\n\n\t\t\tassert.Equal(t, \"https://self-service/registration/return_to\", p.SelfServiceFlowRegistrationReturnTo(ctx, \"password\").String())\n\t\t\tassert.Equal(t, \"https://self-service/registration/oidc/return_to\", p.SelfServiceFlowRegistrationReturnTo(ctx, \"oidc\").String())\n\n\t\t\tassert.Equal(t, \"https://self-service/settings/password/return_to\", p.SelfServiceFlowSettingsReturnTo(ctx, \"password\", p.SelfServiceBrowserDefaultReturnTo(ctx)).String())\n\t\t\tassert.Equal(t, \"https://self-service/settings/return_to\", p.SelfServiceFlowSettingsReturnTo(ctx, \"profile\", p.SelfServiceBrowserDefaultReturnTo(ctx)).String())\n\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh:4000/\", p.SelfServiceFlowLogoutRedirectURL(ctx).String())\n\t\t\tp.MustSet(ctx, config.ViperKeySelfServiceLogoutBrowserDefaultReturnTo, \"\")\n\t\t\tassert.Equal(t, \"http://return-to-3-test.ory.sh/\", p.SelfServiceFlowLogoutRedirectURL(ctx).String())\n\t\t})\n\n\t\tt.Run(\"group=identity\", func(t *testing.T) {\n\t\t\tc := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.WithConfigFiles(\"stub/.kratos.mock.identities.yaml\"), configx.SkipValidation())\n\n\t\t\tds, err := c.DefaultIdentityTraitsSchemaURL(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/default-identity.schema.json\", ds.String())\n\n\t\t\tss, err := c.IdentityTraitsSchemas(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, 2, len(ss))\n\t\t\tassert.Contains(t, ss, config.Schema{\n\t\t\t\tID: \"default\",\n\t\t\t\tURL: \"http://test.kratos.ory.sh/default-identity.schema.json\",\n\t\t\t})\n\t\t\tassert.Contains(t, ss, config.Schema{\n\t\t\t\tID: \"other\",\n\t\t\t\tURL: \"http://test.kratos.ory.sh/other-identity.schema.json\",\n\t\t\t})\n\n\t\t\tds, err = c.IdentityTraitsSchemaURL(ctx, \"other\")\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/other-identity.schema.json\", ds.String())\n\n\t\t\tds, err = c.IdentityTraitsSchemaURL(ctx, \"default\")\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/default-identity.schema.json\", ds.String())\n\n\t\t\tds, err = c.IdentityTraitsSchemaURL(ctx, \"\")\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/default-identity.schema.json\", ds.String())\n\n\t\t\tds, err = c.IdentityTraitsSchemaURL(ctx, \"does-not-exist\")\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/default-identity.schema.json\", ds.String())\n\t\t})\n\n\t\tt.Run(\"group=serve\", func(t *testing.T) {\n\t\t\tadmin := p.ServeAdmin(ctx)\n\t\t\tassert.Equal(t, \"admin.kratos.ory.sh\", admin.Host)\n\t\t\tassert.Equal(t, 1234, admin.Port)\n\n\t\t\tpublic := p.ServePublic(ctx)\n\t\t\tassert.Equal(t, \"public.kratos.ory.sh\", public.Host)\n\t\t\tassert.Equal(t, 1235, public.Port)\n\t\t})\n\n\t\tt.Run(\"group=dsn\", func(t *testing.T) {\n\t\t\tassert.Equal(t, \"sqlite://foo.db?mode=memory&_fk=true\", p.DSN(ctx))\n\t\t})\n\n\t\tt.Run(\"group=secrets\", func(t *testing.T) {\n\t\t\tassert.Equal(t, [][]byte{\n\t\t\t\t[]byte(\"session-key-7f8a9b77-1\"),\n\t\t\t\t[]byte(\"session-key-7f8a9b77-2\"),\n\t\t\t}, p.SecretsSession(ctx))\n\t\t\tvar cipherExpected [32]byte\n\t\t\tfor k, v := range []byte(\"secret-thirty-two-character-long\") {\n\t\t\t\tcipherExpected[k] = v\n\t\t\t}\n\t\t\tassert.Equal(t, [][32]byte{\n\t\t\t\tcipherExpected,\n\t\t\t}, p.SecretsCipher(ctx))\n\t\t})\n\n\t\tt.Run(\"group=methods\", func(t *testing.T) {\n\t\t\tfor _, tc := range []struct {\n\t\t\t\tid string\n\t\t\t\tconfig string\n\t\t\t\tenabled bool\n\t\t\t}{\n\t\t\t\t{id: \"password\", enabled: true, config: `{\"haveibeenpwned_host\":\"api.pwnedpasswords.com\",\"haveibeenpwned_enabled\":true,\"ignore_network_errors\":true,\"max_breaches\":0,\"migrate_hook\":{\"config\":{\"emit_analytics_event\":true,\"method\":\"POST\"},\"enabled\":false},\"min_password_length\":8,\"identifier_similarity_check_enabled\":true}`},\n\t\t\t\t{id: \"oidc\", enabled: true, config: `{\"providers\":[{\"client_id\":\"a\",\"client_secret\":\"b\",\"id\":\"github\",\"provider\":\"github\",\"mapper_url\":\"http://test.kratos.ory.sh/default-identity.schema.json\"}]}`},\n\t\t\t\t{id: \"totp\", enabled: true, config: `{\"issuer\":\"issuer.ory.sh\"}`},\n\t\t\t} {\n\t\t\t\tstrategy := p.SelfServiceStrategy(ctx, tc.id)\n\t\t\t\tassert.Equal(t, tc.enabled, strategy.Enabled)\n\t\t\t\tassert.JSONEq(t, tc.config, string(strategy.Config))\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"method=registration\", func(t *testing.T) {\n\t\t\tassert.Equal(t, true, p.SelfServiceFlowRegistrationEnabled(ctx))\n\t\t\tassert.Equal(t, time.Minute*98, p.SelfServiceFlowRegistrationRequestLifespan(ctx))\n\n\t\t\tt.Run(\"hook=before\", func(t *testing.T) {\n\t\t\t\texpHooks := []config.SelfServiceHook{\n\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"GET\",\"url\":\"https://test.kratos.ory.sh/before_registration_hook\"}`)},\n\t\t\t\t\t{Name: \"two_step_registration\", Config: json.RawMessage(`{}`)},\n\t\t\t\t}\n\n\t\t\t\thooks := p.SelfServiceFlowRegistrationBeforeHooks(ctx)\n\n\t\t\t\tassert.Equal(t, expHooks, hooks)\n\t\t\t\t// assert.EqualValues(t, \"redirect\", hook.Name)\n\t\t\t\t// assert.JSONEq(t, `{\"allow_user_defined_redirect\":false,\"default_redirect_url\":\"http://test.kratos.ory.sh:4000/\"}`, string(hook.Config))\n\t\t\t})\n\n\t\t\tfor _, tc := range []struct {\n\t\t\t\tstrategy string\n\t\t\t\thooks []config.SelfServiceHook\n\t\t\t}{\n\t\t\t\t{\n\t\t\t\t\tstrategy: \"password\",\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"session\", Config: json.RawMessage(`{}`)},\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/after_registration_password_hook\"}`)},\n\t\t\t\t\t\t// {Name: \"verify\", Config: json.RawMessage(`{}`)},\n\t\t\t\t\t\t// {Name: \"redirect\", Config: json.RawMessage(`{\"allow_user_defined_redirect\":false,\"default_redirect_url\":\"http://test.kratos.ory.sh:4000/\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstrategy: \"oidc\",\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t// {Name: \"verify\", Config: json.RawMessage(`{}`)},\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"GET\",\"url\":\"https://test.kratos.ory.sh/after_registration_oidc_hook\"}`)},\n\t\t\t\t\t\t{Name: \"session\", Config: json.RawMessage(`{}`)},\n\t\t\t\t\t\t// {Name: \"redirect\", Config: json.RawMessage(`{\"allow_user_defined_redirect\":false,\"default_redirect_url\":\"http://test.kratos.ory.sh:4000/\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstrategy: config.HookGlobal,\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"auth\":{\"config\":{\"in\":\"header\",\"name\":\"My-Key\",\"value\":\"My-Key-Value\"},\"type\":\"api_key\"},\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/after_registration_global_hook\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t} {\n\t\t\t\tt.Run(\"hook=after/strategy=\"+tc.strategy, func(t *testing.T) {\n\t\t\t\t\thooks := p.SelfServiceFlowRegistrationAfterHooks(ctx, tc.strategy)\n\t\t\t\t\tassert.Equal(t, tc.hooks, hooks)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"method=totp\", func(t *testing.T) {\n\t\t\tassert.Equal(t, \"issuer.ory.sh\", p.TOTPIssuer(ctx))\n\t\t})\n\n\t\tt.Run(\"method=login\", func(t *testing.T) {\n\t\t\tassert.Equal(t, time.Minute*99, p.SelfServiceFlowLoginRequestLifespan(ctx))\n\n\t\t\tt.Run(\"hook=before\", func(t *testing.T) {\n\t\t\t\texpHooks := []config.SelfServiceHook{\n\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/before_login_hook\"}`)},\n\t\t\t\t}\n\n\t\t\t\thooks := p.SelfServiceFlowLoginBeforeHooks(ctx)\n\n\t\t\t\trequire.Len(t, hooks, 1)\n\t\t\t\tassert.Equal(t, expHooks, hooks)\n\t\t\t\t// assert.EqualValues(t, \"redirect\", hook.Name)\n\t\t\t\t// assert.JSONEq(t, `{\"allow_user_defined_redirect\":false,\"default_redirect_url\":\"http://test.kratos.ory.sh:4000/\"}`, string(hook.Config))\n\t\t\t})\n\n\t\t\tfor _, tc := range []struct {\n\t\t\t\tstrategy string\n\t\t\t\thooks []config.SelfServiceHook\n\t\t\t}{\n\t\t\t\t{\n\t\t\t\t\tstrategy: \"password\",\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"revoke_active_sessions\", Config: json.RawMessage(`{}`)},\n\t\t\t\t\t\t{Name: \"require_verified_address\", Config: json.RawMessage(`{}`)},\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"auth\":{\"config\":{\"password\":\"super-secret\",\"user\":\"test-user\"},\"type\":\"basic_auth\"},\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/after_login_password_hook\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstrategy: \"oidc\",\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"GET\",\"url\":\"https://test.kratos.ory.sh/after_login_oidc_hook\"}`)},\n\t\t\t\t\t\t{Name: \"revoke_active_sessions\", Config: json.RawMessage(`{}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstrategy: config.HookGlobal,\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/after_login_global_hook\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t} {\n\t\t\t\tt.Run(\"hook=after/strategy=\"+tc.strategy, func(t *testing.T) {\n\t\t\t\t\thooks := p.SelfServiceFlowLoginAfterHooks(ctx, tc.strategy)\n\t\t\t\t\tassert.Equal(t, tc.hooks, hooks)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"method=settings\", func(t *testing.T) {\n\t\t\tassert.Equal(t, time.Minute*99, p.SelfServiceFlowSettingsFlowLifespan(ctx))\n\t\t\tassert.Equal(t, time.Minute*5, p.SelfServiceFlowSettingsPrivilegedSessionMaxAge(ctx))\n\n\t\t\tfor _, tc := range []struct {\n\t\t\t\tstrategy string\n\t\t\t\thooks []config.SelfServiceHook\n\t\t\t}{\n\t\t\t\t{\n\t\t\t\t\tstrategy: \"password\",\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/after_settings_password_hook\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstrategy: \"profile\",\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/after_settings_profile_hook\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstrategy: config.HookGlobal,\n\t\t\t\t\thooks: []config.SelfServiceHook{\n\t\t\t\t\t\t{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"POST\",\"url\":\"https://test.kratos.ory.sh/after_settings_global_hook\"}`)},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t} {\n\t\t\t\tt.Run(\"hook=after/strategy=\"+tc.strategy, func(t *testing.T) {\n\t\t\t\t\thooks := p.SelfServiceFlowSettingsAfterHooks(ctx, tc.strategy)\n\t\t\t\t\tassert.Equal(t, tc.hooks, hooks)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"method=recovery\", func(t *testing.T) {\n\t\t\tassert.Equal(t, true, p.SelfServiceFlowRecoveryEnabled(ctx))\n\t\t\tassert.Equal(t, time.Minute*98, p.SelfServiceFlowRecoveryRequestLifespan(ctx))\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/recovery\", p.SelfServiceFlowRecoveryUI(ctx).String())\n\n\t\t\thooks := p.SelfServiceFlowRecoveryAfterHooks(ctx, config.HookGlobal)\n\t\t\tassert.Equal(t, []config.SelfServiceHook{{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"GET\",\"url\":\"https://test.kratos.ory.sh/after_recovery_hook\"}`)}}, hooks)\n\t\t})\n\n\t\tt.Run(\"method=verification\", func(t *testing.T) {\n\t\t\tassert.Equal(t, time.Minute*97, p.SelfServiceFlowVerificationRequestLifespan(ctx))\n\t\t\tassert.Equal(t, \"http://test.kratos.ory.sh/verification\", p.SelfServiceFlowVerificationUI(ctx).String())\n\n\t\t\thooks := p.SelfServiceFlowVerificationAfterHooks(ctx, config.HookGlobal)\n\t\t\tassert.Equal(t, []config.SelfServiceHook{{Name: \"web_hook\", Config: json.RawMessage(`{\"body\":\"/path/to/template.jsonnet\",\"headers\":{\"X-Custom-Header\":\"test\"},\"method\":\"GET\",\"url\":\"https://test.kratos.ory.sh/after_verification_hook\"}`)}}, hooks)\n\t\t})\n\n\t\tt.Run(\"group=hashers\", func(t *testing.T) {\n\t\t\tc := p.HasherArgon2(ctx)\n\t\t\tassert.Equal(t, &config.Argon2{\n\t\t\t\tMemory: 1048576, Iterations: 2, Parallelism: 4,\n\t\t\t\tSaltLength: 16, KeyLength: 32, DedicatedMemory: config.Argon2DefaultDedicatedMemory, ExpectedDeviation: config.Argon2DefaultDeviation, ExpectedDuration: config.Argon2DefaultDuration,\n\t\t\t}, c)\n\t\t})\n\n\t\tt.Run(\"group=set_provider_by_json\", func(t *testing.T) {\n\t\t\tproviderConfigJSON := `{\"providers\": [{\"id\":\"github-test\",\"provider\":\"github\",\"client_id\":\"set_json_test\",\"client_secret\":\"secret\",\"mapper_url\":\"http://mapper-url\",\"scope\":[\"user:email\"]}]}`\n\t\t\tstrategyConfigJSON := fmt.Sprintf(`{\"enabled\":true, \"config\": %s}`, providerConfigJSON)\n\n\t\t\tp.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+\".oidc\", strategyConfigJSON)\n\t\t\tstrategy := p.SelfServiceStrategy(ctx, \"oidc\")\n\t\t\tassert.JSONEq(t, providerConfigJSON, string(strategy.Config))\n\t\t})\n\t})\n}\n\nfunc TestBcrypt(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\n\trequire.NoError(t, p.Set(ctx, config.ViperKeyHasherBcryptCost, 4))\n\trequire.NoError(t, p.Set(ctx, \"dev\", false))\n\tassert.EqualValues(t, uint32(12), p.HasherBcrypt(ctx).Cost)\n\n\trequire.NoError(t, p.Set(ctx, \"dev\", true))\n\tassert.EqualValues(t, uint32(4), p.HasherBcrypt(ctx).Cost)\n\n\trequire.NoError(t, p.Set(ctx, config.ViperKeyHasherBcryptCost, math.MaxInt64)) // too high\n\tassert.EqualValues(t, math.MaxUint32, p.HasherBcrypt(ctx).Cost)\n}\n\nfunc TestProviderBaseURLs(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tmachineHostname, err := os.Hostname()\n\tif err != nil {\n\t\tmachineHostname = \"127.0.0.1\"\n\t}\n\n\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\tassert.Equal(t, \"https://\"+machineHostname+\":4433/\", p.SelfPublicURL(ctx).String())\n\tassert.Equal(t, \"https://\"+machineHostname+\":4434/\", p.SelfAdminURL(ctx).String())\n\n\tp = config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation(), configx.WithValues(map[string]interface{}{\n\t\t\"serve.public.port\": 4444,\n\t\t\"serve.admin.port\": 4445,\n\t}))\n\tassert.Equal(t, \"https://\"+machineHostname+\":4444/\", p.SelfPublicURL(ctx).String())\n\tassert.Equal(t, \"https://\"+machineHostname+\":4445/\", p.SelfAdminURL(ctx).String())\n\n\tp = config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation(), configx.WithValues(map[string]interface{}{\n\t\t\"serve.public.host\": \"public.ory.sh\",\n\t\t\"serve.admin.host\": \"admin.ory.sh\",\n\t\t\"serve.public.port\": 4444,\n\t\t\"serve.admin.port\": 4445,\n\t}))\n\tassert.Equal(t, \"https://public.ory.sh:4444/\", p.SelfPublicURL(ctx).String())\n\tassert.Equal(t, \"https://admin.ory.sh:4445/\", p.SelfAdminURL(ctx).String())\n\n\t// Set to dev mode\n\tp = config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation(), configx.WithValues(map[string]interface{}{\n\t\t\"serve.public.host\": \"public.ory.sh\",\n\t\t\"serve.admin.host\": \"admin.ory.sh\",\n\t\t\"serve.public.port\": 4444,\n\t\t\"serve.admin.port\": 4445,\n\t\t\"dev\": true,\n\t}))\n\tassert.Equal(t, \"http://public.ory.sh:4444/\", p.SelfPublicURL(ctx).String())\n\tassert.Equal(t, \"http://admin.ory.sh:4445/\", p.SelfAdminURL(ctx).String())\n}\n\nfunc TestDefaultWebhookHeaderAllowlist(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\tsnapshotx.SnapshotT(t, p.WebhookHeaderAllowlist(ctx))\n}\n\nfunc TestViperProvider_Secrets(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\n\tdef := p.SecretsDefault(ctx)\n\tassert.NotEmpty(t, def)\n\tassert.Equal(t, def, p.SecretsSession(ctx))\n\tassert.Equal(t, def, p.SecretsDefault(ctx))\n\tassert.Empty(t, p.SecretsCipher(ctx))\n\terr := p.Set(ctx, config.ViperKeySecretsCipher, []string{\"short-secret-key\"})\n\trequire.NoError(t, err)\n\tassert.Equal(t, [][32]byte{}, p.SecretsCipher(ctx))\n}\n\nfunc TestViperProvider_Defaults(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tl := logrusx.New(\"\", \"\")\n\n\tfor k, tc := range []struct {\n\t\tinit func() *config.Config\n\t\texpect func(t *testing.T, p *config.Config)\n\t}{\n\t\t{\n\t\t\tinit: func() *config.Config {\n\t\t\t\treturn config.MustNew(t, l, &contextx.Default{}, configx.SkipValidation())\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tinit: func() *config.Config {\n\t\t\t\treturn config.MustNew(t, l, &contextx.Default{}, configx.WithConfigFiles(\"stub/.defaults.yml\"), configx.SkipValidation())\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tinit: func() *config.Config {\n\t\t\t\treturn config.MustNew(t, l, &contextx.Default{}, configx.WithConfigFiles(\"stub/.defaults-password.yml\"), configx.SkipValidation())\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tinit: func() *config.Config {\n\t\t\t\treturn config.MustNew(t, l, &contextx.Default{}, configx.WithConfigFiles(\"../../test/e2e/profiles/recovery/.kratos.yml\"), configx.SkipValidation())\n\t\t\t},\n\t\t\texpect: func(t *testing.T, p *config.Config) {\n\t\t\t\tassert.True(t, p.SelfServiceFlowRecoveryEnabled(ctx))\n\t\t\t\tassert.False(t, p.SelfServiceFlowVerificationEnabled(ctx))\n\t\t\t\tassert.True(t, p.SelfServiceFlowRegistrationEnabled(ctx))\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"password\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"profile\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"link\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"code\").Enabled)\n\t\t\t\tassert.False(t, p.SelfServiceCodeStrategy(ctx).PasswordlessEnabled)\n\t\t\t\tassert.False(t, p.SelfServiceStrategy(ctx, \"oidc\").Enabled)\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tinit: func() *config.Config {\n\t\t\t\treturn config.MustNew(t, l, &contextx.Default{}, configx.WithConfigFiles(\"../../test/e2e/profiles/verification/.kratos.yml\"), configx.SkipValidation())\n\t\t\t},\n\t\t\texpect: func(t *testing.T, p *config.Config) {\n\t\t\t\tassert.False(t, p.SelfServiceFlowRecoveryEnabled(ctx))\n\t\t\t\tassert.True(t, p.SelfServiceFlowVerificationEnabled(ctx))\n\t\t\t\tassert.True(t, p.SelfServiceFlowRegistrationEnabled(ctx))\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"password\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"profile\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"link\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"code\").Enabled)\n\t\t\t\tassert.False(t, p.SelfServiceCodeStrategy(ctx).PasswordlessEnabled)\n\t\t\t\tassert.False(t, p.SelfServiceStrategy(ctx, \"oidc\").Enabled)\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tinit: func() *config.Config {\n\t\t\t\treturn config.MustNew(t, l, &contextx.Default{}, configx.WithConfigFiles(\"../../test/e2e/profiles/oidc/.kratos.yml\"), configx.SkipValidation())\n\t\t\t},\n\t\t\texpect: func(t *testing.T, p *config.Config) {\n\t\t\t\tassert.False(t, p.SelfServiceFlowRecoveryEnabled(ctx))\n\t\t\t\tassert.False(t, p.SelfServiceFlowVerificationEnabled(ctx))\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"password\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"profile\").Enabled)\n\t\t\t\tassert.False(t, p.SelfServiceStrategy(ctx, \"link\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"code\").Enabled)\n\t\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"oidc\").Enabled)\n\t\t\t\tassert.False(t, p.SelfServiceCodeStrategy(ctx).PasswordlessEnabled)\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tinit: func() *config.Config {\n\t\t\t\treturn config.MustNew(t, l, &contextx.Default{}, configx.WithConfigFiles(\"stub/.kratos.notify-unknown-recipients.yml\"), configx.SkipValidation())\n\t\t\t},\n\t\t\texpect: func(t *testing.T, p *config.Config) {\n\t\t\t\tassert.True(t, p.SelfServiceFlowRecoveryNotifyUnknownRecipients(ctx))\n\t\t\t\tassert.True(t, p.SelfServiceFlowVerificationNotifyUnknownRecipients(ctx))\n\t\t\t},\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\tp := tc.init()\n\n\t\t\tif tc.expect != nil {\n\t\t\t\ttc.expect(t, p)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tassert.False(t, p.SelfServiceFlowRecoveryEnabled(ctx))\n\t\t\tassert.False(t, p.SelfServiceFlowVerificationEnabled(ctx))\n\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"password\").Enabled)\n\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"profile\").Enabled)\n\t\t\tassert.False(t, p.SelfServiceStrategy(ctx, \"link\").Enabled)\n\t\t\tassert.True(t, p.SelfServiceStrategy(ctx, \"code\").Enabled)\n\t\t\tassert.False(t, p.SelfServiceStrategy(ctx, \"oidc\").Enabled)\n\t\t\tassert.False(t, p.SelfServiceCodeStrategy(ctx).PasswordlessEnabled)\n\t\t\tassert.False(t, p.SelfServiceFlowRecoveryNotifyUnknownRecipients(ctx))\n\t\t\tassert.False(t, p.SelfServiceFlowVerificationNotifyUnknownRecipients(ctx))\n\t\t})\n\t}\n\n\tt.Run(\"suite=ui_url\", func(t *testing.T) {\n\t\tp := config.MustNew(t, l, &contextx.Default{}, configx.SkipValidation())\n\t\tassert.Equal(t, \"https://www.ory.sh/kratos/docs/fallback/login\", p.SelfServiceFlowLoginUI(ctx).String())\n\t\tassert.Equal(t, \"https://www.ory.sh/kratos/docs/fallback/settings\", p.SelfServiceFlowSettingsUI(ctx).String())\n\t\tassert.Equal(t, \"https://www.ory.sh/kratos/docs/fallback/registration\", p.SelfServiceFlowRegistrationUI(ctx).String())\n\t\tassert.Equal(t, \"https://www.ory.sh/kratos/docs/fallback/recovery\", p.SelfServiceFlowRecoveryUI(ctx).String())\n\t\tassert.Equal(t, \"https://www.ory.sh/kratos/docs/fallback/verification\", p.SelfServiceFlowVerificationUI(ctx).String())\n\t})\n}\n\nfunc TestViperProvider_ReturnTo(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tl := logrusx.New(\"\", \"\")\n\tp := config.MustNew(t, l, &contextx.Default{}, configx.SkipValidation())\n\n\tp.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, \"https://www.ory.sh/\")\n\tassert.Equal(t, \"https://www.ory.sh/\", p.SelfServiceFlowVerificationReturnTo(ctx, urlx.ParseOrPanic(\"https://www.ory.sh/\")).String())\n\tassert.Equal(t, \"https://www.ory.sh/\", p.SelfServiceFlowRecoveryReturnTo(ctx, urlx.ParseOrPanic(\"https://www.ory.sh/\")).String())\n\n\tp.MustSet(ctx, config.ViperKeySelfServiceRecoveryBrowserDefaultReturnTo, \"https://www.ory.sh/recovery\")\n\tassert.Equal(t, \"https://www.ory.sh/recovery\", p.SelfServiceFlowRecoveryReturnTo(ctx, urlx.ParseOrPanic(\"https://www.ory.sh/\")).String())\n\n\tp.MustSet(ctx, config.ViperKeySelfServiceVerificationBrowserDefaultReturnTo, \"https://www.ory.sh/verification\")\n\tassert.Equal(t, \"https://www.ory.sh/verification\", p.SelfServiceFlowVerificationReturnTo(ctx, urlx.ParseOrPanic(\"https://www.ory.sh/\")).String())\n}\n\nfunc TestSession(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tl := logrusx.New(\"\", \"\")\n\tp := config.MustNew(t, l, &contextx.Default{}, configx.SkipValidation())\n\n\tassert.Equal(t, \"ory_kratos_session\", p.SessionName(ctx))\n\tp.MustSet(ctx, config.ViperKeySessionName, \"ory_session\")\n\tassert.Equal(t, \"ory_session\", p.SessionName(ctx))\n\n\tassert.Equal(t, time.Hour*24, p.SessionRefreshMinTimeLeft(ctx))\n\tp.MustSet(ctx, config.ViperKeySessionRefreshMinTimeLeft, \"1m\")\n\tassert.Equal(t, time.Minute, p.SessionRefreshMinTimeLeft(ctx))\n\n\tassert.Equal(t, time.Hour*24, p.SessionLifespan(ctx))\n\tp.MustSet(ctx, config.ViperKeySessionLifespan, \"1m\")\n\tassert.Equal(t, time.Minute, p.SessionLifespan(ctx))\n\n\tassert.Equal(t, true, p.SessionPersistentCookie(ctx))\n\tp.MustSet(ctx, config.ViperKeySessionPersistentCookie, false)\n\tassert.Equal(t, false, p.SessionPersistentCookie(ctx))\n\n\tassert.Equal(t, false, p.SessionWhoAmICaching(ctx))\n\tp.MustSet(ctx, config.ViperKeySessionWhoAmICaching, true)\n\tassert.Equal(t, true, p.SessionWhoAmICaching(ctx))\n}\n\nfunc TestCookies(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tl := logrusx.New(\"\", \"\")\n\tp := config.MustNew(t, l, &contextx.Default{}, configx.SkipValidation())\n\n\tt.Run(\"path\", func(t *testing.T) {\n\t\tassert.Equal(t, \"/\", p.CookiePath(ctx))\n\t\tassert.Equal(t, \"/\", p.SessionPath(ctx))\n\n\t\tp.MustSet(ctx, config.ViperKeyCookiePath, \"/cookie\")\n\t\tassert.Equal(t, \"/cookie\", p.CookiePath(ctx))\n\t\tassert.Equal(t, \"/cookie\", p.SessionPath(ctx))\n\n\t\tp.MustSet(ctx, config.ViperKeySessionPath, \"/session\")\n\t\tassert.Equal(t, \"/cookie\", p.CookiePath(ctx))\n\t\tassert.Equal(t, \"/session\", p.SessionPath(ctx))\n\t})\n\n\tt.Run(\"SameSite\", func(t *testing.T) {\n\t\tassert.Equal(t, http.SameSiteLaxMode, p.CookieSameSiteMode(ctx))\n\t\tassert.Equal(t, http.SameSiteLaxMode, p.SessionSameSiteMode(ctx))\n\n\t\tp.MustSet(ctx, config.ViperKeyCookieSameSite, \"Strict\")\n\t\tassert.Equal(t, http.SameSiteStrictMode, p.CookieSameSiteMode(ctx))\n\t\tassert.Equal(t, http.SameSiteStrictMode, p.SessionSameSiteMode(ctx))\n\n\t\tp.MustSet(ctx, config.ViperKeySessionSameSite, \"None\")\n\t\tassert.Equal(t, http.SameSiteStrictMode, p.CookieSameSiteMode(ctx))\n\t\tassert.Equal(t, http.SameSiteNoneMode, p.SessionSameSiteMode(ctx))\n\t})\n\n\tt.Run(\"domain\", func(t *testing.T) {\n\t\tassert.Equal(t, \"\", p.CookieDomain(ctx))\n\t\tassert.Equal(t, \"\", p.SessionDomain(ctx))\n\n\t\tp.MustSet(ctx, config.ViperKeyCookieDomain, \"www.cookie.com\")\n\t\tassert.Equal(t, \"www.cookie.com\", p.CookieDomain(ctx))\n\t\tassert.Equal(t, \"www.cookie.com\", p.SessionDomain(ctx))\n\n\t\tp.MustSet(ctx, config.ViperKeySessionDomain, \"www.session.com\")\n\t\tassert.Equal(t, \"www.cookie.com\", p.CookieDomain(ctx))\n\t\tassert.Equal(t, \"www.session.com\", p.SessionDomain(ctx))\n\t})\n}\n\nfunc TestViperProvider_DSN(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=dsn: memory\", func(t *testing.T) {\n\t\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\t\tp.MustSet(ctx, config.ViperKeyDSN, \"memory\")\n\n\t\tassert.Equal(t, config.DefaultSQLiteMemoryDSN, p.DSN(ctx))\n\t})\n\n\tt.Run(\"case=dsn: not memory\", func(t *testing.T) {\n\t\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\n\t\tdsn := \"sqlite://foo.db?_fk=true\"\n\t\tp.MustSet(ctx, config.ViperKeyDSN, dsn)\n\n\t\tassert.Equal(t, dsn, p.DSN(ctx))\n\t})\n\n\tt.Run(\"case=dsn: not set\", func(t *testing.T) {\n\t\tdsn := \"\"\n\n\t\tvar exitCode int\n\t\tl := logrusx.New(\"\", \"\", logrusx.WithExitFunc(func(i int) {\n\t\t\texitCode = i\n\t\t}))\n\t\tp := config.MustNew(t, l, &contextx.Default{}, configx.SkipValidation())\n\n\t\tassert.Equal(t, dsn, p.DSN(ctx))\n\t\tassert.NotEqual(t, 0, exitCode)\n\t})\n}\n\nfunc TestViperProvider_ParseURIOrFail(t *testing.T) {\n\tt.Parallel()\n\n\tctx := context.Background()\n\tvar exitCode int\n\n\tl := logrusx.New(\"\", \"\", logrusx.WithExitFunc(func(i int) {\n\t\texitCode = i\n\t}))\n\tp := config.MustNew(t, l, &contextx.Default{}, configx.SkipValidation())\n\trequire.Zero(t, exitCode)\n\n\tconst testKey = \"testKeyNotUsedInTheRealSchema\"\n\n\tfor _, tc := range []struct {\n\t\tu string\n\t\texpected url.URL\n\t}{\n\t\t{\n\t\t\tu: \"file:///etc/config/kratos/identity.schema.json\",\n\t\t\texpected: url.URL{\n\t\t\t\tScheme: \"file\",\n\t\t\t\tPath: \"/etc/config/kratos/identity.schema.json\",\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tu: \"file://./identity.schema.json\",\n\t\t\texpected: url.URL{\n\t\t\t\tScheme: \"file\",\n\t\t\t\tHost: \".\",\n\t\t\t\tPath: \"/identity.schema.json\",\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tu: \"base64://bG9jYWwgc3ViamVjdCA9I\",\n\t\t\texpected: url.URL{\n\t\t\t\tScheme: \"base64\",\n\t\t\t\tHost: \"bG9jYWwgc3ViamVjdCA9I\",\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tu: \"https://foo.bar/schema.json\",\n\t\t\texpected: url.URL{\n\t\t\t\tScheme: \"https\",\n\t\t\t\tHost: \"foo.bar\",\n\t\t\t\tPath: \"/schema.json\",\n\t\t\t},\n\t\t},\n\t} {\n\t\tt.Run(\"case=parse \"+tc.u, func(t *testing.T) {\n\t\t\trequire.NoError(t, p.Set(ctx, testKey, tc.u))\n\n\t\t\tu := p.ParseURIOrFail(ctx, testKey)\n\t\t\trequire.Zero(t, exitCode)\n\t\t\tassert.Equal(t, tc.expected, *u)\n\t\t})\n\t}\n}\n\nfunc TestViperProvider_HaveIBeenPwned(t *testing.T) {\n\tt.Parallel()\n\n\tctx := context.Background()\n\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\tt.Run(\"case=hipb: host\", func(t *testing.T) {\n\t\tp.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedHost, \"foo.bar\")\n\t\tassert.Equal(t, \"foo.bar\", p.PasswordPolicyConfig(ctx).HaveIBeenPwnedHost)\n\t})\n\n\tt.Run(\"case=hibp: enabled\", func(t *testing.T) {\n\t\tp.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedEnabled, true)\n\t\tassert.Equal(t, true, p.PasswordPolicyConfig(ctx).HaveIBeenPwnedEnabled)\n\t})\n\n\tt.Run(\"case=hibp: enabled\", func(t *testing.T) {\n\t\tp.MustSet(ctx, config.ViperKeyPasswordHaveIBeenPwnedEnabled, false)\n\t\tassert.Equal(t, false, p.PasswordPolicyConfig(ctx).HaveIBeenPwnedEnabled)\n\t})\n\n\tt.Run(\"case=hibp: max_breaches\", func(t *testing.T) {\n\t\tp.MustSet(ctx, config.ViperKeyPasswordMaxBreaches, 10)\n\t\tassert.Equal(t, uint(10), p.PasswordPolicyConfig(ctx).MaxBreaches)\n\t})\n\n\tt.Run(\"case=hibp: ignore_network_errors\", func(t *testing.T) {\n\t\tp.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, true)\n\t\tassert.Equal(t, true, p.PasswordPolicyConfig(ctx).IgnoreNetworkErrors)\n\t})\n\n\tt.Run(\"case=hibp: ignore_network_errors\", func(t *testing.T) {\n\t\tp.MustSet(ctx, config.ViperKeyIgnoreNetworkErrors, false)\n\t\tassert.Equal(t, false, p.PasswordPolicyConfig(ctx).IgnoreNetworkErrors)\n\t})\n}\n\nfunc newTestConfig(t *testing.T, opts ...configx.OptionModifier) (c *config.Config, l *logrusx.Logger, h *test.Hook, exited *bool) {\n\tl = logrusx.New(\"\", \"\")\n\th = new(test.Hook)\n\texited = new(bool)\n\tl.Logger.Hooks.Add(h)\n\tl.Logger.ExitFunc = func(code int) { *exited = true }\n\tc = config.MustNew(t, l, &contextx.Default{}, append([]configx.OptionModifier{configx.SkipValidation()}, opts...)...)\n\treturn\n}\n\nfunc TestLoadingTLSConfig(t *testing.T) {\n\tt.Parallel()\n\n\tcertPath, keyPath, certBase64, keyBase64 := testhelpers.GenerateTLSCertificateFilesForTests(t)\n\n\tt.Run(\"case=public: no TLS config\", func(t *testing.T) {\n\t\tp, l, hook, exited := newTestConfig(t)\n\t\tcertFunc, err := p.ServePublic(t.Context()).TLS.GetCertFunc(t.Context(), l, \"public\")\n\t\trequire.NoError(t, err)\n\t\tassert.Nil(t, certFunc)\n\t\tle := hook.LastEntry()\n\t\trequire.NotNil(t, le)\n\t\tassert.Equal(t, \"TLS has not been configured for public, skipping\", le.Message)\n\t\tassert.False(t, *exited)\n\t})\n\n\tt.Run(\"case=admin: no TLS config\", func(t *testing.T) {\n\t\tp, l, hook, exited := newTestConfig(t)\n\t\tcertFunc, err := p.ServeAdmin(t.Context()).TLS.GetCertFunc(t.Context(), l, \"admin\")\n\t\trequire.NoError(t, err)\n\t\tassert.Nil(t, certFunc)\n\t\tle := hook.LastEntry()\n\t\trequire.NotNil(t, le)\n\t\tassert.Equal(t, \"TLS has not been configured for admin, skipping\", le.Message)\n\t\tassert.False(t, *exited)\n\t})\n\n\tt.Run(\"case=public: loading inline base64 certificate\", func(t *testing.T) {\n\t\tp, l, hook, exited := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyPublicTLSKeyBase64: keyBase64,\n\t\t\tkeyPublicTLSCertBase64: certBase64,\n\t\t}))\n\t\tcertFunc, err := p.ServePublic(t.Context()).TLS.GetCertFunc(t.Context(), l, \"public\")\n\t\trequire.NoError(t, err)\n\t\tassert.NotNil(t, certFunc)\n\t\tle := hook.LastEntry()\n\t\trequire.NotNil(t, le)\n\t\tassert.Equal(t, \"Setting up HTTPS for public\", le.Message)\n\t\tassert.False(t, *exited)\n\t})\n\n\tt.Run(\"case=public: loading certificate from a file\", func(t *testing.T) {\n\t\tp, l, hook, exited := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyPublicTLSKeyPath: keyPath,\n\t\t\tkeyPublicTLSCertPath: certPath,\n\t\t}))\n\t\tcertFunc, err := p.ServePublic(t.Context()).TLS.GetCertFunc(t.Context(), l, \"public\")\n\t\trequire.NoError(t, err)\n\t\tassert.NotNil(t, certFunc)\n\t\tle := hook.LastEntry()\n\t\trequire.NotNil(t, le)\n\t\tassert.Equal(t, \"Setting up HTTPS for public (automatic certificate reloading active)\", le.Message)\n\t\tassert.False(t, *exited)\n\t})\n\n\tt.Run(\"case=public: failing to load inline base64 certificate\", func(t *testing.T) {\n\t\tp, l, _, _ := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyPublicTLSKeyBase64: \"invalid\",\n\t\t\tkeyPublicTLSCertBase64: certBase64,\n\t\t}))\n\t\tcertFunc, err := p.ServePublic(t.Context()).TLS.GetCertFunc(t.Context(), l, \"public\")\n\t\trequire.ErrorContains(t, err, \"unable to load TLS certificate for interface public\")\n\t\tassert.Nil(t, certFunc)\n\t})\n\n\tt.Run(\"case=public: failing to load certificate from a file\", func(t *testing.T) {\n\t\tp, l, _, _ := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyPublicTLSKeyPath: \"/dev/null\",\n\t\t\tkeyPublicTLSCertPath: \"/dev/null\",\n\t\t}))\n\t\tcertFunc, err := p.ServePublic(t.Context()).TLS.GetCertFunc(t.Context(), l, \"public\")\n\t\trequire.ErrorContains(t, err, \"unable to load TLS certificate for interface public\")\n\t\tassert.Nil(t, certFunc)\n\t})\n\n\tt.Run(\"case=admin: loading inline base64 certificate\", func(t *testing.T) {\n\t\tp, l, hook, exited := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyAdminTLSKeyBase64: keyBase64,\n\t\t\tkeyAdminTLSCertBase64: certBase64,\n\t\t}))\n\t\tcertFunc, err := p.ServeAdmin(t.Context()).TLS.GetCertFunc(t.Context(), l, \"admin\")\n\t\trequire.NoError(t, err)\n\t\tassert.NotNil(t, certFunc)\n\t\tle := hook.LastEntry()\n\t\trequire.NotNil(t, le)\n\t\tassert.Equal(t, \"Setting up HTTPS for admin\", le.Message)\n\t\tassert.False(t, *exited)\n\t})\n\n\tt.Run(\"case=admin: loading certificate from a file\", func(t *testing.T) {\n\t\tp, l, hook, exited := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyAdminTLSKeyPath: keyPath,\n\t\t\tkeyAdminTLSCertPath: certPath,\n\t\t}))\n\t\tcertFunc, err := p.ServeAdmin(t.Context()).TLS.GetCertFunc(t.Context(), l, \"admin\")\n\t\trequire.NoError(t, err)\n\t\tassert.NotNil(t, certFunc)\n\t\tle := hook.LastEntry()\n\t\trequire.NotNil(t, le)\n\t\tassert.Equal(t, \"Setting up HTTPS for admin (automatic certificate reloading active)\", le.Message)\n\t\tassert.False(t, *exited)\n\t})\n\n\tt.Run(\"case=admin: failing to load inline base64 certificate\", func(t *testing.T) {\n\t\tp, l, _, _ := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyAdminTLSKeyBase64: \"invalid\",\n\t\t\tkeyAdminTLSCertBase64: certBase64,\n\t\t}))\n\t\tcertFunc, err := p.ServeAdmin(t.Context()).TLS.GetCertFunc(t.Context(), l, \"admin\")\n\t\tassert.Nil(t, certFunc)\n\t\trequire.ErrorContains(t, err, \"unable to load TLS certificate for interface admin\")\n\t})\n\n\tt.Run(\"case=admin: failing to load certificate from a file\", func(t *testing.T) {\n\t\tp, l, _, _ := newTestConfig(t, configx.WithValues(map[string]interface{}{\n\t\t\tkeyAdminTLSKeyPath: \"/dev/null\",\n\t\t\tkeyAdminTLSCertPath: certPath,\n\t\t}))\n\t\tcertFunc, err := p.ServeAdmin(t.Context()).TLS.GetCertFunc(t.Context(), l, \"admin\")\n\t\trequire.ErrorContains(t, err, \"unable to load TLS certificate for interface admin\")\n\t\tassert.Nil(t, certFunc)\n\t})\n}\n\nfunc TestIdentitySchemaValidation(t *testing.T) {\n\tt.Parallel()\n\tfiles := []string{\"stub/.identity.test.json\", \"stub/.identity.other.json\"}\n\n\tctx := context.Background()\n\tctx = config.SetValidateIdentitySchemaResilientClientOptions(ctx, []httpx.ResilientOptions{\n\t\thttpx.ResilientClientWithMaxRetry(0),\n\t\thttpx.ResilientClientWithConnectionTimeout(time.Millisecond * 100),\n\t})\n\n\ttype identity struct {\n\t\tSchemas []map[string]string `json:\"schemas\"`\n\t}\n\n\ttype configFile struct {\n\t\tidentityFileName string\n\t\tSelfService map[string]string `json:\"selfservice\"`\n\t\tCourier map[string]map[string]string `json:\"courier\"`\n\t\tDSN string `json:\"dsn\"`\n\t\tIdentity *identity `json:\"identity\"`\n\t}\n\n\tsetup := func(t *testing.T, file string) *configFile {\n\t\tidentityTest, err := os.ReadFile(file) // #nosec G304 -- test code\n\t\tassert.NoError(t, err)\n\t\treturn &configFile{\n\t\t\tidentityFileName: file,\n\t\t\tSelfService: map[string]string{\n\t\t\t\t\"default_browser_return_url\": \"https://some-return-url\",\n\t\t\t},\n\t\t\tCourier: map[string]map[string]string{\n\t\t\t\t\"smtp\": {\n\t\t\t\t\t\"connection_uri\": \"smtp://foo@bar\",\n\t\t\t\t},\n\t\t\t},\n\t\t\tDSN: \"memory\",\n\t\t\tIdentity: &identity{\n\t\t\t\tSchemas: []map[string]string{{\"id\": \"default\", \"url\": \"base64://\" + base64.StdEncoding.EncodeToString(identityTest)}},\n\t\t\t},\n\t\t}\n\t}\n\n\tmarshalAndWrite := func(t *testing.T, tmpFile *os.File, identity *configFile) {\n\t\tj, err := yaml.Marshal(identity)\n\t\tassert.NoError(t, err)\n\n\t\t_, err = tmpFile.Seek(0, 0)\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, tmpFile.Truncate(0))\n\t\t_, err = io.Writer.Write(tmpFile, j)\n\t\tassert.NoError(t, err)\n\t\tassert.NoError(t, tmpFile.Sync())\n\t}\n\n\ttestWatch := func(t *testing.T, ctx context.Context, identity *configFile) (*config.Config, *test.Hook, func([]map[string]string)) {\n\t\ttdir := t.TempDir()\n\t\tassert.NoError(t, os.MkdirAll(tdir, 0o750))\n\t\tconfigFileName := randx.MustString(8, randx.Alpha)\n\t\ttmpConfig, err := os.Create(filepath.Join(tdir, configFileName+\".config.yaml\")) // #nosec G304 -- test code\n\t\tassert.NoError(t, err)\n\t\tt.Cleanup(func() { _ = tmpConfig.Close() })\n\n\t\tmarshalAndWrite(t, tmpConfig, identity)\n\n\t\tl := logrusx.New(\"kratos-\"+tmpConfig.Name(), \"test\")\n\t\thook := test.NewLocal(l.Logger)\n\n\t\tconf, err := config.New(ctx, l, os.Stderr, &contextx.Default{}, configx.WithConfigFiles(tmpConfig.Name()))\n\t\tassert.NoError(t, err)\n\n\t\t// clean the hooks since it will throw an event on first boot\n\t\thook.Reset()\n\n\t\treturn conf, hook, func(schemas []map[string]string) {\n\t\t\tidentity.Identity.Schemas = schemas\n\t\t\tmarshalAndWrite(t, tmpConfig, identity)\n\t\t}\n\t}\n\n\tt.Run(\"case=skip invalid schema validation\", func(t *testing.T) {\n\t\t_, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.invalid.identities.yaml\"),\n\t\t\tconfigx.SkipValidation())\n\t\tassert.NoError(t, err)\n\t})\n\n\tt.Run(\"case=invalid schema should throw error\", func(t *testing.T) {\n\t\tvar stdErr bytes.Buffer\n\t\t_, err := config.New(ctx, logrusx.New(\"\", \"\"), &stdErr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.invalid.identities.yaml\"))\n\t\tassert.Error(t, err)\n\t\tassert.Contains(t, err.Error(), \"minimum 1 properties allowed, but found 0\")\n\t\tassert.Contains(t, stdErr.String(), \"minimum 1 properties allowed, but found 0\")\n\t})\n\n\tt.Run(\"case=must fail on loading unreachable schemas\", func(t *testing.T) {\n\t\t// we make sure that the test runs into DNS issues instead of the context being canceled\n\t\tctx := config.SetValidateIdentitySchemaResilientClientOptions(ctx, []httpx.ResilientOptions{\n\t\t\thttpx.ResilientClientWithMaxRetry(0),\n\t\t\thttpx.ResilientClientWithConnectionTimeout(5 * time.Second),\n\t\t})\n\n\t\terr := make(chan error)\n\t\tgo func(err chan error) {\n\t\t\t_, e := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.mock.identities.yaml\"))\n\t\t\terr <- e\n\t\t}(err)\n\n\t\tselect {\n\t\tcase <-time.After(5 * time.Second):\n\t\t\tt.Fatal(\"the test could not complete as the context timed out before the identity schema loader timed out\")\n\t\tcase e := <-err:\n\t\t\tassert.ErrorContains(t, e, \"no such host\")\n\t\t}\n\t})\n\n\tt.Run(\"case=validate schema is validated on file change\", func(t *testing.T) {\n\t\tvar identities []*configFile\n\n\t\tfor _, f := range files {\n\t\t\tidentities = append(identities, setup(t, f))\n\t\t}\n\n\t\tinvalidIdentity := setup(t, \"stub/.identity.invalid.json\")\n\n\t\tfor _, identity := range identities {\n\t\t\tt.Run(\"test=identity file \"+identity.identityFileName, func(t *testing.T) {\n\t\t\t\tctx, cancel := context.WithTimeout(ctx, time.Second*30)\n\t\t\t\tt.Cleanup(cancel)\n\n\t\t\t\t_, hook, writeSchema := testWatch(t, ctx, identity)\n\t\t\t\twriteSchema(invalidIdentity.Identity.Schemas)\n\n\t\t\t\t// There are a bunch of log messages beeing logged. We are looking for a specific one.\n\t\t\t\tfor {\n\t\t\t\t\tfor _, v := range hook.AllEntries() {\n\t\t\t\t\t\ts, err := v.String()\n\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\tif strings.Contains(s, \"The changed identity schema configuration is invalid and could not be loaded.\") {\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tselect {\n\t\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\t\tt.Fatal(\"the test could not complete as the context timed out before the file watcher updated\")\n\t\t\t\t\tdefault: // nothing\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\t})\n}\n\nfunc TestPasswordless(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tconf, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\tconfigx.SkipValidation(),\n\t\tconfigx.WithValue(config.ViperKeyWebAuthnPasswordless, true))\n\trequire.NoError(t, err)\n\n\tassert.True(t, conf.WebAuthnForPasswordless(ctx))\n\tconf.MustSet(ctx, config.ViperKeyWebAuthnPasswordless, false)\n\tassert.False(t, conf.WebAuthnForPasswordless(ctx))\n}\n\nfunc TestPasswordlessCode(t *testing.T) {\n\tt.Parallel()\n\n\tctx := context.Background()\n\n\tconf, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\tconfigx.SkipValidation(),\n\t\tconfigx.WithValue(config.ViperKeySelfServiceStrategyConfig+\".code\", map[string]interface{}{\n\t\t\t\"passwordless_enabled\": true,\n\t\t\t\"passwordless_login_fallback_enabled\": true,\n\t\t\t\"config\": map[string]interface{}{},\n\t\t}))\n\trequire.NoError(t, err)\n\n\tassert.True(t, conf.SelfServiceCodeStrategy(ctx).PasswordlessEnabled)\n}\n\nfunc TestChangeMinPasswordLength(t *testing.T) {\n\tt.Parallel()\n\tt.Run(\"case=must fail on minimum password length below enforced minimum\", func(t *testing.T) {\n\t\tctx := context.Background()\n\n\t\t_, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.yaml\"),\n\t\t\tconfigx.WithValue(config.ViperKeyPasswordMinLength, 5))\n\n\t\tassert.Error(t, err)\n\t})\n\n\tt.Run(\"case=must not fail on minimum password length above enforced minimum\", func(t *testing.T) {\n\t\tctx := context.Background()\n\n\t\t_, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.yaml\"),\n\t\t\tconfigx.WithValue(config.ViperKeyPasswordMinLength, 9))\n\n\t\tassert.NoError(t, err)\n\t})\n}\n\nfunc TestCourierEmailHTTP(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=configs set\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.courier.email.http.yaml\"), configx.SkipValidation())\n\t\tassert.Equal(t, \"http\", conf.CourierEmailStrategy(ctx))\n\t\tsnapshotx.SnapshotT(t, conf.CourierEmailRequestConfig(ctx))\n\t})\n\n\tt.Run(\"case=defaults\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{}, configx.SkipValidation())\n\n\t\tassert.Equal(t, \"smtp\", conf.CourierEmailStrategy(ctx))\n\t})\n}\n\nfunc TestCourierChannels(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\tt.Run(\"case=configs set\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{}, configx.WithConfigFiles(\"stub/.kratos.courier.channels.yaml\"), configx.SkipValidation())\n\n\t\tchannelConfig, err := conf.CourierChannels(ctx)\n\t\trequire.NoError(t, err)\n\t\trequire.Len(t, channelConfig, 2)\n\t\tassert.Equal(t, channelConfig[0].ID, \"phone\")\n\t\tassert.NotEmpty(t, channelConfig[0].RequestConfig)\n\t\tassert.Equal(t, channelConfig[1].ID, \"email\")\n\t\tassert.NotEmpty(t, channelConfig[1].SMTPConfig)\n\t})\n\n\tt.Run(\"case=defaults\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{}, configx.SkipValidation())\n\n\t\tchannelConfig, err := conf.CourierChannels(ctx)\n\t\trequire.NoError(t, err)\n\t\tassert.Len(t, channelConfig, 1)\n\t\tassert.Equal(t, channelConfig[0].ID, \"email\")\n\t\tassert.Equal(t, channelConfig[0].Type, \"smtp\")\n\t})\n\n\tt.Run(\"smtp urls\", func(t *testing.T) {\n\t\tfor _, tc := range []string{\n\t\t\t\"smtp://a:basdasdasda%2Fc@email-smtp.eu-west-3.amazonaws.com:587/\",\n\t\t\t\"smtp://a:b$c@email-smtp.eu-west-3.amazonaws.com:587/\",\n\t\t\t\"smtp://a/a:bc@email-smtp.eu-west-3.amazonaws.com:587\",\n\t\t\t\"smtp://aa:b+c@email-smtp.eu-west-3.amazonaws.com:587/\",\n\t\t\t\"smtp://user?name:password@email-smtp.eu-west-3.amazonaws.com:587/\",\n\t\t\t\"smtp://username:pass%2Fword@email-smtp.eu-west-3.amazonaws.com:587/\",\n\t\t} {\n\t\t\tt.Run(\"case=\"+tc, func(t *testing.T) {\n\t\t\t\tconf, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{}, configx.WithValue(config.ViperKeyCourierSMTPURL, tc), configx.SkipValidation())\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tcs, err := conf.CourierChannels(ctx)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, cs, 1)\n\t\t\t\tassert.Equal(t, tc, cs[0].SMTPConfig.ConnectionURI)\n\t\t\t})\n\t\t}\n\t})\n}\n\nfunc TestCourierMessageTTL(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=configs set\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.courier.message_retries.yaml\"), configx.SkipValidation())\n\t\tassert.Equal(t, conf.CourierMessageRetries(ctx), 10)\n\t})\n\n\tt.Run(\"case=defaults\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{}, configx.SkipValidation())\n\t\tassert.Equal(t, conf.CourierMessageRetries(ctx), 5)\n\t})\n}\n\nfunc TestTwoStep(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=nothing is set\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{}, configx.SkipValidation())\n\n\t\tassert.True(t, conf.SelfServiceFlowRegistrationTwoSteps(ctx))\n\t})\n\n\tt.Run(\"case=legacy config explicit off\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithValue(config.ViperKeySelfServiceRegistrationEnableLegacyOneStep, false),\n\t\t\tconfigx.SkipValidation(),\n\t\t)\n\n\t\tassert.True(t, conf.SelfServiceFlowRegistrationTwoSteps(ctx))\n\t})\n\n\tt.Run(\"case=legacy config explicit on\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithValue(config.ViperKeySelfServiceRegistrationEnableLegacyOneStep, true),\n\t\t\tconfigx.SkipValidation(),\n\t\t)\n\n\t\tassert.False(t, conf.SelfServiceFlowRegistrationTwoSteps(ctx))\n\t})\n\n\tt.Run(\"case=new config explicit on\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithValue(config.ViperKeySelfServiceRegistrationFlowStyle, \"profile_first\"),\n\t\t\tconfigx.SkipValidation(),\n\t\t)\n\n\t\tassert.True(t, conf.SelfServiceFlowRegistrationTwoSteps(ctx))\n\t})\n\n\tt.Run(\"case=new config explicit off\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithValue(config.ViperKeySelfServiceRegistrationFlowStyle, \"unified\"),\n\t\t\tconfigx.SkipValidation(),\n\t\t)\n\n\t\tassert.False(t, conf.SelfServiceFlowRegistrationTwoSteps(ctx))\n\t})\n\n\tt.Run(\"case=new config explicit on but legacy off\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithValue(config.ViperKeySelfServiceRegistrationFlowStyle, \"profile_first\"),\n\t\t\tconfigx.WithValue(config.ViperKeySelfServiceRegistrationEnableLegacyOneStep, true),\n\t\t\tconfigx.SkipValidation(),\n\t\t)\n\n\t\tassert.False(t, conf.SelfServiceFlowRegistrationTwoSteps(ctx))\n\t})\n}\n\nfunc TestOAuth2Provider(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=configs set\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.oauth2_provider.yaml\"), configx.SkipValidation())\n\t\tassert.Equal(t, \"https://oauth2_provider/\", conf.OAuth2ProviderURL(ctx).String())\n\t\tassert.Equal(t, http.Header{\"Authorization\": {\"Basic\"}}, conf.OAuth2ProviderHeader(ctx))\n\t\tassert.True(t, conf.OAuth2ProviderOverrideReturnTo(ctx))\n\t})\n\n\tt.Run(\"case=defaults\", func(t *testing.T) {\n\t\tconf, _ := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{}, configx.SkipValidation())\n\t\tassert.Empty(t, conf.OAuth2ProviderURL(ctx))\n\t\tassert.Empty(t, conf.OAuth2ProviderHeader(ctx))\n\t\tassert.False(t, conf.OAuth2ProviderOverrideReturnTo(ctx))\n\t})\n}\n\nfunc TestWebauthn(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=multiple origins\", func(t *testing.T) {\n\t\tconf, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.webauthn.origins.yaml\"))\n\t\trequire.NoError(t, err)\n\t\twebAuthnConfig := conf.WebAuthnConfig(ctx)\n\t\tassert.Equal(t, \"https://example.com/webauthn\", webAuthnConfig.RPID)\n\t\tassert.EqualValues(t, []string{\n\t\t\t\"https://origin-a.example.com\",\n\t\t\t\"https://origin-b.example.com\",\n\t\t\t\"https://origin-c.example.com\",\n\t\t}, webAuthnConfig.RPOrigins)\n\t})\n\n\tt.Run(\"case=one origin\", func(t *testing.T) {\n\t\tconf, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.webauthn.origin.yaml\"))\n\t\trequire.NoError(t, err)\n\t\twebAuthnConfig := conf.WebAuthnConfig(ctx)\n\t\tassert.Equal(t, \"https://example.com/webauthn\", webAuthnConfig.RPID)\n\t\tassert.EqualValues(t, []string{\n\t\t\t\"https://origin-a.example.com\",\n\t\t}, webAuthnConfig.RPOrigins)\n\t})\n\n\tt.Run(\"case=id as origin\", func(t *testing.T) {\n\t\tconf, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.yaml\"))\n\t\trequire.NoError(t, err)\n\t\twebAuthnConfig := conf.WebAuthnConfig(ctx)\n\t\tassert.Equal(t, \"example.com\", webAuthnConfig.RPID)\n\t\tassert.EqualValues(t, []string{\n\t\t\t\"http://example.com\",\n\t\t}, webAuthnConfig.RPOrigins)\n\t})\n\n\tt.Run(\"case=invalid\", func(t *testing.T) {\n\t\t_, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.webauthn.invalid.yaml\"))\n\t\tassert.Error(t, err)\n\t})\n}\n\nfunc TestCourierTemplatesConfig(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=partial template update allowed\", func(t *testing.T) {\n\t\t_, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.courier.remote.partial.templates.yaml\"))\n\t\tassert.NoError(t, err)\n\t})\n\n\tt.Run(\"case=load remote template with fallback template overrides path\", func(t *testing.T) {\n\t\t_, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.courier.remote.templates.yaml\"))\n\t\tassert.NoError(t, err)\n\t})\n\n\tt.Run(\"case=courier template helper\", func(t *testing.T) {\n\t\tc, err := config.New(ctx, logrusx.New(\"\", \"\"), os.Stderr, &contextx.Default{},\n\t\t\tconfigx.WithConfigFiles(\"stub/.kratos.courier.remote.templates.yaml\"))\n\n\t\tassert.NoError(t, err)\n\n\t\tcourierTemplateConfig := &config.CourierEmailTemplate{\n\t\t\tBody: &config.CourierEmailBodyTemplate{\n\t\t\t\tPlainText: \"\",\n\t\t\t\tHTML: \"\",\n\t\t\t},\n\t\t\tSubject: \"\",\n\t\t}\n\n\t\tassert.Equal(t, courierTemplateConfig, c.CourierEmailTemplatesHelper(ctx, config.ViperKeyCourierTemplatesVerificationInvalidEmail))\n\t\tassert.Equal(t, courierTemplateConfig, c.CourierEmailTemplatesHelper(ctx, config.ViperKeyCourierTemplatesVerificationValidEmail))\n\t\t// this should return an empty courierEmailTemplate as the key does not exist\n\t\tassert.Equal(t, courierTemplateConfig, c.CourierEmailTemplatesHelper(ctx, \"a_random_key\"))\n\n\t\tcourierTemplateConfig = &config.CourierEmailTemplate{\n\t\t\tBody: &config.CourierEmailBodyTemplate{\n\t\t\t\tPlainText: \"base64://SGksCgp5b3UgKG9yIHNvbWVvbmUgZWxzZSkgZW50ZXJlZCB0aGlzIGVtYWlsIGFkZHJlc3Mgd2hlbiB0cnlpbmcgdG8gcmVjb3ZlciBhY2Nlc3MgdG8gYW4gYWNjb3VudC4KCkhvd2V2ZXIsIHRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3Qgb24gb3VyIGRhdGFiYXNlIG9mIHJlZ2lzdGVyZWQgdXNlcnMgYW5kIHRoZXJlZm9yZSB0aGUgYXR0ZW1wdCBoYXMgZmFpbGVkLgoKSWYgdGhpcyB3YXMgeW91LCBjaGVjayBpZiB5b3Ugc2lnbmVkIHVwIHVzaW5nIGEgZGlmZmVyZW50IGFkZHJlc3MuCgpJZiB0aGlzIHdhcyBub3QgeW91LCBwbGVhc2UgaWdub3JlIHRoaXMgZW1haWwu\",\n\t\t\t\tHTML: \"base64://SGksCgp5b3UgKG9yIHNvbWVvbmUgZWxzZSkgZW50ZXJlZCB0aGlzIGVtYWlsIGFkZHJlc3Mgd2hlbiB0cnlpbmcgdG8gcmVjb3ZlciBhY2Nlc3MgdG8gYW4gYWNjb3VudC4KCkhvd2V2ZXIsIHRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3Qgb24gb3VyIGRhdGFiYXNlIG9mIHJlZ2lzdGVyZWQgdXNlcnMgYW5kIHRoZXJlZm9yZSB0aGUgYXR0ZW1wdCBoYXMgZmFpbGVkLgoKSWYgdGhpcyB3YXMgeW91LCBjaGVjayBpZiB5b3Ugc2lnbmVkIHVwIHVzaW5nIGEgZGlmZmVyZW50IGFkZHJlc3MuCgpJZiB0aGlzIHdhcyBub3QgeW91LCBwbGVhc2UgaWdub3JlIHRoaXMgZW1haWwu\",\n\t\t\t},\n\t\t\tSubject: \"base64://QWNjb3VudCBBY2Nlc3MgQXR0ZW1wdGVk\",\n\t\t}\n\t\tassert.Equal(t, courierTemplateConfig, c.CourierEmailTemplatesHelper(ctx, config.ViperKeyCourierTemplatesRecoveryInvalidEmail))\n\n\t\tcourierTemplateConfig = &config.CourierEmailTemplate{\n\t\t\tBody: &config.CourierEmailBodyTemplate{\n\t\t\t\tPlainText: \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQp7eyAuUmVjb3ZlcnlVUkwgfX0K\",\n\t\t\t\tHTML: \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4=\",\n\t\t\t},\n\t\t\tSubject: \"base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50\",\n\t\t}\n\t\tassert.Equal(t, courierTemplateConfig, c.CourierEmailTemplatesHelper(ctx, config.ViperKeyCourierTemplatesRecoveryValidEmail))\n\t})\n}\n\nfunc TestCleanup(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tp := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.WithConfigFiles(\"stub/.kratos.yaml\"))\n\n\tt.Run(\"group=cleanup config\", func(t *testing.T) {\n\t\tassert.Equal(t, p.DatabaseCleanupSleepTables(ctx), 1*time.Minute)\n\t\tp.MustSet(ctx, config.ViperKeyDatabaseCleanupSleepTables, \"1s\")\n\t\tassert.Equal(t, p.DatabaseCleanupSleepTables(ctx), time.Second)\n\t\tassert.Equal(t, p.DatabaseCleanupBatchSize(ctx), 100)\n\t\tp.MustSet(ctx, config.ViperKeyDatabaseCleanupBatchSize, \"1\")\n\t\tassert.Equal(t, p.DatabaseCleanupBatchSize(ctx), 1)\n\t})\n}\n\nconst (\n\tkeyPublicTLSCertBase64 = \"serve.public.tls.cert.base64\"\n\tkeyPublicTLSKeyBase64 = \"serve.public.tls.key.base64\"\n\tkeyPublicTLSCertPath = \"serve.public.tls.cert.path\"\n\tkeyPublicTLSKeyPath = \"serve.public.tls.key.path\"\n\tkeyAdminTLSCertBase64 = \"serve.admin.tls.cert.base64\"\n\tkeyAdminTLSKeyBase64 = \"serve.admin.tls.key.base64\"\n\tkeyAdminTLSCertPath = \"serve.admin.tls.cert.path\"\n\tkeyAdminTLSKeyPath = \"serve.admin.tls.key.path\"\n)\n" }, { "path": "driver/config/handler.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage config\n\nimport (\n\t\"crypto/sha256\"\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/knadh/koanf/parsers/json\"\n\n\t\"github.com/ory/x/httprouterx\"\n)\n\nfunc RegisterConfigHashRoute(c Provider, router *httprouterx.RouterAdmin) {\n\trouter.GET(\"/health/config\", func(w http.ResponseWriter, r *http.Request) {\n\t\tw.Header().Set(\"Content-Type\", \"text/plain\")\n\t\tif revision := c.Config().GetProvider(r.Context()).String(\"revision\"); len(revision) > 0 {\n\t\t\t_, _ = fmt.Fprintf(w, \"%s\", revision)\n\t\t} else {\n\t\t\tbytes, _ := c.Config().GetProvider(r.Context()).Marshal(json.Parser())\n\t\t\t_, _ = fmt.Fprintf(w, \"%x\", sha256.Sum256(bytes))\n\t\t}\n\t})\n}\n" }, { "path": "driver/config/handler_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage config_test\n\nimport (\n\t\"context\"\n\t\"io\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/httprouterx\"\n)\n\ntype configProvider struct {\n\tcfg *config.Config\n}\n\nfunc (c *configProvider) Config() *config.Config {\n\treturn c.cfg\n}\n\nfunc TestNewConfigHashHandler(t *testing.T) {\n\tctx := context.Background()\n\tcfg := pkg.NewConfigurationWithDefaults(t)\n\trouter := httprouterx.NewTestRouterAdmin(t)\n\tconfig.RegisterConfigHashRoute(&configProvider{cfg: cfg}, router)\n\tts := contextx.NewConfigurableTestServer(router)\n\tt.Cleanup(ts.Close)\n\n\t// first request, get baseline hash\n\tres, err := ts.Client(ctx).Get(ts.URL + \"/health/config\")\n\trequire.NoError(t, err)\n\tdefer func() { _ = res.Body.Close() }()\n\trequire.Equal(t, 200, res.StatusCode)\n\tfirst, err := io.ReadAll(res.Body)\n\trequire.NoError(t, err)\n\n\t// second request, no config change\n\tres, err = ts.Client(ctx).Get(ts.URL + \"/health/config\")\n\trequire.NoError(t, err)\n\tdefer func() { _ = res.Body.Close() }()\n\trequire.Equal(t, 200, res.StatusCode)\n\tsecond, err := io.ReadAll(res.Body)\n\trequire.NoError(t, err)\n\tassert.Equal(t, first, second)\n\n\t// third request, with config change\n\tres, err = ts.Client(contextx.WithConfigValue(ctx, config.ViperKeySessionDomain, \"foobar\")).Get(ts.URL + \"/health/config\")\n\trequire.NoError(t, err)\n\tdefer func() { _ = res.Body.Close() }()\n\trequire.Equal(t, 200, res.StatusCode)\n\tthird, err := io.ReadAll(res.Body)\n\trequire.NoError(t, err)\n\tassert.NotEqual(t, first, third)\n\n\t// fourth request, no config change\n\tres, err = ts.Client(ctx).Get(ts.URL + \"/health/config\")\n\trequire.NoError(t, err)\n\tdefer func() { _ = res.Body.Close() }()\n\trequire.Equal(t, 200, res.StatusCode)\n\tfourth, err := io.ReadAll(res.Body)\n\trequire.NoError(t, err)\n\tassert.Equal(t, first, fourth)\n}\n" }, { "path": "driver/config/stub/.defaults-password.yml", "content": "selfservice:\n methods:\n password:\n enabled: true\n flows:\n recovery: false\n" }, { "path": "driver/config/stub/.defaults-verification.yml", "content": "selfservice:\n methods:\n password:\n enabled: true\n\n flows:\n settings:\n privileged_session_max_age: 1m\n after:\n hooks:\n profile:\n - hook: show_verification_ui\n\n verification:\n enabled: true\n lifespan: 5s\n after:\n default_browser_return_url: http://127.0.0.1:4455/\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/auth/login\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: file://test/e2e/profiles/verification/identity.traits.schema.json\n" }, { "path": "driver/config/stub/.defaults.yml", "content": "selfservice:\n\n" }, { "path": "driver/config/stub/.identity.invalid.json", "content": "{\n \"$id\": \"ory://identity-invalid-schema\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"IdentityInvalidSchema\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {},\n \"required\": [\n \"other\",\n \"email\"\n ],\n \"additionalProperties\": true\n }\n }\n}\n" }, { "path": "driver/config/stub/.identity.other.json", "content": "{\n \"$id\": \"ory://identity-other-schema\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"IdentityOtherSchema\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"other\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\",\n \"title\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n }\n },\n \"required\": [\n \"other\",\n \"email\"\n ],\n \"additionalProperties\": true\n }\n }\n}\n" }, { "path": "driver/config/stub/.identity.test.json", "content": "{\n \"$id\": \"ory://identity-test-schema\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"IdentitySchema\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"type\": \"string\"\n },\n \"last\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"required\": [\n \"name\"\n ],\n \"additionalProperties\": true\n }\n }\n}\n" }, { "path": "driver/config/stub/.kratos.courier.channels.yaml", "content": "courier:\n smtp:\n connection_uri: smtp://username:password@smtp.example.com:587\n channels:\n - id: phone\n request_config:\n url: https://ory.sh\n method: GET\n body: base64://ZnVuY3Rpb24oY3R4KSB7CkJvZHk6IGN0eC5ib2R5LApUbzogY3R4LnRvLEZyb206IGN0eC5mcm9tCn0=\n headers:\n Content-Type: application/x-www-form-urlencoded\n auth:\n type: basic_auth\n config:\n user: ABC\n password: DEF\n" }, { "path": "driver/config/stub/.kratos.courier.email.http.yaml", "content": "dsn: sqlite://foo.db?mode=memory&_fk=true\n\nselfservice:\n default_browser_return_url: https://example.com/return_to\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\ncourier:\n delivery_strategy: http\n http:\n request_config:\n url: https://example.com/email\n body: file://some.jsonnet\n header:\n 'Content-Type': 'application/json'\n auth:\n type: basic_auth\n config:\n user: YourUsername\n password: YourPass\n" }, { "path": "driver/config/stub/.kratos.courier.message_retries.yaml", "content": "courier:\n message_retries: 10\n" }, { "path": "driver/config/stub/.kratos.courier.remote.invalid.subject.yaml", "content": "dsn: sqlite://foo.db?mode=memory&_fk=true\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\ncourier:\n smtp:\n connection_uri: smtp://stub-url\n templates:\n recovery:\n invalid:\n email:\n body:\n html: base64://SGksCgp5b3UgKG9yIHNvbWVvbmUgZWxzZSkgZW50ZXJlZCB0aGlzIGVtYWlsIGFkZHJlc3Mgd2hlbiB0cnlpbmcgdG8gcmVjb3ZlciBhY2Nlc3MgdG8gYW4gYWNjb3VudC4KCkhvd2V2ZXIsIHRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3Qgb24gb3VyIGRhdGFiYXNlIG9mIHJlZ2lzdGVyZWQgdXNlcnMgYW5kIHRoZXJlZm9yZSB0aGUgYXR0ZW1wdCBoYXMgZmFpbGVkLgoKSWYgdGhpcyB3YXMgeW91LCBjaGVjayBpZiB5b3Ugc2lnbmVkIHVwIHVzaW5nIGEgZGlmZmVyZW50IGFkZHJlc3MuCgpJZiB0aGlzIHdhcyBub3QgeW91LCBwbGVhc2UgaWdub3JlIHRoaXMgZW1haWwu\n # omit subject to verify it is validated\n valid:\n # omit template_root as it is not required on valid\n email:\n body:\n plaintext: base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQp7eyAuUmVjb3ZlcnlVUkwgfX0K\n html: base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4=\n subject: base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50\n # omit verification here to test templates override fallback\n template_override_path: \"../../courier/template/courier/builtin/templates\"\n" }, { "path": "driver/config/stub/.kratos.courier.remote.partial.templates.yaml", "content": "dsn: sqlite://foo.db?mode=memory&_fk=true\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\ncourier:\n smtp:\n connection_uri: smtp://stub-url\n templates:\n recovery:\n invalid:\n email:\n body:\n plaintext: base64://SGksCgp5b3UgKG9yIHNvbWVvbmUgZWxzZSkgZW50ZXJlZCB0aGlzIGVtYWlsIGFkZHJlc3Mgd2hlbiB0cnlpbmcgdG8gcmVjb3ZlciBhY2Nlc3MgdG8gYW4gYWNjb3VudC4KCkhvd2V2ZXIsIHRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3Qgb24gb3VyIGRhdGFiYXNlIG9mIHJlZ2lzdGVyZWQgdXNlcnMgYW5kIHRoZXJlZm9yZSB0aGUgYXR0ZW1wdCBoYXMgZmFpbGVkLgoKSWYgdGhpcyB3YXMgeW91LCBjaGVjayBpZiB5b3Ugc2lnbmVkIHVwIHVzaW5nIGEgZGlmZmVyZW50IGFkZHJlc3MuCgpJZiB0aGlzIHdhcyBub3QgeW91LCBwbGVhc2UgaWdub3JlIHRoaXMgZW1haWwu\n html: base64://SGksCgp5b3UgKG9yIHNvbWVvbmUgZWxzZSkgZW50ZXJlZCB0aGlzIGVtYWlsIGFkZHJlc3Mgd2hlbiB0cnlpbmcgdG8gcmVjb3ZlciBhY2Nlc3MgdG8gYW4gYWNjb3VudC4KCkhvd2V2ZXIsIHRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3Qgb24gb3VyIGRhdGFiYXNlIG9mIHJlZ2lzdGVyZWQgdXNlcnMgYW5kIHRoZXJlZm9yZSB0aGUgYXR0ZW1wdCBoYXMgZmFpbGVkLgoKSWYgdGhpcyB3YXMgeW91LCBjaGVjayBpZiB5b3Ugc2lnbmVkIHVwIHVzaW5nIGEgZGlmZmVyZW50IGFkZHJlc3MuCgpJZiB0aGlzIHdhcyBub3QgeW91LCBwbGVhc2UgaWdub3JlIHRoaXMgZW1haWwu\n verification:\n valid:\n email:\n subject: base64://VmVyaWZpY2F0aW9uIEVtYWls\n template_override_path: \"../../courier/template/courier/builtin/templates\"\n" }, { "path": "driver/config/stub/.kratos.courier.remote.templates.yaml", "content": "dsn: sqlite://foo.db?mode=memory&_fk=true\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\ncourier:\n smtp:\n connection_uri: smtp://stub-url\n templates:\n recovery:\n invalid:\n email:\n body:\n plaintext: base64://SGksCgp5b3UgKG9yIHNvbWVvbmUgZWxzZSkgZW50ZXJlZCB0aGlzIGVtYWlsIGFkZHJlc3Mgd2hlbiB0cnlpbmcgdG8gcmVjb3ZlciBhY2Nlc3MgdG8gYW4gYWNjb3VudC4KCkhvd2V2ZXIsIHRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3Qgb24gb3VyIGRhdGFiYXNlIG9mIHJlZ2lzdGVyZWQgdXNlcnMgYW5kIHRoZXJlZm9yZSB0aGUgYXR0ZW1wdCBoYXMgZmFpbGVkLgoKSWYgdGhpcyB3YXMgeW91LCBjaGVjayBpZiB5b3Ugc2lnbmVkIHVwIHVzaW5nIGEgZGlmZmVyZW50IGFkZHJlc3MuCgpJZiB0aGlzIHdhcyBub3QgeW91LCBwbGVhc2UgaWdub3JlIHRoaXMgZW1haWwu\n html: base64://SGksCgp5b3UgKG9yIHNvbWVvbmUgZWxzZSkgZW50ZXJlZCB0aGlzIGVtYWlsIGFkZHJlc3Mgd2hlbiB0cnlpbmcgdG8gcmVjb3ZlciBhY2Nlc3MgdG8gYW4gYWNjb3VudC4KCkhvd2V2ZXIsIHRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3Qgb24gb3VyIGRhdGFiYXNlIG9mIHJlZ2lzdGVyZWQgdXNlcnMgYW5kIHRoZXJlZm9yZSB0aGUgYXR0ZW1wdCBoYXMgZmFpbGVkLgoKSWYgdGhpcyB3YXMgeW91LCBjaGVjayBpZiB5b3Ugc2lnbmVkIHVwIHVzaW5nIGEgZGlmZmVyZW50IGFkZHJlc3MuCgpJZiB0aGlzIHdhcyBub3QgeW91LCBwbGVhc2UgaWdub3JlIHRoaXMgZW1haWwu\n subject: base64://QWNjb3VudCBBY2Nlc3MgQXR0ZW1wdGVk\n valid:\n email:\n body:\n plaintext: base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQp7eyAuUmVjb3ZlcnlVUkwgfX0K\n html: base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4=\n subject: base64://UmVjb3ZlciBhY2Nlc3MgdG8geW91ciBhY2NvdW50\n # omit verification here to test templates override fallback\n template_override_path: \"../../courier/template/courier/builtin/templates\"\n" }, { "path": "driver/config/stub/.kratos.courier.sms.yaml", "content": "dsn: sqlite://foo.db?mode=memory&_fk=true\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\ncourier:\n smtp:\n connection_uri: smtp://foo:bar@baz/\n sms:\n enabled: true\n from: '+49123456789'\n request_config:\n url: https://api.twilio.com/2010-04-01/Accounts/YourAccountID/Messages.json\n method: POST\n body: base64://e30=\n header:\n 'Content-Type': 'application/x-www-form-urlencoded'\n auth:\n type: basic_auth\n config:\n user: YourUsername\n password: YourPass\n" }, { "path": "driver/config/stub/.kratos.invalid.identities.yaml", "content": "dsn: sqlite://foo.db?mode=memory&_fk=true\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n\nidentity:\n default_schema_id: other\n schemas:\n - id: other\n url: file://stub/.identity.invalid.json\n\ncourier:\n smtp:\n connection_uri: smtp://foo:bar@baz/\n" }, { "path": "driver/config/stub/.kratos.mock.identities.yaml", "content": "dsn: sqlite://foo.db?mode=memory&_fk=true\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: http://test.kratos.ory.sh/default-identity.schema.json\n - id: other\n url: http://test.kratos.ory.sh/other-identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtp://foo:bar@baz/\n" }, { "path": "driver/config/stub/.kratos.notify-unknown-recipients.yml", "content": "selfservice:\n flows:\n recovery:\n notify_unknown_recipients: true\n verification:\n notify_unknown_recipients: true\n" }, { "path": "driver/config/stub/.kratos.oauth2_provider.yaml", "content": "oauth2_provider:\n url: https://oauth2_provider/\n headers:\n Authorization: Basic\n override_return_to: true\n" }, { "path": "driver/config/stub/.kratos.webauthn.invalid.yaml", "content": "# serve controls the configuration for the http(s) daemon\nserve:\n admin:\n base_url: http://admin.kratos.ory.sh\n port: 1234\n host: admin.kratos.ory.sh\n public:\n base_url: http://public.kratos.ory.sh\n port: 1235\n host: public.kratos.ory.sh\n\ndsn: sqlite://foo.db?mode=memory&_fk=true\n\nlog:\n level: debug\n\ncourier:\n smtp:\n connection_uri: smtp://foo:bar@baz/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n - id: other\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktb3RoZXItc2NoZW1hIiwKICAiJHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA3L3NjaGVtYSMiLAogICJ0aXRsZSI6ICJJZGVudGl0eU90aGVyU2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm90aGVyIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIgogICAgICAgIH0sCiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJ0aXRsZSI6ICJlbWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJvdGhlciIsCiAgICAgICAgImVtYWlsIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\nhashers:\n argon2:\n memory: 1MB\n iterations: 2\n parallelism: 4\n salt_length: 16\n key_length: 32\n dedicated_memory: 1GB\n expected_duration: 500ms\n expected_deviation: 500ms\n\nsecrets:\n cookie:\n - session-key-7f8a9b77-1\n - session-key-7f8a9b77-2\n cipher:\n - secret-thirty-two-character-long\n\nciphers:\n algorithm: xchacha20-poly1305\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n allowed_return_urls:\n - http://return-to-1-test.ory.sh/\n - http://return-to-2-test.ory.sh/\n - http://*.wildcards.ory.sh\n - http://*.sh\n - http://*.com\n - http://*.com.pl\n - http://*\n - /return-to-relative-test/\n methods:\n totp:\n enabled: true\n config:\n issuer: issuer.ory.sh\n password:\n enabled: true\n oidc:\n enabled: true\n config:\n providers:\n - id: github\n provider: github\n client_id: a\n client_secret: b\n mapper_url: http://test.kratos.ory.sh/default-identity.schema.json\n webauthn:\n enabled: true\n config:\n rp:\n id: https://example.com/webauthn\n display_name: Webauthn\n origin: https://origin-a.example.com\n origins:\n - https://origin-a.example.com\n - https://origin-b.example.com\n - https://origin-c.example.com\n flows:\n error:\n ui_url: http://test.kratos.ory.sh/error\n\n logout:\n after:\n default_browser_return_url: http://test.kratos.ory.sh:4000/\n\n recovery:\n enabled: true\n ui_url: http://test.kratos.ory.sh/recovery\n lifespan: 98m\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_recovery_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n verification:\n enabled: true\n lifespan: 97m\n ui_url: http://test.kratos.ory.sh/verification\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_verification_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n settings:\n ui_url: http://test.kratos.ory.sh/settings\n lifespan: 99m\n privileged_session_max_age: 5m\n after:\n default_browser_return_url: https://self-service/settings/return_to\n password:\n default_browser_return_url: https://self-service/settings/password/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n profile:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_profile_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n login:\n ui_url: http://test.kratos.ory.sh/login\n lifespan: 99m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_login_hook\n method: POST\n headers: \n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/login/return_to\n password:\n default_browser_return_url: https://self-service/login/password/return_to\n hooks:\n - hook: revoke_active_sessions\n - hook: require_verified_address\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: basic_auth\n config:\n user: test-user\n password: super-secret\n oidc:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_oidc_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: revoke_active_sessions\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n registration:\n enabled: true\n ui_url: http://test.kratos.ory.sh/register\n lifespan: 98m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_registration_hook\n method: GET\n headers: \n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/registration/return_to\n password:\n hooks:\n - hook: session\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: api_key\n config:\n name: My-Key\n value: My-Key-Value\n in: header\n oidc:\n default_browser_return_url: https://self-service/registration/oidc/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_oidc_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: session\n" }, { "path": "driver/config/stub/.kratos.webauthn.origin.yaml", "content": "# serve controls the configuration for the http(s) daemon\nserve:\n admin:\n base_url: http://admin.kratos.ory.sh\n port: 1234\n host: admin.kratos.ory.sh\n public:\n base_url: http://public.kratos.ory.sh\n port: 1235\n host: public.kratos.ory.sh\n\ndsn: sqlite://foo.db?mode=memory&_fk=true\n\nlog:\n level: debug\n\ncourier:\n smtp:\n connection_uri: smtp://foo:bar@baz/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n - id: other\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktb3RoZXItc2NoZW1hIiwKICAiJHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA3L3NjaGVtYSMiLAogICJ0aXRsZSI6ICJJZGVudGl0eU90aGVyU2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm90aGVyIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIgogICAgICAgIH0sCiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJ0aXRsZSI6ICJlbWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJvdGhlciIsCiAgICAgICAgImVtYWlsIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\nhashers:\n argon2:\n memory: 1MB\n iterations: 2\n parallelism: 4\n salt_length: 16\n key_length: 32\n dedicated_memory: 1GB\n expected_duration: 500ms\n expected_deviation: 500ms\n\nsecrets:\n cookie:\n - session-key-7f8a9b77-1\n - session-key-7f8a9b77-2\n cipher:\n - secret-thirty-two-character-long\n\nciphers:\n algorithm: xchacha20-poly1305\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n allowed_return_urls:\n - http://return-to-1-test.ory.sh/\n - http://return-to-2-test.ory.sh/\n - http://*.wildcards.ory.sh\n - http://*.sh\n - http://*.com\n - http://*.com.pl\n - http://*\n - /return-to-relative-test/\n methods:\n totp:\n enabled: true\n config:\n issuer: issuer.ory.sh\n password:\n enabled: true\n oidc:\n enabled: true\n config:\n providers:\n - id: github\n provider: github\n client_id: a\n client_secret: b\n mapper_url: http://test.kratos.ory.sh/default-identity.schema.json\n webauthn:\n enabled: true\n config:\n rp:\n id: https://example.com/webauthn\n display_name: Webauthn\n origin: https://origin-a.example.com\n flows:\n error:\n ui_url: http://test.kratos.ory.sh/error\n\n logout:\n after:\n default_browser_return_url: http://test.kratos.ory.sh:4000/\n\n recovery:\n enabled: true\n ui_url: http://test.kratos.ory.sh/recovery\n lifespan: 98m\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_recovery_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n verification:\n enabled: true\n lifespan: 97m\n ui_url: http://test.kratos.ory.sh/verification\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_verification_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n settings:\n ui_url: http://test.kratos.ory.sh/settings\n lifespan: 99m\n privileged_session_max_age: 5m\n after:\n default_browser_return_url: https://self-service/settings/return_to\n password:\n default_browser_return_url: https://self-service/settings/password/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n profile:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_profile_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n login:\n ui_url: http://test.kratos.ory.sh/login\n lifespan: 99m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_login_hook\n method: POST\n headers: \n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/login/return_to\n password:\n default_browser_return_url: https://self-service/login/password/return_to\n hooks:\n - hook: revoke_active_sessions\n - hook: require_verified_address\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: basic_auth\n config:\n user: test-user\n password: super-secret\n oidc:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_oidc_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: revoke_active_sessions\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n registration:\n enabled: true\n ui_url: http://test.kratos.ory.sh/register\n lifespan: 98m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_registration_hook\n method: GET\n headers: \n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/registration/return_to\n password:\n hooks:\n - hook: session\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: api_key\n config:\n name: My-Key\n value: My-Key-Value\n in: header\n oidc:\n default_browser_return_url: https://self-service/registration/oidc/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_oidc_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: session\n" }, { "path": "driver/config/stub/.kratos.webauthn.origins.yaml", "content": "# serve controls the configuration for the http(s) daemon\nserve:\n admin:\n base_url: http://admin.kratos.ory.sh\n port: 1234\n host: admin.kratos.ory.sh\n public:\n base_url: http://public.kratos.ory.sh\n port: 1235\n host: public.kratos.ory.sh\n\ndsn: sqlite://foo.db?mode=memory&_fk=true\n\nlog:\n level: debug\n\ncourier:\n smtp:\n connection_uri: smtp://foo:bar@baz/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n - id: other\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktb3RoZXItc2NoZW1hIiwKICAiJHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA3L3NjaGVtYSMiLAogICJ0aXRsZSI6ICJJZGVudGl0eU90aGVyU2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm90aGVyIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIgogICAgICAgIH0sCiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJ0aXRsZSI6ICJlbWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJvdGhlciIsCiAgICAgICAgImVtYWlsIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\nhashers:\n argon2:\n memory: 1MB\n iterations: 2\n parallelism: 4\n salt_length: 16\n key_length: 32\n dedicated_memory: 1GB\n expected_duration: 500ms\n expected_deviation: 500ms\n\nsecrets:\n cookie:\n - session-key-7f8a9b77-1\n - session-key-7f8a9b77-2\n cipher:\n - secret-thirty-two-character-long\n\nciphers:\n algorithm: xchacha20-poly1305\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n allowed_return_urls:\n - http://return-to-1-test.ory.sh/\n - http://return-to-2-test.ory.sh/\n - http://*.wildcards.ory.sh\n - http://*.sh\n - http://*.com\n - http://*.com.pl\n - http://*\n - /return-to-relative-test/\n methods:\n totp:\n enabled: true\n config:\n issuer: issuer.ory.sh\n password:\n enabled: true\n oidc:\n enabled: true\n config:\n providers:\n - id: github\n provider: github\n client_id: a\n client_secret: b\n mapper_url: http://test.kratos.ory.sh/default-identity.schema.json\n webauthn:\n enabled: true\n config:\n rp:\n id: https://example.com/webauthn\n display_name: Webauthn\n origins:\n - https://origin-a.example.com\n - https://origin-b.example.com\n - https://origin-c.example.com\n flows:\n error:\n ui_url: http://test.kratos.ory.sh/error\n\n logout:\n after:\n default_browser_return_url: http://test.kratos.ory.sh:4000/\n\n recovery:\n enabled: true\n ui_url: http://test.kratos.ory.sh/recovery\n lifespan: 98m\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_recovery_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n verification:\n enabled: true\n lifespan: 97m\n ui_url: http://test.kratos.ory.sh/verification\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_verification_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n settings:\n ui_url: http://test.kratos.ory.sh/settings\n lifespan: 99m\n privileged_session_max_age: 5m\n after:\n default_browser_return_url: https://self-service/settings/return_to\n password:\n default_browser_return_url: https://self-service/settings/password/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n profile:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_profile_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n login:\n ui_url: http://test.kratos.ory.sh/login\n lifespan: 99m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_login_hook\n method: POST\n headers: \n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/login/return_to\n password:\n default_browser_return_url: https://self-service/login/password/return_to\n hooks:\n - hook: revoke_active_sessions\n - hook: require_verified_address\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: basic_auth\n config:\n user: test-user\n password: super-secret\n oidc:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_oidc_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: revoke_active_sessions\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n registration:\n enabled: true\n ui_url: http://test.kratos.ory.sh/register\n lifespan: 98m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_registration_hook\n method: GET\n headers: \n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/registration/return_to\n password:\n hooks:\n - hook: session\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_password_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_global_hook\n method: POST\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: api_key\n config:\n name: My-Key\n value: My-Key-Value\n in: header\n oidc:\n default_browser_return_url: https://self-service/registration/oidc/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_oidc_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: session\n" }, { "path": "driver/config/stub/.kratos.yaml", "content": "# serve controls the configuration for the http(s) daemon\nserve:\n admin:\n base_url: http://admin.kratos.ory.sh\n port: 1234\n host: admin.kratos.ory.sh\n public:\n base_url: http://public.kratos.ory.sh\n port: 1235\n host: public.kratos.ory.sh\n\ndsn: sqlite://foo.db?mode=memory&_fk=true\n\nlog:\n level: debug\n\ncourier:\n smtp:\n connection_uri: smtp://foo:bar@baz/\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktdGVzdC1zY2hlbWEiLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInRpdGxlIjogIklkZW50aXR5U2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJsYXN0IjogewogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJuYW1lIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n - id: other\n url: base64://ewogICIkaWQiOiAib3J5Oi8vaWRlbnRpdHktb3RoZXItc2NoZW1hIiwKICAiJHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA3L3NjaGVtYSMiLAogICJ0aXRsZSI6ICJJZGVudGl0eU90aGVyU2NoZW1hIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgIm90aGVyIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIgogICAgICAgIH0sCiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJ0aXRsZSI6ICJlbWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJvdGhlciIsCiAgICAgICAgImVtYWlsIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiB0cnVlCiAgICB9CiAgfQp9\n\nhashers:\n argon2:\n memory: 1MB\n iterations: 2\n parallelism: 4\n salt_length: 16\n key_length: 32\n dedicated_memory: 1GB\n expected_duration: 500ms\n expected_deviation: 500ms\n\nsecrets:\n cookie:\n - session-key-7f8a9b77-1\n - session-key-7f8a9b77-2\n cipher:\n - secret-thirty-two-character-long\n\nciphers:\n algorithm: xchacha20-poly1305\n\nselfservice:\n default_browser_return_url: http://return-to-3-test.ory.sh/\n allowed_return_urls:\n - http://return-to-1-test.ory.sh/\n - http://return-to-2-test.ory.sh/\n - http://*.wildcards.ory.sh\n - http://*.sh\n - http://*.com\n - http://*.com.pl\n - http://*\n - /return-to-relative-test/\n methods:\n totp:\n enabled: true\n config:\n issuer: issuer.ory.sh\n password:\n enabled: true\n oidc:\n enabled: true\n config:\n providers:\n - id: github\n provider: github\n client_id: a\n client_secret: b\n mapper_url: http://test.kratos.ory.sh/default-identity.schema.json\n webauthn:\n enabled: true\n config:\n rp:\n id: example.com\n display_name: Webauthn\n flows:\n error:\n ui_url: http://test.kratos.ory.sh/error\n\n logout:\n after:\n default_browser_return_url: http://test.kratos.ory.sh:4000/\n\n recovery:\n enabled: true\n ui_url: http://test.kratos.ory.sh/recovery\n lifespan: 98m\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_recovery_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n verification:\n enabled: true\n lifespan: 97m\n ui_url: http://test.kratos.ory.sh/verification\n after:\n default_browser_return_url: http://test.kratos.ory.sh/dashboard\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_verification_hook\n method: GET\n headers: \n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n settings:\n ui_url: http://test.kratos.ory.sh/settings\n lifespan: 99m\n privileged_session_max_age: 5m\n after:\n default_browser_return_url: https://self-service/settings/return_to\n password:\n default_browser_return_url: https://self-service/settings/password/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_password_hook\n method: POST\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n profile:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_profile_hook\n method: POST\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_settings_global_hook\n method: POST\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n login:\n ui_url: http://test.kratos.ory.sh/login\n lifespan: 99m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_login_hook\n method: POST\n headers:\n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/login/return_to\n password:\n default_browser_return_url: https://self-service/login/password/return_to\n hooks:\n - hook: revoke_active_sessions\n - hook: require_verified_address\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_password_hook\n method: POST\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: basic_auth\n config:\n user: test-user\n password: super-secret\n oidc:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_oidc_hook\n method: GET\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: revoke_active_sessions\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_login_global_hook\n method: POST\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n\n registration:\n enabled: true\n ui_url: http://test.kratos.ory.sh/register\n lifespan: 98m\n before:\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/before_registration_hook\n method: GET\n headers:\n X-Custom-Header: test\n after:\n default_browser_return_url: https://self-service/registration/return_to\n password:\n hooks:\n - hook: session\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_password_hook\n method: POST\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_global_hook\n method: POST\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n auth:\n type: api_key\n config:\n name: My-Key\n value: My-Key-Value\n in: header\n oidc:\n default_browser_return_url: https://self-service/registration/oidc/return_to\n hooks:\n - hook: web_hook\n config:\n url: https://test.kratos.ory.sh/after_registration_oidc_hook\n method: GET\n headers:\n X-Custom-Header: test\n body: /path/to/template.jsonnet\n - hook: session\n" }, { "path": "driver/factory.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\t\"io\"\n\n\t\"github.com/ory/x/servicelocatorx\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/logrusx\"\n)\n\nfunc New(ctx context.Context, stdOutOrErr io.Writer, dOpts ...RegistryOption) (*RegistryDefault, error) {\n\tr, err := NewWithoutInit(ctx, stdOutOrErr, dOpts...)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tctxter := r.Contextualizer()\n\tif err := r.Init(ctx, ctxter, dOpts...); err != nil {\n\t\tr.Logger().WithError(err).Error(\"Unable to initialize service registry.\")\n\t\treturn nil, err\n\t}\n\n\treturn r, nil\n}\n\nfunc NewWithoutInit(ctx context.Context, stdOutOrErr io.Writer, dOpts ...RegistryOption) (*RegistryDefault, error) {\n\topts := newOptions(dOpts)\n\tsl := servicelocatorx.NewOptions(opts.serviceLocatorOptions...)\n\n\tl := sl.Logger()\n\tif l == nil {\n\t\tl = logrusx.New(\"Ory Kratos\", config.Version)\n\t}\n\n\tc := opts.config\n\tif c == nil {\n\t\tvar err error\n\t\tc, err = config.New(ctx, l, stdOutOrErr, sl.Contextualizer(), opts.configOptions...)\n\t\tif err != nil {\n\t\t\tl.WithError(err).Error(\"Unable to instantiate configuration.\")\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tr, err := NewRegistryFromDSN(ctx, c, l)\n\tif err != nil {\n\t\tl.WithError(err).Error(\"Unable to instantiate service registry.\")\n\t\treturn nil, err\n\t}\n\tr.slOptions = sl\n\tr.SetContextualizer(sl.Contextualizer())\n\n\treturn r, nil\n}\n" }, { "path": "driver/factory_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver_test\n\nimport (\n\t\"context\"\n\t\"os\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n)\n\nfunc TestDriverNew(t *testing.T) {\n\tctx := context.Background()\n\tr, err := driver.New(\n\t\tcontext.Background(),\n\t\tos.Stderr,\n\t\tdriver.WithConfigOptions(\n\t\t\tconfigx.WithValue(config.ViperKeyDSN, config.DefaultSQLiteMemoryDSN),\n\t\t\tconfigx.SkipValidation(),\n\t\t))\n\trequire.NoError(t, err)\n\n\tassert.EqualValues(t, config.DefaultSQLiteMemoryDSN, r.Config().DSN(ctx))\n\tpingCtx, cancel := context.WithTimeout(ctx, 10*time.Second)\n\tt.Cleanup(cancel)\n\trequire.NoError(t, r.Persister().Ping(pingCtx))\n\n\tassert.NotEqual(t, uuid.Nil.String(), r.Persister().NetworkID(context.Background()).String())\n\n\tn, err := r.Persister().DetermineNetwork(context.Background())\n\trequire.NoError(t, err)\n\tassert.Equal(t, r.Persister().NetworkID(context.Background()), n.ID)\n}\n" }, { "path": "driver/registry.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\t\"io/fs\"\n\n\t\"github.com/gorilla/sessions\"\n\n\t\"github.com/ory/x/httpx\"\n\n\t\"github.com/ory/kratos/cipher\"\n\t\"github.com/ory/kratos/continuity\"\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/selfservice/errorx\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/kratos/selfservice/flow/logout\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/sessiontokenexchange\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n\tpassword2 \"github.com/ory/kratos/selfservice/strategy/password\"\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/kratos/x/nosurfx\"\n\t\"github.com/ory/nosurf\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/healthx\"\n\t\"github.com/ory/x/httprouterx\"\n\t\"github.com/ory/x/jsonnetsecure\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/popx\"\n\t\"github.com/ory/x/servicelocatorx\"\n)\n\ntype Registry interface {\n\tInit(ctx context.Context, ctxer contextx.Contextualizer, opts ...RegistryOption) error\n\n\tSetLogger(l *logrusx.Logger)\n\tSetJSONNetVMProvider(jsonnetsecure.VMProvider)\n\n\tWithCSRFHandler(c nosurf.Handler)\n\tWithCSRFTokenGenerator(cg nosurfx.CSRFToken)\n\n\tHealthHandler(ctx context.Context) *healthx.Handler\n\tCookieManager(ctx context.Context) sessions.StoreExact\n\tContinuityCookieManager(ctx context.Context) sessions.StoreExact\n\n\tRegisterPublicRoutes(ctx context.Context, public *httprouterx.RouterPublic)\n\tRegisterAdminRoutes(ctx context.Context, admin *httprouterx.RouterAdmin)\n\tTracer(context.Context) *otelx.Tracer\n\tSetTracer(*otelx.Tracer)\n\n\tconfig.Provider\n\tCourierConfig() config.CourierConfigs\n\tSetConfig(c *config.Config)\n\tSetContextualizer(ctxer contextx.Contextualizer)\n\n\tnosurfx.CSRFProvider\n\thttpx.WriterProvider\n\tlogrusx.Provider\n\thttpx.ClientProvider\n\tjsonnetsecure.VMProvider\n\n\tcontinuity.ManagementProvider\n\tcontinuity.PersistenceProvider\n\n\tcipher.Provider\n\n\tcourier.Provider\n\n\tpersistence.Provider\n\n\terrorx.ManagementProvider\n\terrorx.HandlerProvider\n\terrorx.PersistenceProvider\n\n\thash.HashProvider\n\n\tidentity.HandlerProvider\n\tidentity.ValidationProvider\n\tidentity.PoolProvider\n\tidentity.PrivilegedPoolProvider\n\tidentity.ManagementProvider\n\tidentity.ActiveCredentialsCounterStrategyProvider\n\n\tcourier.HandlerProvider\n\tcourier.PersistenceProvider\n\n\tschema.HandlerProvider\n\tschema.IdentitySchemaProvider\n\n\tpassword2.ValidationProvider\n\n\tsession.HandlerProvider\n\tsession.ManagementProvider\n\tsession.PersistenceProvider\n\tsession.TokenizerProvider\n\n\tsettings.HandlerProvider\n\tsettings.ErrorHandlerProvider\n\tsettings.FlowPersistenceProvider\n\tsettings.StrategyProvider\n\n\tlogin.FlowPersistenceProvider\n\tlogin.ErrorHandlerProvider\n\tlogin.HooksProvider\n\tlogin.HookExecutorProvider\n\tlogin.HandlerProvider\n\tlogin.StrategyProvider\n\n\tlogout.HandlerProvider\n\n\tregistration.FlowPersistenceProvider\n\tregistration.ErrorHandlerProvider\n\tregistration.HooksProvider\n\tregistration.HookExecutorProvider\n\tregistration.HandlerProvider\n\tregistration.StrategyProvider\n\n\tverification.FlowPersistenceProvider\n\tverification.ErrorHandlerProvider\n\tverification.HandlerProvider\n\tverification.StrategyProvider\n\n\tsessiontokenexchange.PersistenceProvider\n\n\tlink.SenderProvider\n\tlink.VerificationTokenPersistenceProvider\n\tlink.RecoveryTokenPersistenceProvider\n\n\tcode.SenderProvider\n\tcode.RecoveryCodePersistenceProvider\n\n\trecovery.FlowPersistenceProvider\n\trecovery.ErrorHandlerProvider\n\trecovery.HandlerProvider\n\trecovery.StrategyProvider\n\n\tnosurfx.CSRFTokenGeneratorProvider\n}\n\nfunc NewRegistryFromDSN(ctx context.Context, c *config.Config, l *logrusx.Logger) (*RegistryDefault, error) {\n\treg := NewRegistryDefault()\n\n\ttracer, err := otelx.New(\"Ory Kratos\", l, c.Tracing(ctx))\n\tif err != nil {\n\t\tl.WithError(err).Fatalf(\"failed to initialize tracer\")\n\t\ttracer = otelx.NewNoop()\n\t}\n\treg.SetTracer(tracer)\n\treg.SetLogger(l)\n\treg.SetConfig(c)\n\n\treturn reg, nil\n}\n\ntype options struct {\n\tskipNetworkInit bool\n\tconfig *config.Config\n\tconfigOptions []configx.OptionModifier\n\treplaceTracer func(*otelx.Tracer) *otelx.Tracer\n\treplaceIdentitySchemaProvider func(Registry) schema.IdentitySchemaProvider\n\tinspect func(Registry) error\n\textraMigrations []fs.FS\n\textraGoMigrations popx.Migrations\n\treplacementStrategies []NewStrategy\n\textraHooks map[string]func(config.SelfServiceHook) any\n\textraHandlers []NewHandler\n\tdisableMigrationLogging bool\n\tjsonnetPool jsonnetsecure.Pool\n\tserviceLocatorOptions []servicelocatorx.Option\n\tdbOpts []func(details *pop.ConnectionDetails)\n}\n\ntype RegistryOption func(*options)\n\n// WithDBOptions adds database connection options that will be applied to the\n// underlying connection.\nfunc WithDBOptions(opts ...func(details *pop.ConnectionDetails)) RegistryOption {\n\treturn func(o *options) {\n\t\to.dbOpts = append(o.dbOpts, opts...)\n\t}\n}\n\nfunc SkipNetworkInit(o *options) {\n\to.skipNetworkInit = true\n}\n\nfunc WithJsonnetPool(pool jsonnetsecure.Pool) RegistryOption {\n\treturn func(o *options) {\n\t\to.jsonnetPool = pool\n\t}\n}\n\nfunc WithConfig(config *config.Config) RegistryOption {\n\treturn func(o *options) {\n\t\to.config = config\n\t}\n}\n\nfunc WithConfigOptions(opts ...configx.OptionModifier) RegistryOption {\n\treturn func(o *options) {\n\t\to.configOptions = append(o.configOptions, opts...)\n\t}\n}\n\nfunc WithIdentitySchemaProvider(f func(r Registry) schema.IdentitySchemaProvider) RegistryOption {\n\treturn func(o *options) {\n\t\to.replaceIdentitySchemaProvider = f\n\t}\n}\n\nfunc ReplaceTracer(f func(*otelx.Tracer) *otelx.Tracer) RegistryOption {\n\treturn func(o *options) {\n\t\to.replaceTracer = f\n\t}\n}\n\ntype NewStrategy func(deps any) any\n\n// WithReplaceStrategies adds a strategy to the registry. This is useful if you want to\n// add a custom strategy to the registry. Default strategies with the same\n// name/ID will be overwritten.\nfunc WithReplaceStrategies(s ...NewStrategy) RegistryOption {\n\treturn func(o *options) {\n\t\to.replacementStrategies = append(o.replacementStrategies, s...)\n\t}\n}\n\nfunc WithExtraHooks(hooks map[string]func(config.SelfServiceHook) any) RegistryOption {\n\treturn func(o *options) {\n\t\to.extraHooks = hooks\n\t}\n}\n\ntype NewHandler func(deps any) x.Handler\n\nfunc WithExtraHandlers(handlers ...NewHandler) RegistryOption {\n\treturn func(o *options) {\n\t\to.extraHandlers = handlers\n\t}\n}\n\nfunc Inspect(f func(reg Registry) error) RegistryOption {\n\treturn func(o *options) {\n\t\to.inspect = f\n\t}\n}\n\nfunc WithExtraMigrations(m ...fs.FS) RegistryOption {\n\treturn func(o *options) {\n\t\to.extraMigrations = append(o.extraMigrations, m...)\n\t}\n}\n\nfunc WithExtraGoMigrations(m ...popx.Migration) RegistryOption {\n\treturn func(o *options) {\n\t\to.extraGoMigrations = append(o.extraGoMigrations, m...)\n\t}\n}\n\nfunc WithDisabledMigrationLogging() RegistryOption {\n\treturn func(o *options) {\n\t\to.disableMigrationLogging = true\n\t}\n}\n\nfunc WithServiceLocatorOptions(opts ...servicelocatorx.Option) RegistryOption {\n\treturn func(o *options) {\n\t\to.serviceLocatorOptions = append(o.serviceLocatorOptions, opts...)\n\t}\n}\n\nfunc newOptions(os []RegistryOption) *options {\n\to := new(options)\n\tfor _, f := range os {\n\t\tf(o)\n\t}\n\treturn o\n}\n" }, { "path": "driver/registry_default.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"net/http\"\n\t\"strings\"\n\t\"sync\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/cenkalti/backoff\"\n\t\"github.com/dgraph-io/ristretto/v2\"\n\t\"github.com/gorilla/sessions\"\n\t\"github.com/hashicorp/go-retryablehttp\"\n\t\"github.com/lestrrat-go/jwx/jwk\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/urfave/negroni\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/cipher\"\n\t\"github.com/ory/kratos/continuity\"\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/kratos/hydra\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence\"\n\t\"github.com/ory/kratos/persistence/sql\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/selfservice/errorx\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/kratos/selfservice/flow/logout\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/hook\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/kratos/selfservice/strategy/idfirst\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n\t\"github.com/ory/kratos/selfservice/strategy/lookup\"\n\t\"github.com/ory/kratos/selfservice/strategy/oidc\"\n\t\"github.com/ory/kratos/selfservice/strategy/passkey\"\n\t\"github.com/ory/kratos/selfservice/strategy/password\"\n\t\"github.com/ory/kratos/selfservice/strategy/profile\"\n\t\"github.com/ory/kratos/selfservice/strategy/totp\"\n\t\"github.com/ory/kratos/selfservice/strategy/webauthn\"\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/kratos/x/nosurfx\"\n\t\"github.com/ory/kratos/x/webauthnx\"\n\t\"github.com/ory/nosurf\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/healthx\"\n\t\"github.com/ory/x/httprouterx\"\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/jsonnetsecure\"\n\t\"github.com/ory/x/jwksx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/popx\"\n\t\"github.com/ory/x/prometheusx\"\n\t\"github.com/ory/x/servicelocatorx\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\ntype RegistryDefault struct {\n\tl *logrusx.Logger\n\tc *config.Config\n\n\tctxer contextx.Contextualizer\n\n\tinjectedSelfserviceHooks map[string]func(config.SelfServiceHook) interface{}\n\textraHandlerFactories []NewHandler\n\textraHandlers []x.Handler\n\tslOptions *servicelocatorx.Options\n\n\tnosurf nosurf.Handler\n\ttrc *otelx.Tracer\n\twriter herodot.Writer\n\thealthxHandler *healthx.Handler\n\n\tpersister persistence.Persister\n\tmigrationStatus popx.MigrationStatuses\n\n\thookVerifier *hook.Verifier\n\thookSessionIssuer *hook.SessionIssuer\n\thookSessionDestroyer *hook.SessionDestroyer\n\thookAddressVerifier *hook.AddressVerifier\n\thookShowVerificationUI *hook.ShowVerificationUIHook\n\n\tidentityHandler *identity.Handler\n\tidentityValidator *identity.Validator\n\tidentityManager *identity.Manager\n\tidentitySchemaProvider schema.IdentitySchemaProvider\n\n\tcourierHandler *courier.Handler\n\n\tcontinuityManager continuity.Manager\n\n\tschemaHandler *schema.Handler\n\n\tsessionHandler *session.Handler\n\tsessionManager session.Manager\n\tsessionTokenizer initOnce[*session.Tokenizer]\n\n\tpasswordHasher initOnce[hash.Hasher]\n\tpasswordValidator initOnce[password.Validator]\n\n\tcrypter initOnce[cipher.Cipher]\n\n\terrorHandler *errorx.Handler\n\terrorManager *errorx.Manager\n\n\tselfserviceRegistrationExecutor *registration.HookExecutor\n\tselfserviceRegistrationHandler *registration.Handler\n\tseflserviceRegistrationErrorHandler *registration.ErrorHandler\n\tselfserviceRegistrationRequestErrorHandler *registration.ErrorHandler\n\n\tselfserviceLoginExecutor *login.HookExecutor\n\tselfserviceLoginHandler *login.Handler\n\tselfserviceLoginRequestErrorHandler *login.ErrorHandler\n\n\tselfserviceSettingsHandler *settings.Handler\n\tselfserviceSettingsErrorHandler *settings.ErrorHandler\n\tselfserviceSettingsExecutor *settings.HookExecutor\n\n\tselfserviceVerifyErrorHandler *verification.ErrorHandler\n\tselfserviceVerifyManager *identity.Manager\n\tselfserviceVerifyHandler *verification.Handler\n\tselfserviceVerificationExecutor *verification.HookExecutor\n\n\tselfserviceLinkSender *link.Sender\n\tselfserviceCodeSender *code.Sender\n\n\tselfserviceRecoveryErrorHandler *recovery.ErrorHandler\n\tselfserviceRecoveryHandler *recovery.Handler\n\tselfserviceRecoveryExecutor *recovery.HookExecutor\n\n\tselfserviceLogoutHandler *logout.Handler\n\n\tselfserviceStrategies []any\n\treplacementSelfserviceStrategies []NewStrategy\n\n\thydra initOnce[hydra.Hydra]\n\n\tcsrfTokenGenerator nosurfx.CSRFToken\n\n\tjsonnetVMProvider initOnce[jsonnetsecure.VMProvider]\n\tjsonnetPool jsonnetsecure.Pool\n\tjwkFetcher initOnce[*jwksx.FetcherNext]\n}\n\nfunc (m *RegistryDefault) JsonnetVM(ctx context.Context) (jsonnetsecure.VM, error) {\n\treturn m.jsonnetVMProvider.Get(func() jsonnetsecure.VMProvider {\n\t\treturn &jsonnetsecure.DefaultProvider{Subcommand: \"jsonnet\", Pool: m.jsonnetPool}\n\t}).JsonnetVM(ctx)\n}\n\nfunc (m *RegistryDefault) Audit() *logrusx.Logger {\n\treturn m.Logger().WithField(\"audience\", \"audit\")\n}\n\nfunc (m *RegistryDefault) RegisterPublicRoutes(ctx context.Context, router *httprouterx.RouterPublic) {\n\tfor _, h := range m.ExtraHandlers() {\n\t\th.RegisterPublicRoutes(router)\n\t}\n\tm.LoginHandler().RegisterPublicRoutes(router)\n\tm.RegistrationHandler().RegisterPublicRoutes(router)\n\tm.LogoutHandler().RegisterPublicRoutes(router)\n\tm.SettingsHandler().RegisterPublicRoutes(router)\n\tm.IdentityHandler().RegisterPublicRoutes(router)\n\tm.CourierHandler().RegisterPublicRoutes(router)\n\tm.SessionHandler().RegisterPublicRoutes(router)\n\tm.SelfServiceErrorHandler().RegisterPublicRoutes(router)\n\tm.SchemaHandler().RegisterPublicRoutes(router)\n\n\tm.RecoveryHandler().RegisterPublicRoutes(router)\n\n\tm.VerificationHandler().RegisterPublicRoutes(router)\n\n\tm.HealthHandler(ctx).SetHealthRoutes(router, false)\n\twebauthnx.RegisterWebauthnRoute(router)\n\n\tfor _, s := range m.selfServiceStrategies() {\n\t\ts, ok := s.(x.PublicHandler)\n\t\tif ok {\n\t\t\ts.RegisterPublicRoutes(router)\n\t\t}\n\t}\n}\n\nfunc (m *RegistryDefault) RegisterAdminRoutes(ctx context.Context, router *httprouterx.RouterAdmin) {\n\tfor _, h := range m.ExtraHandlers() {\n\t\th.RegisterAdminRoutes(router)\n\t}\n\tm.RegistrationHandler().RegisterAdminRoutes(router)\n\tm.LoginHandler().RegisterAdminRoutes(router)\n\tm.LogoutHandler().RegisterAdminRoutes(router)\n\tm.SchemaHandler().RegisterAdminRoutes(router)\n\tm.SettingsHandler().RegisterAdminRoutes(router)\n\tm.IdentityHandler().RegisterAdminRoutes(router)\n\tm.CourierHandler().RegisterAdminRoutes(router)\n\tm.SelfServiceErrorHandler().RegisterAdminRoutes(router)\n\n\tm.RecoveryHandler().RegisterAdminRoutes(router)\n\tm.SessionHandler().RegisterAdminRoutes(router)\n\n\tm.VerificationHandler().RegisterAdminRoutes(router)\n\n\tm.HealthHandler(ctx).SetHealthRoutes(router, true)\n\tm.HealthHandler(ctx).SetVersionRoutes(router)\n\tprometheusx.SetMuxRoutes(router)\n\tconfig.RegisterConfigHashRoute(m, router)\n\n\tfor _, s := range m.selfServiceStrategies() {\n\t\ts, ok := s.(x.AdminHandler)\n\t\tif ok {\n\t\t\ts.RegisterAdminRoutes(router)\n\t\t}\n\t}\n}\n\nfunc (m *RegistryDefault) HTTPMiddlewares() []negroni.Handler {\n\treturn m.slOptions.HTTPMiddlewares()\n}\n\nfunc NewRegistryDefault() *RegistryDefault {\n\tr := &RegistryDefault{\n\t\ttrc: otelx.NewNoop(),\n\t\tslOptions: &servicelocatorx.Options{},\n\t}\n\tr.initCheapMembers()\n\n\treturn r\n}\n\nfunc (m *RegistryDefault) SetLogger(l *logrusx.Logger) {\n\tm.l = l\n}\n\nfunc (m *RegistryDefault) SetJSONNetVMProvider(p jsonnetsecure.VMProvider) {\n\tm.jsonnetVMProvider.Set(p)\n}\n\nfunc (m *RegistryDefault) LogoutHandler() *logout.Handler {\n\tif m.selfserviceLogoutHandler == nil {\n\t\tm.selfserviceLogoutHandler = logout.NewHandler(m)\n\t}\n\treturn m.selfserviceLogoutHandler\n}\n\nfunc (m *RegistryDefault) HealthHandler(_ context.Context) *healthx.Handler {\n\tif m.healthxHandler == nil {\n\t\tm.healthxHandler = healthx.NewHandler(m.Writer(), config.Version,\n\t\t\thealthx.ReadyCheckers{\n\t\t\t\t\"database\": func(r *http.Request) error {\n\t\t\t\t\treturn m.PingContext(r.Context())\n\t\t\t\t},\n\t\t\t\t\"migrations\": func(r *http.Request) error {\n\t\t\t\t\tif m.migrationStatus != nil && !m.migrationStatus.HasPending() {\n\t\t\t\t\t\treturn nil\n\t\t\t\t\t}\n\n\t\t\t\t\tstatus, err := m.Persister().MigrationStatus(r.Context())\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tif status.HasPending() {\n\t\t\t\t\t\treturn errors.Errorf(\"migrations have not yet been fully applied\")\n\t\t\t\t\t}\n\n\t\t\t\t\tm.migrationStatus = status\n\t\t\t\t\treturn nil\n\t\t\t\t},\n\t\t\t})\n\t}\n\n\treturn m.healthxHandler\n}\n\nfunc (m *RegistryDefault) WithCSRFHandler(c nosurf.Handler) {\n\tm.nosurf = c\n}\n\nfunc (m *RegistryDefault) CSRFHandler() nosurf.Handler {\n\tif m.nosurf == nil {\n\t\tpanic(\"csrf handler is not set\")\n\t}\n\treturn m.nosurf\n}\n\nfunc (m *RegistryDefault) Config() *config.Config {\n\tif m.c == nil {\n\t\tpanic(\"configuration not set\")\n\t}\n\treturn m.c\n}\n\nfunc (m *RegistryDefault) CourierConfig() config.CourierConfigs {\n\treturn m.Config()\n}\n\nfunc (m *RegistryDefault) selfServiceStrategies() []any {\n\tif len(m.selfserviceStrategies) == 0 {\n\t\tif m.replacementSelfserviceStrategies != nil {\n\t\t\t// Construct self-service strategies from the replacements\n\t\t\tfor _, newStrategy := range m.replacementSelfserviceStrategies {\n\t\t\t\tm.selfserviceStrategies = append(m.selfserviceStrategies, newStrategy(m))\n\t\t\t}\n\t\t} else {\n\t\t\t// Construct the default list of strategies\n\t\t\tm.selfserviceStrategies = []any{\n\t\t\t\tprofile.NewStrategy(m), // <- should remain first\n\t\t\t\tpassword.NewStrategy(m),\n\t\t\t\toidc.NewStrategy(m),\n\t\t\t\tcode.NewStrategy(m),\n\t\t\t\tlink.NewStrategy(m),\n\t\t\t\ttotp.NewStrategy(m),\n\t\t\t\tpasskey.NewStrategy(m),\n\t\t\t\twebauthn.NewStrategy(m),\n\t\t\t\tlookup.NewStrategy(m),\n\t\t\t\tidfirst.NewStrategy(m),\n\t\t\t}\n\t\t}\n\t}\n\n\treturn m.selfserviceStrategies\n}\n\nfunc (m *RegistryDefault) strategyRegistrationEnabled(ctx context.Context, id string) bool {\n\tif id == \"profile\" {\n\t\treturn true\n\t}\n\treturn m.Config().SelfServiceStrategy(ctx, id).Enabled\n}\n\nfunc (m *RegistryDefault) strategyLoginEnabled(ctx context.Context, id string) bool {\n\treturn m.Config().SelfServiceStrategy(ctx, id).Enabled\n}\n\nfunc (m *RegistryDefault) RegistrationStrategies(ctx context.Context, filters ...registration.StrategyFilter) (registrationStrategies registration.Strategies) {\nnextStrategy:\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(registration.Strategy); ok {\n\t\t\tfor _, filter := range filters {\n\t\t\t\tif !filter(s) {\n\t\t\t\t\tcontinue nextStrategy\n\t\t\t\t}\n\t\t\t}\n\t\t\tif m.strategyRegistrationEnabled(ctx, s.ID().String()) {\n\t\t\t\tregistrationStrategies = append(registrationStrategies, s)\n\t\t\t}\n\t\t}\n\t}\n\treturn\n}\n\nfunc (m *RegistryDefault) AllRegistrationStrategies() registration.Strategies {\n\tvar registrationStrategies []registration.Strategy\n\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(registration.Strategy); ok {\n\t\t\tregistrationStrategies = append(registrationStrategies, s)\n\t\t}\n\t}\n\treturn registrationStrategies\n}\n\nfunc (m *RegistryDefault) LoginStrategies(ctx context.Context, filters ...login.StrategyFilter) (loginStrategies login.Strategies) {\nnextStrategy:\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(login.Strategy); ok {\n\t\t\tfor _, filter := range filters {\n\t\t\t\tif !filter(s) {\n\t\t\t\t\tcontinue nextStrategy\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif m.strategyLoginEnabled(ctx, s.ID().String()) {\n\t\t\t\tloginStrategies = append(loginStrategies, s)\n\t\t\t}\n\t\t}\n\t}\n\treturn\n}\n\nfunc (m *RegistryDefault) AllLoginStrategies() login.Strategies {\n\tvar loginStrategies []login.Strategy\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(login.Strategy); ok {\n\t\t\tloginStrategies = append(loginStrategies, s)\n\t\t}\n\t}\n\treturn loginStrategies\n}\n\nfunc (m *RegistryDefault) ActiveCredentialsCounterStrategies(_ context.Context) (activeCredentialsCounterStrategies []identity.ActiveCredentialsCounter) {\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(identity.ActiveCredentialsCounter); ok {\n\t\t\tactiveCredentialsCounterStrategies = append(activeCredentialsCounterStrategies, s)\n\t\t}\n\t}\n\treturn\n}\n\nfunc (m *RegistryDefault) IdentityValidator() *identity.Validator {\n\treturn m.identityValidator\n}\n\nfunc (m *RegistryDefault) SetConfig(c *config.Config) {\n\tm.c = c\n}\n\n// WithSelfserviceStrategies is only available in testing and overrides the\n// selfservice strategies with the given ones.\nfunc (m *RegistryDefault) WithSelfserviceStrategies(t testing.TB, strategies []any) Registry {\n\tif t == nil {\n\t\tpanic(\"Passing selfservice strategies is only supported in testing\")\n\t}\n\tm.selfserviceStrategies = strategies\n\treturn m\n}\n\nfunc (m *RegistryDefault) Writer() herodot.Writer {\n\tif m.writer == nil {\n\t\th := herodot.NewJSONWriter(m.Logger())\n\t\tm.writer = h\n\t}\n\treturn m.writer\n}\n\nfunc (m *RegistryDefault) Logger() *logrusx.Logger {\n\tif m.l == nil {\n\t\tm.l = logrusx.New(\"Ory Kratos\", config.Version)\n\t}\n\treturn m.l\n}\n\nfunc (m *RegistryDefault) IdentityHandler() *identity.Handler {\n\tif m.identityHandler == nil {\n\t\tm.identityHandler = identity.NewHandler(m)\n\t}\n\treturn m.identityHandler\n}\n\nfunc (m *RegistryDefault) CourierHandler() *courier.Handler {\n\tif m.courierHandler == nil {\n\t\tm.courierHandler = courier.NewHandler(m)\n\t}\n\treturn m.courierHandler\n}\n\nfunc (m *RegistryDefault) SchemaHandler() *schema.Handler {\n\tif m.schemaHandler == nil {\n\t\tm.schemaHandler = schema.NewHandler(m)\n\t}\n\treturn m.schemaHandler\n}\n\nfunc (m *RegistryDefault) SessionHandler() *session.Handler {\n\tif m.sessionHandler == nil {\n\t\tm.sessionHandler = session.NewHandler(m)\n\t}\n\treturn m.sessionHandler\n}\n\nfunc (m *RegistryDefault) Cipher(ctx context.Context) cipher.Cipher {\n\treturn m.crypter.Get(func() cipher.Cipher {\n\t\tswitch m.c.CipherAlgorithm(ctx) {\n\t\tcase \"xchacha20-poly1305\":\n\t\t\treturn cipher.NewCryptChaCha20(m.Config())\n\t\tcase \"aes\":\n\t\t\treturn cipher.NewCryptAES(m.Config())\n\t\tdefault:\n\t\t\tm.l.Logger.Warning(\"No encryption configuration found. The default algorithm (noop) will be used, resulting in sensitive data being stored in plaintext\")\n\t\t\treturn cipher.NewNoop()\n\t\t}\n\t})\n}\n\nfunc (m *RegistryDefault) Hasher(ctx context.Context) hash.Hasher {\n\treturn m.passwordHasher.Get(func() hash.Hasher {\n\t\tif m.c.HasherPasswordHashingAlgorithm(ctx) == \"bcrypt\" {\n\t\t\treturn hash.NewHasherBcrypt(m)\n\t\t}\n\t\treturn hash.NewHasherArgon2(m)\n\t})\n}\n\nfunc (m *RegistryDefault) PasswordValidator() password.Validator {\n\tm.passwordValidator.Get(func() password.Validator {\n\t\tval, err := password.NewDefaultPasswordValidatorStrategy(m)\n\t\tif err != nil {\n\t\t\tm.Logger().WithError(err).Fatal(\"could not initialize DefaultPasswordValidator\")\n\t\t}\n\t\treturn val\n\t})\n\treturn m.passwordValidator.value\n}\n\nfunc (m *RegistryDefault) SelfServiceErrorHandler() *errorx.Handler {\n\tif m.errorHandler == nil {\n\t\tm.errorHandler = errorx.NewHandler(m)\n\t}\n\treturn m.errorHandler\n}\n\nfunc (m *RegistryDefault) CookieManager(ctx context.Context) sessions.StoreExact {\n\tvar keys [][]byte\n\tfor _, k := range m.Config().SecretsSession(ctx) {\n\t\tencrypt := sha256.Sum256(k)\n\t\tkeys = append(keys, k, encrypt[:])\n\t}\n\n\tcs := sessions.NewCookieStore(keys...)\n\tcs.Options.Secure = m.Config().SessionCookieSecure(ctx)\n\tcs.Options.HttpOnly = true\n\n\tif domain := m.Config().SessionDomain(ctx); domain != \"\" {\n\t\tcs.Options.Domain = domain\n\t}\n\n\tif path := m.Config().SessionPath(ctx); path != \"\" {\n\t\tcs.Options.Path = path\n\t}\n\n\tif sameSite := m.Config().SessionSameSiteMode(ctx); sameSite != 0 {\n\t\tcs.Options.SameSite = sameSite\n\t}\n\n\tcs.Options.MaxAge = 0\n\tif m.Config().SessionPersistentCookie(ctx) {\n\t\tcs.Options.MaxAge = int(m.Config().SessionLifespan(ctx).Seconds())\n\t\tcs.MaxAge(cs.Options.MaxAge)\n\t}\n\treturn cs\n}\n\nfunc (m *RegistryDefault) ContinuityCookieManager(ctx context.Context) sessions.StoreExact {\n\t// To support hot reloading, this can not be instantiated only once.\n\tcs := sessions.NewCookieStore(m.Config().SecretsSession(ctx)...)\n\tcs.Options.Secure = m.Config().CookieSecure(ctx)\n\tcs.Options.HttpOnly = true\n\tcs.Options.SameSite = http.SameSiteLaxMode\n\treturn cs\n}\n\nfunc (m *RegistryDefault) Tracer(context.Context) *otelx.Tracer {\n\tif m.trc == nil {\n\t\treturn otelx.NewNoop()\n\t}\n\treturn m.trc\n}\n\nfunc (m *RegistryDefault) SetTracer(t *otelx.Tracer) {\n\tm.trc = t\n}\n\nfunc (m *RegistryDefault) SessionManager() session.Manager {\n\treturn m.sessionManager\n}\n\nfunc (m *RegistryDefault) Hydra() hydra.Hydra {\n\treturn m.hydra.Get(func() hydra.Hydra {\n\t\treturn hydra.NewDefaultHydra(m)\n\t})\n}\n\nfunc (m *RegistryDefault) SetHydra(h hydra.Hydra) {\n\tm.hydra.Set(h)\n}\n\nfunc (m *RegistryDefault) SelfServiceErrorManager() *errorx.Manager {\n\treturn m.errorManager\n}\n\nfunc (m *RegistryDefault) Init(ctx context.Context, ctxer contextx.Contextualizer, opts ...RegistryOption) error {\n\tif m.persister != nil {\n\t\t// The DSN connection can not be hot-reloaded!\n\t\tpanic(\"RegistryDefault.Init() must not be called more than once.\")\n\t}\n\n\to := newOptions(opts)\n\n\tm.jsonnetPool = o.jsonnetPool\n\n\tif o.replaceTracer != nil {\n\t\tm.trc = o.replaceTracer(m.trc)\n\t}\n\n\tif o.replacementStrategies != nil {\n\t\tm.replacementSelfserviceStrategies = o.replacementStrategies\n\t}\n\n\tif o.extraHooks != nil {\n\t\tm.WithHooks(o.extraHooks)\n\t}\n\tif o.extraHandlers != nil {\n\t\tm.WithExtraHandlers(o.extraHandlers)\n\t}\n\n\tif o.replaceIdentitySchemaProvider != nil {\n\t\tm.identitySchemaProvider = o.replaceIdentitySchemaProvider(m)\n\t}\n\n\tbc := backoff.NewExponentialBackOff()\n\tbc.MaxElapsedTime = time.Minute * 5\n\tbc.Reset()\n\terr := backoff.Retry(func() error {\n\t\tm.SetContextualizer(ctxer)\n\n\t\tpool, idlePool, connMaxLifetime, connMaxIdleTime, cleanedDSN := sqlcon.ParseConnectionOptions(m.l, m.Config().DSN(ctx))\n\t\tdbOpts := &pop.ConnectionDetails{\n\t\t\tURL: sqlcon.FinalizeDSN(m.l, cleanedDSN),\n\t\t\tIdlePool: idlePool,\n\t\t\tConnMaxLifetime: connMaxLifetime,\n\t\t\tConnMaxIdleTime: connMaxIdleTime,\n\t\t\tPool: pool,\n\t\t\tTracerProvider: m.Tracer(ctx).Provider(),\n\t\t}\n\n\t\tfor _, f := range o.dbOpts {\n\t\t\tf(dbOpts)\n\t\t}\n\n\t\tscheme, _, _ := sqlxx.ExtractSchemeFromDSN(dbOpts.URL)\n\t\tif !dbOpts.AllowMinPool && scheme == \"postgres\" && strings.Contains(dbOpts.URL, \"pool_min_conns=\") {\n\t\t\terr := errors.Errorf(\"attempting to use the option 'pool_min_conns' with Postgres, but the pgxpool connection pool is disabled, this will be rejected by the database: dsn=%s dbOpts.AllowMinPool=%v\", dbOpts.URL, dbOpts.AllowMinPool)\n\t\t\treturn backoff.Permanent(err)\n\t\t}\n\t\tif (scheme == \"sqlite\" || scheme == \"mysql\") && strings.Contains(dbOpts.URL, \"pool_min_conns=\") {\n\t\t\terr := errors.Errorf(\"attempting to use the option 'pool_min_conns' with %s, but connection pooling is not supported for this case: dsn=%s\", scheme, dbOpts.URL)\n\t\t\treturn backoff.Permanent(err)\n\t\t}\n\n\t\tm.Logger().\n\t\t\tWithField(\"pool\", pool).\n\t\t\tWithField(\"idlePool\", idlePool).\n\t\t\tWithField(\"connMaxLifetime\", connMaxLifetime).\n\t\t\tDebug(\"Connecting to SQL Database\")\n\t\tc, err := pop.NewConnection(dbOpts)\n\t\tif err != nil {\n\t\t\tm.Logger().WithError(err).Warnf(\"Unable to connect to database, retrying.\")\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tif err := c.Open(); err != nil {\n\t\t\tm.Logger().WithError(err).Warnf(\"Unable to open database, retrying.\")\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tp, err := sql.NewPersister(m, c,\n\t\t\tsql.WithExtraMigrations(o.extraMigrations...),\n\t\t\tsql.WithExtraGoMigrations(o.extraGoMigrations...),\n\t\t\tsql.WithDisabledLogging(o.disableMigrationLogging))\n\t\tif err != nil {\n\t\t\tm.Logger().WithError(err).Warnf(\"Unable to initialize persister, retrying.\")\n\t\t\treturn err\n\t\t}\n\n\t\tpingCtx, cancel := context.WithTimeout(ctx, 5*time.Second)\n\t\tdefer cancel()\n\t\tif err := c.Store.SQLDB().PingContext(pingCtx); err != nil {\n\t\t\tm.Logger().WithError(err).Warnf(\"Unable to ping database, retrying.\")\n\t\t\treturn err\n\t\t}\n\n\t\t// if dsn is memory we have to run the migrations on every start\n\t\tif dbal.IsMemorySQLite(m.Config().DSN(ctx)) || m.Config().DSN(ctx) == \"memory\" {\n\t\t\tm.Logger().Infoln(\"Ory Kratos is running migrations on every startup as DSN is memory. This means your data is lost when Kratos terminates.\")\n\t\t\tif err := p.MigrateUp(ctx); err != nil {\n\t\t\t\tm.Logger().WithError(err).Warnf(\"Unable to run migrations, retrying.\")\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\tif o.skipNetworkInit {\n\t\t\tm.persister = p\n\t\t\treturn nil\n\t\t}\n\n\t\tnet, err := p.DetermineNetwork(ctx)\n\t\tif err != nil {\n\t\t\tm.Logger().WithError(err).Warnf(\"Unable to determine network, retrying.\")\n\t\t\treturn err\n\t\t}\n\n\t\tm.persister = p.WithNetworkID(net.ID)\n\t\treturn nil\n\t}, bc)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif o.inspect != nil {\n\t\tif err := o.inspect(m); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (m *RegistryDefault) SetPersister(p persistence.Persister) {\n\tm.persister = p\n}\n\nfunc (m *RegistryDefault) Courier(ctx context.Context) (courier.Courier, error) {\n\treturn courier.NewCourier(ctx, m)\n}\n\nfunc (m *RegistryDefault) ContinuityManager() continuity.Manager {\n\treturn m.continuityManager\n}\n\nfunc (m *RegistryDefault) Persister() persistence.Persister { return m.persister }\nfunc (m *RegistryDefault) ContinuityPersister() continuity.Persister { return m.persister }\nfunc (m *RegistryDefault) IdentityPool() identity.Pool { return m.persister }\nfunc (m *RegistryDefault) PrivilegedIdentityPool() identity.PrivilegedPool { return m.persister }\nfunc (m *RegistryDefault) RegistrationFlowPersister() registration.FlowPersister { return m.persister }\nfunc (m *RegistryDefault) RecoveryFlowPersister() recovery.FlowPersister { return m.persister }\nfunc (m *RegistryDefault) LoginFlowPersister() login.FlowPersister { return m.persister }\nfunc (m *RegistryDefault) SettingsFlowPersister() settings.FlowPersister { return m.persister }\nfunc (m *RegistryDefault) SelfServiceErrorPersister() errorx.Persister { return m.persister }\nfunc (m *RegistryDefault) SessionPersister() session.Persister { return m.persister }\nfunc (m *RegistryDefault) CourierPersister() courier.Persister { return m.persister }\nfunc (m *RegistryDefault) RecoveryTokenPersister() link.RecoveryTokenPersister { return m.persister }\nfunc (m *RegistryDefault) RecoveryCodePersister() code.RecoveryCodePersister { return m.persister }\nfunc (m *RegistryDefault) LoginCodePersister() code.LoginCodePersister { return m.persister }\nfunc (m *RegistryDefault) VerificationTokenPersister() link.VerificationTokenPersister {\n\treturn m.persister\n}\nfunc (m *RegistryDefault) VerificationCodePersister() code.VerificationCodePersister {\n\treturn m.persister\n}\nfunc (m *RegistryDefault) RegistrationCodePersister() code.RegistrationCodePersister {\n\treturn m.persister\n}\nfunc (m *RegistryDefault) TransactionalPersisterProvider() x.TransactionalPersister {\n\treturn m.persister\n}\n\nfunc (m *RegistryDefault) PingContext(ctx context.Context) error {\n\treturn m.persister.Ping(ctx)\n}\n\nfunc (m *RegistryDefault) Ping() error {\n\treturn m.persister.Ping(context.Background())\n}\n\nfunc (m *RegistryDefault) WithCSRFTokenGenerator(cg nosurfx.CSRFToken) {\n\tm.csrfTokenGenerator = cg\n}\n\nfunc (m *RegistryDefault) GenerateCSRFToken(r *http.Request) string {\n\tif m.csrfTokenGenerator == nil {\n\t\tm.csrfTokenGenerator = nosurfx.DefaultCSRFToken\n\t}\n\treturn m.csrfTokenGenerator(r)\n}\n\nfunc (m *RegistryDefault) IdentityManager() *identity.Manager {\n\treturn m.identityManager\n}\n\nfunc (m *RegistryDefault) HTTPClient(_ context.Context, opts ...httpx.ResilientOptions) *retryablehttp.Client {\n\topts = append([]httpx.ResilientOptions{\n\t\thttpx.ResilientClientWithLogger(m.Logger()),\n\t\thttpx.ResilientClientWithMaxRetry(2),\n\t\thttpx.ResilientClientWithConnectionTimeout(30 * time.Second),\n\t}, opts...)\n\n\t// One of the few exceptions, this usually should not be hot reloaded.\n\tif m.Config().ClientHTTPNoPrivateIPRanges(contextx.RootContext) {\n\t\topts = append(\n\t\t\topts,\n\t\t\thttpx.ResilientClientDisallowInternalIPs(),\n\t\t\t// One of the few exceptions, this usually should not be hot reloaded.\n\t\t\thttpx.ResilientClientAllowInternalIPRequestsTo(m.Config().ClientHTTPPrivateIPExceptionURLs(contextx.RootContext)...),\n\t\t)\n\t}\n\treturn httpx.NewResilientClient(opts...)\n}\n\nfunc (m *RegistryDefault) SetContextualizer(ctxer contextx.Contextualizer) {\n\tm.ctxer = ctxer\n}\n\nfunc (m *RegistryDefault) Contextualizer() contextx.Contextualizer {\n\tif m.ctxer == nil {\n\t\tpanic(\"registry Contextualizer not set\")\n\t}\n\treturn m.ctxer\n}\n\nfunc (m *RegistryDefault) JWKSFetcher() *jwksx.FetcherNext {\n\treturn m.jwkFetcher.Get(func() *jwksx.FetcherNext {\n\t\tmaxItems := int64(10_000_000)\n\t\tcache, _ := ristretto.NewCache(&ristretto.Config[[]byte, jwk.Set]{\n\t\t\tNumCounters: maxItems * 10,\n\t\t\tMaxCost: maxItems,\n\t\t\tBufferItems: 64,\n\t\t\tMetrics: true,\n\t\t\tIgnoreInternalCost: true,\n\t\t\tCost: func(value jwk.Set) int64 {\n\t\t\t\treturn 1\n\t\t\t},\n\t\t})\n\t\treturn jwksx.NewFetcherNext(cache)\n\t})\n}\n\nfunc (m *RegistryDefault) SessionTokenizer() *session.Tokenizer {\n\treturn m.sessionTokenizer.Get(func() *session.Tokenizer { return session.NewTokenizer(m) })\n}\n\nfunc (m *RegistryDefault) ExtraHandlers() []x.Handler {\n\tif m.extraHandlers == nil {\n\t\tfor _, newHandler := range m.extraHandlerFactories {\n\t\t\tm.extraHandlers = append(m.extraHandlers, newHandler(m))\n\t\t}\n\t}\n\treturn m.extraHandlers\n}\n\n// initCheapMembers initializes members that are cheap to initialize.\nfunc (m *RegistryDefault) initCheapMembers() {\n\tm.identityValidator = identity.NewValidator(m)\n\tm.identityManager = identity.NewManager(m)\n\tm.sessionManager = session.NewManagerHTTP(m)\n\tm.errorManager = errorx.NewManager(m)\n\tm.continuityManager = continuity.NewManagerCookie(m)\n}\n\ntype initOnce[T any] struct {\n\tvalue T\n\tinit sync.Once\n}\n\n// Set sets the value of the initOnce, marking it as initialized.\nfunc (o *initOnce[T]) Set(val T) {\n\t// We need to both set the value and run the init function to mark the value as\n\t// initialized.\n\to.init.Do(func() { o.value = val })\n\to.value = val\n}\n\n// Get returns the value of the initOnce, initializing it with newT if it has not\n// been initialized yet. `newT` is only called once, even if Get is called\n// concurrently from multiple goroutines or with different `newT` functions.\nfunc (o *initOnce[T]) Get(newT func() T) T {\n\to.init.Do(func() { o.value = newT() })\n\treturn o.value\n}\n" }, { "path": "driver/registry_default_hooks.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/request\"\n\t\"github.com/ory/kratos/selfservice/hook\"\n)\n\nfunc (m *RegistryDefault) HookVerifier() *hook.Verifier {\n\tif m.hookVerifier == nil {\n\t\tm.hookVerifier = hook.NewVerifier(m)\n\t}\n\treturn m.hookVerifier\n}\n\nfunc (m *RegistryDefault) HookSessionIssuer() *hook.SessionIssuer {\n\tif m.hookSessionIssuer == nil {\n\t\tm.hookSessionIssuer = hook.NewSessionIssuer(m)\n\t}\n\treturn m.hookSessionIssuer\n}\n\nfunc (m *RegistryDefault) HookSessionDestroyer() *hook.SessionDestroyer {\n\tif m.hookSessionDestroyer == nil {\n\t\tm.hookSessionDestroyer = hook.NewSessionDestroyer(m)\n\t}\n\treturn m.hookSessionDestroyer\n}\n\nfunc (m *RegistryDefault) HookAddressVerifier() *hook.AddressVerifier {\n\tif m.hookAddressVerifier == nil {\n\t\tm.hookAddressVerifier = hook.NewAddressVerifier(m)\n\t}\n\treturn m.hookAddressVerifier\n}\n\nfunc (m *RegistryDefault) HookShowVerificationUI() *hook.ShowVerificationUIHook {\n\tif m.hookShowVerificationUI == nil {\n\t\tm.hookShowVerificationUI = hook.NewShowVerificationUIHook(m)\n\t}\n\treturn m.hookShowVerificationUI\n}\n\nfunc (m *RegistryDefault) WithHooks(hooks map[string]func(config.SelfServiceHook) interface{}) {\n\tm.injectedSelfserviceHooks = hooks\n}\nfunc (m *RegistryDefault) WithExtraHandlers(handlers []NewHandler) {\n\tm.extraHandlerFactories = handlers\n}\n\nfunc getHooks[T any](m *RegistryDefault, credentialsType string, configs []config.SelfServiceHook) ([]T, error) {\n\thooks := make([]T, 0, len(configs))\n\n\tvar addSessionIssuer bool\nallHooksLoop:\n\tfor _, h := range configs {\n\t\tswitch h.Name {\n\t\tcase hook.KeySessionIssuer:\n\t\t\t// The session issuer hook always needs to come last.\n\t\t\taddSessionIssuer = true\n\t\tcase hook.KeySessionDestroyer:\n\t\t\tif h, ok := any(m.HookSessionDestroyer()).(T); ok {\n\t\t\t\thooks = append(hooks, h)\n\t\t\t}\n\t\tcase hook.KeyWebHook:\n\t\t\tcfg := request.Config{}\n\t\t\tif err := json.Unmarshal(h.Config, &cfg); err != nil {\n\t\t\t\tm.l.WithError(err).WithField(\"raw_config\", string(h.Config)).Error(\"failed to unmarshal hook configuration, ignoring hook\")\n\t\t\t\treturn nil, errors.WithStack(fmt.Errorf(\"failed to unmarshal webhook configuration for %s: %w\", credentialsType, err))\n\t\t\t}\n\t\t\tif h, ok := any(hook.NewWebHook(m, &cfg)).(T); ok {\n\t\t\t\thooks = append(hooks, h)\n\t\t\t}\n\t\tcase hook.KeyRequireVerifiedAddress:\n\t\t\tif h, ok := any(m.HookAddressVerifier()).(T); ok {\n\t\t\t\thooks = append(hooks, h)\n\t\t\t}\n\t\tcase hook.KeyVerificationUI:\n\t\t\tif h, ok := any(m.HookShowVerificationUI()).(T); ok {\n\t\t\t\thooks = append(hooks, h)\n\t\t\t}\n\t\tcase hook.KeyVerifier:\n\t\t\tif h, ok := any(m.HookVerifier()).(T); ok {\n\t\t\t\thooks = append(hooks, h)\n\t\t\t}\n\t\tdefault:\n\t\t\tfor name, m := range m.injectedSelfserviceHooks {\n\t\t\t\tif name == h.Name {\n\t\t\t\t\tif h, ok := m(h).(T); ok {\n\t\t\t\t\t\thooks = append(hooks, h)\n\t\t\t\t\t}\n\t\t\t\t\tcontinue allHooksLoop\n\t\t\t\t}\n\t\t\t}\n\t\t\tm.l.\n\t\t\t\tWithField(\"for\", credentialsType).\n\t\t\t\tWithField(\"hook\", h.Name).\n\t\t\t\tWarn(\"A configuration for a non-existing hook was found and will be ignored.\")\n\t\t}\n\t}\n\tif addSessionIssuer {\n\t\tif h, ok := any(m.HookSessionIssuer()).(T); ok {\n\t\t\thooks = append(hooks, h)\n\t\t}\n\t}\n\n\treturn hooks, nil\n}\n" }, { "path": "driver/registry_default_login.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n)\n\nfunc (m *RegistryDefault) LoginHookExecutor() *login.HookExecutor {\n\tif m.selfserviceLoginExecutor == nil {\n\t\tm.selfserviceLoginExecutor = login.NewHookExecutor(m)\n\t}\n\treturn m.selfserviceLoginExecutor\n}\n\nfunc (m *RegistryDefault) PreLoginHooks(ctx context.Context) ([]login.PreHookExecutor, error) {\n\treturn getHooks[login.PreHookExecutor](m, \"\", m.Config().SelfServiceFlowLoginBeforeHooks(ctx))\n}\n\nfunc (m *RegistryDefault) PostLoginHooks(ctx context.Context, credentialsType identity.CredentialsType) ([]login.PostHookExecutor, error) {\n\thooks, err := getHooks[login.PostHookExecutor](m, string(credentialsType), m.Config().SelfServiceFlowLoginAfterHooks(ctx, string(credentialsType)))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif len(hooks) > 0 {\n\t\treturn hooks, nil\n\t}\n\n\t// since we don't want merging hooks defined in a specific strategy and global hooks\n\t// global hooks are added only if no strategy specific hooks are defined\n\treturn getHooks[login.PostHookExecutor](m, config.HookGlobal, m.Config().SelfServiceFlowLoginAfterHooks(ctx, config.HookGlobal))\n}\n\nfunc (m *RegistryDefault) LoginHandler() *login.Handler {\n\tif m.selfserviceLoginHandler == nil {\n\t\tm.selfserviceLoginHandler = login.NewHandler(m)\n\t}\n\n\treturn m.selfserviceLoginHandler\n}\n\nfunc (m *RegistryDefault) LoginFlowErrorHandler() *login.ErrorHandler {\n\tif m.selfserviceLoginRequestErrorHandler == nil {\n\t\tm.selfserviceLoginRequestErrorHandler = login.NewFlowErrorHandler(m)\n\t}\n\n\treturn m.selfserviceLoginRequestErrorHandler\n}\n" }, { "path": "driver/registry_default_recovery.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n)\n\nfunc (m *RegistryDefault) RecoveryFlowErrorHandler() *recovery.ErrorHandler {\n\tif m.selfserviceRecoveryErrorHandler == nil {\n\t\tm.selfserviceRecoveryErrorHandler = recovery.NewErrorHandler(m)\n\t}\n\n\treturn m.selfserviceRecoveryErrorHandler\n}\n\nfunc (m *RegistryDefault) RecoveryHandler() *recovery.Handler {\n\tif m.selfserviceRecoveryHandler == nil {\n\t\tm.selfserviceRecoveryHandler = recovery.NewHandler(m)\n\t}\n\n\treturn m.selfserviceRecoveryHandler\n}\n\nfunc (m *RegistryDefault) RecoveryStrategies(ctx context.Context) (recoveryStrategies recovery.Strategies) {\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(recovery.Strategy); ok {\n\t\t\tif m.Config().SelfServiceStrategy(ctx, s.RecoveryStrategyID()).Enabled {\n\t\t\t\trecoveryStrategies = append(recoveryStrategies, s)\n\t\t\t}\n\t\t}\n\t}\n\treturn\n}\n\n// GetActiveRecoveryStrategies returns the currently active recovery strategies.\n// It returns a list of all strategies and the specific primary strategy.\n// If no primary recovery strategy has been set, an error is returned.\nfunc (m *RegistryDefault) GetActiveRecoveryStrategies(ctx context.Context) (active recovery.Strategies, primary recovery.Strategy, err error) {\n\tas := m.Config().SelfServiceFlowRecoveryUse(ctx)\n\ts, ps, err := m.RecoveryStrategies(ctx).ActiveStrategies(as)\n\tif err != nil {\n\t\treturn nil, ps, errors.WithStack(herodot.ErrBadRequest.\n\t\t\tWithReasonf(\"You attempted recovery using %s, which is not enabled or does not exist. An administrator needs to enable this recovery method.\", as))\n\t}\n\treturn s, ps, nil\n}\n\nfunc (m *RegistryDefault) AllRecoveryStrategies() (recoveryStrategies recovery.Strategies) {\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(recovery.Strategy); ok {\n\t\t\trecoveryStrategies = append(recoveryStrategies, s)\n\t\t}\n\t}\n\treturn\n}\n\nfunc (m *RegistryDefault) RecoveryExecutor() *recovery.HookExecutor {\n\tif m.selfserviceRecoveryExecutor == nil {\n\t\tm.selfserviceRecoveryExecutor = recovery.NewHookExecutor(m)\n\t}\n\treturn m.selfserviceRecoveryExecutor\n}\n\nfunc (m *RegistryDefault) PreRecoveryHooks(ctx context.Context) ([]recovery.PreHookExecutor, error) {\n\treturn getHooks[recovery.PreHookExecutor](m, \"\", m.Config().SelfServiceFlowRecoveryBeforeHooks(ctx))\n}\n\nfunc (m *RegistryDefault) PostRecoveryHooks(ctx context.Context) ([]recovery.PostHookExecutor, error) {\n\treturn getHooks[recovery.PostHookExecutor](m, config.HookGlobal, m.Config().SelfServiceFlowRecoveryAfterHooks(ctx, config.HookGlobal))\n}\n\nfunc (m *RegistryDefault) CodeSender() *code.Sender {\n\tif m.selfserviceCodeSender == nil {\n\t\tm.selfserviceCodeSender = code.NewSender(m)\n\t}\n\n\treturn m.selfserviceCodeSender\n}\n" }, { "path": "driver/registry_default_registration.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\t\"slices\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n)\n\nfunc (m *RegistryDefault) PostRegistrationPrePersistHooks(ctx context.Context, credentialsType identity.CredentialsType) ([]registration.PostHookPrePersistExecutor, error) {\n\thooks, err := getHooks[registration.PostHookPrePersistExecutor](m, string(credentialsType), m.Config().SelfServiceFlowRegistrationAfterHooks(ctx, string(credentialsType)))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn hooks, nil\n}\n\nfunc (m *RegistryDefault) PostRegistrationPostPersistHooks(ctx context.Context, credentialsType identity.CredentialsType) ([]registration.PostHookPostPersistExecutor, error) {\n\thooks, err := getHooks[registration.PostHookPostPersistExecutor](m, string(credentialsType), m.Config().SelfServiceFlowRegistrationAfterHooks(ctx, string(credentialsType)))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif len(hooks) == 0 {\n\t\t// since we don't want merging hooks defined in a specific strategy and\n\t\t// global hooks are added only if no strategy specific hooks are defined\n\t\thooks, err = getHooks[registration.PostHookPostPersistExecutor](m, config.HookGlobal, m.Config().SelfServiceFlowRegistrationAfterHooks(ctx, config.HookGlobal))\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\t// WARNING - If you remove this, no verification emails / sms will be sent post-registration.\n\tif m.Config().SelfServiceFlowVerificationEnabled(ctx) {\n\t\thooks = slices.Insert(hooks, 0, registration.PostHookPostPersistExecutor(m.HookVerifier()))\n\t}\n\n\treturn hooks, nil\n}\n\nfunc (m *RegistryDefault) PreRegistrationHooks(ctx context.Context) ([]registration.PreHookExecutor, error) {\n\treturn getHooks[registration.PreHookExecutor](m, \"\", m.Config().SelfServiceFlowRegistrationBeforeHooks(ctx))\n}\n\nfunc (m *RegistryDefault) RegistrationExecutor() *registration.HookExecutor {\n\tif m.selfserviceRegistrationExecutor == nil {\n\t\tm.selfserviceRegistrationExecutor = registration.NewHookExecutor(m)\n\t}\n\treturn m.selfserviceRegistrationExecutor\n}\n\nfunc (m *RegistryDefault) RegistrationHookExecutor() *registration.HookExecutor {\n\tif m.selfserviceRegistrationExecutor == nil {\n\t\tm.selfserviceRegistrationExecutor = registration.NewHookExecutor(m)\n\t}\n\treturn m.selfserviceRegistrationExecutor\n}\n\nfunc (m *RegistryDefault) RegistrationErrorHandler() *registration.ErrorHandler {\n\tif m.seflserviceRegistrationErrorHandler == nil {\n\t\tm.seflserviceRegistrationErrorHandler = registration.NewErrorHandler(m)\n\t}\n\treturn m.seflserviceRegistrationErrorHandler\n}\n\nfunc (m *RegistryDefault) RegistrationHandler() *registration.Handler {\n\tif m.selfserviceRegistrationHandler == nil {\n\t\tm.selfserviceRegistrationHandler = registration.NewHandler(m)\n\t}\n\n\treturn m.selfserviceRegistrationHandler\n}\n\nfunc (m *RegistryDefault) RegistrationFlowErrorHandler() *registration.ErrorHandler {\n\tif m.selfserviceRegistrationRequestErrorHandler == nil {\n\t\tm.selfserviceRegistrationRequestErrorHandler = registration.NewErrorHandler(m)\n\t}\n\n\treturn m.selfserviceRegistrationRequestErrorHandler\n}\n" }, { "path": "driver/registry_default_schemas.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/schema\"\n)\n\nfunc (m *RegistryDefault) IdentityTraitsSchemas(ctx context.Context) (schema.IdentitySchemaList, error) {\n\tif m.identitySchemaProvider == nil {\n\t\tm.identitySchemaProvider = schema.NewDefaultIdentityTraitsProvider(m)\n\t}\n\treturn m.identitySchemaProvider.IdentityTraitsSchemas(ctx)\n}\n" }, { "path": "driver/registry_default_schemas_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/x/urlx\"\n)\n\nfunc TestRegistryDefault_IdentityTraitsSchemas(t *testing.T) {\n\tctx := context.Background()\n\n\tconf, reg := pkg.NewFastRegistryWithMocks(t)\n\tdefaultSchema := schema.Schema{\n\t\tID: \"default\",\n\t\tURL: urlx.ParseOrPanic(\"file://default.schema.json\"),\n\t\tRawURL: \"file://default.schema.json\",\n\t}\n\taltSchema := schema.Schema{\n\t\tID: \"alt\",\n\t\tURL: urlx.ParseOrPanic(\"file://other.schema.json\"),\n\t\tRawURL: \"file://other.schema.json\",\n\t}\n\n\tconf.MustSet(ctx, config.ViperKeyIdentitySchemas, []config.Schema{\n\t\t{ID: altSchema.ID, URL: altSchema.RawURL},\n\t\t{ID: defaultSchema.ID, URL: defaultSchema.RawURL},\n\t})\n\n\tss, err := reg.IdentityTraitsSchemas(context.Background())\n\trequire.NoError(t, err)\n\tassert.Equal(t, 2, ss.Total())\n\tassert.Contains(t, ss, defaultSchema)\n\tassert.Contains(t, ss, altSchema)\n}\n" }, { "path": "driver/registry_default_sessiontokenexchange.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport \"github.com/ory/kratos/selfservice/sessiontokenexchange\"\n\nfunc (m *RegistryDefault) SessionTokenExchangePersister() sessiontokenexchange.Persister {\n\treturn m.Persister()\n}\n" }, { "path": "driver/registry_default_settings.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\t\"slices\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n)\n\nfunc (m *RegistryDefault) PostSettingsPrePersistHooks(ctx context.Context, settingsType string) ([]settings.PostHookPrePersistExecutor, error) {\n\treturn getHooks[settings.PostHookPrePersistExecutor](m, settingsType, m.Config().SelfServiceFlowSettingsAfterHooks(ctx, settingsType))\n}\n\nfunc (m *RegistryDefault) PreSettingsHooks(ctx context.Context) ([]settings.PreHookExecutor, error) {\n\treturn getHooks[settings.PreHookExecutor](m, \"\", m.Config().SelfServiceFlowSettingsBeforeHooks(ctx))\n}\n\nfunc (m *RegistryDefault) PostSettingsPostPersistHooks(ctx context.Context, settingsType string) ([]settings.PostHookPostPersistExecutor, error) {\n\thooks, err := getHooks[settings.PostHookPostPersistExecutor](m, settingsType, m.Config().SelfServiceFlowSettingsAfterHooks(ctx, settingsType))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif len(hooks) == 0 {\n\t\t// since we don't want merging hooks defined in a specific strategy and\n\t\t// global hooks are added only if no strategy specific hooks are defined\n\t\thooks, err = getHooks[settings.PostHookPostPersistExecutor](m, config.HookGlobal, m.Config().SelfServiceFlowSettingsAfterHooks(ctx, config.HookGlobal))\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tif m.Config().SelfServiceFlowVerificationEnabled(ctx) {\n\t\thooks = slices.Insert(hooks, 0, settings.PostHookPostPersistExecutor(m.HookVerifier()))\n\t}\n\n\treturn hooks, nil\n}\n\nfunc (m *RegistryDefault) SettingsHookExecutor() *settings.HookExecutor {\n\tif m.selfserviceSettingsExecutor == nil {\n\t\tm.selfserviceSettingsExecutor = settings.NewHookExecutor(m)\n\t}\n\treturn m.selfserviceSettingsExecutor\n}\n\nfunc (m *RegistryDefault) SettingsHandler() *settings.Handler {\n\tif m.selfserviceSettingsHandler == nil {\n\t\tm.selfserviceSettingsHandler = settings.NewHandler(m)\n\t}\n\treturn m.selfserviceSettingsHandler\n}\n\nfunc (m *RegistryDefault) SettingsFlowErrorHandler() *settings.ErrorHandler {\n\tif m.selfserviceSettingsErrorHandler == nil {\n\t\tm.selfserviceSettingsErrorHandler = settings.NewErrorHandler(m)\n\t}\n\treturn m.selfserviceSettingsErrorHandler\n}\n\nfunc (m *RegistryDefault) SettingsStrategies(ctx context.Context) (profileStrategies settings.Strategies) {\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(settings.Strategy); ok {\n\t\t\tif m.Config().SelfServiceStrategy(ctx, s.SettingsStrategyID()).Enabled {\n\t\t\t\tprofileStrategies = append(profileStrategies, s)\n\t\t\t}\n\t\t}\n\t}\n\treturn\n}\n\nfunc (m *RegistryDefault) AllSettingsStrategies() settings.Strategies {\n\tvar profileStrategies []settings.Strategy\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(settings.Strategy); ok {\n\t\t\tprofileStrategies = append(profileStrategies, s)\n\t\t}\n\t}\n\treturn profileStrategies\n}\n" }, { "path": "driver/registry_default_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver_test\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/logrusx\"\n\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/request\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/hook\"\n)\n\nfunc TestDriverDefault_Hooks(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"type=verification\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t// BEFORE hooks\n\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []verification.PreHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []verification.PreHookExecutor {\n\t\t\t\t\treturn []verification.PreHookExecutor{}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationBeforeHooks: []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []verification.PreHookExecutor {\n\t\t\t\t\treturn []verification.PreHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"before/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\th, err := reg.PreVerificationHooks(ctx)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\n\t\t// AFTER hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tprep func(conf *config.Config)\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []verification.PostHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\tprep: func(conf *config.Config) {},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []verification.PostHookExecutor {\n\t\t\t\t\treturn []verification.PostHookExecutor{}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Multiple web_hooks configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []verification.PostHookExecutor {\n\t\t\t\t\treturn []verification.PostHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"after/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\th, err := reg.PostVerificationHooks(ctx)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"type=recovery\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t// BEFORE hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []recovery.PreHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []recovery.PreHookExecutor { return []recovery.PreHookExecutor{} },\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceRecoveryBeforeHooks: []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []recovery.PreHookExecutor {\n\t\t\t\t\treturn []recovery.PreHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"before/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PreRecoveryHooks(ctx)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\n\t\t// AFTER hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []recovery.PostHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []recovery.PostHookExecutor { return []recovery.PostHookExecutor{} },\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Multiple web_hooks configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceRecoveryAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []recovery.PostHookExecutor {\n\t\t\t\t\treturn []recovery.PostHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"after/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PostRecoveryHooks(ctx)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"type=registration\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t// BEFORE hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []registration.PreHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PreHookExecutor {\n\t\t\t\t\treturn []registration.PreHookExecutor{}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceRegistrationBeforeHooks: []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PreHookExecutor {\n\t\t\t\t\treturn []registration.PreHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"before/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PreRegistrationHooks(ctx)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.EqualValues(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\n\t\t// AFTER hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []registration.PostHookPostPersistExecutor{}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Only session hook configured for password strategy\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationEnabled: true,\n\t\t\t\t\tconfig.ViperKeySelfServiceRegistrationAfter + \".password.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"session\"},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []registration.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewVerifier(reg),\n\t\t\t\t\t\thook.NewSessionIssuer(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"A session hook and a web_hook are configured for password strategy\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationEnabled: true,\n\t\t\t\t\tconfig.ViperKeySelfServiceRegistrationAfter + \".password.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"headers\": map[string]string{\"X-Custom-Header\": \"test\"}, \"url\": \"foo\", \"method\": \"POST\", \"body\": \"bar\"}},\n\t\t\t\t\t\t{\"hook\": \"session\"},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []registration.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewVerifier(reg),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{URL: \"foo\", Method: \"POST\", TemplateURI: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewSessionIssuer(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured on a global level\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceRegistrationAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []registration.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Hooks are configured on a global level, as well as on a strategy level\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceRegistrationAfter + \".password.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"session\"},\n\t\t\t\t\t},\n\t\t\t\t\tconfig.ViperKeySelfServiceRegistrationAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationEnabled: true,\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []registration.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewVerifier(reg),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewSessionIssuer(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"show_verification_ui is configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceRegistrationAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"show_verification_ui\"},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []registration.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []registration.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewShowVerificationUIHook(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"after/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PostRegistrationPostPersistHooks(ctx, identity.CredentialsTypePassword)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"type=login\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t// BEFORE hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []login.PreHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PreHookExecutor { return []login.PreHookExecutor{} },\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginBeforeHooks: []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PreHookExecutor {\n\t\t\t\t\treturn []login.PreHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"before/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PreLoginHooks(ctx)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\n\t\t// AFTER hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []login.PostHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PostHookExecutor { return []login.PostHookExecutor{} },\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Only revoke_active_sessions hook configured for password strategy\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginAfter + \".password.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"revoke_active_sessions\"},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PostHookExecutor {\n\t\t\t\t\treturn []login.PostHookExecutor{\n\t\t\t\t\t\thook.NewSessionDestroyer(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Only require_verified_address hook configured for password strategy\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginAfter + \".password.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"require_verified_address\"},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PostHookExecutor {\n\t\t\t\t\treturn []login.PostHookExecutor{\n\t\t\t\t\t\thook.NewAddressVerifier(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"A revoke_active_sessions hook, require_verified_address hook and a web_hook are configured for password strategy\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginAfter + \".password.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"headers\": map[string]string{\"X-Custom-Header\": \"test\"}, \"url\": \"foo\", \"method\": \"POST\", \"body\": \"bar\"}},\n\t\t\t\t\t\t{\"hook\": \"require_verified_address\"},\n\t\t\t\t\t\t{\"hook\": \"revoke_active_sessions\"},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PostHookExecutor {\n\t\t\t\t\treturn []login.PostHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{TemplateURI: \"bar\", Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewAddressVerifier(reg),\n\t\t\t\t\t\thook.NewSessionDestroyer(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured on a global level\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PostHookExecutor {\n\t\t\t\t\treturn []login.PostHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Hooks are configured on a global level, as well as on a strategy level\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginAfter + \".password.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"revoke_active_sessions\"},\n\t\t\t\t\t\t{\"hook\": \"require_verified_address\"},\n\t\t\t\t\t},\n\t\t\t\t\tconfig.ViperKeySelfServiceLoginAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []login.PostHookExecutor {\n\t\t\t\t\treturn []login.PostHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewSessionDestroyer(reg),\n\t\t\t\t\t\thook.NewAddressVerifier(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"after/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PostLoginHooks(ctx, identity.CredentialsTypePassword)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"type=settings\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t// BEFORE hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []settings.PreHookExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []settings.PreHookExecutor { return []settings.PreHookExecutor{} },\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceSettingsBeforeHooks: []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []settings.PreHookExecutor {\n\t\t\t\t\treturn []settings.PreHookExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"before/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PreSettingsHooks(ctx)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\n\t\t// AFTER hooks\n\t\tfor _, tc := range []struct {\n\t\t\tuc string\n\t\t\tconfig map[string]any\n\t\t\texpect func(reg *driver.RegistryDefault) []settings.PostHookPostPersistExecutor\n\t\t}{\n\t\t\t{\n\t\t\t\tuc: \"No hooks configured\",\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []settings.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []settings.PostHookPostPersistExecutor{}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Only verify hook configured for the strategy\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationEnabled: true,\n\t\t\t\t\t// I think this is a bug as there is a hook named verify defined for both profile and password\n\t\t\t\t\t// strategies. Instead of using it, the code makes use of the property used above and which\n\t\t\t\t\t// is defined in an entirely different flow (verification).\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []settings.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []settings.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewVerifier(reg),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"A verify hook and a web_hook are configured for profile strategy\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceSettingsAfter + \".profile.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"headers\": map[string]string{\"X-Custom-Header\": \"test\"}, \"url\": \"foo\", \"method\": \"POST\", \"body\": \"bar\"}},\n\t\t\t\t\t},\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationEnabled: true,\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []settings.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []settings.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewVerifier(reg),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{TemplateURI: \"bar\", Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Two web_hooks are configured on a global level\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceSettingsAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"bar\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []settings.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []settings.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"POST\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"bar\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tuc: \"Hooks are configured on a global level, as well as on a strategy level\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationEnabled: true,\n\t\t\t\t\tconfig.ViperKeySelfServiceSettingsAfter + \".profile.hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"GET\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t\tconfig.ViperKeySelfServiceSettingsAfter + \".hooks\": []map[string]any{\n\t\t\t\t\t\t{\"hook\": \"web_hook\", \"config\": map[string]any{\"url\": \"foo\", \"method\": \"POST\", \"headers\": map[string]string{\"X-Custom-Header\": \"test\"}}},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: func(reg *driver.RegistryDefault) []settings.PostHookPostPersistExecutor {\n\t\t\t\t\treturn []settings.PostHookPostPersistExecutor{\n\t\t\t\t\t\thook.NewVerifier(reg),\n\t\t\t\t\t\thook.NewWebHook(reg, &request.Config{Method: \"GET\", URL: \"foo\", Headers: map[string]string{\"X-Custom-Header\": \"test\"}}),\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"after/uc=%s\", tc.uc), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\th, err := reg.PostSettingsPostPersistHooks(ctx, \"profile\")\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tassert.Equal(t, tc.expect(reg), h)\n\t\t\t})\n\t\t}\n\t})\n}\n\nfunc TestDriverDefault_Strategies(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\tt.Run(\"case=registration\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tfor _, tc := range []struct {\n\t\t\tname string\n\t\t\tconfig map[string]any\n\t\t\texpect []string\n\t\t}{\n\t\t\t{\n\t\t\t\tname: \"no strategies\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"profile\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"only password\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"profile\", \"password\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"oidc and password\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".oidc.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"profile\", \"password\", \"oidc\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"oidc, password and totp\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".oidc.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".totp.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"profile\", \"password\", \"oidc\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"password and code\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": true,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"profile\", \"password\", \"code\"},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"subcase=%s\", tc.name), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\ts := reg.RegistrationStrategies(ctx)\n\t\t\t\trequire.Len(t, s, len(tc.expect))\n\t\t\t\tfor k, e := range tc.expect {\n\t\t\t\t\tassert.Equal(t, e, s[k].ID().String())\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=login\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\tfor _, tc := range []struct {\n\t\t\tname string\n\t\t\tconfig map[string]any\n\t\t\texpect []string\n\t\t}{\n\t\t\t{\n\t\t\t\tname: \"no strategies\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"only password\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"password\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"oidc and password\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".oidc.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"password\", \"oidc\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"oidc, password and totp\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".oidc.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".totp.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"password\", \"oidc\", \"totp\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"password and code\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": true,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"password\", \"code\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"code is enabled if passwordless_enabled is true\",\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.passwordless_enabled\": true,\n\t\t\t\t},\n\t\t\t\texpect: []string{\"code\"},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"run=%s\", tc.name), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\ts := reg.LoginStrategies(ctx)\n\t\t\t\trequire.Len(t, s, len(tc.expect))\n\t\t\t\tfor k, e := range tc.expect {\n\t\t\t\t\tassert.Equal(t, e, s[k].ID().String())\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=recovery\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tfor k, tc := range []struct {\n\t\t\tconfig map[string]any\n\t\t\texpect []string\n\t\t}{\n\t\t\t{\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".link.enabled\": false,\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tconfig: map[string]any{\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".code.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".link.enabled\": true,\n\t\t\t\t}, expect: []string{\"code\", \"link\"},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"run=%d\", k), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tctx := contextx.WithConfigValues(ctx, tc.config)\n\n\t\t\t\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\t\t\t\ts := reg.RecoveryStrategies(ctx)\n\t\t\t\trequire.Len(t, s, len(tc.expect))\n\t\t\t\tfor k, e := range tc.expect {\n\t\t\t\t\tassert.Equal(t, e, s[k].RecoveryStrategyID())\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=settings\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tl := logrusx.New(\"\", \"\")\n\n\t\tfor k, tc := range []struct {\n\t\t\tconfigOptions []configx.OptionModifier\n\t\t\texpect []string\n\t\t}{\n\t\t\t{\n\t\t\t\tconfigOptions: []configx.OptionModifier{configx.WithValues(map[string]any{\n\t\t\t\t\tconfig.ViperKeyDSN: config.DefaultSQLiteMemoryDSN,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".oidc.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".profile.enabled\": false,\n\t\t\t\t})},\n\t\t\t},\n\t\t\t{\n\t\t\t\tconfigOptions: []configx.OptionModifier{configx.WithValues(map[string]any{\n\t\t\t\t\tconfig.ViperKeyDSN: config.DefaultSQLiteMemoryDSN,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".profile.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": false,\n\t\t\t\t})},\n\t\t\t\texpect: []string{\"profile\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tconfigOptions: []configx.OptionModifier{configx.WithValues(map[string]any{\n\t\t\t\t\tconfig.ViperKeyDSN: config.DefaultSQLiteMemoryDSN,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".profile.enabled\": true,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".password.enabled\": false,\n\t\t\t\t\tconfig.ViperKeySelfServiceStrategyConfig + \".totp.enabled\": true,\n\t\t\t\t})},\n\t\t\t\texpect: []string{\"profile\", \"totp\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tconfigOptions: []configx.OptionModifier{configx.WithValues(map[string]any{\n\t\t\t\t\tconfig.ViperKeyDSN: config.DefaultSQLiteMemoryDSN,\n\t\t\t\t})},\n\t\t\t\texpect: []string{\"profile\", \"password\"},\n\t\t\t},\n\t\t\t{\n\t\t\t\tconfigOptions: []configx.OptionModifier{\n\t\t\t\t\tconfigx.WithConfigFiles(\"../test/e2e/profiles/verification/.kratos.yml\"),\n\t\t\t\t\tconfigx.WithValue(config.ViperKeyDSN, config.DefaultSQLiteMemoryDSN),\n\t\t\t\t},\n\t\t\t\texpect: []string{\"profile\", \"password\"},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"run=%d\", k), func(t *testing.T) {\n\t\t\t\tconf := config.MustNew(t, l, &contextx.Default{}, append(tc.configOptions, configx.SkipValidation())...)\n\n\t\t\t\treg, err := driver.NewRegistryFromDSN(ctx, conf, l)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\ts := reg.SettingsStrategies(ctx)\n\t\t\t\trequire.Len(t, s, len(tc.expect))\n\n\t\t\t\tfor k, e := range tc.expect {\n\t\t\t\t\tassert.Equal(t, e, s[k].SettingsStrategyID())\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\t})\n}\n\nfunc TestDefaultRegistry_AllStrategies(t *testing.T) {\n\tt.Parallel()\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\n\tt.Run(\"case=all login strategies\", func(t *testing.T) {\n\t\texpects := []string{\"password\", \"oidc\", \"code\", \"totp\", \"passkey\", \"webauthn\", \"lookup_secret\", \"identifier_first\"}\n\t\ts := reg.AllLoginStrategies()\n\t\trequire.Len(t, s, len(expects))\n\t\tfor k, e := range expects {\n\t\t\tassert.Equal(t, e, s[k].ID().String())\n\t\t}\n\t})\n\n\tt.Run(\"case=all registration strategies\", func(t *testing.T) {\n\t\texpects := []string{\"profile\", \"password\", \"oidc\", \"code\", \"passkey\", \"webauthn\"}\n\t\ts := reg.AllRegistrationStrategies()\n\t\trequire.Len(t, s, len(expects))\n\t\tfor k, e := range expects {\n\t\t\tassert.Equal(t, e, s[k].ID().String())\n\t\t}\n\t})\n\n\tt.Run(\"case=all settings strategies\", func(t *testing.T) {\n\t\texpects := []string{\"profile\", \"password\", \"oidc\", \"totp\", \"passkey\", \"webauthn\", \"lookup_secret\"}\n\t\ts := reg.AllSettingsStrategies()\n\t\trequire.Len(t, s, len(expects))\n\t\tfor k, e := range expects {\n\t\t\tassert.Equal(t, e, s[k].SettingsStrategyID())\n\t\t}\n\t})\n\n\tt.Run(\"case=all recovery strategies\", func(t *testing.T) {\n\t\texpects := []string{\"code\", \"link\"}\n\t\ts := reg.AllRecoveryStrategies()\n\t\trequire.Len(t, s, len(expects))\n\t\tfor k, e := range expects {\n\t\t\tassert.Equal(t, e, s[k].RecoveryStrategyID())\n\t\t}\n\t})\n}\n\nfunc TestGetActiveRecoveryStrategy(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\n\tt.Run(\"returns error if active strategy is disabled\", func(t *testing.T) {\n\t\tctx := contextx.WithConfigValues(ctx, map[string]any{\n\t\t\t\"selfservice.methods.code.enabled\": false,\n\t\t\tconfig.ViperKeySelfServiceRecoveryUse: \"code\",\n\t\t})\n\n\t\t_, _, err := reg.GetActiveRecoveryStrategies(ctx)\n\t\trequire.Error(t, err)\n\t})\n\n\tt.Run(\"returns active strategies\", func(t *testing.T) {\n\t\tfor _, sID := range []string{\n\t\t\t\"code\", \"link\",\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"strategy=%s\", sID), func(t *testing.T) {\n\t\t\t\tctx := contextx.WithConfigValues(ctx, map[string]any{\n\t\t\t\t\tfmt.Sprintf(\"selfservice.methods.%s.enabled\", sID): true,\n\t\t\t\t\tconfig.ViperKeySelfServiceRecoveryUse: sID,\n\t\t\t\t})\n\n\t\t\t\ts, ps, err := reg.GetActiveRecoveryStrategies(ctx)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, s, 1)\n\t\t\t\trequire.Equal(t, sID, ps.RecoveryStrategyID())\n\t\t\t})\n\t\t}\n\t})\n}\n\nfunc TestGetActiveVerificationStrategy(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\tt.Run(\"returns error if active strategy is disabled\", func(t *testing.T) {\n\t\tctx := contextx.WithConfigValues(ctx, map[string]any{\n\t\t\t\"selfservice.methods.code.enabled\": false,\n\t\t\tconfig.ViperKeySelfServiceVerificationUse: \"code\",\n\t\t})\n\t\t_, _, err := reg.GetActiveVerificationStrategies(ctx)\n\t\trequire.Error(t, err)\n\t})\n\n\tt.Run(\"returns active strategy\", func(t *testing.T) {\n\t\tfor _, sID := range []string{\n\t\t\t\"code\", \"link\",\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"strategy=%s\", sID), func(t *testing.T) {\n\t\t\t\tctx := contextx.WithConfigValues(ctx, map[string]any{\n\t\t\t\t\tfmt.Sprintf(\"selfservice.methods.%s.enabled\", sID): true,\n\t\t\t\t\tconfig.ViperKeySelfServiceVerificationUse: sID,\n\t\t\t\t})\n\n\t\t\t\t_, s, err := reg.GetActiveVerificationStrategies(ctx)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Equal(t, sID, s.VerificationStrategyID())\n\t\t\t})\n\t\t}\n\t})\n}\n" }, { "path": "driver/registry_default_verification.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage driver\n\nimport (\n\t\"context\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n)\n\nfunc (m *RegistryDefault) VerificationFlowPersister() verification.FlowPersister {\n\treturn m.persister\n}\n\nfunc (m *RegistryDefault) VerificationFlowErrorHandler() *verification.ErrorHandler {\n\tif m.selfserviceVerifyErrorHandler == nil {\n\t\tm.selfserviceVerifyErrorHandler = verification.NewErrorHandler(m)\n\t}\n\n\treturn m.selfserviceVerifyErrorHandler\n}\n\nfunc (m *RegistryDefault) VerificationManager() *identity.Manager {\n\tif m.selfserviceVerifyManager == nil {\n\t\tm.selfserviceVerifyManager = identity.NewManager(m)\n\t}\n\n\treturn m.selfserviceVerifyManager\n}\n\nfunc (m *RegistryDefault) VerificationHandler() *verification.Handler {\n\tif m.selfserviceVerifyHandler == nil {\n\t\tm.selfserviceVerifyHandler = verification.NewHandler(m)\n\t}\n\n\treturn m.selfserviceVerifyHandler\n}\n\nfunc (m *RegistryDefault) LinkSender() *link.Sender {\n\tif m.selfserviceLinkSender == nil {\n\t\tm.selfserviceLinkSender = link.NewSender(m)\n\t}\n\n\treturn m.selfserviceLinkSender\n}\n\n// GetActiveVerificationStrategies returns the currently active verification strategies.\n// It returns a list of all strategies and the specific primary strategy.\n// If no primary verification strategy has been set, an error is returned.\nfunc (m *RegistryDefault) GetActiveVerificationStrategies(ctx context.Context) (active verification.Strategies, primary verification.PrimaryStrategy, err error) {\n\tas := m.Config().SelfServiceFlowVerificationUse(ctx)\n\ts, ps, err := m.VerificationStrategies(ctx).ActiveStrategies(as)\n\tif err != nil {\n\t\treturn nil, ps, errors.WithStack(herodot.ErrBadRequest.\n\t\t\tWithReasonf(\"The active verification strategy %s is not enabled. Please enable it in the configuration.\", as))\n\t}\n\treturn s, ps, nil\n}\n\nfunc (m *RegistryDefault) VerificationStrategies(ctx context.Context) (verificationStrategies verification.Strategies) {\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(verification.Strategy); ok {\n\t\t\tif m.Config().SelfServiceStrategy(ctx, s.VerificationStrategyID()).Enabled {\n\t\t\t\tverificationStrategies = append(verificationStrategies, s)\n\t\t\t}\n\t\t}\n\t}\n\treturn\n}\n\nfunc (m *RegistryDefault) AllVerificationStrategies() (verificationStrategies verification.Strategies) {\n\tfor _, strategy := range m.selfServiceStrategies() {\n\t\tif s, ok := strategy.(verification.Strategy); ok {\n\t\t\tverificationStrategies = append(verificationStrategies, s)\n\t\t}\n\t}\n\n\treturn\n}\n\nfunc (m *RegistryDefault) VerificationExecutor() *verification.HookExecutor {\n\tif m.selfserviceVerificationExecutor == nil {\n\t\tm.selfserviceVerificationExecutor = verification.NewHookExecutor(m)\n\t}\n\treturn m.selfserviceVerificationExecutor\n}\n\nfunc (m *RegistryDefault) PreVerificationHooks(ctx context.Context) ([]verification.PreHookExecutor, error) {\n\treturn getHooks[verification.PreHookExecutor](m, \"\", m.Config().SelfServiceFlowVerificationBeforeHooks(ctx))\n}\n\nfunc (m *RegistryDefault) PostVerificationHooks(ctx context.Context) ([]verification.PostHookExecutor, error) {\n\treturn getHooks[verification.PostHookExecutor](m, config.HookGlobal, m.Config().SelfServiceFlowVerificationAfterHooks(ctx, config.HookGlobal))\n}\n" }, { "path": "embedx/config.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/kratos/embedx/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Ory Kratos Configuration\",\n \"type\": \"object\",\n \"definitions\": {\n \"baseUrl\": {\n \"title\": \"Base URL\",\n \"description\": \"The URL where the endpoint is exposed at. This domain is used to generate redirects, form URLs, and more.\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\n \"https://my-app.com/\",\n \"https://my-app.com/.ory/kratos/public\"\n ]\n },\n \"socket\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Sets the permissions of the unix socket\",\n \"properties\": {\n \"owner\": {\n \"type\": \"string\",\n \"description\": \"Owner of unix socket. If empty, the owner will be the user running Kratos.\",\n \"default\": \"\"\n },\n \"group\": {\n \"type\": \"string\",\n \"description\": \"Group of unix socket. If empty, the group will be the primary group of the user running Kratos.\",\n \"default\": \"\"\n },\n \"mode\": {\n \"type\": \"integer\",\n \"description\": \"Mode of unix socket in numeric form\",\n \"default\": 493,\n \"minimum\": 0,\n \"maximum\": 511\n }\n }\n },\n \"defaultReturnTo\": {\n \"title\": \"Redirect browsers to set URL per default\",\n \"description\": \"Ory Kratos redirects to this URL per default on completion of self-service flows and other browser interaction. Read this [article for more information on browser redirects](https://www.ory.sh/kratos/docs/concepts/browser-redirect-flow-completion).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/dashboard\", \"/dashboard\"]\n },\n \"selfServiceSessionRevokerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"revoke_active_sessions\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceSessionIssuerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"session\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceRequireVerifiedAddressHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"require_verified_address\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceVerificationHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"verification\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceShowVerificationUIHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"show_verification_ui\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"b2bSSOHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"enum\": [\"b2b_sso\", \"organization\"]\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\", \"config\"]\n },\n \"webHookAuthBasicAuthProperties\": {\n \"properties\": {\n \"type\": {\n \"const\": \"basic_auth\"\n },\n \"config\": {\n \"type\": \"object\",\n \"properties\": {\n \"user\": {\n \"type\": \"string\",\n \"description\": \"user name for basic auth\"\n },\n \"password\": {\n \"type\": \"string\",\n \"description\": \"password for basic auth\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"user\", \"password\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"type\", \"config\"]\n },\n \"httpRequestConfig\": {\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"title\": \"HTTP address of API endpoint\",\n \"description\": \"This URL will be used to send the emails to.\",\n \"examples\": [\"https://example.com/api/v1/email\"],\n \"type\": \"string\",\n \"pattern\": \"^https?://\"\n },\n \"method\": {\n \"type\": \"string\",\n \"description\": \"The HTTP method to use (GET, POST, etc). Defaults to POST.\",\n \"default\": \"POST\"\n },\n \"headers\": {\n \"type\": \"object\",\n \"description\": \"The HTTP headers that must be applied to request\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"body\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"pattern\": \"^(http|https|file|base64)://\",\n \"description\": \"URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods which support HTTP body payloads\",\n \"default\": \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgcmVjaXBpZW50OiBjdHgucmVjaXBpZW50LAogIHRlbXBsYXRlX3R5cGU6IGN0eC50ZW1wbGF0ZV90eXBlLAogIHRvOiBpZiAidGVtcGxhdGVfZGF0YSIgaW4gY3R4ICYmICJ0byIgaW4gY3R4LnRlbXBsYXRlX2RhdGEgdGhlbiBjdHgudGVtcGxhdGVfZGF0YS50byBlbHNlIG51bGwsCiAgcmVjb3ZlcnlfY29kZTogaWYgInRlbXBsYXRlX2RhdGEiIGluIGN0eCAmJiAicmVjb3ZlcnlfY29kZSIgaW4gY3R4LnRlbXBsYXRlX2RhdGEgdGhlbiBjdHgudGVtcGxhdGVfZGF0YS5yZWNvdmVyeV9jb2RlIGVsc2UgbnVsbCwKICByZWNvdmVyeV91cmw6IGlmICJ0ZW1wbGF0ZV9kYXRhIiBpbiBjdHggJiYgInJlY292ZXJ5X3VybCIgaW4gY3R4LnRlbXBsYXRlX2RhdGEgdGhlbiBjdHgudGVtcGxhdGVfZGF0YS5yZWNvdmVyeV91cmwgZWxzZSBudWxsLAogIHZlcmlmaWNhdGlvbl91cmw6IGlmICJ0ZW1wbGF0ZV9kYXRhIiBpbiBjdHggJiYgInZlcmlmaWNhdGlvbl91cmwiIGluIGN0eC50ZW1wbGF0ZV9kYXRhIHRoZW4gY3R4LnRlbXBsYXRlX2RhdGEudmVyaWZpY2F0aW9uX3VybCBlbHNlIG51bGwsCiAgdmVyaWZpY2F0aW9uX2NvZGU6IGlmICJ0ZW1wbGF0ZV9kYXRhIiBpbiBjdHggJiYgInZlcmlmaWNhdGlvbl9jb2RlIiBpbiBjdHgudGVtcGxhdGVfZGF0YSB0aGVuIGN0eC50ZW1wbGF0ZV9kYXRhLnZlcmlmaWNhdGlvbl9jb2RlIGVsc2UgbnVsbCwKICBzdWJqZWN0OiBjdHguc3ViamVjdCwKICBib2R5OiBjdHguYm9keQp9Cg==\",\n \"examples\": [\n \"file:///path/to/body.jsonnet\",\n \"file://./body.jsonnet\",\n \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=\",\n \"https://oryapis.com/default_body.jsonnet\"\n ]\n },\n \"auth\": {\n \"type\": \"object\",\n \"title\": \"Auth mechanisms\",\n \"description\": \"Define which auth mechanism to use for auth with the HTTP email provider\",\n \"oneOf\": [\n {\n \"$ref\": \"#/definitions/webHookAuthApiKeyProperties\"\n },\n {\n \"$ref\": \"#/definitions/webHookAuthBasicAuthProperties\"\n }\n ]\n },\n \"additionalProperties\": false\n },\n \"additionalProperties\": false\n },\n \"webHookAuthApiKeyProperties\": {\n \"properties\": {\n \"type\": {\n \"const\": \"api_key\"\n },\n \"config\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"string\",\n \"description\": \"The name of the api key\"\n },\n \"value\": {\n \"type\": \"string\",\n \"description\": \"The value of the api key\"\n },\n \"in\": {\n \"type\": \"string\",\n \"description\": \"How the api key should be transferred\",\n \"enum\": [\"header\", \"cookie\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"name\", \"value\", \"in\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"type\", \"config\"]\n },\n \"selfServiceWebHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"web_hook\"\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Web-Hook Configuration\",\n \"description\": \"Define what the hook should do\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"description\": \"The ID of the hook. Used to identify the hook in logs and errors. For debugging purposes only.\"\n },\n \"response\": {\n \"title\": \"Response Handling\",\n \"description\": \"How the web hook should handle the response\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ignore\": {\n \"type\": \"boolean\",\n \"description\": \"Ignore the response from the web hook. If enabled the request will be made asynchronously which can be useful if you only wish to notify another system but do not parse the response.\",\n \"default\": false\n },\n \"parse\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"If enabled parses the response before saving the flow result. Set this value to true if you would like to modify the identity, for example identity metadata, before saving it during registration. When enabled, you may also abort the registration, verification, login or settings flow due to, for example, a validation flow. Head over to the [web hook documentation](https://www.ory.sh/docs/kratos/hooks/configure-hooks) for more information.\"\n }\n },\n \"not\": {\n \"properties\": {\n \"ignore\": {\n \"const\": true\n },\n \"parse\": {\n \"const\": true\n }\n },\n \"required\": [\"ignore\", \"parse\"]\n }\n },\n \"url\": {\n \"type\": \"string\",\n \"description\": \"The URL the Web-Hook should call\",\n \"format\": \"uri\"\n },\n \"method\": {\n \"type\": \"string\",\n \"description\": \"The HTTP method to use (GET, POST, etc).\"\n },\n \"headers\": {\n \"type\": \"object\",\n \"description\": \"The HTTP headers that must be applied to the Web-Hook\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"body\": {\n \"type\": \"string\",\n \"oneOf\": [\n {\n \"format\": \"uri\",\n \"pattern\": \"^(http|https|file|base64)://\",\n \"description\": \"URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods, which support HTTP body payloads\",\n \"examples\": [\n \"file:///path/to/body.jsonnet\",\n \"file://./body.jsonnet\",\n \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=\",\n \"https://oryapis.com/default_body.jsonnet\"\n ]\n },\n {\n \"description\": \"DEPRECATED: please use a URI instead (i.e. prefix your filepath with 'file://')\",\n \"not\": {\n \"pattern\": \"^(http|https|file|base64)://\"\n }\n }\n ]\n },\n \"can_interrupt\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"Deprecated, please use `response.parse` instead. If enabled allows the web hook to interrupt / abort the self-service flow. It only applies to certain flows (registration/verification/login/settings) and requires a valid response format.\"\n },\n \"emit_analytics_event\": {\n \"type\": \"boolean\",\n \"default\": true,\n \"description\": \"Emit tracing events for this webhook on delivery or error\"\n },\n \"auth\": {\n \"type\": \"object\",\n \"title\": \"Auth mechanisms\",\n \"description\": \"Define which auth mechanism the Web-Hook should use\",\n \"oneOf\": [\n {\n \"$ref\": \"#/definitions/webHookAuthApiKeyProperties\"\n },\n {\n \"$ref\": \"#/definitions/webHookAuthBasicAuthProperties\"\n }\n ]\n },\n \"additionalProperties\": false\n },\n \"anyOf\": [\n {\n \"not\": {\n \"properties\": {\n \"response\": {\n \"properties\": {\n \"ignore\": {\n \"const\": true\n }\n },\n \"required\": [\"ignore\"]\n }\n },\n \"required\": [\"response\"]\n }\n },\n {\n \"properties\": {\n \"can_interrupt\": {\n \"const\": false\n }\n },\n \"require\": [\"can_interrupt\"]\n }\n ],\n \"additionalProperties\": false,\n \"required\": [\"url\", \"method\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\", \"config\"]\n },\n \"OIDCClaims\": {\n \"title\": \"OpenID Connect claims\",\n \"description\": \"The OpenID Connect claims and optionally their properties which should be included in the id_token or returned from the UserInfo Endpoint.\",\n \"type\": \"object\",\n \"examples\": [\n {\n \"id_token\": {\n \"email\": null,\n \"email_verified\": null\n }\n },\n {\n \"userinfo\": {\n \"given_name\": {\n \"essential\": true\n },\n \"nickname\": null,\n \"email\": {\n \"essential\": true\n },\n \"email_verified\": {\n \"essential\": true\n },\n \"picture\": null,\n \"http://example.info/claims/groups\": null\n },\n \"id_token\": {\n \"auth_time\": {\n \"essential\": true\n },\n \"acr\": {\n \"values\": [\"urn:mace:incommon:iap:silver\"]\n }\n }\n }\n ],\n \"patternProperties\": {\n \"^userinfo$|^id_token$\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"patternProperties\": {\n \".*\": {\n \"oneOf\": [\n {\n \"const\": null,\n \"description\": \"Indicates that this Claim is being requested in the default manner.\"\n },\n {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"essential\": {\n \"description\": \"Indicates whether the Claim being requested is an Essential Claim.\",\n \"type\": \"boolean\"\n },\n \"value\": {\n \"description\": \"Requests that the Claim be returned with a particular value.\",\n \"$comment\": \"There seem to be no constrains on value\"\n },\n \"values\": {\n \"description\": \"Requests that the Claim be returned with one of a set of values, with the values appearing in order of preference.\",\n \"type\": \"array\",\n \"items\": {\n \"$comment\": \"There seem to be no constrains on individual items\"\n }\n }\n }\n }\n ]\n }\n }\n }\n }\n },\n \"selfServiceOIDCProvider\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"examples\": [\"google\"]\n },\n \"provider\": {\n \"title\": \"Provider\",\n \"description\": \"Can be one of github, github-app, gitlab, generic, google, microsoft, discord, salesforce, slack, facebook, auth0, vk, yandex, apple, spotify, netid, dingtalk, patreon, amazon.\",\n \"type\": \"string\",\n \"enum\": [\n \"github\",\n \"github-app\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\",\n \"salesforce\",\n \"slack\",\n \"facebook\",\n \"auth0\",\n \"vk\",\n \"yandex\",\n \"apple\",\n \"spotify\",\n \"netid\",\n \"dingtalk\",\n \"patreon\",\n \"line\",\n \"linkedin\",\n \"linkedin_v2\",\n \"lark\",\n \"x\",\n \"fedcm-test\",\n \"amazon\",\n \"uaepass\"\n ],\n \"examples\": [\"google\"]\n },\n \"label\": {\n \"title\": \"Optional string which will be used when generating labels for UI buttons.\",\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"client_secret\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com/o/oauth2/v2/auth\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://www.googleapis.com/oauth2/v4/token\"]\n },\n \"mapper_url\": {\n \"title\": \"Jsonnet Mapper URL\",\n \"description\": \"The URL where the jsonnet source is located for mapping the provider's data to Ory Kratos data.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ]\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"offline_access\", \"profile\"]\n }\n },\n \"microsoft_tenant\": {\n \"title\": \"Azure AD Tenant\",\n \"description\": \"The Azure AD Tenant to use for authentication.\",\n \"type\": \"string\",\n \"examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ]\n },\n \"subject_source\": {\n \"title\": \"Microsoft subject source\",\n \"description\": \"Controls which source the subject identifier is taken from by microsoft provider. If set to `userinfo` (the default) then the identifier is taken from the `sub` field of OIDC ID token or data received from `/userinfo` standard OIDC endpoint. If set to `me` then the `id` field of data structure received from `https://graph.microsoft.com/v1.0/me` is taken as an identifier. If the value is `oid` then the the oid (Object ID) is taken to identify users across different services.\",\n \"type\": \"string\",\n \"enum\": [\"userinfo\", \"me\", \"oid\"],\n \"default\": \"userinfo\",\n \"examples\": [\"userinfo\"]\n },\n \"apple_team_id\": {\n \"title\": \"Apple Developer Team ID\",\n \"description\": \"Apple Developer Team ID needed for generating a JWT token for client secret\",\n \"type\": \"string\",\n \"examples\": [\"KP76DQS54M\"]\n },\n \"apple_private_key_id\": {\n \"title\": \"Apple Private Key Identifier\",\n \"description\": \"Sign In with Apple Private Key Identifier needed for generating a JWT token for client secret\",\n \"type\": \"string\",\n \"examples\": [\"UX56C66723\"]\n },\n \"apple_private_key\": {\n \"title\": \"Apple Private Key\",\n \"description\": \"Sign In with Apple Private Key needed for generating a JWT token for client secret\",\n \"type\": \"string\",\n \"examples\": [\n \"-----BEGIN PRIVATE KEY-----\\n........\\n-----END PRIVATE KEY-----\"\n ]\n },\n \"requested_claims\": {\n \"$ref\": \"#/definitions/OIDCClaims\"\n },\n \"organization_id\": {\n \"title\": \"Organization ID\",\n \"description\": \"The ID of the organization that this provider belongs to. Only effective in the Ory Network.\",\n \"type\": \"string\",\n \"examples\": [\"12345678-1234-1234-1234-123456789012\"]\n },\n \"additional_id_token_audiences\": {\n \"title\": \"Additional client ids allowed when using ID token submission\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"12345678-1234-1234-1234-123456789012\"]\n }\n },\n \"claims_source\": {\n \"title\": \"Claims source\",\n \"description\": \"Can be either `userinfo` (calls the userinfo endpoint to get the claims) or `id_token` (takes the claims from the id token). It defaults to `id_token`\",\n \"type\": \"string\",\n \"enum\": [\"id_token\", \"userinfo\"],\n \"default\": \"id_token\",\n \"examples\": [\"id_token\", \"userinfo\"]\n },\n \"pkce\": {\n \"title\": \"Proof Key for Code Exchange\",\n \"description\": \"PKCE controls if the OpenID Connect OAuth2 flow should use PKCE (Proof Key for Code Exchange). IMPORTANT: If you set this to `force`, you must whitelist a different return URL for your OAuth2 client in the provider's configuration. Instead of /self-service/methods/oidc/callback/, you must use /self-service/methods/oidc/callback\",\n \"type\": \"string\",\n \"enum\": [\"auto\", \"never\", \"force\"],\n \"default\": \"auto\"\n },\n \"fedcm_config_url\": {\n \"title\": \"Federation Configuration URL\",\n \"description\": \"The URL where the FedCM IdP configuration is located for the provider. This is only effective in the Ory Network.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://example.com/config.json\"]\n },\n \"net_id_token_origin_header\": {\n \"title\": \"NetID Token Origin Header\",\n \"description\": \"Contains the orgin header to be used when exchanging a NetID FedCM token for an ID token\",\n \"type\": \"string\",\n \"examples\": [\"https://example.com\"]\n },\n \"account_linking_mode\": {\n \"title\": \"Account linking mode\",\n \"description\": \"Controls how account conflicts are resolved for this provider. `confirm_with_existing_credential` (default) requires the user to verify their identity with an existing credential. `automatic` silently links accounts if the provider verifies email ownership. This is only effective in the Ory Network.\",\n \"type\": \"string\",\n \"enum\": [\"confirm_with_existing_credential\", \"automatic\"],\n \"default\": \"confirm_with_existing_credential\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"id\", \"provider\", \"client_id\", \"mapper_url\"],\n \"allOf\": [\n {\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"microsoft\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"required\": [\"microsoft_tenant\"]\n },\n \"else\": {\n \"not\": {\n \"properties\": {\n \"microsoft_tenant\": {}\n },\n \"required\": [\"microsoft_tenant\"]\n }\n }\n },\n {\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"apple\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"not\": {\n \"properties\": {\n \"client_secret\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"client_secret\"]\n },\n \"required\": [\n \"apple_private_key_id\",\n \"apple_private_key\",\n \"apple_team_id\"\n ]\n },\n \"else\": {\n \"required\": [\"client_secret\"],\n \"allOf\": [\n {\n \"not\": {\n \"properties\": {\n \"apple_team_id\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"apple_team_id\"]\n }\n },\n {\n \"not\": {\n \"properties\": {\n \"apple_private_key_id\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"apple_private_key_id\"]\n }\n },\n {\n \"not\": {\n \"properties\": {\n \"apple_private_key\": {\n \"type\": \"string\",\n \"minLength\": 1\n }\n },\n \"required\": [\"apple_private_key\"]\n }\n }\n ]\n }\n }\n ]\n },\n \"selfServiceHooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n },\n \"selfServiceAfterRecoveryHooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n },\n \"selfServiceAfterSettingsProfileMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceShowVerificationUIHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterSettingsAuthMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterDefaultLoginMethodHooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceRequireVerifiedAddressHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceVerificationHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceShowVerificationUIHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n },\n \"selfServiceAfterDefaultLoginMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethodHooks\"\n }\n }\n },\n \"selfServiceAfterOIDCLoginMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceRequireVerifiedAddressHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterRegistrationMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionIssuerHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceWebHook\"\n },\n {\n \"$ref\": \"#/definitions/selfServiceShowVerificationUIHook\"\n },\n {\n \"$ref\": \"#/definitions/b2bSSOHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"featureRequiredAal\": {\n \"title\": \"Required Authenticator Assurance Level\",\n \"description\": \"Sets what Authenticator Assurance Level (used for 2FA) is required to access this feature. If set to `highest_available` then this endpoint requires the highest AAL the identity has set up. If set to `aal1` then the identity can access this feature without 2FA.\",\n \"type\": \"string\",\n \"enum\": [\"aal1\", \"highest_available\"],\n \"default\": \"highest_available\"\n },\n \"selfServiceAfterSettings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"totp\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"webauthn\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"passkey\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"lookup_secret\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsAuthMethod\"\n },\n \"profile\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsProfileMethod\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeLogin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterLogin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"webauthn\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"passkey\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterOIDCLoginMethod\"\n },\n \"code\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"totp\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"lookup_secret\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethod\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceAfterDefaultLoginMethodHooks\"\n }\n }\n },\n \"selfServiceBeforeRegistration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeSettings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeRecovery\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceBeforeVerification\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterRegistration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"webauthn\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"passkey\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"code\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterVerification\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceHooks\"\n }\n }\n },\n \"selfServiceAfterRecovery\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"$ref\": \"#/definitions/selfServiceAfterRecoveryHooks\"\n }\n },\n \"additionalProperties\": false\n },\n \"tlsxSource\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"path\": {\n \"title\": \"Path to PEM-encoded Fle\",\n \"type\": \"string\",\n \"examples\": [\"path/to/file.pem\"]\n },\n \"base64\": {\n \"title\": \"Base64 Encoded Inline\",\n \"description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"type\": \"string\",\n \"examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ]\n }\n }\n },\n \"tlsx\": {\n \"title\": \"HTTPS\",\n \"description\": \"Configure HTTP over TLS (HTTPS). All options can also be set using environment variables by replacing dots (`.`) with underscores (`_`) and uppercasing the key. For example, `some.prefix.tls.key.path` becomes `export SOME_PREFIX_TLS_KEY_PATH`. If all keys are left undefined, TLS will be disabled.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"key\": {\n \"title\": \"Private Key (PEM)\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/tlsxSource\"\n }\n ]\n },\n \"cert\": {\n \"title\": \"TLS Certificate (PEM)\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/tlsxSource\"\n }\n ]\n }\n }\n },\n \"courierTemplates\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"invalid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n },\n \"valid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n },\n \"sms\": {\n \"$ref\": \"#/definitions/smsCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n }\n }\n },\n \"smsCourierTemplate\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"body\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"plaintext\": {\n \"type\": \"string\",\n \"description\": \"A template send to the SMS provider.\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/body.plaintext.gotmpl\",\n \"https://foo.bar.com/path/to/body.plaintext.gotmpl\"\n ]\n }\n }\n }\n }\n },\n \"emailCourierTemplate\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"body\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"plaintext\": {\n \"type\": \"string\",\n \"description\": \"The fallback template for email clients that do not support html.\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/body.plaintext.gotmpl\",\n \"https://foo.bar.com/path/to/body.plaintext.gotmpl\",\n \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQp7eyAuUmVjb3ZlcnlVUkwgfX0K\"\n ]\n },\n \"html\": {\n \"type\": \"string\",\n \"description\": \"The default template used for sending out emails. The template can contain HTML \",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/body.html.gotmpl\",\n \"https://foo.bar.com/path/to/body.html.gotmpl\",\n \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4\"\n ]\n }\n }\n },\n \"subject\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/subject.gotmpl\",\n \"https://foo.bar.com/path/to/subject.gotmpl\",\n \"base64://e3sgZGVmaW5lIGFmLVpBIH19CkhhbGxvLAoKSGVyc3RlbCBqb3UgcmVrZW5pbmcgZGV1ciBoaWVyZGllIHNrYWtlbCB0ZSB2b2xnOgp7ey0gZW5kIC19fQoKe3sgZGVmaW5lIGVuLVVTIH19CkhpLAoKcGxlYXNlIHJlY292ZXIgYWNjZXNzIHRvIHlvdXIgYWNjb3VudCBieSBjbGlja2luZyB0aGUgZm9sbG93aW5nIGxpbms6Cnt7LSBlbmQgLX19Cgp7ey0gaWYgZXEgLmxhbmcgImFmLVpBIiAtfX0KCnt7IHRlbXBsYXRlICJhZi1aQSIgLiB9fQoKe3stIGVsc2UgLX19Cgp7eyB0ZW1wbGF0ZSAiZW4tVVMiIH19Cgp7ey0gZW5kIC19fQo8YSBocmVmPSJ7eyAuUmVjb3ZlcnlVUkwgfX0iPnt7IC5SZWNvdmVyeVVSTCB9fTwvYT4\"\n ]\n }\n }\n }\n },\n \"properties\": {\n \"selfservice\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"default_browser_return_url\"],\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"allowed_return_urls\": {\n \"title\": \"Allowed Return To URLs\",\n \"description\": \"List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri-reference\"\n },\n \"examples\": [\n [\n \"https://app.my-app.com/dashboard\",\n \"/dashboard\",\n \"https://www.my-app.com/\",\n \"https://*.my-app.com/\"\n ]\n ]\n },\n \"flows\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"settings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"URL of the Settings page.\",\n \"description\": \"URL where the Settings UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/user/settings\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/settings\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"privileged_session_max_age\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"required_aal\": {\n \"$ref\": \"#/definitions/featureRequiredAal\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettings\"\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeSettings\"\n }\n }\n },\n \"logout\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"after\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n }\n }\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable User Registration\",\n \"description\": \"If set to true will enable [User Registration](https://www.ory.sh/kratos/docs/self-service/flows/user-registration/).\",\n \"default\": true\n },\n \"login_hints\": {\n \"type\": \"boolean\",\n \"title\": \"Provide Login Hints on Failed Registration\",\n \"description\": \"When registration fails because an account with the given credentials or addresses previously signed up, provide login hints about available methods to sign in to the user.\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Registration UI URL\",\n \"description\": \"URL where the Registration UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/signup\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/registration\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeRegistration\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistration\"\n },\n \"enable_legacy_one_step\": {\n \"type\": \"boolean\",\n \"title\": \"Disable two-step registration\",\n \"description\": \"Deprecated, please use `style` instead.\",\n \"deprecationMessage\": \"Deprecated, please use `style` instead.\",\n \"default\": false\n },\n \"style\": {\n \"title\": \"Registration Flow Style\",\n \"description\": \"The style of the registration flow. If set to `unified` the login flow will be a one-step process. If set to `profile_first` the registration flow will first ask for the profile information first, and then the credentials.\",\n \"type\": \"string\",\n \"enum\": [\"unified\", \"profile_first\"],\n \"default\": \"profile_first\"\n }\n }\n },\n \"login\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Login UI URL\",\n \"description\": \"URL where the Login UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/login\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/login\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"style\": {\n \"title\": \"Login Flow Style\",\n \"description\": \"The style of the login flow. If set to `unified` the login flow will be a one-step process. If set to `identifier_first` (experimental!) the login flow will first ask for the identifier and then the credentials.\",\n \"type\": \"string\",\n \"enum\": [\"unified\", \"identifier_first\"],\n \"default\": \"unified\"\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeLogin\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterLogin\"\n }\n }\n },\n \"verification\": {\n \"title\": \"Email and Phone Verification and Account Activation Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Email/Phone Verification\",\n \"description\": \"If set to true will enable [Email and Phone Verification and Account Activation](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Verify UI URL\",\n \"description\": \"URL where the Ory Verify UI is hosted. This is the page where users activate and / or verify their email or telephone number. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/verification\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterVerification\"\n },\n \"lifespan\": {\n \"title\": \"Self-Service Verification Request Lifespan\",\n \"description\": \"Sets how long the verification request (for the UI interaction) is valid.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeVerification\"\n },\n \"use\": {\n \"title\": \"Verification Strategy\",\n \"description\": \"The strategy to use for verification requests\",\n \"type\": \"string\",\n \"enum\": [\"link\", \"code\"],\n \"default\": \"code\"\n },\n \"notify_unknown_recipients\": {\n \"title\": \"Notify unknown recipients\",\n \"description\": \"Whether to notify recipients, if verification was requested for their address.\",\n \"type\": \"boolean\",\n \"default\": false\n }\n }\n },\n \"recovery\": {\n \"title\": \"Account Recovery Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Account Recovery\",\n \"description\": \"If set to true will enable [Account Recovery](https://www.ory.sh/kratos/docs/self-service/flows/password-reset-account-recovery/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Recovery UI URL\",\n \"description\": \"URL where the Ory Recovery UI is hosted. This is the page where users request and complete account recovery. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/recovery\"\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterRecovery\"\n },\n \"lifespan\": {\n \"title\": \"Self-Service Recovery Request Lifespan\",\n \"description\": \"Sets how long the recovery request is valid. If expired, the user has to redo the flow.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"before\": {\n \"$ref\": \"#/definitions/selfServiceBeforeRecovery\"\n },\n \"use\": {\n \"title\": \"Recovery Strategy\",\n \"description\": \"The strategy to use for recovery requests\",\n \"type\": \"string\",\n \"enum\": [\"link\", \"code\"],\n \"default\": \"code\"\n },\n \"notify_unknown_recipients\": {\n \"title\": \"Notify unknown recipients\",\n \"description\": \"Whether to notify recipients, if recovery was requested for their account.\",\n \"type\": \"boolean\",\n \"default\": false\n }\n }\n },\n \"error\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Ory Kratos Error UI URL\",\n \"description\": \"URL where the Ory Kratos Error UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/kratos-error\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/error\"\n }\n }\n }\n }\n },\n \"methods\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"b2b\": {\n \"title\": \"Single Sign-On for B2B\",\n \"description\": \"Single Sign-On for B2B allows your customers to bring their own (workforce) identity server (e.g. OneLogin). This feature is not available in the open source licensed code.\",\n \"type\": \"object\",\n \"properties\": {\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"organizations\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"description\": \"The ID of the organization.\",\n \"format\": \"uuid\",\n \"examples\": [\"00000000-0000-0000-0000-000000000000\"]\n },\n \"label\": {\n \"type\": \"string\",\n \"description\": \"The label of the organization.\",\n \"examples\": [\"ACME SSO\"]\n },\n \"domains\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"hostname\",\n \"examples\": [\"my-app.com\"],\n \"description\": \"If this domain matches the email's domain, this provider is shown.\"\n }\n }\n }\n }\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"profile\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Profile Management Method\",\n \"default\": true\n }\n }\n },\n \"link\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Link Method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Link Configuration\",\n \"description\": \"Additional configuration for the link strategy.\",\n \"properties\": {\n \"base_url\": {\n \"title\": \"Override the base URL which should be used as the base for recovery and verification links.\",\n \"type\": \"string\",\n \"deprecationMessage\": \"This option has no effect, because the request URL is now used as the base URL.\",\n \"examples\": [\"https://my-app.com\"]\n },\n \"lifespan\": {\n \"title\": \"How long a link is valid for\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n }\n }\n },\n \"code\": {\n \"type\": \"object\",\n \"additionalProperties\": true,\n \"anyOf\": [\n {\n \"properties\": {\n \"passwordless_enabled\": {\n \"const\": true\n },\n \"mfa_enabled\": {\n \"const\": false\n }\n }\n },\n {\n \"properties\": {\n \"mfa_enabled\": {\n \"const\": true\n },\n \"passwordless_enabled\": {\n \"const\": false\n }\n }\n },\n {\n \"properties\": {\n \"mfa_enabled\": {\n \"const\": false\n },\n \"passwordless_enabled\": {\n \"const\": false\n }\n }\n }\n ],\n \"properties\": {\n \"passwordless_enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables login and registration with the code method.\",\n \"description\": \"If set to true, code.enabled will be set to true as well.\",\n \"default\": false\n },\n \"mfa_enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables login flows code method to fulfil MFA requests\",\n \"default\": false\n },\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Code Method\",\n \"default\": true\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Code Configuration\",\n \"description\": \"Additional configuration for the code strategy.\",\n \"properties\": {\n \"lifespan\": {\n \"title\": \"How long a code is valid for\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"max_submissions\": {\n \"type\": \"integer\",\n \"title\": \"Maximum number of times the code can be submitted before a flow is invalidated\",\n \"minimum\": 1,\n \"maximum\": 255,\n \"default\": 5\n },\n \"missing_credential_fallback_enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Code OTP as a Fallback\",\n \"description\": \"Enabling this allows users to sign in with the code method, even if their identity schema or their credentials are not set up to use the code method. If enabled, a verified address (such as an email) will be used to send the code to the user. Use with caution and only if actually needed.\",\n \"default\": false\n }\n }\n }\n }\n },\n \"password\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Username/Email and Password Method\",\n \"default\": true\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Password Configuration\",\n \"description\": \"Define how passwords are validated.\",\n \"properties\": {\n \"haveibeenpwned_host\": {\n \"title\": \"Custom haveibeenpwned host\",\n \"description\": \"Allows changing the default HIBP host to a self hosted version.\",\n \"type\": \"string\",\n \"default\": \"api.pwnedpasswords.com\"\n },\n \"haveibeenpwned_enabled\": {\n \"title\": \"Enable the HaveIBeenPwned API\",\n \"description\": \"If set to false the password validation does not utilize the Have I Been Pwnd API.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"max_breaches\": {\n \"title\": \"Allow Password Breaches\",\n \"description\": \"Defines how often a password may have been breached before it is rejected.\",\n \"type\": \"integer\",\n \"minimum\": 0,\n \"maximum\": 100,\n \"default\": 0\n },\n \"ignore_network_errors\": {\n \"title\": \"Ignore Lookup Network Errors\",\n \"description\": \"If set to false the password validation fails when the network or the Have I Been Pwnd API is down.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"min_password_length\": {\n \"title\": \"Minimum Password Length\",\n \"description\": \"Defines the minimum length of the password.\",\n \"type\": \"integer\",\n \"default\": 8,\n \"minimum\": 6\n },\n \"identifier_similarity_check_enabled\": {\n \"title\": \"Enable password-identifier similarity check\",\n \"description\": \"If set to false the password validation does not check for similarity between the password and the user identifier.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"migrate_hook\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Password Migration\",\n \"description\": \"If set to true will enable password migration.\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"url\": {\n \"type\": \"string\",\n \"description\": \"The URL the password migration hook should call\",\n \"format\": \"uri\"\n },\n \"method\": {\n \"type\": \"string\",\n \"description\": \"The HTTP method to use (GET, POST, etc).\",\n \"const\": \"POST\",\n \"default\": \"POST\"\n },\n \"headers\": {\n \"type\": \"object\",\n \"description\": \"The HTTP headers that must be applied to the password migration hook.\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"emit_analytics_event\": {\n \"type\": \"boolean\",\n \"default\": true,\n \"description\": \"Emit tracing events for this hook on delivery or error\"\n },\n \"auth\": {\n \"type\": \"object\",\n \"title\": \"Auth mechanisms\",\n \"description\": \"Define which auth mechanism the Web-Hook should use\",\n \"oneOf\": [\n {\n \"$ref\": \"#/definitions/webHookAuthApiKeyProperties\"\n },\n {\n \"$ref\": \"#/definitions/webHookAuthBasicAuthProperties\"\n }\n ]\n },\n \"body\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"pattern\": \"^(http|https|file|base64)://\",\n \"description\": \"URI pointing to the jsonnet template used for payload generation. Only used for those HTTP methods, which support HTTP body payloads\",\n \"examples\": [\n \"file:///path/to/body.jsonnet\",\n \"file://./body.jsonnet\",\n \"base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=\",\n \"https://oryapis.com/default_body.jsonnet\"\n ]\n },\n \"additionalProperties\": false\n }\n }\n }\n }\n },\n \"additionalProperties\": false\n }\n }\n },\n \"totp\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the TOTP method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"TOTP Configuration\",\n \"properties\": {\n \"issuer\": {\n \"title\": \"TOTP Issuer\",\n \"description\": \"The issuer (e.g. a domain name) will be shown in the TOTP app (e.g. Google Authenticator). It helps the user differentiate between different codes.\",\n \"type\": \"string\"\n }\n },\n \"additionalProperties\": false\n }\n }\n },\n \"lookup_secret\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the lookup secret method\",\n \"default\": false\n }\n }\n },\n \"webauthn\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the WebAuthn method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"WebAuthn Configuration\",\n \"properties\": {\n \"passwordless\": {\n \"type\": \"boolean\",\n \"title\": \"Use For Passwordless Flows\",\n \"description\": \"If enabled will have the effect that WebAuthn is used for passwordless flows (as a first factor) and not for multi-factor set ups. With this set to true, users will see an option to sign up with WebAuthn on the registration screen.\"\n },\n \"rp\": {\n \"title\": \"Relying Party (RP) Config\",\n \"properties\": {\n \"display_name\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Display Name\",\n \"description\": \"An name to help the user identify this RP.\",\n \"examples\": [\"Ory Foundation\"]\n },\n \"id\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Identifier\",\n \"description\": \"The id must be a subset of the domain currently in the browser.\",\n \"examples\": [\"ory.sh\"]\n },\n \"origin\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Origin\",\n \"description\": \"An explicit RP origin. If left empty, this defaults to `id`, prepended with the current protocol schema (HTTP or HTTPS).\",\n \"format\": \"uri\",\n \"deprecationMessage\": \"This field is deprecated. Use `origins` instead.\",\n \"examples\": [\"https://www.ory.sh\"]\n },\n \"origins\": {\n \"type\": \"array\",\n \"title\": \"Relying Party Origins\",\n \"description\": \"A list of explicit RP origins. If left empty, this defaults to either `origin` or `id`, prepended with the current protocol schema (HTTP or HTTPS).\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"https://www.ory.sh\",\n \"https://auth.ory.sh\"\n ]\n }\n },\n \"icon\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Icon\",\n \"description\": \"An icon to help the user identify this RP.\",\n \"format\": \"uri\",\n \"deprecationMessage\": \"This field is deprecated and ignored due to security considerations.\",\n \"examples\": [\"https://www.ory.sh/an-icon.png\"]\n }\n },\n \"type\": \"object\",\n \"oneOf\": [\n {\n \"required\": [\"id\", \"display_name\"],\n \"properties\": {\n \"origin\": {\n \"not\": {}\n },\n \"origins\": {\n \"not\": {}\n }\n }\n },\n {\n \"required\": [\"id\", \"display_name\", \"origin\"],\n \"properties\": {\n \"origin\": {\n \"type\": \"string\"\n },\n \"origins\": {\n \"not\": {}\n }\n }\n },\n {\n \"required\": [\"id\", \"display_name\", \"origins\"],\n \"properties\": {\n \"origin\": {\n \"not\": {}\n },\n \"origins\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n }\n ]\n }\n },\n \"additionalProperties\": false\n }\n },\n \"if\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n },\n \"then\": {\n \"required\": [\"config\"]\n }\n },\n \"passkey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables the Passkey method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"title\": \"Passkey Configuration\",\n \"properties\": {\n \"rp\": {\n \"title\": \"Relying Party (RP) Config\",\n \"properties\": {\n \"display_name\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Display Name\",\n \"description\": \"A name to help the user identify this RP.\",\n \"examples\": [\"Ory Foundation\"]\n },\n \"id\": {\n \"type\": \"string\",\n \"title\": \"Relying Party Identifier\",\n \"description\": \"The id must be a subset of the domain currently in the browser.\",\n \"examples\": [\"ory.sh\"]\n },\n \"origins\": {\n \"type\": \"array\",\n \"title\": \"Relying Party Origins\",\n \"description\": \"A list of explicit RP origins. If left empty, this defaults to either `origin` or `id`, prepended with the current protocol schema (HTTP or HTTPS).\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\n \"https://www.ory.sh\",\n \"https://auth.ory.sh\"\n ]\n }\n }\n },\n \"type\": \"object\",\n \"required\": [\"display_name\", \"id\"]\n }\n },\n \"additionalProperties\": false\n }\n },\n \"if\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n },\n \"then\": {\n \"required\": [\"config\"]\n }\n },\n \"oidc\": {\n \"type\": \"object\",\n \"title\": \"Specify OpenID Connect and OAuth2 Configuration\",\n \"showEnvVarBlockForObject\": true,\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables OpenID Connect Method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"base_redirect_uri\": {\n \"type\": \"string\",\n \"title\": \"Base URL for OAuth2 Redirect URIs\",\n \"description\": \"Can be used to modify the base URL for OAuth2 Redirect URLs. If unset, the Public Base URL will be used.\",\n \"format\": \"uri\",\n \"examples\": [\"https://auth.myexample.org/\"]\n },\n \"providers\": {\n \"title\": \"OpenID Connect and OAuth2 Providers\",\n \"description\": \"A list and configuration of OAuth2 and OpenID Connect providers Ory Kratos should integrate with.\",\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/selfServiceOIDCProvider\"\n }\n }\n }\n }\n }\n }\n }\n }\n }\n },\n \"database\": {\n \"type\": \"object\",\n \"title\": \"Database related configuration\",\n \"description\": \"Miscellaneous settings used in database related tasks (cleanup, etc.)\",\n \"properties\": {\n \"cleanup\": {\n \"type\": \"object\",\n \"title\": \"Database cleanup settings\",\n \"description\": \"Settings that controls how the database cleanup process is configured (delays, batch size, etc.)\",\n \"properties\": {\n \"batch_size\": {\n \"type\": \"integer\",\n \"title\": \"Number of records to clean in one iteration\",\n \"description\": \"Controls how many records should be purged from one table during database cleanup task\",\n \"minimum\": 1,\n \"default\": 100\n },\n \"sleep\": {\n \"type\": \"object\",\n \"title\": \"Delays between various database cleanup phases\",\n \"description\": \"Configures delays between each step of the cleanup process. It is useful to tune the process so it will be efficient and performant.\",\n \"properties\": {\n \"tables\": {\n \"type\": \"string\",\n \"title\": \"Delay between each table cleanups\",\n \"description\": \"Controls the delay time between cleaning each table in one cleanup iteration\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1m\"\n }\n }\n },\n \"older_than\": {\n \"type\": \"string\",\n \"title\": \"Remove records older than\",\n \"description\": \"Controls how old records do we want to leave\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"0s\"\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"dsn\": {\n \"type\": \"string\",\n \"title\": \"Data Source Name\",\n \"description\": \"DSN is used to specify the database credentials as a connection URI.\",\n \"examples\": [\n \"postgres://user: password@postgresd:5432/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"mysql://user:secret@tcp(mysqld:3306)/database?max_conns=20&max_idle_conns=4\",\n \"cockroach://user@cockroachdb:26257/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc\"\n ]\n },\n \"courier\": {\n \"type\": \"object\",\n \"title\": \"Courier configuration\",\n \"description\": \"The courier is responsible for sending and delivering messages over email, sms, and other means.\",\n \"properties\": {\n \"templates\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"recovery\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"recovery_code\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"verification\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"verification_code\": {\n \"$ref\": \"#/definitions/courierTemplates\"\n },\n \"registration_code\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"valid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n },\n \"sms\": {\n \"$ref\": \"#/definitions/smsCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n }\n }\n },\n \"login_code\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"valid\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"$ref\": \"#/definitions/emailCourierTemplate\"\n },\n \"sms\": {\n \"$ref\": \"#/definitions/smsCourierTemplate\"\n }\n },\n \"required\": [\"email\"]\n }\n }\n }\n }\n },\n \"template_override_path\": {\n \"type\": \"string\",\n \"title\": \"Override message templates\",\n \"description\": \"You can override certain or all message templates by pointing this key to the path where the templates are located.\",\n \"examples\": [\"/conf/courier-templates\"]\n },\n \"message_retries\": {\n \"description\": \"Defines the maximum number of times the sending of a message is retried after it failed before it is marked as abandoned\",\n \"type\": \"integer\",\n \"default\": 5,\n \"examples\": [10, 60]\n },\n \"worker\": {\n \"description\": \"Configures the dispatch worker.\",\n \"type\": \"object\",\n \"properties\": {\n \"pull_count\": {\n \"description\": \"Defines how many messages are pulled from the queue at once.\",\n \"type\": \"integer\",\n \"default\": 10\n },\n \"pull_wait\": {\n \"description\": \"Defines how long the worker waits before pulling messages from the queue again.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1s\"\n }\n }\n },\n \"delivery_strategy\": {\n \"title\": \"Delivery Strategy\",\n \"description\": \"Defines how emails will be sent, either through SMTP (default) or HTTP.\",\n \"type\": \"string\",\n \"enum\": [\"smtp\", \"http\"],\n \"default\": \"smtp\"\n },\n \"http\": {\n \"title\": \"HTTP Configuration\",\n \"description\": \"Configures outgoing emails using HTTP.\",\n \"type\": \"object\",\n \"properties\": {\n \"request_config\": {\n \"$ref\": \"#/definitions/httpRequestConfig\"\n }\n },\n \"additionalProperties\": false\n },\n \"smtp\": {\n \"title\": \"SMTP Configuration\",\n \"description\": \"Configures outgoing emails using the SMTP protocol.\",\n \"type\": \"object\",\n \"properties\": {\n \"connection_uri\": {\n \"title\": \"SMTP connection string\",\n \"description\": \"This URI will be used to connect to the SMTP server. Use the scheme smtps for implicit TLS sessions or smtp for explicit StartTLS/cleartext sessions. Please note that TLS is always enforced with certificate trust verification by default for security reasons on both schemes. With the smtp scheme you can use the query parameter (`?disable_starttls=true`) to allow cleartext sessions or (`?disable_starttls=false`) to enforce StartTLS (default behaviour). Additionally, use the query parameter to allow (`?skip_ssl_verify=true`) or disallow (`?skip_ssl_verify=false`) self-signed TLS certificates (default behaviour) on both implicit and explicit TLS sessions.\",\n \"examples\": [\n \"smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=false\",\n \"smtp://foo:bar@my-mailserver:1234/?disable_starttls=true (NOT RECOMMENDED: Cleartext smtp for devel and legacy infrastructure only)\",\n \"smtp://foo:bar@my-mailserver:1234/ (Explicit StartTLS with certificate trust verification)\",\n \"smtp://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Explicit StartTLS without certificate trust verification)\",\n \"smtps://foo:bar@my-mailserver:1234/ (Implicit TLS with certificate trust verification)\",\n \"smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=true (NOT RECOMMENDED: Implicit TLS without certificate trust verification)\",\n \"smtps://subdomain.my-mailserver:1234/?server_name=my-mailserver (allows TLS to work if the server is hosted on a sudomain that uses a non-wildcard domain certificate)\"\n ],\n \"type\": \"string\",\n \"pattern\": \"^smtps?://.*\"\n },\n \"client_cert_path\": {\n \"title\": \"SMTP Client certificate path\",\n \"description\": \"Path of the client X.509 certificate, in case of certificate based client authentication to the SMTP server.\",\n \"type\": \"string\",\n \"default\": \"\"\n },\n \"client_key_path\": {\n \"title\": \"SMTP Client private key path\",\n \"description\": \"Path of the client certificate private key, in case of certificate based client authentication to the SMTP server\",\n \"type\": \"string\",\n \"default\": \"\"\n },\n \"from_address\": {\n \"title\": \"SMTP Sender Address\",\n \"description\": \"The recipient of an email will see this as the sender address.\",\n \"type\": \"string\",\n \"format\": \"email\",\n \"default\": \"no-reply@ory.kratos.sh\"\n },\n \"from_name\": {\n \"title\": \"SMTP Sender Name\",\n \"description\": \"The recipient of an email will see this as the sender name.\",\n \"type\": \"string\",\n \"examples\": [\"Bob\"]\n },\n \"headers\": {\n \"title\": \"SMTP Headers\",\n \"description\": \"These headers will be passed in the SMTP conversation -- e.g. when using the AWS SES SMTP interface for cross-account sending.\",\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"examples\": [\n {\n \"X-SES-SOURCE-ARN\": \"arn:aws:ses:us-west-2:123456789012:identity/example.com\",\n \"X-SES-FROM-ARN\": \"arn:aws:ses:us-west-2:123456789012:identity/example.com\",\n \"X-SES-RETURN-PATH-ARN\": \"arn:aws:ses:us-west-2:123456789012:identity/example.com\"\n }\n ]\n },\n \"local_name\": {\n \"title\": \"SMTP HELO/EHLO name\",\n \"description\": \"Identifier used in the SMTP HELO/EHLO command. Some SMTP relays require a unique identifier.\",\n \"type\": \"string\",\n \"default\": \"localhost\"\n }\n },\n \"additionalProperties\": false\n },\n \"channels\": {\n \"type\": \"array\",\n \"items\": {\n \"title\": \"Courier channel configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"title\": \"Channel id\",\n \"description\": \"The channel id. Corresponds to the .via property of the identity schema for recovery, verification, etc. Currently only sms is supported.\",\n \"maxLength\": 32,\n \"enum\": [\"sms\"]\n },\n \"type\": {\n \"type\": \"string\",\n \"title\": \"Channel type\",\n \"description\": \"The channel type. Currently only http is supported.\",\n \"enum\": [\"http\"]\n },\n \"request_config\": {\n \"$ref\": \"#/definitions/httpRequestConfig\"\n }\n },\n \"required\": [\"id\", \"request_config\"],\n \"additionalProperties\": false\n }\n }\n },\n \"additionalProperties\": false\n },\n \"oauth2_provider\": {\n \"title\": \"OAuth2 Provider Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"title\": \"OAuth 2.0 Provider URL.\",\n \"description\": \"If set, the login and registration flows will handle the Ory OAuth 2.0 & OpenID `login_challenge` query parameter to serve as an OpenID Connect Provider. This URL should point to Ory Hydra when you are not running on the Ory Network and be left untouched otherwise.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"https://some-slug.projects.oryapis.com\",\n \"https://domain-of-ory-hydra:4445\"\n ]\n },\n \"headers\": {\n \"title\": \"HTTP Request Headers\",\n \"description\": \"These headers will be passed in HTTP request to the OAuth2 Provider.\",\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"examples\": [\n {\n \"Authorization\": \"Bearer some-token\"\n }\n ]\n },\n \"override_return_to\": {\n \"title\": \"Persist OAuth2 request between flows\",\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"Override the return_to query parameter with the OAuth2 provider request URL when perfoming an OAuth2 login flow.\"\n }\n },\n \"additionalProperties\": false\n },\n \"preview\": {\n \"title\": \"Configure Preview Features\",\n \"type\": \"object\",\n \"properties\": {\n \"default_read_consistency_level\": {\n \"type\": \"string\",\n \"title\": \"Default Read Consistency Level\",\n \"description\": \"The default consistency level to use when reading from the database. Defaults to `strong` to not break existing API contracts. Only set this to `eventual` if you can accept that other read APIs will suddenly return eventually consistent results. It is only effective in Ory Network.\",\n \"enum\": [\"strong\", \"eventual\"],\n \"default\": \"strong\"\n }\n }\n },\n \"serve\": {\n \"type\": \"object\",\n \"properties\": {\n \"admin\": {\n \"type\": \"object\",\n \"properties\": {\n \"request_log\": {\n \"type\": \"object\",\n \"properties\": {\n \"disable_for_health\": {\n \"title\": \"Disable health endpoints request logging\",\n \"description\": \"Disable request logging for /health/alive and /health/ready endpoints\",\n \"type\": \"boolean\",\n \"default\": false\n }\n },\n \"additionalProperties\": false\n },\n \"base_url\": {\n \"title\": \"Admin Base URL\",\n \"description\": \"The URL where the admin endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://kratos.private-network:4434/\"]\n },\n \"host\": {\n \"title\": \"Admin Host\",\n \"description\": \"The host (interface) kratos' admin endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Admin Port\",\n \"description\": \"The port kratos' admin endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4434],\n \"default\": 4434\n },\n \"socket\": {\n \"$ref\": \"#/definitions/socket\"\n },\n \"tls\": {\n \"$ref\": \"#/definitions/tlsx\"\n }\n },\n \"additionalProperties\": false\n },\n \"public\": {\n \"type\": \"object\",\n \"properties\": {\n \"request_log\": {\n \"type\": \"object\",\n \"properties\": {\n \"disable_for_health\": {\n \"title\": \"Disable health endpoints request logging\",\n \"description\": \"Disable request logging for /health/alive and /health/ready endpoints\",\n \"type\": \"boolean\",\n \"default\": false\n }\n },\n \"additionalProperties\": false\n },\n \"cors\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures Cross Origin Resource Sharing for public endpoints.\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether CORS is enabled.\",\n \"default\": false\n },\n \"allowed_origins\": {\n \"type\": \"array\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \"not\": {\n \"type\": \"string\",\n \"description\": \"does match all strings that contain two or more (*)\",\n \"pattern\": \".*\\\\*.*\\\\*.*\"\n },\n \"anyOf\": [\n {\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n {\n \"const\": \"*\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"default\": [\"*\"],\n \"examples\": [\n [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"description\": \"A list of HTTP methods the user agent is allowed to use with cross-domain requests.\",\n \"default\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n }\n },\n \"allowed_headers\": {\n \"type\": \"array\",\n \"description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"default\": [\n \"Authorization\",\n \"Content-Type\",\n \"Max-Age\",\n \"X-Session-Token\",\n \"X-XSRF-TOKEN\",\n \"X-CSRF-TOKEN\"\n ],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"exposed_headers\": {\n \"type\": \"array\",\n \"description\": \"Sets which headers are safe to expose to the API of a CORS API specification.\",\n \"default\": [\"Content-Type\"],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"default\": true\n },\n \"options_passthrough\": {\n \"type\": \"boolean\",\n \"description\": \"TODO\",\n \"default\": false\n },\n \"max_age\": {\n \"type\": \"integer\",\n \"description\": \"Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.\",\n \"default\": 0,\n \"minimum\": 0\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"description\": \"Adds additional log output to debug server side CORS issues.\",\n \"default\": false\n }\n }\n },\n \"base_url\": {\n \"$ref\": \"#/definitions/baseUrl\"\n },\n \"host\": {\n \"title\": \"Public Host\",\n \"description\": \"The host (interface) kratos' public endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Public Port\",\n \"description\": \"The port kratos' public endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4433],\n \"default\": 4433\n },\n \"socket\": {\n \"$ref\": \"#/definitions/socket\"\n },\n \"tls\": {\n \"$ref\": \"#/definitions/tlsx\"\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"tracing\": {\n \"$ref\": \"ory://tracing-config\"\n },\n \"log\": {\n \"title\": \"Log\",\n \"description\": \"Configure logging using the following options. Logging will always be sent to stdout and stderr.\",\n \"type\": \"object\",\n \"properties\": {\n \"level\": {\n \"description\": \"Debug enables stack traces on errors. Can also be set using environment variable LOG_LEVEL.\",\n \"type\": \"string\",\n \"default\": \"info\",\n \"enum\": [\n \"trace\",\n \"debug\",\n \"info\",\n \"warning\",\n \"error\",\n \"fatal\",\n \"panic\"\n ]\n },\n \"leak_sensitive_values\": {\n \"type\": \"boolean\",\n \"title\": \"Leak Sensitive Log Values\",\n \"description\": \"If set will leak sensitive values (e.g. emails) in the logs.\"\n },\n \"redaction_text\": {\n \"type\": \"string\",\n \"title\": \"Sensitive log value redaction text\",\n \"description\": \"Text to use, when redacting sensitive log value.\"\n },\n \"format\": {\n \"description\": \"The log format can either be text or JSON.\",\n \"type\": \"string\",\n \"enum\": [\"json\", \"text\"]\n }\n },\n \"additionalProperties\": false\n },\n \"identity\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_schema_id\": {\n \"title\": \"The default Identity Schema\",\n \"description\": \"This Identity Schema will be used as the default for self-service flows. Its ID needs to exist in the \\\"schemas\\\" list.\",\n \"type\": \"string\",\n \"default\": \"default\"\n },\n \"schemas\": {\n \"type\": \"array\",\n \"title\": \"All JSON Schemas for Identity Traits\",\n \"description\": \"Note that identities that used the \\\"default_schema_url\\\" field in older kratos versions will be corrupted unless you specify their schema url with the id \\\"default\\\" in this list.\",\n \"examples\": [\n [\n {\n \"id\": \"customer\",\n \"url\": \"base64://ewogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAicHJvcGVydGllcyI6IHsKICAgICJiYXIiOiB7CiAgICAgICJ0eXBlIjogInN0cmluZyIKICAgIH0KICB9LAogICJyZXF1aXJlZCI6IFsKICAgICJiYXIiCiAgXQp9\"\n },\n {\n \"id\": \"employee\",\n \"url\": \"https://foo.bar.com/path/to/employee.traits.schema.json\"\n },\n {\n \"id\": \"employee-v2\",\n \"url\": \"file://path/to/employee.v2.traits.schema.json\"\n }\n ]\n ],\n \"minItems\": 1,\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"title\": \"The schema's ID.\",\n \"type\": \"string\",\n \"examples\": [\"employee\"]\n },\n \"url\": {\n \"type\": \"string\",\n \"title\": \"JSON Schema URL for identity traits schema\",\n \"description\": \"URL for JSON Schema which describes a identity's traits. Can be a file path, a https URL, or a base64 encoded string.\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\",\n \"base64://ewogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAicHJvcGVydGllcyI6IHsKICAgICJiYXIiOiB7CiAgICAgICJ0eXBlIjogInN0cmluZyIKICAgIH0KICB9LAogICJyZXF1aXJlZCI6IFsKICAgICJiYXIiCiAgXQp9\"\n ]\n },\n \"selfservice_selectable\": {\n \"type\": \"boolean\",\n \"title\": \"Is the schema enabled in self-service flows\",\n \"description\": \"If set to true, this schema can be used explicity in self-service flows by setting `identity_schema` query parameter to the schema's ID.\",\n \"default\": false\n }\n },\n \"required\": [\"id\", \"url\"]\n }\n }\n },\n \"required\": [\"schemas\"],\n \"additionalProperties\": false\n },\n \"secrets\": {\n \"type\": \"object\",\n \"properties\": {\n \"default\": {\n \"type\": \"array\",\n \"title\": \"Default Encryption Signing Secrets\",\n \"description\": \"The first secret in the array is used for signing and encrypting things while all other keys are used to verify and decrypt older things that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n },\n \"cookie\": {\n \"type\": \"array\",\n \"title\": \"Signing Keys for Cookies\",\n \"description\": \"The first secret in the array is used for encrypting cookies while all other keys are used to decrypt older cookies that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n },\n \"pagination\": {\n \"type\": \"array\",\n \"title\": \"Secrets to encrypt the pagination token\",\n \"description\": \"To avoid clients reverse-engineering and relying on the implementation details of the pagination token, it is encrypted with these keys\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"minItems\": 1,\n \"examples\": [\n [\n \"secret used for encryption\",\n \"old secret kept for decryption\",\n \"another old secret kept for decryption\"\n ]\n ]\n },\n \"cipher\": {\n \"type\": \"array\",\n \"title\": \"Secrets to use for encryption by cipher\",\n \"description\": \"The first secret in the array is used for encryption data while all other keys are used to decrypt older data that were signed with.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 32,\n \"maxLength\": 32\n },\n \"minItems\": 1\n }\n },\n \"additionalProperties\": false\n },\n \"hashers\": {\n \"title\": \"Hashing Algorithm Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"algorithm\": {\n \"title\": \"Password hashing algorithm\",\n \"description\": \"One of the values: argon2, bcrypt.\\nAny other hashes will be migrated to the set algorithm once an identity authenticates using their password.\",\n \"type\": \"string\",\n \"default\": \"bcrypt\",\n \"enum\": [\"argon2\", \"bcrypt\"]\n },\n \"argon2\": {\n \"title\": \"Configuration for the Argon2id hasher.\",\n \"type\": \"object\",\n \"properties\": {\n \"memory\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(B|KB|MB|GB|TB|PB|EB)\",\n \"default\": \"128MB\"\n },\n \"iterations\": {\n \"type\": \"integer\",\n \"minimum\": 1,\n \"default\": 1\n },\n \"parallelism\": {\n \"type\": \"integer\",\n \"minimum\": 1,\n \"description\": \"Number of parallel workers, defaults to 2*runtime.NumCPU().\"\n },\n \"salt_length\": {\n \"type\": \"integer\",\n \"minimum\": 16,\n \"default\": 16\n },\n \"key_length\": {\n \"type\": \"integer\",\n \"minimum\": 16,\n \"default\": 32\n },\n \"expected_duration\": {\n \"description\": \"The time a hashing operation (~login latency) should take.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"500ms\"\n },\n \"expected_deviation\": {\n \"description\": \"The standard deviation expected for hashing operations. If this value is exceeded you will be warned in the logs to adjust the parameters.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"500ms\"\n },\n \"dedicated_memory\": {\n \"description\": \"The memory dedicated for Kratos. As password hashing is very resource intense, Kratos will monitor the memory consumption and warn about high values.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(B|KB|MB|GB|TB|PB|EB)\",\n \"default\": \"1GB\"\n }\n },\n \"additionalProperties\": false\n },\n \"bcrypt\": {\n \"title\": \"Configuration for the Bcrypt hasher. Minimum is 4 when --dev flag is used and 12 otherwise.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"cost\"],\n \"properties\": {\n \"cost\": {\n \"type\": \"integer\",\n \"minimum\": 4,\n \"maximum\": 31,\n \"default\": 12\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"ciphers\": {\n \"title\": \"Cipher Algorithm Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"algorithm\": {\n \"title\": \"ciphering algorithm\",\n \"description\": \"One of the values: noop, aes, xchacha20-poly1305\",\n \"type\": \"string\",\n \"default\": \"noop\",\n \"enum\": [\"noop\", \"aes\", \"xchacha20-poly1305\"]\n }\n }\n },\n \"cookies\": {\n \"type\": \"object\",\n \"title\": \"HTTP Cookie Configuration\",\n \"description\": \"Configure the HTTP Cookies. Applies to both CSRF and session cookies.\",\n \"properties\": {\n \"domain\": {\n \"title\": \"HTTP Cookie Domain\",\n \"description\": \"Sets the cookie domain for session and CSRF cookies. Useful when dealing with subdomains. Use with care!\",\n \"type\": \"string\"\n },\n \"path\": {\n \"title\": \"HTTP Cookie Path\",\n \"description\": \"Sets the session and CSRF cookie path. Use with care!\",\n \"type\": \"string\",\n \"default\": \"/\"\n },\n \"secure\": {\n \"title\": \"Session Cookie Secure Flag\",\n \"description\": \"Sets the session secure flag. If unset, defaults to !dev mode.\",\n \"type\": \"string\"\n },\n \"same_site\": {\n \"title\": \"HTTP Cookie Same Site Configuration\",\n \"description\": \"Sets the session and CSRF cookie SameSite.\",\n \"type\": \"string\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"],\n \"default\": \"Lax\"\n }\n },\n \"additionalProperties\": false\n },\n \"session\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"whoami\": {\n \"title\": \"WhoAmI / ToSession Settings\",\n \"description\": \"Control how the `/sessions/whoami` endpoint is behaving.\",\n \"type\": \"object\",\n \"properties\": {\n \"required_aal\": {\n \"$ref\": \"#/definitions/featureRequiredAal\"\n },\n \"tokenizer\": {\n \"title\": \"Tokenizer configuration\",\n \"description\": \"Configure the tokenizer, responsible for converting a session into a token format such as JWT.\",\n \"type\": \"object\",\n \"properties\": {\n \"templates\": {\n \"title\": \"Tokenizer templates\",\n \"description\": \"A list of different templates that govern how a session is converted to a token format.\",\n \"type\": \"object\",\n \"patternProperties\": {\n \"[a-zA-Z0-9-_.]+\": {\n \"type\": \"object\",\n \"required\": [\"jwks_url\"],\n \"properties\": {\n \"ttl\": {\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"1m\",\n \"title\": \"Token time to live\"\n },\n \"claims_mapper_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"title\": \"Jsonnet mapper URL\"\n },\n \"jwks_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"title\": \"JSON Web Key Set URL\"\n },\n \"subject_source\": {\n \"type\": \"string\",\n \"title\": \"Subject source\",\n \"description\": \"The source of the subject claim in the token. Can be one of: `id`, or `external_id`.\",\n \"enum\": [\"id\", \"external_id\"],\n \"default\": \"id\"\n }\n }\n }\n }\n }\n }\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Session Lifespan\",\n \"description\": \"Defines how long a session is active. Once that lifespan has been reached, the user needs to sign in again.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"default\": \"24h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"cookie\": {\n \"type\": \"object\",\n \"properties\": {\n \"domain\": {\n \"title\": \"Session Cookie Domain\",\n \"description\": \"Sets the session cookie domain. Useful when dealing with subdomains. Use with care! Overrides `cookies.domain`.\",\n \"type\": \"string\"\n },\n \"name\": {\n \"title\": \"Session Cookie Name\",\n \"description\": \"Sets the session cookie name. Use with care!\",\n \"type\": \"string\",\n \"default\": \"ory_kratos_session\"\n },\n \"persistent\": {\n \"title\": \"Make Session Cookie Persistent\",\n \"description\": \"If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4). This option affects the Ory OAuth2 and OpenID Provider's remember feature as well.\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"path\": {\n \"title\": \"Session Cookie Path\",\n \"description\": \"Sets the session cookie path. Use with care! Overrides `cookies.path`.\",\n \"type\": \"string\"\n },\n \"secure\": {\n \"title\": \"Session Cookie Secure Flag\",\n \"description\": \"Sets the session secure flag. If unset, defaults to !dev mode.\",\n \"type\": \"string\"\n },\n \"same_site\": {\n \"title\": \"Session Cookie SameSite Configuration\",\n \"description\": \"Sets the session cookie SameSite. Overrides `cookies.same_site`.\",\n \"type\": \"string\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"]\n }\n },\n \"additionalProperties\": false\n },\n \"earliest_possible_extend\": {\n \"title\": \"Earliest Possible Session Extension\",\n \"description\": \"Sets when a session can be extended. Settings this value to `24h` will prevent the session from being extended before until 24 hours before it expires. This setting prevents excessive writes to the database. We highly recommend setting this value.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"security\": {\n \"type\": \"object\",\n \"properties\": {\n \"account_enumeration\": {\n \"type\": \"object\",\n \"properties\": {\n \"mitigate\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"Mitigate account enumeration by making it harder to figure out if an identifier (email, phone number) exists or not. Enabling this setting degrades user experience. This setting does not mitigate all possible attack vectors yet.\"\n }\n }\n }\n }\n },\n \"version\": {\n \"title\": \"The kratos version this config is written for.\",\n \"description\": \"SemVer according to https://semver.org/ prefixed with `v` as in our releases.\",\n \"type\": \"string\",\n \"pattern\": \"^(v(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)(?:-((?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\\\.(?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\\+([0-9a-zA-Z-]+(?:\\\\.[0-9a-zA-Z-]+)*))?)|$\",\n \"examples\": [\"v0.5.0-alpha.1\"]\n },\n \"dev\": {\n \"type\": \"boolean\"\n },\n \"help\": {\n \"type\": \"boolean\"\n },\n \"sqa-opt-out\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"This is a CLI flag and environment variable and can not be set using the config file.\"\n },\n \"watch-courier\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"description\": \"This is a CLI flag and environment variable and can not be set using the config file.\"\n },\n \"expose-metrics-port\": {\n \"title\": \"Metrics port\",\n \"description\": \"The port the courier's metrics endpoint listens on (0/disabled by default). This is a CLI flag and environment variable and can not be set using the config file.\",\n \"type\": \"integer\",\n \"minimum\": 0,\n \"maximum\": 65535,\n \"examples\": [4434],\n \"default\": 0\n },\n \"config\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"This is a CLI flag and environment variable and can not be set using the config file.\"\n },\n \"clients\": {\n \"title\": \"Global outgoing network settings\",\n \"description\": \"Configure how outgoing network calls behave.\",\n \"type\": \"object\",\n \"properties\": {\n \"http\": {\n \"title\": \"Global HTTP client configuration\",\n \"description\": \"Configure how outgoing HTTP calls behave.\",\n \"type\": \"object\",\n \"properties\": {\n \"disallow_private_ip_ranges\": {\n \"title\": \"Disallow private IP ranges\",\n \"description\": \"Disallow all outgoing HTTP calls to private IP ranges. This feature can help protect against SSRF attacks.\",\n \"type\": \"boolean\",\n \"default\": false\n },\n \"private_ip_exception_urls\": {\n \"title\": \"Add exempt URLs to private IP ranges\",\n \"description\": \"Allows the given URLs to be called despite them being in the private IP range. URLs need to have an exact and case-sensitive match to be excempt.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri-reference\"\n },\n \"default\": []\n }\n }\n },\n \"web_hook\": {\n \"title\": \"Global web_hook HTTP client configuration\",\n \"description\": \"Configure the global HTTP client of the web_hook action.\",\n \"type\": \"object\",\n \"properties\": {\n \"header_allowlist\": {\n \"title\": \"Allowed request headers\",\n \"description\": \"List of request headers that are forwarded to the web hook target in canonical form.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"default\": [\n \"Accept\",\n \"Accept-Encoding\",\n \"Accept-Language\",\n \"Content-Length\",\n \"Content-Type\",\n \"Origin\",\n \"Priority\",\n \"Referer\",\n \"Sec-Ch-Ua\",\n \"Sec-Ch-Ua-Mobile\",\n \"Sec-Ch-Ua-Platform\",\n \"Sec-Fetch-Dest\",\n \"Sec-Fetch-Mode\",\n \"Sec-Fetch-Site\",\n \"Sec-Fetch-User\",\n \"True-Client-Ip\",\n \"User-Agent\"\n ]\n }\n }\n }\n }\n },\n \"feature_flags\": {\n \"title\": \"Feature flags\",\n \"properties\": {\n \"cacheable_sessions\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Ory Sessions caching\",\n \"description\": \"If enabled allows Ory Sessions to be cached. Only effective in the Ory Network.\",\n \"default\": false\n },\n \"cacheable_sessions_max_age\": {\n \"title\": \"Set Ory Session Edge Caching maximum age\",\n \"description\": \"Set how long Ory Sessions are cached on the edge. If unset, the session expiry will be used. Only effective in the Ory Network.\",\n \"type\": \"string\",\n \"pattern\": \"^([0-9]+(ns|us|ms|s|m|h))+$\"\n },\n \"use_continue_with_transitions\": {\n \"type\": \"boolean\",\n \"title\": \"Enable new flow transitions using `continue_with` items\",\n \"description\": \"If enabled allows new flow transitions using `continue_with` items.\",\n \"default\": false\n },\n \"choose_recovery_address\": {\n \"type\": \"boolean\",\n \"title\": \"Enable new recovery screens to pick which address to send a recovery code/link to\",\n \"description\": \"If enabled, enable new recovery screens to pick which address to send a recovery code to, and can send a code via SMS. It is safe to toggle it back and forth, existing recovery flows will be handled with their respective logic. That is because it is decided at creation time whether a recovery flow is V1 or V2 and this cannot be changed afterwards. Thus, if a recovery flow is created with this flag enabled, it will be created as a recovery v2 flow. If this flag is disabled while this flow is still active, this flow will still be handled with the correct logic (v2).\",\n \"default\": false\n },\n \"legacy_continue_with_verification_ui\": {\n \"type\": \"boolean\",\n \"title\": \"Always include show_verification_ui in continue_with\",\n \"description\": \"If true, restores the legacy behavior of always including `show_verification_ui` in the registration flow's `continue_with` when verification is enabled. If set to false, `show_verification_ui` is only set in `continue_with` if the `show_verification_ui` hook is used. This flag will be removed in the future.\",\n \"deprecationMessage\": \"This behavior is deprecated and will be removed in the future. Use the `show_verification_hook` in the post-registration hook instead.\",\n \"default\": false\n },\n \"legacy_require_verified_login_error\": {\n \"type\": \"boolean\",\n \"title\": \"Return a form error if the login identifier is not verified\",\n \"description\": \"If true, the login flow will return a form error if the login identifier is not verified, which restores legacy behavior. If this value is false, the `continue_with` array will contain a `show_verification_ui` hook instead.\",\n \"deprecationMessage\": \"This behavior is deprecated and will be removed in the future. Please upgrade your SDKs.\",\n \"default\": false\n },\n \"faster_session_extend\": {\n \"type\": \"boolean\",\n \"title\": \"Enable faster session extension\",\n \"description\": \"If enabled allows faster session extension by skipping the session lookup. Disabling this feature will be deprecated in the future.\",\n \"default\": false\n },\n \"password_profile_registration_node_group\": {\n \"title\": \"Registration node group\",\n \"description\": \"The node group to use for registration flows. Previously, the node group for the password method's profile fields was `password`. Going forward, it will be `default`. This switch can toggle between those two for backwards compatibility.\",\n \"enum\": [\"password\", \"default\"],\n \"default\": \"default\"\n },\n \"legacy_oidc_registration_node_group\": {\n \"title\": \"Registration node group for OIDC\",\n \"description\": \"The node group to use for registration flows. Previously, the node group for the oidc method's profile fields was `oidc`. Going forward, it will be `default`. This switch can toggle between those two for backwards compatibility and will be removed in the future.\",\n \"default\": false,\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"organizations\": {\n \"title\": \"Organizations\",\n \"description\": \"Please use selfservice.methods.b2b instead. This key will be removed. Only effective in the Ory Network.\",\n \"type\": \"array\",\n \"default\": []\n },\n \"enterprise\": {\n \"title\": \"Enterprise features\",\n \"description\": \"Specifies enterprise features. Only effective in the Ory Network or with a valid license.\",\n \"type\": \"object\",\n \"properties\": {\n \"identity_schema_fallback_url_template\": {\n \"type\": \"string\",\n \"title\": \"Fallback URL template for identity schemas\",\n \"description\": \"A fallback URL template used when looking up identity schemas.\"\n }\n },\n \"additionalProperties\": false\n },\n \"revision\": {\n \"title\": \"Config revision\",\n \"description\": \"Set a recognizable revision. This could be the commit time or a random value. This value is exposed at the `/health/config` endpoint and allows you to ensure that the correct config is loaded.\",\n \"type\": \"string\"\n }\n },\n \"allOf\": [\n {\n \"if\": {\n \"properties\": {\n \"selfservice\": {\n \"properties\": {\n \"flows\": {\n \"oneOf\": [\n {\n \"properties\": {\n \"verification\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"verification\"]\n },\n {\n \"properties\": {\n \"recovery\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"recovery\"]\n }\n ]\n }\n },\n \"required\": [\"flows\"]\n }\n },\n \"required\": [\"selfservice\"]\n },\n \"then\": {\n \"required\": [\"courier\"]\n }\n },\n {\n \"if\": {\n \"properties\": {\n \"ciphers\": {\n \"properties\": {\n \"algorithm\": {\n \"oneOf\": [\n {\n \"const\": \"aes\"\n },\n {\n \"const\": \"xchacha20-poly1305\"\n }\n ]\n }\n },\n \"required\": [\"algorithm\"]\n }\n },\n \"required\": [\"ciphers\"]\n },\n \"then\": {\n \"required\": [\"secrets\"],\n \"properties\": {\n \"secrets\": {\n \"required\": [\"cipher\"]\n }\n }\n }\n }\n ],\n \"required\": [\"identity\", \"dsn\", \"selfservice\"],\n \"additionalProperties\": false\n}\n" }, { "path": "embedx/embedx.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage embedx\n\nimport (\n\t\"bytes\"\n\t_ \"embed\"\n\t\"io\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/otelx\"\n)\n\n//go:embed config.schema.json\nvar ConfigSchema []byte\n\n//go:embed identity_meta.schema.json\nvar IdentityMetaSchema []byte\n\n//go:embed identity_extension.schema.json\nvar IdentityExtensionSchema []byte\n\ntype SchemaType int\n\nconst (\n\tConfig SchemaType = iota + 1\n\tIdentityMeta\n\tIdentityExtension\n)\n\ntype Schema struct {\n\tid string\n\tdata []byte\n\tdependencies []*Schema\n}\n\nvar (\n\tidentityExt = &Schema{\n\t\tid: gjson.GetBytes(IdentityExtensionSchema, \"$id\").Str,\n\t\tdata: IdentityExtensionSchema,\n\t\tdependencies: nil,\n\t}\n\n\tschemas = map[SchemaType]*Schema{\n\t\tConfig: {\n\t\t\tid: gjson.GetBytes(ConfigSchema, \"$id\").Str,\n\t\t\tdata: ConfigSchema,\n\t\t\tdependencies: nil,\n\t\t},\n\t\tIdentityMeta: {\n\t\t\tid: gjson.GetBytes(IdentityMetaSchema, \"$id\").Str,\n\t\t\tdata: IdentityMetaSchema,\n\t\t\tdependencies: []*Schema{\n\t\t\t\tidentityExt,\n\t\t\t},\n\t\t},\n\t\tIdentityExtension: identityExt,\n\t}\n)\n\nfunc getSchema(schema SchemaType) (*Schema, error) {\n\tif val, ok := schemas[schema]; ok {\n\t\treturn val, nil\n\t}\n\treturn nil, errors.Errorf(\"the specified schema type (%d) is not supported\", int(schema))\n}\n\nfunc (s SchemaType) GetSchemaID() string {\n\treturn schemas[s].id\n}\n\n// AddSchemaResources adds the specified schemas including their dependencies to the compiler.\n// The interface is specified instead of `jsonschema.Compiler` to allow the use of any jsonschema library fork or version.\nfunc AddSchemaResources(c interface {\n\tAddResource(url string, r io.Reader) error\n}, opts ...SchemaType) error {\n\tvar sc []*Schema\n\n\tfor _, o := range opts {\n\t\ts, err := getSchema(o)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsc = append(sc, s)\n\t}\n\n\tif err := addSchemaResources(c, sc); err != nil {\n\t\treturn err\n\t}\n\n\tif err := otelx.AddConfigSchema(c); err != nil {\n\t\treturn err\n\t}\n\n\treturn configx.AddSchemaResources(c)\n}\n\nfunc addSchemaResources(c interface {\n\tAddResource(url string, r io.Reader) error\n}, schemas []*Schema) error {\n\tfor _, s := range schemas {\n\t\tif err := c.AddResource(s.id, bytes.NewReader(s.data)); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tif s.dependencies != nil {\n\t\t\tif err := addSchemaResources(c, s.dependencies); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t}\n\treturn nil\n}\n" }, { "path": "embedx/embedx_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage embedx\n\nimport (\n\t\"context\"\n\t\"embed\"\n\t\"io/fs\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/ory/jsonschema/v3\"\n)\n\nfunc TestAddSchemaResources(t *testing.T) {\n\tfor _, tc := range []struct {\n\t\tdescription string\n\t\tdependencies []SchemaType\n\t\textraDependencies []SchemaType\n\t\tmustFail bool\n\t\tfailMessage string\n\t}{\n\t\t{\n\t\t\tdescription: \"config schema\",\n\t\t\tdependencies: []SchemaType{Config},\n\t\t\textraDependencies: nil,\n\t\t},\n\t\t{\n\t\t\tdescription: \"identity schema with dependencies\",\n\t\t\tdependencies: []SchemaType{IdentityMeta},\n\t\t\textraDependencies: []SchemaType{IdentityExtension},\n\t\t},\n\t\t{\n\t\t\tdescription: \"multiple schemas\",\n\t\t\tdependencies: []SchemaType{Config, IdentityMeta, IdentityExtension},\n\t\t\textraDependencies: nil,\n\t\t},\n\t\t{\n\t\t\tdescription: \"verify dependencies are also loaded\",\n\t\t\tdependencies: []SchemaType{IdentityMeta},\n\t\t\textraDependencies: []SchemaType{IdentityExtension},\n\t\t},\n\t\t{\n\t\t\tdescription: \"must fail on unsupported schema types\",\n\t\t\tdependencies: []SchemaType{4, 10},\n\t\t\tmustFail: true,\n\t\t\tfailMessage: \"the specified schema type (4) is not supported\",\n\t\t},\n\t} {\n\t\tt.Run(\"case=\"+tc.description, func(t *testing.T) {\n\t\t\tc := jsonschema.NewCompiler()\n\t\t\terr := AddSchemaResources(c, tc.dependencies...)\n\n\t\t\tif tc.mustFail {\n\t\t\t\tassert.Errorf(t, err, \"an error must be thrown on `%s`\", tc.description)\n\t\t\t\tassert.EqualError(t, err, tc.failMessage)\n\t\t\t} else {\n\t\t\t\tassert.NoError(t, err)\n\t\t\t}\n\n\t\t\tif !tc.mustFail {\n\t\t\t\tfor _, s := range append(tc.dependencies, tc.extraDependencies...) {\n\t\t\t\t\t_, err := c.Compile(context.Background(), s.GetSchemaID())\n\t\t\t\t\tassert.NoError(t, err)\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t}\n}\n\n//go:embed testdata/identity_meta.*\nvar identityMetaTestCases embed.FS\n\nfunc TestIdentityMetaSchema(t *testing.T) {\n\tc := jsonschema.NewCompiler()\n\terr := AddSchemaResources(c, IdentityMeta, IdentityExtension)\n\trequire.NoError(t, err)\n\n\tschema, err := c.Compile(context.Background(), IdentityMeta.GetSchemaID())\n\trequire.NoError(t, err)\n\n\trequire.NoError(t, fs.WalkDir(identityMetaTestCases, \".\", func(path string, d fs.DirEntry, err error) error {\n\t\tif d.IsDir() {\n\t\t\treturn nil\n\t\t}\n\n\t\tt.Run(\"case=\"+path, func(t *testing.T) {\n\t\t\tf, err := identityMetaTestCases.Open(path)\n\t\t\trequire.NoError(t, err)\n\n\t\t\terr = schema.Validate(f)\n\t\t\tif strings.HasSuffix(path, \"invalid.schema.json\") {\n\t\t\t\tassert.Error(t, err)\n\t\t\t} else {\n\t\t\t\tassert.NoError(t, err)\n\t\t\t}\n\t\t})\n\n\t\treturn nil\n\t}))\n}\n" }, { "path": "embedx/identity_extension.schema.json", "content": "{\n \"$id\": \"ory://identity-extension\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"allOf\": [\n {\n \"properties\": {\n \"ory.sh/kratos\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"credentials\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"password\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"identifier\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"webauthn\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"identifier\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"passkey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"display_name\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"totp\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"account_name\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"code\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"identifier\": {\n \"type\": \"boolean\"\n },\n \"via\": {\n \"type\": \"string\",\n \"enum\": [\"email\", \"sms\"]\n }\n }\n }\n }\n },\n \"verification\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"via\": {\n \"type\": \"string\",\n \"enum\": [\"email\", \"sms\"]\n }\n }\n },\n \"recovery\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"via\": {\n \"type\": \"string\",\n \"enum\": [\"email\", \"sms\"]\n }\n }\n },\n \"organizations\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"matcher\": {\n \"type\": \"string\",\n \"enum\": [\"email_domain\"]\n }\n }\n }\n }\n }\n }\n },\n {\n \"patternProperties\": {\n \".*\": {\n \"$ref\": \"#\"\n }\n }\n }\n ]\n}\n" }, { "path": "embedx/identity_meta.schema.json", "content": "{\n \"$id\": \"ory://identity-meta\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"type\": \"object\",\n \"allOf\": [\n {\n \"$ref\": \"http://json-schema.org/draft-07/schema#\"\n },\n {\n \"properties\": {\n \"properties\": {\n \"type\": \"object\",\n \"required\": [\"traits\"],\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"required\": [\"properties\"],\n \"properties\": {\n \"type\": {\n \"const\": \"object\"\n },\n \"properties\": {\n \"type\": \"object\",\n \"minProperties\": 1,\n \"patternProperties\": {\n \".*\": {\n \"type\": \"object\",\n \"if\": {\n \"properties\": {\n \"ory.sh/kratos\": {\n \"type\": \"object\",\n \"properties\": {\n \"verification\": {}\n },\n \"required\": [\"verification\"]\n }\n },\n \"required\": [\"ory.sh/kratos\"]\n },\n \"then\": {\n \"properties\": {\n \"format\": {\n \"enum\": [\n \"email\",\n \"tel\",\n \"date\",\n \"time\",\n \"date-time\",\n \"no-validate\"\n ]\n }\n }\n },\n \"allOf\": [\n {\n \"$ref\": \"ory://identity-extension\"\n }\n ]\n }\n }\n }\n }\n }\n }\n }\n },\n \"required\": [\"properties\"]\n }\n ]\n}\n" }, { "path": "embedx/testdata/identity_meta.no_traits.invalid.schema.json", "content": "{}\n" }, { "path": "embedx/testdata/identity_meta.simple.valid.schema.json", "content": "{\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "embedx/testdata/identity_meta.verification_format.invalid.schema.json", "content": "{\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"unknown\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "examples/go/identity/create/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\tory \"github.com/ory/client-go\"\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\t\"github.com/ory/kratos/x\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc createIdentity() *ory.Identity {\n\tctx := context.Background()\n\n\tidentity, res, err := client.IdentityAPI.CreateIdentity(ctx).\n\t\tCreateIdentityBody(ory.CreateIdentityBody{\n\t\t\tSchemaId: \"default\",\n\t\t\tTraits: map[string]interface{}{\n\t\t\t\t\"email\": \"dev+\" + x.NewUUID().String() + \"@ory.sh\",\n\t\t\t},\n\t\t}).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn identity\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(createIdentity())\n}\n" }, { "path": "examples/go/identity/create/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tclient = pkg.TestClient(t)\n\trequire.NotEmpty(t, createIdentity().Id)\n}\n" }, { "path": "examples/go/identity/delete/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc deleteIdentity() {\n\tctx := context.Background()\n\n\tidentity := pkg.CreateIdentity(client)\n\n\tres, err := client.IdentityAPI.DeleteIdentity(ctx, identity.Id).Execute()\n\tpkg.SDKExitOnError(err, res)\n}\n\nfunc main() {\n\tdeleteIdentity()\n\tfmt.Println(\"Success\")\n}\n" }, { "path": "examples/go/identity/delete/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\tdeleteIdentity()\n}\n" }, { "path": "examples/go/identity/get/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\tory \"github.com/ory/client-go\"\n\t\"github.com/ory/kratos/examples/go/pkg\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc getIdentity() *ory.Identity {\n\tctx := context.Background()\n\tcreated := pkg.CreateIdentity(client)\n\n\tidentity, res, err := client.IdentityAPI.GetIdentity(ctx, created.Id).IncludeCredential([]string{\"password\"}).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn identity\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(getIdentity())\n}\n" }, { "path": "examples/go/identity/get/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tclient = pkg.TestClient(t)\n\trequire.NotEmpty(t, getIdentity().Id)\n}\n" }, { "path": "examples/go/identity/update/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\tory \"github.com/ory/client-go\"\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\t\"github.com/ory/kratos/x\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc updateIdentity() *ory.Identity {\n\tctx := context.Background()\n\ttoUpdate := pkg.CreateIdentity(client)\n\n\tidentity, res, err := client.IdentityAPI.UpdateIdentity(ctx, toUpdate.Id).UpdateIdentityBody(ory.UpdateIdentityBody{\n\t\tTraits: map[string]interface{}{\n\t\t\t\"email\": \"dev+not-\" + x.NewUUID().String() + \"@ory.sh\",\n\t\t},\n\t}).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn identity\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(updateIdentity())\n}\n" }, { "path": "examples/go/identity/update/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\tidentity := updateIdentity()\n\trequire.NotEmpty(t, identity.Id)\n\tassert.Contains(t, identity.Traits.(map[string]interface{})[\"email\"].(string), \"dev+not\")\n}\n" }, { "path": "examples/go/pkg/common.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pkg\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/http/cookiejar\"\n\t\"os\"\n\t\"testing\"\n\n\tory \"github.com/ory/client-go\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/kratos/x\"\n)\n\nfunc PrintJSONPretty(v interface{}) {\n\tout, _ := json.MarshalIndent(v, \"\", \" \")\n\tfmt.Println(string(out))\n}\n\nfunc TestClient(t *testing.T) *ory.APIClient {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\treturn NewSDKForSelfHosted(publicURL)\n}\n\nfunc NewSDK(project string) *ory.APIClient {\n\treturn NewSDKForSelfHosted(fmt.Sprintf(\"https://%s.projects.oryapis.com/api/kratos/public\", project))\n}\n\nfunc NewSDKForSelfHosted(endpoint string) *ory.APIClient {\n\tconf := ory.NewConfiguration()\n\tconf.Servers = ory.ServerConfigurations{{URL: endpoint}}\n\tcj, _ := cookiejar.New(nil)\n\tconf.HTTPClient = &http.Client{Jar: cj}\n\treturn ory.NewAPIClient(conf)\n}\n\nfunc ExitOnError(err error) {\n\tif err == nil {\n\t\treturn\n\t}\n\tout, _ := json.MarshalIndent(err, \"\", \" \")\n\tfmt.Printf(\"%s\\n\\nAn error occurred: %+v\\n\", out, err)\n\tos.Exit(1)\n}\n\nfunc SDKExitOnError(err error, res *http.Response) {\n\tif err == nil {\n\t\treturn\n\t}\n\tvar body []byte\n\tif res != nil {\n\t\tbody, _ = json.MarshalIndent(json.RawMessage(x.MustReadAll(res.Body)), \"\", \" \")\n\t}\n\tout, _ := json.MarshalIndent(err, \"\", \" \")\n\tfmt.Printf(\"%s\\n\\nAn error occurred: %+v\\nbody: %s\\n\", out, err, body)\n\tos.Exit(1)\n}\n" }, { "path": "examples/go/pkg/resources.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pkg\n\nimport (\n\t\"context\"\n\t\"log\"\n\t\"strings\"\n\n\t\"github.com/gofrs/uuid\"\n\n\tory \"github.com/ory/client-go\"\n)\n\nfunc RandomCredentials() (email, password string) {\n\temail = \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\tpassword = strings.ReplaceAll(uuid.Must(uuid.NewV4()).String(), \"-\", \"\")\n\treturn\n}\n\n// CreateIdentityWithSession creates an identity and an Ory Session Token for it.\nfunc CreateIdentityWithSession(c *ory.APIClient, email, password string) (*ory.Session, string) {\n\tctx := context.Background()\n\n\tif email == \"\" {\n\t\temail, _ = RandomCredentials()\n\t}\n\n\tif password == \"\" {\n\t\t_, password = RandomCredentials()\n\t}\n\n\t// Initialize a registration flow\n\tflow, _, err := c.FrontendAPI.CreateNativeRegistrationFlow(ctx).Execute()\n\tExitOnError(err)\n\n\t// Submit the registration flow\n\tresult, res, err := c.FrontendAPI.UpdateRegistrationFlow(ctx).Flow(flow.Id).UpdateRegistrationFlowBody(\n\t\tory.UpdateRegistrationFlowWithPasswordMethodAsUpdateRegistrationFlowBody(&ory.UpdateRegistrationFlowWithPasswordMethod{\n\t\t\tMethod: \"password\",\n\t\t\tPassword: password,\n\t\t\tTraits: map[string]interface{}{\"email\": email},\n\t\t}),\n\t).Execute()\n\tSDKExitOnError(err, res)\n\n\tif result.Session == nil {\n\t\tlog.Fatalf(\"The server is expected to create sessions for new registrations.\")\n\t}\n\n\treturn result.Session, *result.SessionToken\n}\n\nfunc CreateIdentity(c *ory.APIClient) *ory.Identity {\n\tctx := context.Background()\n\n\temail, _ := RandomCredentials()\n\tidentity, _, err := c.IdentityAPI.CreateIdentity(ctx).CreateIdentityBody(ory.CreateIdentityBody{\n\t\tSchemaId: \"default\",\n\t\tTraits: map[string]interface{}{\n\t\t\t\"email\": email,\n\t\t}}).Execute()\n\tExitOnError(err)\n\treturn identity\n}\n" }, { "path": "examples/go/pkg/stub/identity.schema.json", "content": "{\n \"$id\": \"identity.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n },\n \"required\": [\n \"email\"\n ],\n \"additionalProperties\": false\n }\n }\n}\n" }, { "path": "examples/go/pkg/stub/kratos.yaml", "content": "version: v0.6.3-alpha.1\n\ndsn: memory\n\nserve:\n public:\n cors:\n enabled: true\n\nselfservice:\n default_browser_return_url: http://127.0.0.1:4455/\n allowed_return_urls:\n - http://127.0.0.1:4455\n\n methods:\n password:\n enabled: true\n link:\n enabled: true\n\n flows:\n error:\n ui_url: http://127.0.0.1:4455/error\n\n settings:\n ui_url: http://127.0.0.1:4455/settings\n privileged_session_max_age: 15m\n\n recovery:\n enabled: true\n ui_url: http://127.0.0.1:4455/recovery\n use: link\n\n verification:\n enabled: true\n ui_url: http://127.0.0.1:4455/verify\n use: link\n after:\n default_browser_return_url: http://127.0.0.1:4455/\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/auth/login\n\n login:\n ui_url: http://127.0.0.1:4455/auth/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://127.0.0.1:4455/auth/registration\n after:\n password:\n hooks:\n - hook: session\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n cipher:\n - 32-LONG-SECRET-NOT-SECURE-AT-ALL\n\nciphers:\n algorithm: xchacha20-poly1305\n\nhashers:\n argon2:\n parallelism: 1\n memory: 128MB\n iterations: 2\n salt_length: 16\n key_length: 16\n\nidentity:\n default_schema_id: default\n schemas:\n - id: default\n url: file://../../pkg/stub/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "examples/go/selfservice/error/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc getError() *ory.FlowError {\n\te, res, err := client.FrontendAPI.GetFlowError(context.Background()).Id(\"stub:500\").Execute()\n\tpkg.SDKExitOnError(err, res)\n\treturn e\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(\n\t\tgetError(),\n\t)\n}\n" }, { "path": "examples/go/selfservice/error/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestError(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\te := getError()\n\trequire.NotEmpty(t, e.Id)\n}\n" }, { "path": "examples/go/selfservice/login/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc performLogin() *ory.SuccessfulNativeLogin {\n\tctx := context.Background()\n\n\t// Create a temporary user\n\temail, password := pkg.RandomCredentials()\n\t_, _ = pkg.CreateIdentityWithSession(client, email, password)\n\n\t// Initialize the flow\n\tflow, res, err := client.FrontendAPI.CreateNativeLoginFlow(ctx).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\t// If you want, print the flow here:\n\t//\n\t//\tpkg.PrintJSONPretty(flow)\n\n\t// Submit the form\n\tresult, res, err := client.FrontendAPI.UpdateLoginFlow(ctx).Flow(flow.Id).UpdateLoginFlowBody(\n\t\tory.UpdateLoginFlowWithPasswordMethodAsUpdateLoginFlowBody(&ory.UpdateLoginFlowWithPasswordMethod{\n\t\t\tMethod: \"password\",\n\t\t\tPassword: password,\n\t\t\tPasswordIdentifier: &email,\n\t\t}),\n\t).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn result\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(\n\t\tperformLogin(),\n\t)\n}\n" }, { "path": "examples/go/selfservice/login/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\tresult := performLogin()\n\trequire.NotEmpty(t, result.Session)\n}\n" }, { "path": "examples/go/selfservice/logout/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc performLogout() {\n\t// Create a temporary user\n\temail, password := pkg.RandomCredentials()\n\t_, sessionToken := pkg.CreateIdentityWithSession(client, email, password)\n\n\t// Log out using session token\n\tres, err := client.FrontendAPI.PerformNativeLogout(context.Background()).\n\t\tPerformNativeLogoutBody(ory.PerformNativeLogoutBody{SessionToken: sessionToken}).Execute()\n\tpkg.SDKExitOnError(err, res)\n}\n\nfunc main() {\n\tperformLogout()\n\tfmt.Println(\"Logout successful!\")\n}\n" }, { "path": "examples/go/selfservice/logout/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\tperformLogout()\n}\n" }, { "path": "examples/go/selfservice/recovery/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc performRecovery(email string) *ory.RecoveryFlow {\n\tctx := context.Background()\n\n\t// Initialize the flow\n\tflow, res, err := client.FrontendAPI.CreateNativeRecoveryFlow(ctx).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\t// If you want, print the flow here:\n\t//\n\t//\tpkg.PrintJSONPretty(flow)\n\n\t// Submit the form\n\tafterSubmit, res, err := client.FrontendAPI.UpdateRecoveryFlow(ctx).Flow(flow.Id).\n\t\tUpdateRecoveryFlowBody(ory.UpdateRecoveryFlowWithLinkMethodAsUpdateRecoveryFlowBody(&ory.UpdateRecoveryFlowWithLinkMethod{\n\t\t\tEmail: email,\n\t\t\tMethod: \"link\",\n\t\t})).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn afterSubmit\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(\n\t\tperformRecovery(\"someone@foobar.com\"),\n\t)\n}\n" }, { "path": "examples/go/selfservice/recovery/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\tory \"github.com/ory/kratos/pkg/httpclient\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\tflow := performRecovery(\"dev+\" + uuid.Must(uuid.NewV4()).String() + \"@ory.sh\")\n\trequire.NotEmpty(t, flow.Id)\n\tassert.EqualValues(t, ory.RECOVERYFLOWSTATE_SENT_EMAIL, flow.State)\n}\n" }, { "path": "examples/go/selfservice/registration/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc initRegistration() *ory.SuccessfulNativeRegistration {\n\tctx := context.Background()\n\n\t// Initialize the flow\n\tflow, res, err := client.FrontendAPI.CreateNativeRegistrationFlow(ctx).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\t// If you want, print the flow here:\n\t//\n\t//\tpkg.PrintJSONPretty(flow)\n\n\temail, password := pkg.RandomCredentials()\n\n\t// Submit the registration flow\n\tresult, res, err := client.FrontendAPI.UpdateRegistrationFlow(ctx).Flow(flow.Id).UpdateRegistrationFlowBody(\n\t\tory.UpdateRegistrationFlowWithPasswordMethodAsUpdateRegistrationFlowBody(&ory.UpdateRegistrationFlowWithPasswordMethod{\n\t\t\tMethod: \"password\",\n\t\t\tPassword: password,\n\t\t\tTraits: map[string]interface{}{\"email\": email},\n\t\t}),\n\t).Execute()\n\tpkg.SDKExitOnError(err, res)\n\treturn result\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(\n\t\tinitRegistration(),\n\t)\n}\n" }, { "path": "examples/go/selfservice/registration/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\tresult := initRegistration()\n\trequire.NotEmpty(t, result.Identity.Id)\n}\n" }, { "path": "examples/go/selfservice/settings/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nvar ctx = context.Background()\n\nfunc initFlow(email, password string) (string, *ory.SettingsFlow) {\n\t// Create a temporary user\n\t_, sessionToken := pkg.CreateIdentityWithSession(client, email, password)\n\n\tflow, res, err := client.FrontendAPI.CreateNativeSettingsFlow(context.Background()).XSessionToken(sessionToken).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\t// If you want, print the flow here:\n\t//\n\t//\tpkg.PrintJSONPretty(flow)\n\n\treturn sessionToken, flow\n}\n\nfunc changePassword(email, password string) *ory.SettingsFlow {\n\tsessionToken, flow := initFlow(email, password)\n\n\t// Submit the form\n\tresult, res, err := client.FrontendAPI.UpdateSettingsFlow(ctx).Flow(flow.Id).XSessionToken(sessionToken).UpdateSettingsFlowBody(\n\t\tory.UpdateSettingsFlowWithPasswordMethodAsUpdateSettingsFlowBody(&ory.UpdateSettingsFlowWithPasswordMethod{\n\t\t\tMethod: \"password\",\n\t\t\tPassword: \"not-\" + password,\n\t\t}),\n\t).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn result\n}\n\nfunc changeTraits(email, password string) *ory.SettingsFlow {\n\tsessionToken, flow := initFlow(email, password)\n\n\t// Submit the form\n\tresult, res, err := client.FrontendAPI.UpdateSettingsFlow(ctx).Flow(flow.Id).XSessionToken(sessionToken).UpdateSettingsFlowBody(\n\t\tory.UpdateSettingsFlowWithProfileMethodAsUpdateSettingsFlowBody(&ory.UpdateSettingsFlowWithProfileMethod{\n\t\t\tMethod: \"profile\",\n\t\t\tTraits: map[string]interface{}{\n\t\t\t\t\"email\": \"not-\" + email,\n\t\t\t},\n\t\t}),\n\t).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn result\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(\n\t\tchangePassword(pkg.RandomCredentials()),\n\t)\n\tpkg.PrintJSONPretty(\n\t\tchangeTraits(pkg.RandomCredentials()),\n\t)\n}\n" }, { "path": "examples/go/selfservice/settings/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\tory \"github.com/ory/kratos/pkg/httpclient\"\n\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestSettings(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\temail, password := pkg.RandomCredentials()\n\tresult := changePassword(email, password)\n\trequire.NotEmpty(t, result.Id)\n\tassert.EqualValues(t, ory.SETTINGSFLOWSTATE_SUCCESS, result.State)\n\n\temail, password = pkg.RandomCredentials()\n\tresult = changeTraits(email, password)\n\trequire.NotEmpty(t, result.Id)\n\tassert.EqualValues(t, ory.SETTINGSFLOWSTATE_SUCCESS, result.State)\n\tassert.Equal(t, \"not-\"+email, result.Identity.Traits.(map[string]interface{})[\"email\"].(string))\n}\n" }, { "path": "examples/go/selfservice/verification/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc performVerification(email string) *ory.VerificationFlow {\n\tctx := context.Background()\n\n\t// Initialize the flow\n\tflow, res, err := client.FrontendAPI.CreateNativeVerificationFlow(ctx).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\t// If you want, print the flow here:\n\t//\n\t//\tpkg.PrintJSONPretty(flow)\n\n\t// Submit the form\n\tafterSubmit, res, err := client.FrontendAPI.UpdateVerificationFlow(ctx).Flow(flow.Id).\n\t\tUpdateVerificationFlowBody(ory.UpdateVerificationFlowWithLinkMethodAsUpdateVerificationFlowBody(&ory.UpdateVerificationFlowWithLinkMethod{\n\t\t\tEmail: email,\n\t\t\tMethod: \"link\",\n\t\t})).Execute()\n\tpkg.SDKExitOnError(err, res)\n\n\treturn afterSubmit\n}\n\nfunc main() {\n\tpkg.PrintJSONPretty(\n\t\tperformVerification(\"someone@foobar.com\"),\n\t)\n}\n" }, { "path": "examples/go/selfservice/verification/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\tory \"github.com/ory/kratos/pkg/httpclient\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\tflow := performVerification(\"dev+\" + uuid.Must(uuid.NewV4()).String() + \"@ory.sh\")\n\trequire.NotEmpty(t, flow.Id)\n\tassert.EqualValues(t, ory.VERIFICATIONFLOWSTATE_SENT_EMAIL, flow.State)\n}\n" }, { "path": "examples/go/session/tosession/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\tory \"github.com/ory/client-go\"\n)\n\n// If you use Open Source this would be:\n//\n// var client = pkg.NewSDKForSelfHosted(\"http://127.0.0.1:4433\")\nvar client = pkg.NewSDK(\"playground\")\n\nfunc toSession() *ory.Session {\n\t// Create a temporary user\n\temail, password := pkg.RandomCredentials()\n\t_, sessionToken := pkg.CreateIdentityWithSession(client, email, password)\n\n\tsession, res, err := client.FrontendAPI.ToSessionExecute(ory.FrontendAPIToSessionRequest{}.\n\t\tXSessionToken(sessionToken))\n\tpkg.SDKExitOnError(err, res)\n\treturn session\n}\n\nfunc main() {\n\tsession := toSession()\n\tpkg.PrintJSONPretty(session)\n}\n" }, { "path": "examples/go/session/tosession/main_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/kratos/examples/go/pkg\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestFunc(t *testing.T) {\n\tpublicURL, _ := testhelpers.StartE2EServer(t, \"../../pkg/stub/kratos.yaml\", nil)\n\tclient = pkg.NewSDKForSelfHosted(publicURL)\n\n\tsession := toSession()\n\trequire.NotEmpty(t, session.Id)\n\tassert.Contains(t, session.Identity.Traits.(map[string]interface{})[\"email\"].(string), \"dev+\")\n}\n" }, { "path": "gen/oidc/v1/state.pb.go", "content": "// Code generated by protoc-gen-go. DO NOT EDIT.\n// versions:\n// \tprotoc-gen-go v1.36.10\n// \tprotoc (unknown)\n// source: oidc/v1/state.proto\n\npackage oidcv1\n\nimport (\n\treflect \"reflect\"\n\tsync \"sync\"\n\tunsafe \"unsafe\"\n\n\tprotoreflect \"google.golang.org/protobuf/reflect/protoreflect\"\n\tprotoimpl \"google.golang.org/protobuf/runtime/protoimpl\"\n)\n\nconst (\n\t// Verify that this generated code is sufficiently up-to-date.\n\t_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)\n\t// Verify that runtime/protoimpl is sufficiently up-to-date.\n\t_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)\n)\n\ntype FlowKind int32\n\nconst (\n\tFlowKind_FLOW_KIND_UNSPECIFIED FlowKind = 0\n\tFlowKind_FLOW_KIND_LOGIN FlowKind = 1\n\tFlowKind_FLOW_KIND_REGISTRATION FlowKind = 2\n\tFlowKind_FLOW_KIND_SETTINGS FlowKind = 3\n)\n\n// Enum value maps for FlowKind.\nvar (\n\tFlowKind_name = map[int32]string{\n\t\t0: \"FLOW_KIND_UNSPECIFIED\",\n\t\t1: \"FLOW_KIND_LOGIN\",\n\t\t2: \"FLOW_KIND_REGISTRATION\",\n\t\t3: \"FLOW_KIND_SETTINGS\",\n\t}\n\tFlowKind_value = map[string]int32{\n\t\t\"FLOW_KIND_UNSPECIFIED\": 0,\n\t\t\"FLOW_KIND_LOGIN\": 1,\n\t\t\"FLOW_KIND_REGISTRATION\": 2,\n\t\t\"FLOW_KIND_SETTINGS\": 3,\n\t}\n)\n\nfunc (x FlowKind) Enum() *FlowKind {\n\tp := new(FlowKind)\n\t*p = x\n\treturn p\n}\n\nfunc (x FlowKind) String() string {\n\treturn protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))\n}\n\nfunc (FlowKind) Descriptor() protoreflect.EnumDescriptor {\n\treturn file_oidc_v1_state_proto_enumTypes[0].Descriptor()\n}\n\nfunc (FlowKind) Type() protoreflect.EnumType {\n\treturn &file_oidc_v1_state_proto_enumTypes[0]\n}\n\nfunc (x FlowKind) Number() protoreflect.EnumNumber {\n\treturn protoreflect.EnumNumber(x)\n}\n\n// Deprecated: Use FlowKind.Descriptor instead.\nfunc (FlowKind) EnumDescriptor() ([]byte, []int) {\n\treturn file_oidc_v1_state_proto_rawDescGZIP(), []int{0}\n}\n\ntype State struct {\n\tstate protoimpl.MessageState `protogen:\"open.v1\"`\n\tFlowId []byte `protobuf:\"bytes,1,opt,name=flow_id,json=flowId,proto3\" json:\"flow_id,omitempty\"`\n\tSessionTokenExchangeCodeSha512 []byte `protobuf:\"bytes,2,opt,name=session_token_exchange_code_sha512,json=sessionTokenExchangeCodeSha512,proto3\" json:\"session_token_exchange_code_sha512,omitempty\"`\n\tProviderId string `protobuf:\"bytes,3,opt,name=provider_id,json=providerId,proto3\" json:\"provider_id,omitempty\"`\n\tPkceVerifier string `protobuf:\"bytes,4,opt,name=pkce_verifier,json=pkceVerifier,proto3\" json:\"pkce_verifier,omitempty\"`\n\tFlowKind FlowKind `protobuf:\"varint,5,opt,name=flow_kind,json=flowKind,proto3,enum=oidc.v1.FlowKind\" json:\"flow_kind,omitempty\"`\n\tunknownFields protoimpl.UnknownFields\n\tsizeCache protoimpl.SizeCache\n}\n\nfunc (x *State) Reset() {\n\t*x = State{}\n\tmi := &file_oidc_v1_state_proto_msgTypes[0]\n\tms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))\n\tms.StoreMessageInfo(mi)\n}\n\nfunc (x *State) String() string {\n\treturn protoimpl.X.MessageStringOf(x)\n}\n\nfunc (*State) ProtoMessage() {}\n\nfunc (x *State) ProtoReflect() protoreflect.Message {\n\tmi := &file_oidc_v1_state_proto_msgTypes[0]\n\tif x != nil {\n\t\tms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))\n\t\tif ms.LoadMessageInfo() == nil {\n\t\t\tms.StoreMessageInfo(mi)\n\t\t}\n\t\treturn ms\n\t}\n\treturn mi.MessageOf(x)\n}\n\n// Deprecated: Use State.ProtoReflect.Descriptor instead.\nfunc (*State) Descriptor() ([]byte, []int) {\n\treturn file_oidc_v1_state_proto_rawDescGZIP(), []int{0}\n}\n\nfunc (x *State) GetFlowId() []byte {\n\tif x != nil {\n\t\treturn x.FlowId\n\t}\n\treturn nil\n}\n\nfunc (x *State) GetSessionTokenExchangeCodeSha512() []byte {\n\tif x != nil {\n\t\treturn x.SessionTokenExchangeCodeSha512\n\t}\n\treturn nil\n}\n\nfunc (x *State) GetProviderId() string {\n\tif x != nil {\n\t\treturn x.ProviderId\n\t}\n\treturn \"\"\n}\n\nfunc (x *State) GetPkceVerifier() string {\n\tif x != nil {\n\t\treturn x.PkceVerifier\n\t}\n\treturn \"\"\n}\n\nfunc (x *State) GetFlowKind() FlowKind {\n\tif x != nil {\n\t\treturn x.FlowKind\n\t}\n\treturn FlowKind_FLOW_KIND_UNSPECIFIED\n}\n\nvar File_oidc_v1_state_proto protoreflect.FileDescriptor\n\nconst file_oidc_v1_state_proto_rawDesc = \"\" +\n\t\"\\n\" +\n\t\"\\x13oidc/v1/state.proto\\x12\\aoidc.v1\\\"\\xe2\\x01\\n\" +\n\t\"\\x05State\\x12\\x17\\n\" +\n\t\"\\aflow_id\\x18\\x01 \\x01(\\fR\\x06flowId\\x12J\\n\" +\n\t\"\\\"session_token_exchange_code_sha512\\x18\\x02 \\x01(\\fR\\x1esessionTokenExchangeCodeSha512\\x12\\x1f\\n\" +\n\t\"\\vprovider_id\\x18\\x03 \\x01(\\tR\\n\" +\n\t\"providerId\\x12#\\n\" +\n\t\"\\rpkce_verifier\\x18\\x04 \\x01(\\tR\\fpkceVerifier\\x12.\\n\" +\n\t\"\\tflow_kind\\x18\\x05 \\x01(\\x0e2\\x11.oidc.v1.FlowKindR\\bflowKind*n\\n\" +\n\t\"\\bFlowKind\\x12\\x19\\n\" +\n\t\"\\x15FLOW_KIND_UNSPECIFIED\\x10\\x00\\x12\\x13\\n\" +\n\t\"\\x0fFLOW_KIND_LOGIN\\x10\\x01\\x12\\x1a\\n\" +\n\t\"\\x16FLOW_KIND_REGISTRATION\\x10\\x02\\x12\\x16\\n\" +\n\t\"\\x12FLOW_KIND_SETTINGS\\x10\\x03B|\\n\" +\n\t\"\\vcom.oidc.v1B\\n\" +\n\t\"StateProtoP\\x01Z$github.com/ory/kratos/oidc/v1;oidcv1\\xa2\\x02\\x03OXX\\xaa\\x02\\aOidc.V1\\xca\\x02\\aOidc\\\\V1\\xe2\\x02\\x13Oidc\\\\V1\\\\GPBMetadata\\xea\\x02\\bOidc::V1b\\x06proto3\"\n\nvar (\n\tfile_oidc_v1_state_proto_rawDescOnce sync.Once\n\tfile_oidc_v1_state_proto_rawDescData []byte\n)\n\nfunc file_oidc_v1_state_proto_rawDescGZIP() []byte {\n\tfile_oidc_v1_state_proto_rawDescOnce.Do(func() {\n\t\tfile_oidc_v1_state_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_oidc_v1_state_proto_rawDesc), len(file_oidc_v1_state_proto_rawDesc)))\n\t})\n\treturn file_oidc_v1_state_proto_rawDescData\n}\n\nvar file_oidc_v1_state_proto_enumTypes = make([]protoimpl.EnumInfo, 1)\nvar file_oidc_v1_state_proto_msgTypes = make([]protoimpl.MessageInfo, 1)\nvar file_oidc_v1_state_proto_goTypes = []any{\n\t(FlowKind)(0), // 0: oidc.v1.FlowKind\n\t(*State)(nil), // 1: oidc.v1.State\n}\nvar file_oidc_v1_state_proto_depIdxs = []int32{\n\t0, // 0: oidc.v1.State.flow_kind:type_name -> oidc.v1.FlowKind\n\t1, // [1:1] is the sub-list for method output_type\n\t1, // [1:1] is the sub-list for method input_type\n\t1, // [1:1] is the sub-list for extension type_name\n\t1, // [1:1] is the sub-list for extension extendee\n\t0, // [0:1] is the sub-list for field type_name\n}\n\nfunc init() { file_oidc_v1_state_proto_init() }\nfunc file_oidc_v1_state_proto_init() {\n\tif File_oidc_v1_state_proto != nil {\n\t\treturn\n\t}\n\ttype x struct{}\n\tout := protoimpl.TypeBuilder{\n\t\tFile: protoimpl.DescBuilder{\n\t\t\tGoPackagePath: reflect.TypeOf(x{}).PkgPath(),\n\t\t\tRawDescriptor: unsafe.Slice(unsafe.StringData(file_oidc_v1_state_proto_rawDesc), len(file_oidc_v1_state_proto_rawDesc)),\n\t\t\tNumEnums: 1,\n\t\t\tNumMessages: 1,\n\t\t\tNumExtensions: 0,\n\t\t\tNumServices: 0,\n\t\t},\n\t\tGoTypes: file_oidc_v1_state_proto_goTypes,\n\t\tDependencyIndexes: file_oidc_v1_state_proto_depIdxs,\n\t\tEnumInfos: file_oidc_v1_state_proto_enumTypes,\n\t\tMessageInfos: file_oidc_v1_state_proto_msgTypes,\n\t}.Build()\n\tFile_oidc_v1_state_proto = out.File\n\tfile_oidc_v1_state_proto_goTypes = nil\n\tfile_oidc_v1_state_proto_depIdxs = nil\n}\n" }, { "path": "go.mod", "content": "module github.com/ory/kratos\n\ngo 1.26\n\nreplace (\n\tgithub.com/coreos/go-oidc/v3 => github.com/ory/go-oidc/v3 v3.0.0-20250124100243-69986dfaf891\n\n\tgithub.com/go-swagger/go-swagger => github.com/aeneasr/go-swagger v0.19.1-0.20241013070044-bccef3a12e26 // See https://github.com/go-swagger/go-swagger/issues/3131\n\t// github.com/go-swagger/go-swagger => ../../go-swagger/go-swagger\n\n\tgithub.com/gorilla/sessions => github.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2\n\tgithub.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.28\n\n\t// Use the internal httpclient which can be generated in this codebase but mark it as the\n\t// official SDK, allowing for the Ory CLI to consume Ory Kratos' CLI commands.\n\tgithub.com/ory/client-go => ./pkg/client-go\n\tgithub.com/ory/x => ./oryx\n)\n\nrequire (\n\tdario.cat/mergo v1.0.2\n\tgithub.com/Masterminds/sprig/v3 v3.3.0\n\tgithub.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0\n\tgithub.com/bradleyjkemp/cupaloy/v2 v2.8.0\n\tgithub.com/bwmarrin/discordgo v0.28.1\n\tgithub.com/coreos/go-oidc/v3 v3.11.0\n\tgithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc\n\tgithub.com/dghubble/oauth1 v0.7.3\n\tgithub.com/dgraph-io/ristretto/v2 v2.2.0\n\tgithub.com/fatih/color v1.18.0\n\tgithub.com/ghodss/yaml v1.0.0\n\tgithub.com/go-crypt/crypt v0.2.25\n\tgithub.com/go-faker/faker/v4 v4.4.2\n\tgithub.com/go-openapi/strfmt v0.23.0\n\tgithub.com/go-webauthn/webauthn v0.11.2\n\tgithub.com/gobuffalo/httptest v1.5.2\n\tgithub.com/gofrs/uuid v4.4.0+incompatible\n\tgithub.com/golang-jwt/jwt/v4 v4.5.2\n\tgithub.com/golang-jwt/jwt/v5 v5.3.0\n\tgithub.com/golang/gddo v0.0.0-20190904175337-72a348e765d2\n\tgithub.com/golang/mock v1.6.0\n\tgithub.com/google/go-github/v38 v38.1.0\n\tgithub.com/google/go-jsonnet v0.21.0\n\tgithub.com/gorilla/sessions v1.3.0\n\tgithub.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69\n\tgithub.com/hashicorp/go-retryablehttp v0.7.8\n\tgithub.com/hashicorp/golang-lru/v2 v2.0.7\n\tgithub.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf\n\tgithub.com/jarcoal/httpmock v1.3.1\n\tgithub.com/jmoiron/sqlx v1.4.0\n\tgithub.com/knadh/koanf/parsers/json v0.1.0\n\tgithub.com/laher/mergefs v0.1.2-0.20230223191438-d16611b2f4e7 // indirect\n\tgithub.com/lestrrat-go/jwx/v2 v2.1.1\n\tgithub.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826\n\tgithub.com/montanaflynn/stats v0.7.1\n\tgithub.com/ory/analytics-go/v5 v5.0.1\n\tgithub.com/ory/client-go v0.0.0-00010101000000-000000000000\n\tgithub.com/ory/graceful v0.1.4-0.20230301144740-e222150c51d0\n\tgithub.com/ory/herodot v0.10.8\n\tgithub.com/ory/hydra-client-go/v2 v2.2.1\n\tgithub.com/ory/jsonschema/v3 v3.0.9-0.20250317235931-280c5fc7bf0e\n\tgithub.com/ory/mail/v3 v3.0.0\n\tgithub.com/ory/nosurf v1.2.7\n\tgithub.com/ory/pop/v6 v6.3.2-0.20251203152233-a32233875f7e\n\tgithub.com/ory/x v0.0.0-00010101000000-000000000000\n\tgithub.com/peterhellberg/link v1.2.0\n\tgithub.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5\n\tgithub.com/pkg/errors v0.9.1\n\tgithub.com/pquerna/otp v1.4.0\n\tgithub.com/rakutentech/jwk-go v1.2.0\n\tgithub.com/rs/cors v1.11.1\n\tgithub.com/samber/lo v1.46.0\n\tgithub.com/sirupsen/logrus v1.9.3\n\tgithub.com/slack-go/slack v0.13.1\n\tgithub.com/spf13/cobra v1.10.1\n\tgithub.com/spf13/pflag v1.0.10\n\tgithub.com/stretchr/testify v1.11.1\n\tgithub.com/tidwall/gjson v1.18.0\n\tgithub.com/tidwall/sjson v1.2.5\n\tgithub.com/urfave/negroni v1.0.0\n\tgithub.com/wI2L/jsondiff v0.6.0\n\tgithub.com/zmb3/spotify/v2 v2.4.2\n\tgo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0\n\tgo.opentelemetry.io/otel v1.40.0\n\tgo.opentelemetry.io/otel/sdk v1.40.0\n\tgo.opentelemetry.io/otel/trace v1.40.0\n\tgolang.org/x/crypto v0.46.0\n\tgolang.org/x/exp v0.0.0-20250813145105-42675adae3e6 // indirect\n\tgolang.org/x/net v0.48.0\n\tgolang.org/x/oauth2 v0.34.0\n\tgolang.org/x/sync v0.19.0\n\tgolang.org/x/text v0.32.0\n\tgoogle.golang.org/grpc v1.79.3\n)\n\nrequire (\n\tgithub.com/cenkalti/backoff v2.2.1+incompatible\n\tgithub.com/gorilla/pat v1.0.2\n\tgithub.com/ian-kent/go-log v0.0.0-20160113211217-5731446c36ab\n\tgithub.com/mailhog/MailHog-Server v1.0.1\n\tgithub.com/mailhog/data v1.0.1\n\tgithub.com/mailhog/storage v1.0.1\n\tgithub.com/moby/moby/api v1.54.0\n\tgithub.com/ory/dockertest/v4 v4.0.0-beta.4\n)\n\nrequire (\n\tfilippo.io/edwards25519 v1.2.0 // indirect\n\tgithub.com/XSAM/otelsql v0.39.0 // indirect\n\tgithub.com/a8m/envsubst v1.4.2 // indirect\n\tgithub.com/alecthomas/participle/v2 v2.1.1 // indirect\n\tgithub.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect\n\tgithub.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect\n\tgithub.com/bmatcuk/doublestar v1.3.4 // indirect\n\tgithub.com/cenkalti/backoff/v5 v5.0.3 // indirect\n\tgithub.com/containerd/errdefs v1.0.0 // indirect\n\tgithub.com/containerd/errdefs/pkg v0.3.0 // indirect\n\tgithub.com/cortesi/modd v0.8.1 // indirect\n\tgithub.com/cortesi/moddwatch v0.1.0 // indirect\n\tgithub.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec // indirect\n\tgithub.com/dimchansky/utfbom v1.1.1 // indirect\n\tgithub.com/elliotchance/orderedmap v1.7.1 // indirect\n\tgithub.com/go-openapi/analysis v0.23.0 // indirect\n\tgithub.com/go-openapi/inflect v0.21.0 // indirect\n\tgithub.com/go-openapi/jsonreference v0.21.0 // indirect\n\tgithub.com/go-openapi/loads v0.22.0 // indirect\n\tgithub.com/go-openapi/runtime v0.28.0 // indirect\n\tgithub.com/go-openapi/spec v0.21.0 // indirect\n\tgithub.com/go-openapi/validate v0.24.0 // indirect\n\tgithub.com/go-swagger/go-swagger v0.31.0 // indirect\n\tgithub.com/go-viper/mapstructure/v2 v2.4.0 // indirect\n\tgithub.com/gobuffalo/plush/v5 v5.0.7 // indirect\n\tgithub.com/gogo/googleapis v1.4.1 // indirect\n\tgithub.com/gorilla/context v1.1.2 // indirect\n\tgithub.com/gorilla/handlers v1.5.2 // indirect\n\tgithub.com/gorilla/mux v1.8.1 // indirect\n\tgithub.com/hashicorp/hcl v1.0.0 // indirect\n\tgithub.com/ian-kent/envconf v0.0.0-20141026121121-c19809918c02 // indirect\n\tgithub.com/ian-kent/goose v0.0.0-20141221090059-c3541ea826ad // indirect\n\tgithub.com/ian-kent/linkio v0.0.0-20170807205755-97566b872887 // indirect\n\tgithub.com/jackc/pgx/v5 v5.7.5 // indirect\n\tgithub.com/jaegertracing/jaeger-idl v0.5.0 // indirect\n\tgithub.com/jessevdk/go-flags v1.6.1 // indirect\n\tgithub.com/jinzhu/copier v0.4.0 // indirect\n\tgithub.com/kr/pretty v0.3.1 // indirect\n\tgithub.com/kr/text v0.2.0 // indirect\n\tgithub.com/mailhog/MailHog v1.0.1 // indirect\n\tgithub.com/mailhog/MailHog-UI v1.0.1 // indirect\n\tgithub.com/mailhog/http v1.0.1 // indirect\n\tgithub.com/mailhog/mhsendmail v0.2.0 // indirect\n\tgithub.com/mailhog/smtp v1.0.1 // indirect\n\tgithub.com/mikefarah/yq/v4 v4.45.1 // indirect\n\tgithub.com/moby/moby/client v0.3.0 // indirect\n\tgithub.com/moby/sys/sequential v0.6.0 // indirect\n\tgithub.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect\n\tgithub.com/ogier/pflag v0.0.1 // indirect\n\tgithub.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c // indirect\n\tgithub.com/rjeczalik/notify v0.9.3 // indirect\n\tgithub.com/sagikazarmark/locafero v0.4.0 // indirect\n\tgithub.com/sagikazarmark/slog-shim v0.1.0 // indirect\n\tgithub.com/smartystreets/goconvey v1.8.1 // indirect\n\tgithub.com/sourcegraph/conc v0.3.0 // indirect\n\tgithub.com/spf13/afero v1.11.0 // indirect\n\tgithub.com/spf13/viper v1.18.2 // indirect\n\tgithub.com/ssoready/hyrumtoken v1.0.0 // indirect\n\tgithub.com/subosito/gotenv v1.6.0 // indirect\n\tgithub.com/t-k/fluent-logger-golang v1.0.0 // indirect\n\tgithub.com/tinylib/msgp v1.2.5 // indirect\n\tgithub.com/toqueteos/webbrowser v1.2.0 // indirect\n\tgithub.com/yuin/gopher-lua v1.1.1 // indirect\n\tgo.opentelemetry.io/auto/sdk v1.2.1 // indirect\n\tgo.uber.org/multierr v1.11.0 // indirect\n\tgo.yaml.in/yaml/v2 v2.4.2 // indirect\n\tgolang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect\n\tgolang.org/x/term v0.38.0 // indirect\n\tgolang.org/x/tools v0.39.0 // indirect\n\tgopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect\n\tgopkg.in/ini.v1 v1.67.0 // indirect\n\tgopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect\n\tgopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect\n\tmvdan.cc/sh/v3 v3.6.0 // indirect\n)\n\nrequire (\n\tcode.dny.dev/ssrf v0.2.0 // indirect\n\tgithub.com/Masterminds/goutils v1.1.1 // indirect\n\tgithub.com/Masterminds/semver/v3 v3.4.0 // indirect\n\tgithub.com/Microsoft/go-winio v0.6.2 // indirect\n\tgithub.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect\n\tgithub.com/avast/retry-go/v4 v4.6.1 // indirect\n\tgithub.com/aymerick/douceur v0.2.0 // indirect\n\tgithub.com/beorn7/perks v1.0.1 // indirect\n\tgithub.com/boombuler/barcode v1.0.1 // indirect\n\tgithub.com/cespare/xxhash/v2 v2.3.0 // indirect\n\tgithub.com/cockroachdb/cockroach-go/v2 v2.4.1\n\tgithub.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect\n\tgithub.com/distribution/reference v0.6.0 // indirect\n\tgithub.com/docker/docker v28.3.3+incompatible // indirect\n\tgithub.com/docker/go-connections v0.6.0 // indirect\n\tgithub.com/docker/go-units v0.5.0 // indirect\n\tgithub.com/dustin/go-humanize v1.0.1 // indirect\n\tgithub.com/evanphx/json-patch/v5 v5.9.11 // indirect\n\tgithub.com/fatih/structs v1.1.0 // indirect\n\tgithub.com/felixge/fgprof v0.9.5 // indirect\n\tgithub.com/felixge/httpsnoop v1.0.4 // indirect\n\tgithub.com/fsnotify/fsnotify v1.9.0 // indirect\n\tgithub.com/fxamacker/cbor/v2 v2.7.0 // indirect\n\tgithub.com/go-crypt/x v0.2.18 // indirect\n\tgithub.com/go-jose/go-jose/v3 v3.0.4 // indirect\n\tgithub.com/go-jose/go-jose/v4 v4.1.3 // indirect\n\tgithub.com/go-logr/logr v1.4.3 // indirect\n\tgithub.com/go-logr/stdr v1.2.2 // indirect\n\tgithub.com/go-openapi/errors v0.22.2 // indirect\n\tgithub.com/go-openapi/jsonpointer v0.21.2 // indirect\n\tgithub.com/go-openapi/swag v0.23.1 // indirect\n\tgithub.com/go-sql-driver/mysql v1.9.3 // indirect\n\tgithub.com/go-webauthn/x v0.1.14 // indirect\n\tgithub.com/gobuffalo/envy v1.10.2 // indirect\n\tgithub.com/gobuffalo/fizz v1.14.4 // indirect\n\tgithub.com/gobuffalo/flect v1.0.3 // indirect\n\tgithub.com/gobuffalo/github_flavored_markdown v1.1.4 // indirect\n\tgithub.com/gobuffalo/helpers v0.6.10 // indirect\n\tgithub.com/gobuffalo/nulls v0.4.2 // indirect\n\tgithub.com/gobuffalo/plush/v4 v4.1.22 // indirect\n\tgithub.com/gobuffalo/tags/v3 v3.1.4 // indirect\n\tgithub.com/gobuffalo/validate/v3 v3.3.3 // indirect\n\tgithub.com/gobwas/glob v0.2.3 // indirect\n\tgithub.com/goccy/go-json v0.10.5 // indirect\n\tgithub.com/goccy/go-yaml v1.18.0 // indirect\n\tgithub.com/gofrs/flock v0.12.1 // indirect\n\tgithub.com/gogo/protobuf v1.3.2 // indirect\n\tgithub.com/google/go-querystring v1.0.0 // indirect\n\tgithub.com/google/go-tpm v0.9.1 // indirect\n\tgithub.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 // indirect\n\tgithub.com/google/uuid v1.6.0 // indirect\n\tgithub.com/gorilla/css v1.0.1 // indirect\n\tgithub.com/gorilla/securecookie v1.1.1 // indirect\n\tgithub.com/gorilla/websocket v1.5.3 // indirect\n\tgithub.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect\n\tgithub.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect\n\tgithub.com/hashicorp/go-cleanhttp v0.5.2 // indirect\n\tgithub.com/huandu/xstrings v1.5.0 // indirect\n\tgithub.com/inconshreveable/mousetrap v1.1.0 // indirect\n\tgithub.com/jackc/chunkreader/v2 v2.0.1 // indirect\n\tgithub.com/jackc/pgconn v1.14.3 // indirect\n\tgithub.com/jackc/pgio v1.0.0 // indirect\n\tgithub.com/jackc/pgpassfile v1.0.0 // indirect\n\tgithub.com/jackc/pgproto3/v2 v2.3.3 // indirect\n\tgithub.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect\n\tgithub.com/jackc/puddle/v2 v2.2.2 // indirect\n\tgithub.com/joho/godotenv v1.5.1 // indirect\n\tgithub.com/josharian/intern v1.0.0 // indirect\n\tgithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect\n\tgithub.com/knadh/koanf/maps v0.1.2 // indirect\n\tgithub.com/knadh/koanf/parsers/toml v0.1.0 // indirect\n\tgithub.com/knadh/koanf/parsers/yaml v0.1.0 // indirect\n\tgithub.com/knadh/koanf/providers/posflag v0.1.0 // indirect\n\tgithub.com/knadh/koanf/v2 v2.2.2 // indirect\n\tgithub.com/lestrrat-go/backoff/v2 v2.0.8 // indirect\n\tgithub.com/lestrrat-go/blackmagic v1.0.4 // indirect\n\tgithub.com/lestrrat-go/httpcc v1.0.1 // indirect\n\tgithub.com/lestrrat-go/httprc v1.0.6 // indirect\n\tgithub.com/lestrrat-go/iter v1.0.2 // indirect\n\tgithub.com/lestrrat-go/jwx v1.2.31\n\tgithub.com/lestrrat-go/option v1.0.1 // indirect\n\tgithub.com/lib/pq v1.10.9 // indirect\n\tgithub.com/magiconair/properties v1.8.9 // indirect\n\tgithub.com/mailru/easyjson v0.9.0 // indirect\n\tgithub.com/mattn/go-colorable v0.1.14 // indirect\n\tgithub.com/mattn/go-isatty v0.0.20 // indirect\n\tgithub.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect\n\tgithub.com/microcosm-cc/bluemonday v1.0.27 // indirect\n\tgithub.com/mitchellh/copystructure v1.2.0 // indirect\n\tgithub.com/mitchellh/mapstructure v1.5.0 // indirect\n\tgithub.com/mitchellh/reflectwalk v1.0.2 // indirect\n\tgithub.com/moby/docker-image-spec v1.3.1 // indirect\n\tgithub.com/nyaruka/phonenumbers v1.6.5\n\tgithub.com/oklog/ulid v1.3.1 // indirect\n\tgithub.com/opencontainers/go-digest v1.0.0 // indirect\n\tgithub.com/opencontainers/image-spec v1.1.1 // indirect\n\tgithub.com/openzipkin/zipkin-go v0.4.3 // indirect\n\tgithub.com/pelletier/go-toml v1.9.5 // indirect\n\tgithub.com/pelletier/go-toml/v2 v2.2.3 // indirect\n\tgithub.com/pkg/profile v1.7.0 // indirect\n\tgithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect\n\tgithub.com/prometheus/client_golang v1.23.0\n\tgithub.com/prometheus/client_model v0.6.2 // indirect\n\tgithub.com/prometheus/common v0.65.0 // indirect\n\tgithub.com/prometheus/procfs v0.17.0 // indirect\n\tgithub.com/rogpeppe/go-internal v1.14.1 // indirect\n\tgithub.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect\n\tgithub.com/segmentio/asm v1.2.0 // indirect\n\tgithub.com/segmentio/backo-go v1.1.0 // indirect\n\tgithub.com/sergi/go-diff v1.4.0 // indirect\n\tgithub.com/shopspring/decimal v1.4.0 // indirect\n\tgithub.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect\n\tgithub.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect\n\tgithub.com/spf13/cast v1.9.2 // indirect\n\tgithub.com/tidwall/match v1.1.1 // indirect\n\tgithub.com/tidwall/pretty v1.2.1 // indirect\n\tgithub.com/x448/float16 v0.8.4 // indirect\n\tgithub.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect\n\tgo.mongodb.org/mongo-driver v1.17.4 // indirect\n\tgo.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0 // indirect\n\tgo.opentelemetry.io/contrib/propagators/b3 v1.37.0 // indirect\n\tgo.opentelemetry.io/contrib/propagators/jaeger v1.37.0 // indirect\n\tgo.opentelemetry.io/contrib/samplers/jaegerremote v0.31.0 // indirect\n\tgo.opentelemetry.io/otel/exporters/jaeger v1.17.0 // indirect\n\tgo.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect; / indirect\n\tgo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 // indirect; / indirect\n\tgo.opentelemetry.io/otel/exporters/zipkin v1.37.0 // indirect; / indirect\n\tgo.opentelemetry.io/otel/metric v1.40.0 // indirect\n\tgo.opentelemetry.io/proto/otlp v1.7.1 // indirect\n\tgolang.org/x/mod v0.30.0 // indirect\n\tgolang.org/x/sys v0.40.0 // indirect\n\tgoogle.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect\n\tgoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect\n\tgoogle.golang.org/protobuf v1.36.10\n\tgopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect\n\tgopkg.in/yaml.v2 v2.4.0 // indirect\n\tgopkg.in/yaml.v3 v3.0.1 // indirect\n\tsigs.k8s.io/yaml v1.6.0 // indirect\n)\n\ntool (\n\tgithub.com/cortesi/modd/cmd/modd\n\tgithub.com/go-swagger/go-swagger/cmd/swagger\n\tgithub.com/mailhog/MailHog\n\tgithub.com/mikefarah/yq/v4\n\tgolang.org/x/tools/cmd/goimports\n)\n" }, { "path": "go.sum", "content": "cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=\ncloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=\ncloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=\ncloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=\ncloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=\ncloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=\ncloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=\ncloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=\ncloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=\ncloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=\ncloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=\ncloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=\ncloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=\ncloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=\ncloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=\ncloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=\ncloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=\ncloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=\ncloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=\ncloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=\ncloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=\ncloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=\ncloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=\ncloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=\ncloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=\ncloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=\ncloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=\ncloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=\ncloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=\ncloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=\ncloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=\ncloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=\ncode.dny.dev/ssrf v0.2.0 h1:wCBP990rQQ1CYfRpW+YK1+8xhwUjv189AQ3WMo1jQaI=\ncode.dny.dev/ssrf v0.2.0/go.mod h1:B+91l25OnyaLIeCx0WRJN5qfJ/4/ZTZxRXgm0lj/2w8=\ndario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=\ndario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=\ndmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=\nfilippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=\nfilippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=\nfilippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=\ngithub.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=\ngithub.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=\ngithub.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=\ngithub.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=\ngithub.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=\ngithub.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=\ngithub.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=\ngithub.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=\ngithub.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=\ngithub.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=\ngithub.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=\ngithub.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=\ngithub.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=\ngithub.com/XSAM/otelsql v0.39.0 h1:4o374mEIMweaeevL7fd8Q3C710Xi2Jh/c8G4Qy9bvCY=\ngithub.com/XSAM/otelsql v0.39.0/go.mod h1:uMOXLUX+wkuAuP0AR3B45NXX7E9lJS2mERa8gqdU8R0=\ngithub.com/a8m/envsubst v1.4.2 h1:4yWIHXOLEJHQEFd4UjrWDrYeYlV7ncFWJOCBRLOZHQg=\ngithub.com/a8m/envsubst v1.4.2/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY=\ngithub.com/aeneasr/go-swagger v0.19.1-0.20241013070044-bccef3a12e26 h1:rwCKVbnpzxQ0F/AhO9FkXnrKqRmqej4epjhe1CpNkB0=\ngithub.com/aeneasr/go-swagger v0.19.1-0.20241013070044-bccef3a12e26/go.mod h1:WSigRRWEig8zV6t6Sm8Y+EmUjlzA/HoaZJ5edupq7po=\ngithub.com/alecthomas/assert/v2 v2.3.0 h1:mAsH2wmvjsuvyBvAmCtm7zFsBlb8mIHx5ySLVdDZXL0=\ngithub.com/alecthomas/assert/v2 v2.3.0/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=\ngithub.com/alecthomas/participle/v2 v2.1.1 h1:hrjKESvSqGHzRb4yW1ciisFJ4p3MGYih6icjJvbsmV8=\ngithub.com/alecthomas/participle/v2 v2.1.1/go.mod h1:Y1+hAs8DHPmc3YUFzqllV+eSQ9ljPTk0ZkPMtEdAx2c=\ngithub.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=\ngithub.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=\ngithub.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=\ngithub.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=\ngithub.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=\ngithub.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=\ngithub.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=\ngithub.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=\ngithub.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=\ngithub.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=\ngithub.com/avast/retry-go/v4 v4.6.1 h1:VkOLRubHdisGrHnTu89g08aQEWEgRU7LVEop3GbIcMk=\ngithub.com/avast/retry-go/v4 v4.6.1/go.mod h1:V6oF8njAwxJ5gRo1Q7Cxab24xs5NCWZBeaHHBklR8mA=\ngithub.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=\ngithub.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=\ngithub.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=\ngithub.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=\ngithub.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=\ngithub.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=\ngithub.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=\ngithub.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=\ngithub.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=\ngithub.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=\ngithub.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=\ngithub.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=\ngithub.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=\ngithub.com/bwmarrin/discordgo v0.28.1 h1:gXsuo2GBO7NbR6uqmrrBDplPUx2T3nzu775q/Rd1aG4=\ngithub.com/bwmarrin/discordgo v0.28.1/go.mod h1:NJZpH+1AfhIcyQsPeuBKsUtYrRnjkyu0kIVMCHkZtRY=\ngithub.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=\ngithub.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=\ngithub.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=\ngithub.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=\ngithub.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=\ngithub.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=\ngithub.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=\ngithub.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=\ngithub.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=\ngithub.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=\ngithub.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=\ngithub.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=\ngithub.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=\ngithub.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=\ngithub.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=\ngithub.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=\ngithub.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=\ngithub.com/cockroachdb/cockroach-go/v2 v2.4.1 h1:ACVT/zXsuK6waRPVYtDQpsM8pPA7IA/3fkgA02RR/Gw=\ngithub.com/cockroachdb/cockroach-go/v2 v2.4.1/go.mod h1:9U179XbCx4qFWtNhc7BiWLPfuyMVQ7qdAhfrwLz1vH0=\ngithub.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=\ngithub.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=\ngithub.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=\ngithub.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=\ngithub.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=\ngithub.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=\ngithub.com/cortesi/modd v0.8.1 h1:0s8e10CJ6pxc6NQHYFrmUZOLP0X6v63ry+3na6Gq2Ow=\ngithub.com/cortesi/modd v0.8.1/go.mod h1:GDJFkhHnnW+SD1C+wHBlKe5Yh2IqiOb6Lu5t2/fjnS4=\ngithub.com/cortesi/moddwatch v0.1.0 h1:+TSMuplhKlKEPKsdUXNHd67aCqew+et15dJvRCxMd1M=\ngithub.com/cortesi/moddwatch v0.1.0/go.mod h1:PFkhcmmwsRMQ76IMjKbaIIMcGQt7BSMtFOp+pA0B2eo=\ngithub.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec h1:v7D8uHsIKsyjfyhhNdY4qivqN558Ejiq+CDXiUljZ+4=\ngithub.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec/go.mod h1:10Fm2kasJmcKf1FSMQGSWb976sfR29hejNtfS9AydB4=\ngithub.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=\ngithub.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=\ngithub.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=\ngithub.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=\ngithub.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=\ngithub.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=\ngithub.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=\ngithub.com/dghubble/oauth1 v0.7.3 h1:EkEM/zMDMp3zOsX2DC/ZQ2vnEX3ELK0/l9kb+vs4ptE=\ngithub.com/dghubble/oauth1 v0.7.3/go.mod h1:oxTe+az9NSMIucDPDCCtzJGsPhciJV33xocHfcR2sVY=\ngithub.com/dgraph-io/ristretto/v2 v2.2.0 h1:bkY3XzJcXoMuELV8F+vS8kzNgicwQFAaGINAEJdWGOM=\ngithub.com/dgraph-io/ristretto/v2 v2.2.0/go.mod h1:RZrm63UmcBAaYWC1DotLYBmTvgkrs0+XhBd7Npn7/zI=\ngithub.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da h1:aIftn67I1fkbMa512G+w+Pxci9hJPB8oMnkcP3iZF38=\ngithub.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=\ngithub.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=\ngithub.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=\ngithub.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=\ngithub.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=\ngithub.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=\ngithub.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=\ngithub.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=\ngithub.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=\ngithub.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=\ngithub.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=\ngithub.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=\ngithub.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=\ngithub.com/elliotchance/orderedmap v1.7.1 h1:8SR2DB391dw0HVI9572ElrY+KU0Q89OCXYwWZx7aAZc=\ngithub.com/elliotchance/orderedmap v1.7.1/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys=\ngithub.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=\ngithub.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=\ngithub.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=\ngithub.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=\ngithub.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=\ngithub.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=\ngithub.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=\ngithub.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=\ngithub.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=\ngithub.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=\ngithub.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=\ngithub.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=\ngithub.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=\ngithub.com/felixge/fgprof v0.9.5 h1:8+vR6yu2vvSKn08urWyEuxx75NWPEvybbkBirEpsbVY=\ngithub.com/felixge/fgprof v0.9.5/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZPpayhMM=\ngithub.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=\ngithub.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=\ngithub.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=\ngithub.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=\ngithub.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=\ngithub.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=\ngithub.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=\ngithub.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=\ngithub.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=\ngithub.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=\ngithub.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=\ngithub.com/go-crypt/crypt v0.2.25 h1:uW/3n4/9zYSOOgY0Md9dMxGSqrjaMyLo1/IFrm2L5yw=\ngithub.com/go-crypt/crypt v0.2.25/go.mod h1:ny8BOunn+/kr99iq2LYSKA0MAsxNaxZUmKKL42vV1io=\ngithub.com/go-crypt/x v0.2.18 h1:KdUGj4D/PdzcIkOQhK36QHzH2YD5GWrsVQ7JgO73Q8Y=\ngithub.com/go-crypt/x v0.2.18/go.mod h1:z48dMLdgMGPPjrzni9ETtg2foPez3EytjCL43Ak4QZ8=\ngithub.com/go-faker/faker/v4 v4.4.2 h1:96WeU9QKEqRUVYdjHquY2/5bAqmVM0IfGKHV5mbfqmQ=\ngithub.com/go-faker/faker/v4 v4.4.2/go.mod h1:4K3v4AbKXYNHMQNaREMc9/kRB9j5JJzpFo6KHRvrcIw=\ngithub.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=\ngithub.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=\ngithub.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=\ngithub.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY=\ngithub.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=\ngithub.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=\ngithub.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=\ngithub.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=\ngithub.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=\ngithub.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=\ngithub.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=\ngithub.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=\ngithub.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=\ngithub.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=\ngithub.com/go-openapi/errors v0.22.2 h1:rdxhzcBUazEcGccKqbY1Y7NS8FDcMyIRr0934jrYnZg=\ngithub.com/go-openapi/errors v0.22.2/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0=\ngithub.com/go-openapi/inflect v0.21.0 h1:FoBjBTQEcbg2cJUWX6uwL9OyIW8eqc9k4KhN4lfbeYk=\ngithub.com/go-openapi/inflect v0.21.0/go.mod h1:INezMuUu7SJQc2AyR3WO0DqqYUJSj8Kb4hBd7WtjlAw=\ngithub.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA=\ngithub.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=\ngithub.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=\ngithub.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=\ngithub.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=\ngithub.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=\ngithub.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=\ngithub.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc=\ngithub.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=\ngithub.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=\ngithub.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=\ngithub.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4=\ngithub.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=\ngithub.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=\ngithub.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=\ngithub.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=\ngithub.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=\ngithub.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=\ngithub.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=\ngithub.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=\ngithub.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=\ngithub.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=\ngithub.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=\ngithub.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho=\ngithub.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=\ngithub.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=\ngithub.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=\ngithub.com/go-webauthn/webauthn v0.11.2 h1:Fgx0/wlmkClTKlnOsdOQ+K5HcHDsDcYIvtYmfhEOSUc=\ngithub.com/go-webauthn/webauthn v0.11.2/go.mod h1:aOtudaF94pM71g3jRwTYYwQTG1KyTILTcZqN1srkmD0=\ngithub.com/go-webauthn/x v0.1.14 h1:1wrB8jzXAofojJPAaRxnZhRgagvLGnLjhCAwg3kTpT0=\ngithub.com/go-webauthn/x v0.1.14/go.mod h1:UuVvFZ8/NbOnkDz3y1NaxtUN87pmtpC1PQ+/5BBQRdc=\ngithub.com/gobuffalo/envy v1.10.2 h1:EIi03p9c3yeuRCFPOKcSfajzkLb3hrRjEpHGI8I2Wo4=\ngithub.com/gobuffalo/envy v1.10.2/go.mod h1:qGAGwdvDsaEtPhfBzb3o0SfDea8ByGn9j8bKmVft9z8=\ngithub.com/gobuffalo/fizz v1.14.4 h1:8uume7joF6niTNWN582IQ2jhGTUoa9g1fiV/tIoGdBs=\ngithub.com/gobuffalo/fizz v1.14.4/go.mod h1:9/2fGNXNeIFOXEEgTPJwiK63e44RjG+Nc4hfMm1ArGM=\ngithub.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE=\ngithub.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4=\ngithub.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs=\ngithub.com/gobuffalo/github_flavored_markdown v1.1.3/go.mod h1:IzgO5xS6hqkDmUh91BW/+Qxo/qYnvfzoz3A7uLkg77I=\ngithub.com/gobuffalo/github_flavored_markdown v1.1.4 h1:WacrEGPXUDX+BpU1GM/Y0ADgMzESKNWls9hOTG1MHVs=\ngithub.com/gobuffalo/github_flavored_markdown v1.1.4/go.mod h1:Vl9686qrVVQou4GrHRK/KOG3jCZOKLUqV8MMOAYtlso=\ngithub.com/gobuffalo/helpers v0.6.7/go.mod h1:j0u1iC1VqlCaJEEVkZN8Ia3TEzfj/zoXANqyJExTMTA=\ngithub.com/gobuffalo/helpers v0.6.10 h1:puKDCOrJ0EIq5ScnTRgKyvEZ05xQa+gwRGCpgoh6Ek8=\ngithub.com/gobuffalo/helpers v0.6.10/go.mod h1:r52L6VSnByLJFOmURp1irvzgSakk7RodChi1YbGwk8I=\ngithub.com/gobuffalo/httptest v1.5.2 h1:GpGy520SfY1QEmyPvaqmznTpG4gEQqQ82HtHqyNEreM=\ngithub.com/gobuffalo/httptest v1.5.2/go.mod h1:FA23yjsWLGj92mVV74Qtc8eqluc11VqcWr8/C1vxt4g=\ngithub.com/gobuffalo/nulls v0.4.2 h1:GAqBR29R3oPY+WCC7JL9KKk9erchaNuV6unsOSZGQkw=\ngithub.com/gobuffalo/nulls v0.4.2/go.mod h1:EElw2zmBYafU2R9W4Ii1ByIj177wA/pc0JdjtD0EsH8=\ngithub.com/gobuffalo/plush/v4 v4.1.16/go.mod h1:6t7swVsarJ8qSLw1qyAH/KbrcSTwdun2ASEQkOznakg=\ngithub.com/gobuffalo/plush/v4 v4.1.22 h1:bPQr5PsiTg54UGMsfvnIAvFmUfxzD/ri+wbpu7PlmTM=\ngithub.com/gobuffalo/plush/v4 v4.1.22/go.mod h1:WiKHJx3qBvfaDVlrv8zT7NCd3dEMaVR/fVxW4wqV17M=\ngithub.com/gobuffalo/plush/v5 v5.0.7 h1:nI8sIt5tZAN2tCZHeaXkH7HAvxvvk3sJHG2TtrKeSHM=\ngithub.com/gobuffalo/plush/v5 v5.0.7/go.mod h1:C08u/VEqzzPBXFF/yqs40P/5Cvc/zlZsMzhCxXyWJmU=\ngithub.com/gobuffalo/tags/v3 v3.1.4 h1:X/ydLLPhgXV4h04Hp2xlbI2oc5MDaa7eub6zw8oHjsM=\ngithub.com/gobuffalo/tags/v3 v3.1.4/go.mod h1:ArRNo3ErlHO8BtdA0REaZxijuWnWzF6PUXngmMXd2I0=\ngithub.com/gobuffalo/validate/v3 v3.3.3 h1:o7wkIGSvZBYBd6ChQoLxkz2y1pfmhbI4jNJYh6PuNJ4=\ngithub.com/gobuffalo/validate/v3 v3.3.3/go.mod h1:YC7FsbJ/9hW/VjQdmXPvFqvRis4vrRYFxr69WiNZw6g=\ngithub.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=\ngithub.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=\ngithub.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=\ngithub.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=\ngithub.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=\ngithub.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=\ngithub.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=\ngithub.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=\ngithub.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=\ngithub.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=\ngithub.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=\ngithub.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=\ngithub.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=\ngithub.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=\ngithub.com/gogo/googleapis v1.4.1 h1:1Yx4Myt7BxzvUr5ldGSbwYiZG6t9wGBZ+8/fX3Wvtq0=\ngithub.com/gogo/googleapis v1.4.1/go.mod h1:2lpHqI5OcWCtVElxXnPt+s8oJvMpySlOyM6xDCrzib4=\ngithub.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=\ngithub.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=\ngithub.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=\ngithub.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=\ngithub.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=\ngithub.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=\ngithub.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 h1:xisWqjiKEff2B0KfFYGpCqc3M3zdTz+OHQHRc09FeYk=\ngithub.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=\ngithub.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=\ngithub.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=\ngithub.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=\ngithub.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=\ngithub.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=\ngithub.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=\ngithub.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=\ngithub.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=\ngithub.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=\ngithub.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=\ngithub.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=\ngithub.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=\ngithub.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=\ngithub.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=\ngithub.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=\ngithub.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=\ngithub.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=\ngithub.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=\ngithub.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=\ngithub.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=\ngithub.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=\ngithub.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=\ngithub.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=\ngithub.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=\ngithub.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=\ngithub.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=\ngithub.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=\ngithub.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=\ngithub.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=\ngithub.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=\ngithub.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=\ngithub.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=\ngithub.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=\ngithub.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=\ngithub.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=\ngithub.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=\ngithub.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=\ngithub.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=\ngithub.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=\ngithub.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po=\ngithub.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4=\ngithub.com/google/go-jsonnet v0.21.0 h1:43Bk3K4zMRP/aAZm9Po2uSEjY6ALCkYUVIcz9HLGMvA=\ngithub.com/google/go-jsonnet v0.21.0/go.mod h1:tCGAu8cpUpEZcdGMmdOu37nh8bGgqubhI5v2iSk3KJQ=\ngithub.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=\ngithub.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=\ngithub.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM=\ngithub.com/google/go-tpm v0.9.1/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=\ngithub.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=\ngithub.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=\ngithub.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=\ngithub.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=\ngithub.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=\ngithub.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=\ngithub.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 h1:xhMrHhTJ6zxu3gA4enFM9MLn9AY7613teCdFnlUVbSQ=\ngithub.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=\ngithub.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=\ngithub.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4=\ngithub.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=\ngithub.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=\ngithub.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=\ngithub.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=\ngithub.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=\ngithub.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=\ngithub.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=\ngithub.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=\ngithub.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=\ngithub.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=\ngithub.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=\ngithub.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=\ngithub.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=\ngithub.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=\ngithub.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=\ngithub.com/gorilla/pat v1.0.2 h1:TDh/RulbnPxMQACcwbgMF5Bf00jaGoeYBNu+XUFuwtE=\ngithub.com/gorilla/pat v1.0.2/go.mod h1:ioQ7dFQ2KXmOmWLJs6vZAfRikcm2D2JyuLrL9b5wVCg=\ngithub.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=\ngithub.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=\ngithub.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=\ngithub.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=\ngithub.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=\ngithub.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=\ngithub.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=\ngithub.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 h1:X5VWvz21y3gzm9Nw/kaUeku/1+uBhcekkmy4IkffJww=\ngithub.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1/go.mod h1:Zanoh4+gvIgluNqcfMVTJueD4wSS5hT7zTt4Mrutd90=\ngithub.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2NrdcttQPa7JLEaGzvdbk7KvfrjgHZXOQRo0=\ngithub.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo=\ngithub.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=\ngithub.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=\ngithub.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=\ngithub.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=\ngithub.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=\ngithub.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=\ngithub.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=\ngithub.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=\ngithub.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=\ngithub.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=\ngithub.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=\ngithub.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=\ngithub.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=\ngithub.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=\ngithub.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=\ngithub.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=\ngithub.com/ian-kent/envconf v0.0.0-20141026121121-c19809918c02 h1:dU8zq210pt1b71X8xh9GOxC7uBHNtQ9BYC+Lb6SA/mA=\ngithub.com/ian-kent/envconf v0.0.0-20141026121121-c19809918c02/go.mod h1:1m5fo3aKG2moYtGHC4I2nFkXmG97+vCeaEIWC+mXTSI=\ngithub.com/ian-kent/go-log v0.0.0-20160113211217-5731446c36ab h1:OgrFrYWlVzY7Tc8rq7Y4ErlKo28igc70gbfJGTVWTJk=\ngithub.com/ian-kent/go-log v0.0.0-20160113211217-5731446c36ab/go.mod h1:6HitiSDIbT2r0dab4CoKoMAtR7tb0ORQ3OmjkjCZ+zk=\ngithub.com/ian-kent/goose v0.0.0-20141221090059-c3541ea826ad h1:5UZIY1lPvsBrRQRgyt00lJ1J6HH6CwWAVQB6azyAA1c=\ngithub.com/ian-kent/goose v0.0.0-20141221090059-c3541ea826ad/go.mod h1:VHyJj0/IJFmpYvVqWFIN2HgjCatXujj7XaLLyOMC23M=\ngithub.com/ian-kent/linkio v0.0.0-20170807205755-97566b872887 h1:LPaZmcRJS13h+igi07S26uKy0qxCa76u1+pArD+JGrY=\ngithub.com/ian-kent/linkio v0.0.0-20170807205755-97566b872887/go.mod h1:aE63iKqF9rMrshaEiYZroUYFZLaYoTuA7pBMsg3lJoY=\ngithub.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=\ngithub.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=\ngithub.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=\ngithub.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=\ngithub.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=\ngithub.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf h1:FtEj8sfIcaaBfAKrE1Cwb61YDtYq9JxChK1c7AKce7s=\ngithub.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf/go.mod h1:yrqSXGoD/4EKfF26AOGzscPOgTTJcyAwM2rpixWT+t4=\ngithub.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=\ngithub.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=\ngithub.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=\ngithub.com/jackc/pgconn v1.14.3 h1:bVoTr12EGANZz66nZPkMInAV/KHD2TxH9npjXXgiB3w=\ngithub.com/jackc/pgconn v1.14.3/go.mod h1:RZbme4uasqzybK2RK5c65VsHxoyaml09lx3tXOcO/VM=\ngithub.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=\ngithub.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=\ngithub.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc=\ngithub.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=\ngithub.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=\ngithub.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=\ngithub.com/jackc/pgproto3/v2 v2.3.3 h1:1HLSx5H+tXR9pW3in3zaztoEwQYRC9SQaYUHjTSUOag=\ngithub.com/jackc/pgproto3/v2 v2.3.3/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=\ngithub.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=\ngithub.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=\ngithub.com/jackc/pgx/v5 v5.7.5 h1:JHGfMnQY+IEtGM63d+NGMjoRpysB2JBwDr5fsngwmJs=\ngithub.com/jackc/pgx/v5 v5.7.5/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=\ngithub.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=\ngithub.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=\ngithub.com/jaegertracing/jaeger-idl v0.5.0 h1:zFXR5NL3Utu7MhPg8ZorxtCBjHrL3ReM1VoB65FOFGE=\ngithub.com/jaegertracing/jaeger-idl v0.5.0/go.mod h1:ON90zFo9eoyXrt9F/KN8YeF3zxcnujaisMweFY/rg5k=\ngithub.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww=\ngithub.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=\ngithub.com/jessevdk/go-flags v1.6.1 h1:Cvu5U8UGrLay1rZfv/zP7iLpSHGUZ/Ou68T0iX1bBK4=\ngithub.com/jessevdk/go-flags v1.6.1/go.mod h1:Mk8T1hIAWpOiJiHa9rJASDK2UGWji0EuPGBnNLMooyc=\ngithub.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=\ngithub.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=\ngithub.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=\ngithub.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=\ngithub.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=\ngithub.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=\ngithub.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=\ngithub.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=\ngithub.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=\ngithub.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=\ngithub.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=\ngithub.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=\ngithub.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=\ngithub.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=\ngithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=\ngithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=\ngithub.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=\ngithub.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=\ngithub.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=\ngithub.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=\ngithub.com/knadh/koanf/maps v0.1.2 h1:RBfmAW5CnZT+PJ1CVc1QSJKf4Xu9kxfQgYVQSu8hpbo=\ngithub.com/knadh/koanf/maps v0.1.2/go.mod h1:npD/QZY3V6ghQDdcQzl1W4ICNVTkohC8E73eI2xW4yI=\ngithub.com/knadh/koanf/parsers/json v0.1.0 h1:dzSZl5pf5bBcW0Acnu20Djleto19T0CfHcvZ14NJ6fU=\ngithub.com/knadh/koanf/parsers/json v0.1.0/go.mod h1:ll2/MlXcZ2BfXD6YJcjVFzhG9P0TdJ207aIBKQhV2hY=\ngithub.com/knadh/koanf/parsers/toml v0.1.0 h1:S2hLqS4TgWZYj4/7mI5m1CQQcWurxUz6ODgOub/6LCI=\ngithub.com/knadh/koanf/parsers/toml v0.1.0/go.mod h1:yUprhq6eo3GbyVXFFMdbfZSo928ksS+uo0FFqNMnO18=\ngithub.com/knadh/koanf/parsers/yaml v0.1.0 h1:ZZ8/iGfRLvKSaMEECEBPM1HQslrZADk8fP1XFUxVI5w=\ngithub.com/knadh/koanf/parsers/yaml v0.1.0/go.mod h1:cvbUDC7AL23pImuQP0oRw/hPuccrNBS2bps8asS0CwY=\ngithub.com/knadh/koanf/providers/posflag v0.1.0 h1:mKJlLrKPcAP7Ootf4pBZWJ6J+4wHYujwipe7Ie3qW6U=\ngithub.com/knadh/koanf/providers/posflag v0.1.0/go.mod h1:SYg03v/t8ISBNrMBRMlojH8OsKowbkXV7giIbBVgbz0=\ngithub.com/knadh/koanf/providers/rawbytes v0.1.0 h1:dpzgu2KO6uf6oCb4aP05KDmKmAmI51k5pe8RYKQ0qME=\ngithub.com/knadh/koanf/providers/rawbytes v0.1.0/go.mod h1:mMTB1/IcJ/yE++A2iEZbY1MLygX7vttU+C+S/YmPu9c=\ngithub.com/knadh/koanf/v2 v2.2.2 h1:ghbduIkpFui3L587wavneC9e3WIliCgiCgdxYO/wd7A=\ngithub.com/knadh/koanf/v2 v2.2.2/go.mod h1:abWQc0cBXLSF/PSOMCB/SK+T13NXDsPvOksbpi5e/9Q=\ngithub.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=\ngithub.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=\ngithub.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=\ngithub.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=\ngithub.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=\ngithub.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=\ngithub.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=\ngithub.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=\ngithub.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=\ngithub.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=\ngithub.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=\ngithub.com/laher/mergefs v0.1.2-0.20230223191438-d16611b2f4e7 h1:PDeBswTUsSIT4QSrzLvlqKlGrANYa7TrXUwdBN9myU8=\ngithub.com/laher/mergefs v0.1.2-0.20230223191438-d16611b2f4e7/go.mod h1:FSY1hYy94on4Tz60waRMGdO1awwS23BacqJlqf9lJ9Q=\ngithub.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=\ngithub.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=\ngithub.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=\ngithub.com/lestrrat-go/blackmagic v1.0.4 h1:IwQibdnf8l2KoO+qC3uT4OaTWsW7tuRQXy9TRN9QanA=\ngithub.com/lestrrat-go/blackmagic v1.0.4/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw=\ngithub.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=\ngithub.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=\ngithub.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k=\ngithub.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=\ngithub.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=\ngithub.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=\ngithub.com/lestrrat-go/jwx v1.2.31 h1:/OM9oNl/fzyldpv5HKZ9m7bTywa7COUfg8gujd9nJ54=\ngithub.com/lestrrat-go/jwx v1.2.31/go.mod h1:eQJKoRwWcLg4PfD5CFA5gIZGxhPgoPYq9pZISdxLf0c=\ngithub.com/lestrrat-go/jwx/v2 v2.1.1 h1:Y2ltVl8J6izLYFs54BVcpXLv5msSW4o8eXwnzZLI32E=\ngithub.com/lestrrat-go/jwx/v2 v2.1.1/go.mod h1:4LvZg7oxu6Q5VJwn7Mk/UwooNRnTHUpXBj2C4j3HNx0=\ngithub.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=\ngithub.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=\ngithub.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=\ngithub.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=\ngithub.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=\ngithub.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=\ngithub.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM=\ngithub.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=\ngithub.com/mailhog/MailHog v1.0.1 h1:NDExFIj+JGzXT3kmG31r7Okrn78Sk/5p9lP/TV8OE4E=\ngithub.com/mailhog/MailHog v1.0.1/go.mod h1:QlN3aQB5Kx2ZoQy439EWkjWHyJrgqNDsjfknyQOBCOI=\ngithub.com/mailhog/MailHog-Server v1.0.1 h1:mK9inUHV2p6pO55cHZTCdZ8D4aXzd+M9wvqtU0XmWcM=\ngithub.com/mailhog/MailHog-Server v1.0.1/go.mod h1:ScCrImbapPxdrQ85qoxkMygsSiY74ohIj1knLzuN8J0=\ngithub.com/mailhog/MailHog-UI v1.0.1 h1:B3mVLiVLd4amNVQtiklr+srI3eMKiMzYSXXqDGa7JzA=\ngithub.com/mailhog/MailHog-UI v1.0.1/go.mod h1:zLEw2DaBMXpL6nmpdB8S5U1Y3MMSATlTcjUYSTAB7HQ=\ngithub.com/mailhog/data v1.0.1 h1:7I+opBvVdi4EMJaihXavM98jp/ovt4o6mz47446RAW8=\ngithub.com/mailhog/data v1.0.1/go.mod h1:tjR/iXRhbSUKHzAAMd99RygVaDB5rIDC/bmWc363MzU=\ngithub.com/mailhog/http v1.0.1 h1:i3sxAt7/WcdRXdKJZgiDRkWIAYScnrqqHQTZSxXkM0I=\ngithub.com/mailhog/http v1.0.1/go.mod h1:91oqUCI9ZoSDY2cTj4pWDJVBHCK1U762V2a4if4KlOw=\ngithub.com/mailhog/mhsendmail v0.2.0 h1:C5HUC4obHfXIkttLfGBUopYbsJmh+bnExGWHBpWQ8IA=\ngithub.com/mailhog/mhsendmail v0.2.0/go.mod h1:B0778+OoPEc5aEFqatEnSO4ZWl9FCTxvaY+c7OOQadM=\ngithub.com/mailhog/smtp v1.0.1 h1:igL3N/L+pWuGCqUaje21HX3VIVnqHoVlqWO0t+wJEYE=\ngithub.com/mailhog/smtp v1.0.1/go.mod h1:GMrAdv1hXro38xj5dsWPAk5ZiXJHFx9t7W9Yqsk0XUM=\ngithub.com/mailhog/storage v1.0.1 h1:uut2nlG5hIxbsl6f8DGznPAHwQLf3/7Na2t4gmrIais=\ngithub.com/mailhog/storage v1.0.1/go.mod h1:4EAUf5xaEVd7c/OhvSxOOwQ66jT6q2er+BDBQ0EVrew=\ngithub.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=\ngithub.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=\ngithub.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=\ngithub.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=\ngithub.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=\ngithub.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=\ngithub.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=\ngithub.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=\ngithub.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=\ngithub.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=\ngithub.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=\ngithub.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=\ngithub.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=\ngithub.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=\ngithub.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=\ngithub.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A=\ngithub.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=\ngithub.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=\ngithub.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=\ngithub.com/microcosm-cc/bluemonday v1.0.20/go.mod h1:yfBmMi8mxvaZut3Yytv+jTXRY8mxyjJ0/kQBTElld50=\ngithub.com/microcosm-cc/bluemonday v1.0.22/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM=\ngithub.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=\ngithub.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=\ngithub.com/mikefarah/yq/v4 v4.45.1 h1:EW+HjKEVa55pUYFJseEHEHdQ0+ulunY+q42zF3M7ZaQ=\ngithub.com/mikefarah/yq/v4 v4.45.1/go.mod h1:djgN2vD749hpjVNGYTShr5Kmv5LYljhCG3lUTuEe3LM=\ngithub.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=\ngithub.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=\ngithub.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=\ngithub.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=\ngithub.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=\ngithub.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=\ngithub.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=\ngithub.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=\ngithub.com/moby/moby/api v1.54.0 h1:7kbUgyiKcoBhm0UrWbdrMs7RX8dnwzURKVbZGy2GnL0=\ngithub.com/moby/moby/api v1.54.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=\ngithub.com/moby/moby/client v0.3.0 h1:UUGL5okry+Aomj3WhGt9Aigl3ZOxZGqR7XPo+RLPlKs=\ngithub.com/moby/moby/client v0.3.0/go.mod h1:HJgFbJRvogDQjbM8fqc1MCEm4mIAGMLjXbgwoZp6jCQ=\ngithub.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=\ngithub.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=\ngithub.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=\ngithub.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=\ngithub.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=\ngithub.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=\ngithub.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=\ngithub.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=\ngithub.com/montanaflynn/stats v0.7.1 h1:etflOAAHORrCC44V+aR6Ftzort912ZU+YLiSTuV8eaE=\ngithub.com/montanaflynn/stats v0.7.1/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=\ngithub.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=\ngithub.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=\ngithub.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=\ngithub.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=\ngithub.com/nyaruka/phonenumbers v1.6.5 h1:aBCaUhfpRA7hU6fsXk+p7KF1aNx4nQlq9hGeo2qdFg8=\ngithub.com/nyaruka/phonenumbers v1.6.5/go.mod h1:7gjs+Lchqm49adhAKB5cdcng5ZXgt6x7Jgvi0ZorUtU=\ngithub.com/ogier/pflag v0.0.1 h1:RW6JSWSu/RkSatfcLtogGfFgpim5p7ARQ10ECk5O750=\ngithub.com/ogier/pflag v0.0.1/go.mod h1:zkFki7tvTa0tafRvTBIZTvzYyAu6kQhPZFnshFFPE+g=\ngithub.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=\ngithub.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=\ngithub.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU=\ngithub.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk=\ngithub.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=\ngithub.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=\ngithub.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=\ngithub.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=\ngithub.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=\ngithub.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=\ngithub.com/openzipkin/zipkin-go v0.4.3 h1:9EGwpqkgnwdEIJ+Od7QVSEIH+ocmm5nPat0G7sjsSdg=\ngithub.com/openzipkin/zipkin-go v0.4.3/go.mod h1:M9wCJZFWCo2RiY+o1eBCEMe0Dp2S5LDHcMZmk3RmK7c=\ngithub.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=\ngithub.com/ory/analytics-go/v5 v5.0.1 h1:LX8T5B9FN8KZXOtxgN+R3I4THRRVB6+28IKgKBpXmAM=\ngithub.com/ory/analytics-go/v5 v5.0.1/go.mod h1:lWCiCjAaJkKfgR/BN5DCLMol8BjKS1x+4jxBxff/FF0=\ngithub.com/ory/dockertest/v4 v4.0.0-beta.4 h1:QcrNrobOP+5IjSDmS4//EuBtwiFuznQhi5xTe8oFSoM=\ngithub.com/ory/dockertest/v4 v4.0.0-beta.4/go.mod h1:p9kfE14tzK8+WU4F9YbIZlzhCzQ2pH7H1KIfBKrF3DM=\ngithub.com/ory/go-oidc/v3 v3.0.0-20250124100243-69986dfaf891 h1:HjpfYsY85wpheyMwR9EEk3347I0QsCllRMJShods3jc=\ngithub.com/ory/go-oidc/v3 v3.0.0-20250124100243-69986dfaf891/go.mod h1:Jxfv2TPRvdJuLfmkvokss8dkguhMmer2UvARU6SWy0Y=\ngithub.com/ory/graceful v0.1.4-0.20230301144740-e222150c51d0 h1:VMUeLRfQD14fOMvhpYZIIT4vtAqxYh+f3KnSqCeJ13o=\ngithub.com/ory/graceful v0.1.4-0.20230301144740-e222150c51d0/go.mod h1:hg2iCy+LCWOXahBZ+NQa4dk8J2govyQD79rrqrgMyY8=\ngithub.com/ory/herodot v0.10.8 h1:uUPsXd4FKTsNHHU+OS5gYrRNEMraU36st0kBeWiXsno=\ngithub.com/ory/herodot v0.10.8/go.mod h1:j6i246U6iX8TStYNKIVQxb2waweQvtOLi+b/9q+OULg=\ngithub.com/ory/hydra-client-go/v2 v2.2.1 h1:m1821pIX6ybG/3oSAn2wtrbBKNwe9q5A8fLljYuLpBk=\ngithub.com/ory/hydra-client-go/v2 v2.2.1/go.mod h1:K83R+iK40+5uF2uQ34yRUrf9izRvFsza9pG2Se5qMmk=\ngithub.com/ory/jsonschema/v3 v3.0.9-0.20250317235931-280c5fc7bf0e h1:4tUrC7x4YWRVMFp+c64KACNSGchW1zXo4l6Pa9/1hA8=\ngithub.com/ory/jsonschema/v3 v3.0.9-0.20250317235931-280c5fc7bf0e/go.mod h1:XWLxVK4un/iuIcrw+6lCeanbF3NZwO5k6RdLeu/loQk=\ngithub.com/ory/mail v2.3.1+incompatible/go.mod h1:87D9/1gB6ewElQoN0lXJ0ayfqcj3cW3qCTXh+5E9mfU=\ngithub.com/ory/mail/v3 v3.0.0 h1:8LFMRj473vGahFD/ntiotWEd4S80FKYFtiZTDfOQ+sM=\ngithub.com/ory/mail/v3 v3.0.0/go.mod h1:JGAVeZF8YAlxbaFDUHqRZAKBCSeW2w1vuxf28hFbZAw=\ngithub.com/ory/nosurf v1.2.7 h1:YrHrbSensQyU6r6HT/V5+HPdVEgrOTMJiLoJABSBOp4=\ngithub.com/ory/nosurf v1.2.7/go.mod h1:d4L3ZBa7Amv55bqxCBtCs63wSlyaiCkWVl4vKf3OUxA=\ngithub.com/ory/pop/v6 v6.3.2-0.20251203152233-a32233875f7e h1:gsbAteu8HZYnkIF4WVBaxklvF/s5IbcxYcCi6qX93ms=\ngithub.com/ory/pop/v6 v6.3.2-0.20251203152233-a32233875f7e/go.mod h1:PEqjxMcIV87rBhlyDDha76I7/w2W/FHenSq3V3X1A/A=\ngithub.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2 h1:zm6sDvHy/U9XrGpixwHiuAwpp0Ock6khSVHkrv6lQQU=\ngithub.com/ory/sessions v1.2.2-0.20220110165800-b09c17334dc2/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=\ngithub.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=\ngithub.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=\ngithub.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=\ngithub.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=\ngithub.com/peterhellberg/link v1.2.0 h1:UA5pg3Gp/E0F2WdX7GERiNrPQrM1K6CVJUUWfHa4t6c=\ngithub.com/peterhellberg/link v1.2.0/go.mod h1:gYfAh+oJgQu2SrZHg5hROVRQe1ICoK0/HHJTcE0edxc=\ngithub.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=\ngithub.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=\ngithub.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c h1:dAMKvw0MlJT1GshSTtih8C2gDs04w8dReiOGXrGLNoY=\ngithub.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=\ngithub.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=\ngithub.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=\ngithub.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=\ngithub.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=\ngithub.com/pkg/profile v1.7.0/go.mod h1:8Uer0jas47ZQMJ7VD+OHknK4YDY07LPUC6dEvqDjvNo=\ngithub.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=\ngithub.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=\ngithub.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=\ngithub.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=\ngithub.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=\ngithub.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=\ngithub.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=\ngithub.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=\ngithub.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=\ngithub.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=\ngithub.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=\ngithub.com/rakutentech/jwk-go v1.2.0 h1:vNJwedPkRR+32V5WGNj0JP4COes93BGERvzQLBjLy4c=\ngithub.com/rakutentech/jwk-go v1.2.0/go.mod h1:pI0bYVntqaJ27RCpaC75MTUacheW0Rk4+8XzWWe1OWM=\ngithub.com/rjeczalik/notify v0.9.3 h1:6rJAzHTGKXGj76sbRgDiDcYj/HniypXmSJo1SWakZeY=\ngithub.com/rjeczalik/notify v0.9.3/go.mod h1:gF3zSOrafR9DQEWSE8TjfI9NkooDxbyT4UgRGKZA0lc=\ngithub.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=\ngithub.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=\ngithub.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=\ngithub.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=\ngithub.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=\ngithub.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=\ngithub.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=\ngithub.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=\ngithub.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=\ngithub.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=\ngithub.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=\ngithub.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=\ngithub.com/samber/lo v1.46.0 h1:w8G+oaCPgz1PoCJztqymCFaKwXt+5cCXn51uPxExFfQ=\ngithub.com/samber/lo v1.46.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU=\ngithub.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 h1:0b8DF5kR0PhRoRXDiEEdzrgBc8UqVY4JWLkQJCRsLME=\ngithub.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761/go.mod h1:/THDZYi7F/BsVEcYzYPqdcWFQ+1C2InkawTKfLOAnzg=\ngithub.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=\ngithub.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=\ngithub.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=\ngithub.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc=\ngithub.com/segmentio/backo-go v1.1.0 h1:cJIfHQUdmLsd8t9IXqf5J8SdrOMn9vMa7cIvOavHAhc=\ngithub.com/segmentio/backo-go v1.1.0/go.mod h1:ckenwdf+v/qbyhVdNPWHnqh2YdJBED1O9cidYyM5J18=\ngithub.com/segmentio/conf v1.2.0/go.mod h1:Y3B9O/PqqWqjyxyWWseyj/quPEtMu1zDp/kVbSWWaB0=\ngithub.com/segmentio/go-snakecase v1.1.0/go.mod h1:jk1miR5MS7Na32PZUykG89Arm+1BUSYhuGR6b7+hJto=\ngithub.com/segmentio/objconv v1.0.1/go.mod h1:auayaH5k3137Cl4SoXTgrzQcuQDmvuVtZgS0fb1Ahys=\ngithub.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=\ngithub.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=\ngithub.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=\ngithub.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=\ngithub.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=\ngithub.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=\ngithub.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=\ngithub.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=\ngithub.com/slack-go/slack v0.13.1 h1:6UkM3U1OnbhPsYeb1IMkQ6HSNOSikWluwOncJt4Tz/o=\ngithub.com/slack-go/slack v0.13.1/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw=\ngithub.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY=\ngithub.com/smarty/assertions v1.15.0/go.mod h1:yABtdzeQs6l1brC900WlRNwj6ZR55d7B+E8C6HtKdec=\ngithub.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sSznIX1xY=\ngithub.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60=\ngithub.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d h1:yKm7XZV6j9Ev6lojP2XaIshpT4ymkqhMeSghO5Ps00E=\ngithub.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=\ngithub.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=\ngithub.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=\ngithub.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e h1:qpG93cPwA5f7s/ZPBJnGOYQNK/vKsaDaseuKT5Asee8=\ngithub.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=\ngithub.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=\ngithub.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=\ngithub.com/spf13/cast v1.9.2 h1:SsGfm7M8QOFtEzumm7UZrZdLLquNdzFYfIbEXntcFbE=\ngithub.com/spf13/cast v1.9.2/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=\ngithub.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=\ngithub.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=\ngithub.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=\ngithub.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=\ngithub.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=\ngithub.com/ssoready/hyrumtoken v1.0.0 h1:N/JPJDOuYS7qPSnOvZpPxNVXwtlT3kfzAMEcPrH8ywQ=\ngithub.com/ssoready/hyrumtoken v1.0.0/go.mod h1:h8q768r5Uv6iJKOwsNENIWWUP9kvmLykQox5m3SCpqc=\ngithub.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=\ngithub.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=\ngithub.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=\ngithub.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=\ngithub.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=\ngithub.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=\ngithub.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=\ngithub.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=\ngithub.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=\ngithub.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=\ngithub.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=\ngithub.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=\ngithub.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=\ngithub.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=\ngithub.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=\ngithub.com/t-k/fluent-logger-golang v1.0.0 h1:4IQzY+/l66Zkkhk9eB3LwF9vPkgKHJ1rpYdrRiap0EI=\ngithub.com/t-k/fluent-logger-golang v1.0.0/go.mod h1:6vC3Vzp9Kva0l5J9+YDY5/ROePwkAqwLK+KneCjSm4w=\ngithub.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=\ngithub.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=\ngithub.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=\ngithub.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=\ngithub.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=\ngithub.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=\ngithub.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=\ngithub.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=\ngithub.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=\ngithub.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=\ngithub.com/tinylib/msgp v1.2.5 h1:WeQg1whrXRFiZusidTQqzETkRpGjFjcIhW6uqWH09po=\ngithub.com/tinylib/msgp v1.2.5/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=\ngithub.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ=\ngithub.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM=\ngithub.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=\ngithub.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=\ngithub.com/wI2L/jsondiff v0.6.0 h1:zrsH3FbfVa3JO9llxrcDy/XLkYPLgoMX6Mz3T2PP2AI=\ngithub.com/wI2L/jsondiff v0.6.0/go.mod h1:D6aQ5gKgPF9g17j+E9N7aasmU1O+XvfmWm1y8UMmNpw=\ngithub.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=\ngithub.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=\ngithub.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g=\ngithub.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM=\ngithub.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=\ngithub.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=\ngithub.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=\ngithub.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=\ngithub.com/zmb3/spotify/v2 v2.4.2 h1:j3yNN5lKVEMZQItJF4MHCSZbfNWmXO+KaC+3RFaLlLc=\ngithub.com/zmb3/spotify/v2 v2.4.2/go.mod h1:XOV7BrThayFYB9AAfB+L0Q0wyxBuLCARk4fI/ZXCBW8=\ngo.mongodb.org/mongo-driver v1.17.4 h1:jUorfmVzljjr0FLzYQsGP8cgN/qzzxlY9Vh0C9KFXVw=\ngo.mongodb.org/mongo-driver v1.17.4/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=\ngo.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=\ngo.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=\ngo.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=\ngo.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=\ngo.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=\ngo.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=\ngo.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=\ngo.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0 h1:wCeciVlAfb5DC8MQl/DlmAv/FVPNpQgFvI/71+hatuc=\ngo.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0/go.mod h1:WfEApdZDMlLUAev/0QQpr8EJ/z0VWDKYZ5tF5RH5T1U=\ngo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU=\ngo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY=\ngo.opentelemetry.io/contrib/propagators/b3 v1.37.0 h1:0aGKdIuVhy5l4GClAjl72ntkZJhijf2wg1S7b5oLoYA=\ngo.opentelemetry.io/contrib/propagators/b3 v1.37.0/go.mod h1:nhyrxEJEOQdwR15zXrCKI6+cJK60PXAkJ/jRyfhr2mg=\ngo.opentelemetry.io/contrib/propagators/jaeger v1.37.0 h1:pW+qDVo0jB0rLsNeaP85xLuz20cvsECUcN7TE+D8YTM=\ngo.opentelemetry.io/contrib/propagators/jaeger v1.37.0/go.mod h1:x7bd+t034hxLTve1hF9Yn9qQJlO/pP8H5pWIt7+gsFM=\ngo.opentelemetry.io/contrib/samplers/jaegerremote v0.31.0 h1:l8XCsDh7L6Z7PB+vlw1s4ufNab+ayT2RMNdvDE/UyPc=\ngo.opentelemetry.io/contrib/samplers/jaegerremote v0.31.0/go.mod h1:XAOSk4bqj5vtoiY08bexeiafzxdXeLlxKFnwscvn8Fc=\ngo.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=\ngo.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=\ngo.opentelemetry.io/otel/exporters/jaeger v1.17.0 h1:D7UpUy2Xc2wsi1Ras6V40q806WM07rqoCWzXu7Sqy+4=\ngo.opentelemetry.io/otel/exporters/jaeger v1.17.0/go.mod h1:nPCqOnEH9rNLKqH/+rrUjiMzHJdV1BlpKcTwRTyKkKI=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 h1:Ahq7pZmv87yiyn3jeFz/LekZmPLLdKejuO3NcK9MssM=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0/go.mod h1:MJTqhM0im3mRLw1i8uGHnCvUEeS7VwRyxlLC78PA18M=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 h1:bDMKF3RUSxshZ5OjOTi8rsHGaPKsAt76FaqgvIUySLc=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0/go.mod h1:dDT67G/IkA46Mr2l9Uj7HsQVwsjASyV9SjGofsiUZDA=\ngo.opentelemetry.io/otel/exporters/zipkin v1.37.0 h1:Z2apuaRnHEjzDAkpbWNPiksz1R0/FCIrJSjiMA43zwI=\ngo.opentelemetry.io/otel/exporters/zipkin v1.37.0/go.mod h1:ofGu/7fG+bpmjZoiPUUmYDJ4vXWxMT57HmGoegx49uw=\ngo.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=\ngo.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=\ngo.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=\ngo.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=\ngo.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=\ngo.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=\ngo.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=\ngo.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=\ngo.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4=\ngo.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE=\ngo.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=\ngo.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=\ngo.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=\ngo.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=\ngo.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=\ngo.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=\ngo.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE=\ngo.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=\ngolang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\ngolang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=\ngolang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=\ngolang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=\ngolang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=\ngolang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=\ngolang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=\ngolang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=\ngolang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=\ngolang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=\ngolang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=\ngolang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=\ngolang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=\ngolang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=\ngolang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=\ngolang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=\ngolang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=\ngolang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=\ngolang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=\ngolang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=\ngolang.org/x/exp v0.0.0-20250813145105-42675adae3e6 h1:SbTAbRFnd5kjQXbczszQ0hdk3ctwYf3qBNH9jIsGclE=\ngolang.org/x/exp v0.0.0-20250813145105-42675adae3e6/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4=\ngolang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=\ngolang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=\ngolang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=\ngolang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=\ngolang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=\ngolang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=\ngolang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=\ngolang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=\ngolang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=\ngolang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=\ngolang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=\ngolang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=\ngolang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=\ngolang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=\ngolang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=\ngolang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=\ngolang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=\ngolang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=\ngolang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=\ngolang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=\ngolang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=\ngolang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=\ngolang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=\ngolang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=\ngolang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=\ngolang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=\ngolang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=\ngolang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=\ngolang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=\ngolang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=\ngolang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=\ngolang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=\ngolang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=\ngolang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=\ngolang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=\ngolang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=\ngolang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=\ngolang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=\ngolang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=\ngolang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20210810183815-faf39c7919d5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=\ngolang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=\ngolang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=\ngolang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=\ngolang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=\ngolang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=\ngolang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20180926160741-c2ed4eda69e7/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=\ngolang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=\ngolang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=\ngolang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=\ngolang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo=\ngolang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=\ngolang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=\ngolang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=\ngolang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=\ngolang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=\ngolang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=\ngolang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=\ngolang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=\ngolang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=\ngolang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=\ngolang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=\ngolang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=\ngolang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=\ngolang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=\ngolang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=\ngolang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=\ngolang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=\ngolang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=\ngolang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=\ngolang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=\ngolang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=\ngolang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=\ngolang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=\ngolang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=\ngolang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=\ngolang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=\ngolang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=\ngolang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=\ngolang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=\ngolang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=\ngolang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=\ngolang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=\ngolang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=\ngolang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=\ngolang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=\ngolang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=\ngolang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=\ngolang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=\ngolang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=\ngolang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=\ngolang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=\ngolang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=\ngolang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=\ngolang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=\ngolang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=\ngolang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=\ngonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=\ngoogle.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=\ngoogle.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=\ngoogle.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=\ngoogle.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=\ngoogle.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=\ngoogle.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=\ngoogle.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=\ngoogle.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=\ngoogle.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=\ngoogle.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=\ngoogle.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=\ngoogle.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=\ngoogle.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=\ngoogle.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=\ngoogle.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=\ngoogle.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=\ngoogle.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=\ngoogle.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=\ngoogle.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=\ngoogle.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=\ngoogle.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=\ngoogle.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=\ngoogle.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=\ngoogle.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=\ngoogle.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=\ngoogle.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=\ngoogle.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=\ngoogle.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=\ngoogle.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=\ngoogle.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=\ngoogle.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=\ngoogle.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=\ngoogle.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=\ngoogle.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=\ngoogle.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=\ngoogle.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=\ngoogle.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=\ngoogle.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=\ngoogle.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=\ngoogle.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=\ngoogle.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=\ngoogle.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=\ngoogle.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=\ngoogle.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=\ngoogle.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=\ngoogle.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=\ngoogle.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=\ngoogle.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=\ngoogle.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=\ngoogle.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=\ngoogle.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=\ngoogle.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=\ngoogle.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=\ngoogle.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=\ngoogle.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=\ngoogle.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=\ngoogle.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=\ngoogle.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=\ngoogle.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=\ngoogle.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=\ngopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=\ngopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=\ngopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=\ngopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=\ngopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=\ngopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=\ngopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=\ngopkg.in/go-playground/mold.v2 v2.2.0/go.mod h1:XMyyRsGtakkDPbxXbrA5VODo6bUXyvoDjLd5l3T0XoA=\ngopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=\ngopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=\ngopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=\ngopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 h1:VpOs+IwYnYBaFnrNAeB8UUWtL3vEUnzSCL1nVjPhqrw=\ngopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=\ngopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 h1:6D+BvnJ/j6e222UW8s2qTSe3wGBtvo0MbVQG/c5k8RE=\ngopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473/go.mod h1:N1eN2tsCx0Ydtgjl4cqmbRCsY4/+z4cYDeqwZTk6zog=\ngopkg.in/validator.v2 v2.0.0-20180514200540-135c24b11c19/go.mod h1:o4V0GXN9/CAmCsvJ0oXYZvrZOe7syiDZSN1GWGZTGzc=\ngopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=\ngopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=\ngopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=\ngopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=\ngotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=\nhonnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=\nhonnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=\nhonnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=\nmvdan.cc/editorconfig v0.2.0/go.mod h1:lvnnD3BNdBYkhq+B4uBuFFKatfp02eB6HixDvEz91C0=\nmvdan.cc/sh/v3 v3.6.0 h1:gtva4EXJ0dFNvl5bHjcUEvws+KRcDslT8VKheTYkbGU=\nmvdan.cc/sh/v3 v3.6.0/go.mod h1:U4mhtBLZ32iWhif5/lD+ygy1zrgaQhUu+XFy7C8+TTA=\npgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=\npgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=\nrsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=\nrsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=\nrsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=\nsigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=\nsigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=\n" }, { "path": "hash/hash_comparator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hash\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/aes\"\n\t\"crypto/cipher\"\n\t\"crypto/hmac\"\n\t\"crypto/md5\" //nolint:all // System compatibility for imported passwords\n\t\"crypto/sha1\" //nolint:all // System compatibility for imported passwords\n\t\"crypto/sha256\"\n\t\"crypto/sha512\"\n\t\"crypto/subtle\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"hash\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/go-crypt/crypt\"\n\t\"github.com/go-crypt/crypt/algorithm/md5crypt\"\n\t\"github.com/go-crypt/crypt/algorithm/shacrypt\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"golang.org/x/crypto/argon2\"\n\t\"golang.org/x/crypto/bcrypt\"\n\n\t//nolint:staticcheck\n\t//lint:ignore SA1019 compatibility for imported passwords\n\t\"golang.org/x/crypto/md4\" //nolint:gosec // disable G115 G501 -- compatibility for imported passwords\n\t\"golang.org/x/crypto/pbkdf2\"\n\t\"golang.org/x/crypto/scrypt\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/otelx\"\n)\n\nvar ErrUnknownHashAlgorithm = errors.New(\"unknown hash algorithm\")\n\nfunc NewCryptDecoder() *crypt.Decoder {\n\tdecoder := crypt.NewDecoder()\n\n\t// The register function only returns an error if the decoder is nil or the algorithm is already registered.\n\t// This is never the case here, if it is, we did something horribly wrong.\n\tif err := md5crypt.RegisterDecoderCommon(decoder); err != nil {\n\t\tpanic(err)\n\t}\n\n\tif err := shacrypt.RegisterDecoder(decoder); err != nil {\n\t\tpanic(err)\n\t}\n\n\treturn decoder\n}\n\nvar CryptDecoder = NewCryptDecoder()\n\ntype SupportedHasher struct {\n\tComparator func(ctx context.Context, password, hash []byte) error\n\tName string\n\tIs func(hash []byte) bool\n}\n\nfunc AddSupportedHasher(s SupportedHasher) {\n\tsupportedHashers = append(supportedHashers, s)\n}\n\nvar supportedHashers = []SupportedHasher{\n\t{\n\t\tComparator: CompareMD5Crypt,\n\t\tName: \"md5crypt\",\n\t\tIs: IsMD5CryptHash,\n\t},\n\t{\n\t\tComparator: CompareBcrypt,\n\t\tName: \"bcrypt\",\n\t\tIs: IsBcryptHash,\n\t},\n\t{\n\t\tComparator: CompareSHA256Crypt,\n\t\tName: \"sha256crypt\",\n\t\tIs: IsSHA256CryptHash,\n\t},\n\t{\n\t\tComparator: CompareSHA512Crypt,\n\t\tName: \"sha512crypt\",\n\t\tIs: IsSHA512CryptHash,\n\t},\n\t{\n\t\tComparator: CompareArgon2id,\n\t\tName: \"argon2id\",\n\t\tIs: IsArgon2idHash,\n\t},\n\t{\n\t\tComparator: CompareArgon2i,\n\t\tName: \"argon2i\",\n\t\tIs: IsArgon2iHash,\n\t},\n\t{\n\t\tComparator: ComparePbkdf2,\n\t\tName: \"pbkdf2\",\n\t\tIs: IsPbkdf2Hash,\n\t},\n\t{\n\t\tComparator: CompareScrypt,\n\t\tName: \"scrypt\",\n\t\tIs: IsScryptHash,\n\t},\n\t{\n\t\tComparator: CompareSSHA,\n\t\tName: \"ssha\",\n\t\tIs: IsSSHAHash,\n\t},\n\t{\n\t\tComparator: CompareSHA,\n\t\tName: \"sha\",\n\t\tIs: IsSHAHash,\n\t},\n\t{\n\t\tComparator: CompareFirebaseScrypt,\n\t\tName: \"firebasescrypt\",\n\t\tIs: IsFirebaseScryptHash,\n\t},\n\t{\n\t\tComparator: CompareMD5,\n\t\tName: \"md5\",\n\t\tIs: IsMD5Hash,\n\t},\n\t{\n\t\tComparator: CompareHMAC,\n\t\tName: \"hmac\",\n\t\tIs: IsHMACHash,\n\t},\n}\n\nfunc Compare(ctx context.Context, password, hash []byte) (err error) {\n\tctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, \"hash.Compare\")\n\tdefer otelx.End(span, &err)\n\n\tfor _, h := range supportedHashers {\n\t\tif h.Is(hash) {\n\t\t\tspan.SetAttributes(attribute.String(\"hash.type\", h.Name))\n\t\t\treturn h.Comparator(ctx, password, hash)\n\t\t}\n\t}\n\n\tspan.SetAttributes(attribute.String(\"hash.type\", \"unknown\"))\n\treturn errors.WithStack(ErrUnknownHashAlgorithm)\n}\n\nfunc CompareMD5Crypt(_ context.Context, password, hash []byte) error {\n\t// the password has successfully been validated (has prefix `$md5-crypt`),\n\t// the decoder expect the module crypt identifier instead (`$1`), which means we need to replace the prefix\n\t// before decoding\n\thash = bytes.TrimPrefix(hash, []byte(\"$md5-crypt\"))\n\thash = append([]byte(\"$1\"), hash...)\n\n\treturn compareCryptHelper(password, string(hash))\n}\n\nfunc CompareBcrypt(ctx context.Context, password, hash []byte) error {\n\tif err := validateBcryptPasswordLength(password); err != nil {\n\t\treturn err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\terr := bcrypt.CompareHashAndPassword(hash, password)\n\tif err != nil {\n\t\tif errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {\n\t\t\treturn errors.WithStack(ErrMismatchedHashAndPassword)\n\t\t}\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc CompareSHA256Crypt(_ context.Context, password, hash []byte) error {\n\thash = bytes.TrimPrefix(hash, []byte(\"$sha256-crypt\"))\n\thash = append([]byte(\"$5\"), hash...)\n\n\treturn compareCryptHelper(password, string(hash))\n}\n\nfunc CompareSHA512Crypt(_ context.Context, password, hash []byte) error {\n\thash = bytes.TrimPrefix(hash, []byte(\"$sha512-crypt\"))\n\thash = append([]byte(\"$6\"), hash...)\n\n\treturn compareCryptHelper(password, string(hash))\n}\n\nfunc CompareArgon2id(ctx context.Context, password, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, hash, err := decodeArgon2idHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\t//nolint:gosec // disable G115\n\totherHash := argon2.IDKey(password, salt, p.Iterations, uint32(p.Memory), p.Parallelism, p.KeyLength)\n\n\treturn comparePasswordHashConstantTime(hash, otherHash)\n}\n\nfunc CompareArgon2i(ctx context.Context, password, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, hash, err := decodeArgon2idHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\totherHash := argon2.Key(password, salt, p.Iterations, uint32(p.Memory), p.Parallelism, p.KeyLength) // #nosec G115 -- memory (KiB) would need to be 2^32 kibibyte to overflow uint32\n\n\treturn comparePasswordHashConstantTime(hash, otherHash)\n}\n\nfunc ComparePbkdf2(ctx context.Context, password, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, hash, err := decodePbkdf2Hash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\totherHash := pbkdf2.Key(password, salt, int(p.Iterations), int(p.KeyLength), getPseudorandomFunctionForPbkdf2(p.Algorithm))\n\n\treturn comparePasswordHashConstantTime(hash, otherHash)\n}\n\nfunc CompareScrypt(ctx context.Context, password, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, hash, err := decodeScryptHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\totherHash, err := scrypt.Key(password, salt, int(p.Cost), int(p.Block), int(p.Parrellization), int(p.KeyLength))\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\treturn comparePasswordHashConstantTime(hash, otherHash)\n}\n\nfunc CompareSSHA(ctx context.Context, password, hash []byte) error {\n\thasher, salt, hash, err := decodeSSHAHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\traw := append(password[:], salt[:]...)\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\treturn CompareSHAHelper(hasher, raw, hash)\n}\n\nfunc CompareSHA(ctx context.Context, password, hash []byte) error {\n\thasher, pf, salt, hash, err := decodeSHAHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tr := strings.NewReplacer(\"{SALT}\", string(salt), \"{PASSWORD}\", string(password))\n\traw := []byte(r.Replace(string(pf)))\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\treturn CompareSHAHelper(hasher, raw, hash)\n}\n\nfunc CompareFirebaseScrypt(ctx context.Context, password, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, saltSeparator, hash, signerKey, err := decodeFirebaseScryptHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\t// FirebaseScript algorithm implementation from https://github.com/Aoang/firebase-scrypt\n\tck, err := scrypt.Key(password, append(salt, saltSeparator...), int(p.Cost), int(p.Block), int(p.Parrellization), 32)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tvar block cipher.Block\n\tif block, err = aes.NewCipher(ck); err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tcipherText := make([]byte, aes.BlockSize+len(signerKey))\n\tstream := cipher.NewCTR(block, cipherText[:aes.BlockSize])\n\tstream.XORKeyStream(cipherText[aes.BlockSize:], signerKey)\n\totherHash := cipherText[aes.BlockSize:]\n\n\treturn comparePasswordHashConstantTime(hash, otherHash)\n}\n\nfunc CompareMD5(ctx context.Context, password, hash []byte) error {\n\t// Extract the hash from the encoded password\n\tpf, salt, hash, err := decodeMD5Hash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\targ := password\n\tif salt != nil {\n\t\tr := strings.NewReplacer(\"{SALT}\", string(salt), \"{PASSWORD}\", string(password))\n\t\targ = []byte(r.Replace(string(pf)))\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\t//#nosec G401 -- compatibility for imported passwords\n\totherHash := md5.Sum(arg)\n\n\treturn comparePasswordHashConstantTime(hash, otherHash[:])\n}\n\nfunc CompareHMAC(ctx context.Context, password, hash []byte) error {\n\t// Extract the hash from the encoded password\n\thasher, hash, key, err := decodeHMACHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn ctx.Err()\n\t}\n\n\tmac := hmac.New(hasher, key)\n\t_, err = mac.Write(password)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\totherHash := []byte(hex.EncodeToString(mac.Sum(nil)))\n\n\treturn comparePasswordHashConstantTime(hash, otherHash)\n}\n\nvar (\n\tisMD5CryptHash = regexp.MustCompile(`^\\$md5-crypt\\$`)\n\tisBcryptHash = regexp.MustCompile(`^\\$2[abzy]?\\$`)\n\tisSHA256CryptHash = regexp.MustCompile(`^\\$sha256-crypt\\$`)\n\tisSHA512CryptHash = regexp.MustCompile(`^\\$sha512-crypt\\$`)\n\tisArgon2idHash = regexp.MustCompile(`^\\$argon2id\\$`)\n\tisArgon2iHash = regexp.MustCompile(`^\\$argon2i\\$`)\n\tisPbkdf2Hash = regexp.MustCompile(`^\\$pbkdf2-sha[0-9]{1,3}\\$`)\n\tisScryptHash = regexp.MustCompile(`^\\$scrypt\\$`)\n\tisSSHAHash = regexp.MustCompile(`^{SSHA(256|512)?}.*`)\n\tisSHAHash = regexp.MustCompile(`^\\$sha(1|256|512)\\$`)\n\tisFirebaseScryptHash = regexp.MustCompile(`^\\$firescrypt\\$`)\n\tisMD5Hash = regexp.MustCompile(`^\\$md5\\$`)\n\tisHMACHash = regexp.MustCompile(`^\\$hmac-(md4|md5|sha1|sha224|sha256|sha384|sha512)\\$`)\n)\n\nfunc IsMD5CryptHash(hash []byte) bool { return isMD5CryptHash.Match(hash) }\nfunc IsBcryptHash(hash []byte) bool { return isBcryptHash.Match(hash) }\nfunc IsSHA256CryptHash(hash []byte) bool { return isSHA256CryptHash.Match(hash) }\nfunc IsSHA512CryptHash(hash []byte) bool { return isSHA512CryptHash.Match(hash) }\nfunc IsArgon2idHash(hash []byte) bool { return isArgon2idHash.Match(hash) }\nfunc IsArgon2iHash(hash []byte) bool { return isArgon2iHash.Match(hash) }\nfunc IsPbkdf2Hash(hash []byte) bool { return isPbkdf2Hash.Match(hash) }\nfunc IsScryptHash(hash []byte) bool { return isScryptHash.Match(hash) }\nfunc IsSSHAHash(hash []byte) bool { return isSSHAHash.Match(hash) }\nfunc IsSHAHash(hash []byte) bool { return isSHAHash.Match(hash) }\nfunc IsFirebaseScryptHash(hash []byte) bool { return isFirebaseScryptHash.Match(hash) }\nfunc IsMD5Hash(hash []byte) bool { return isMD5Hash.Match(hash) }\nfunc IsHMACHash(hash []byte) bool { return isHMACHash.Match(hash) }\n\nfunc IsValidHashFormat(hash []byte) bool {\n\tfor _, h := range supportedHashers {\n\t\tif h.Is(hash) {\n\t\t\treturn true\n\t\t}\n\t}\n\n\treturn false\n}\n\nfunc decodeArgon2idHash(encodedHash string) (p *config.Argon2, salt, hash []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\tif len(parts) != 6 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\n\tvar version int\n\t_, err = fmt.Sscanf(parts[2], \"v=%d\", &version)\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tif version != argon2.Version {\n\t\treturn nil, nil, nil, ErrIncompatibleVersion\n\t}\n\n\tp = new(config.Argon2)\n\t_, err = fmt.Sscanf(parts[3], \"m=%d,t=%d,p=%d\", &p.Memory, &p.Iterations, &p.Parallelism)\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\n\tsalt, err = base64.RawStdEncoding.Strict().DecodeString(parts[4])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tp.SaltLength = uint32(len(salt)) // #nosec G115 -- salt would need to be 2^32 bytes long to overflow uint32\n\n\thash, err = base64.RawStdEncoding.Strict().DecodeString(parts[5])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tp.KeyLength = uint32(len(hash)) // #nosec G115 -- hash would need to be 2^32 bytes long to overflow uint32\n\n\treturn p, salt, hash, nil\n}\n\n// decodePbkdf2Hash decodes PBKDF2 encoded password hash.\n// format: $pbkdf2-$i=,l=$$\nfunc decodePbkdf2Hash(encodedHash string) (p *Pbkdf2, salt, hash []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\tif len(parts) != 5 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\n\tp = new(Pbkdf2)\n\tdigestParts := strings.SplitN(parts[1], \"-\", 2)\n\tif len(digestParts) != 2 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\tp.Algorithm = digestParts[1]\n\n\t_, err = fmt.Sscanf(parts[2], \"i=%d,l=%d\", &p.Iterations, &p.KeyLength)\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\n\tsalt, err = base64.RawStdEncoding.Strict().DecodeString(parts[3])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tp.SaltLength = uint32(len(salt)) // #nosec G115 -- salt would need to be 2^32 bytes long to overflow uint32\n\n\thash, err = base64.RawStdEncoding.Strict().DecodeString(parts[4])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tp.KeyLength = uint32(len(hash)) // #nosec G115 -- hash would need to be 2^32 bytes long to overflow uint32\n\n\treturn p, salt, hash, nil\n}\n\n// decodeScryptHash decodes Scrypt encoded password hash.\n// format: $scrypt$ln=,r=,p=$$\nfunc decodeScryptHash(encodedHash string) (p *Scrypt, salt, hash []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\tif len(parts) != 5 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\n\tp = new(Scrypt)\n\n\t_, err = fmt.Sscanf(parts[2], \"ln=%d,r=%d,p=%d\", &p.Cost, &p.Block, &p.Parrellization)\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\n\tsalt, err = base64.StdEncoding.Strict().DecodeString(parts[3])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tp.SaltLength = uint32(len(salt)) // #nosec G115 -- salt would need to be 2^32 bytes long to overflow uint32\n\n\thash, err = base64.StdEncoding.Strict().DecodeString(parts[4])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tp.KeyLength = uint32(len(hash)) // #nosec G115 -- hash would need to be 2^32 bytes long to overflow uint32\n\n\treturn p, salt, hash, nil\n}\n\n// decodeSHAHash decodes SHA[1|256|512] encoded password hash in custom PHC format.\n// format: $sha1$pf=$$\nfunc decodeSHAHash(encodedHash string) (hasher string, pf, salt, hash []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\n\tif len(parts) != 5 {\n\t\treturn \"\", nil, nil, nil, ErrInvalidHash\n\t}\n\n\thasher = parts[1]\n\n\t_, err = fmt.Sscanf(parts[2], \"pf=%s\", &pf)\n\tif err != nil {\n\t\treturn \"\", nil, nil, nil, err\n\t}\n\n\tpf, err = base64.StdEncoding.Strict().DecodeString(string(pf))\n\tif err != nil {\n\t\treturn \"\", nil, nil, nil, err\n\t}\n\n\tsalt, err = base64.StdEncoding.Strict().DecodeString(parts[3])\n\tif err != nil {\n\t\treturn \"\", nil, nil, nil, err\n\t}\n\n\thash, err = base64.StdEncoding.Strict().DecodeString(parts[4])\n\tif err != nil {\n\t\treturn \"\", nil, nil, nil, err\n\t}\n\n\treturn hasher, pf, salt, hash, nil\n}\n\n// CompareSHAHelper compares the raw password with the hash using the given hasher.\nfunc CompareSHAHelper(hasher string, raw []byte, hash []byte) error {\n\tvar sha []byte\n\n\tswitch hasher {\n\tcase \"sha1\":\n\t\tsum := sha1.Sum(raw) //#nosec G401 -- compatibility for imported passwords\n\t\tsha = sum[:]\n\tcase \"sha256\":\n\t\tsum := sha256.Sum256(raw)\n\t\tsha = sum[:]\n\tcase \"sha512\":\n\t\tsum := sha512.Sum512(raw)\n\t\tsha = sum[:]\n\tdefault:\n\t\treturn errors.WithStack(ErrMismatchedHashAndPassword)\n\t}\n\n\tencodedHash := []byte(base64.StdEncoding.EncodeToString(hash))\n\tnewEncodedHash := []byte(base64.StdEncoding.EncodeToString(sha))\n\n\treturn comparePasswordHashConstantTime(encodedHash, newEncodedHash)\n}\n\nfunc compareCryptHelper(password []byte, hash string) error {\n\tdigest, err := CryptDecoder.Decode(hash)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif digest.MatchBytes(password) {\n\t\treturn nil\n\t}\n\n\treturn errors.WithStack(ErrMismatchedHashAndPassword)\n}\n\nvar regexSSHA = regexp.MustCompile(`\\{([^}]*)\\}`)\n\n// decodeSSHAHash decodes SSHA[1|256|512] encoded password hash in usual {SSHA...} format.\nfunc decodeSSHAHash(encodedHash string) (hasher string, salt, hash []byte, err error) {\n\tmatch := regexSSHA.FindStringSubmatch(string(encodedHash))\n\n\tvar index_of_salt_begin int\n\tvar index_of_hash_begin int\n\n\tswitch match[1] {\n\tcase \"SSHA\":\n\t\thasher = \"sha1\"\n\t\tindex_of_hash_begin = 6\n\t\tindex_of_salt_begin = 20\n\n\tcase \"SSHA256\":\n\t\thasher = \"sha256\"\n\t\tindex_of_hash_begin = 9\n\t\tindex_of_salt_begin = 32\n\n\tcase \"SSHA512\":\n\t\thasher = \"sha512\"\n\t\tindex_of_hash_begin = 9\n\t\tindex_of_salt_begin = 64\n\n\tdefault:\n\t\treturn \"\", nil, nil, ErrInvalidHash\n\t}\n\n\tdecoded, err := base64.StdEncoding.DecodeString(string(encodedHash[index_of_hash_begin:]))\n\tif err != nil {\n\t\treturn \"\", nil, nil, ErrInvalidHash\n\t}\n\n\tif len(decoded) < index_of_salt_begin+1 {\n\t\treturn \"\", nil, nil, ErrInvalidHash\n\t}\n\n\tsalt = decoded[index_of_salt_begin:]\n\thash = decoded[:index_of_salt_begin]\n\n\treturn hasher, salt, hash, nil\n}\n\n// decodeFirebaseScryptHash decodes Firebase Scrypt encoded password hash.\n// format: $firescrypt$ln=,r=,p=$$$$\nfunc decodeFirebaseScryptHash(encodedHash string) (p *Scrypt, salt, saltSeparator, hash, signerKey []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\tif len(parts) != 7 {\n\t\treturn nil, nil, nil, nil, nil, ErrInvalidHash\n\t}\n\n\tp = new(Scrypt)\n\n\t_, err = fmt.Sscanf(parts[2], \"ln=%d,r=%d,p=%d\", &p.Cost, &p.Block, &p.Parrellization)\n\tif err != nil {\n\t\treturn nil, nil, nil, nil, nil, err\n\t}\n\t// convert from firebase config \"mem_cost\" to\n\t// scrypt CPU/memory cost parameter, which must be a power of two greater than 1.\n\tp.Cost = 1 << p.Cost\n\n\tsalt, err = base64.StdEncoding.Strict().DecodeString(parts[3])\n\tif err != nil {\n\t\treturn nil, nil, nil, nil, nil, err\n\t}\n\tp.SaltLength = uint32(len(salt)) // #nosec G115 -- salt would need to be 2^32 bytes long to overflow uint32\n\n\thash, err = base64.StdEncoding.Strict().DecodeString(parts[4])\n\tif err != nil {\n\t\treturn nil, nil, nil, nil, nil, err\n\t}\n\t// Are all firebase script hashes of length 32?\n\tp.KeyLength = 32\n\n\tsaltSeparator, err = base64.StdEncoding.Strict().DecodeString(parts[5])\n\tif err != nil {\n\t\treturn nil, nil, nil, nil, nil, err\n\t}\n\n\tsignerKey, err = base64.StdEncoding.Strict().DecodeString(parts[6])\n\tif err != nil {\n\t\treturn nil, nil, nil, nil, nil, err\n\t}\n\n\treturn p, salt, saltSeparator, hash, signerKey, nil\n}\n\n// decodeMD5Hash decodes MD5 encoded password hash.\n// format without salt: $md5$\n// format with salt $md5$pf=$$\nfunc decodeMD5Hash(encodedHash string) (pf, salt, hash []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\n\tswitch len(parts) {\n\tcase 3:\n\t\thash, err := base64.StdEncoding.Strict().DecodeString(parts[2])\n\t\treturn nil, nil, hash, err\n\tcase 5:\n\t\t_, err = fmt.Sscanf(parts[2], \"pf=%s\", &pf)\n\t\tif err != nil {\n\t\t\treturn nil, nil, nil, err\n\t\t}\n\n\t\tpf, err := base64.StdEncoding.Strict().DecodeString(string(pf))\n\t\tif err != nil {\n\t\t\treturn nil, nil, nil, err\n\t\t}\n\n\t\tsalt, err = base64.StdEncoding.Strict().DecodeString(parts[3])\n\t\tif err != nil {\n\t\t\treturn nil, nil, nil, err\n\t\t}\n\n\t\thash, err = base64.StdEncoding.Strict().DecodeString(parts[4])\n\t\tif err != nil {\n\t\t\treturn nil, nil, nil, err\n\t\t}\n\n\t\treturn pf, salt, hash, nil\n\tdefault:\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n}\n\n// decodeHMACHash decodes HMAC encoded password hash.\n// format : $hmac-$$\nfunc decodeHMACHash(encodedHash string) (hasher func() hash.Hash, hash, key []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\n\tif len(parts) != 4 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\n\thashMatch := isHMACHash.FindStringSubmatch(encodedHash)\n\n\tif len(hashMatch) != 2 {\n\t\treturn nil, nil, nil, errors.WithStack(ErrUnknownHashAlgorithm)\n\t}\n\n\tswitch hashMatch[1] {\n\tcase \"md4\":\n\t\thasher = md4.New //#nosec G401 -- compatibility for imported passwords\n\tcase \"md5\":\n\t\thasher = md5.New //#nosec G401 -- compatibility for imported passwords\n\tcase \"sha1\":\n\t\thasher = sha1.New //#nosec G401 -- compatibility for imported passwords\n\tcase \"sha224\":\n\t\thasher = sha256.New224\n\tcase \"sha256\":\n\t\thasher = sha256.New\n\tcase \"sha384\":\n\t\thasher = sha512.New384\n\tcase \"sha512\":\n\t\thasher = sha512.New\n\tdefault:\n\t\treturn nil, nil, nil, errors.WithStack(ErrUnknownHashAlgorithm)\n\t}\n\n\thash, err = base64.StdEncoding.Strict().DecodeString(parts[2])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\n\tkey, err = base64.StdEncoding.Strict().DecodeString(parts[3])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\n\treturn hasher, hash, key, nil\n}\n\nfunc comparePasswordHashConstantTime(hash, otherHash []byte) error {\n\t// use subtle.ConstantTimeCompare() to prevent timing attacks.\n\tif subtle.ConstantTimeCompare(hash, otherHash) == 1 {\n\t\treturn nil\n\t}\n\treturn errors.WithStack(ErrMismatchedHashAndPassword)\n}\n" }, { "path": "hash/hasher.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hash\n\nimport (\n\t\"context\"\n)\n\n// Hasher provides methods for generating and comparing password hashes.\ntype Hasher interface {\n\t// Generate returns a hash derived from the password or an error if the hash method failed.\n\tGenerate(ctx context.Context, password []byte) ([]byte, error)\n\n\t// Understands returns whether the given hash can be understood by this hasher.\n\tUnderstands(hash []byte) bool\n}\n\ntype HashProvider interface {\n\tHasher(ctx context.Context) Hasher\n}\n\nconst tracingComponent = \"github.com/ory/kratos/hash\"\n" }, { "path": "hash/hasher_argon2.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hash\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/rand\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\n\t\"github.com/inhies/go-bytesize\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/codes\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/pkg/errors\"\n\t\"golang.org/x/crypto/argon2\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/otelx\"\n)\n\nvar (\n\tErrInvalidHash = errors.New(\"the encoded hash is not in the correct format\")\n\tErrIncompatibleVersion = errors.New(\"incompatible version of argon2\")\n\tErrMismatchedHashAndPassword = errors.New(\"passwords do not match\")\n)\n\ntype Argon2 struct {\n\tc Argon2Configuration\n}\n\ntype Argon2Configuration interface {\n\tconfig.Provider\n}\n\nfunc NewHasherArgon2(c Argon2Configuration) *Argon2 {\n\treturn &Argon2{c: c}\n}\n\nfunc toKB(mem bytesize.ByteSize) uint32 {\n\t//nolint:gosec // disable G115\n\treturn uint32(mem / bytesize.KB)\n}\n\nfunc (h *Argon2) Generate(ctx context.Context, password []byte) (_ []byte, err error) {\n\tconf := h.c.Config().HasherArgon2(ctx)\n\n\t_, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, \"hash.Generate\", trace.WithAttributes(\n\t\tattribute.String(\"hash.type\", \"argon2id\"),\n\t\tattribute.String(\"hash.config\", fmt.Sprintf(\"%#v\", conf)),\n\t))\n\tdefer otelx.End(span, &err)\n\n\tsalt := make([]byte, conf.SaltLength)\n\tif _, err := rand.Read(salt); err != nil {\n\t\treturn nil, err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn nil, ctx.Err()\n\t}\n\n\t// Pass the plaintext password, salt and parameters to the argon2.IDKey\n\t// function. This will generate a hash of the password using the Argon2id\n\t// variant.\n\thash := argon2.IDKey(password, salt, conf.Iterations, toKB(conf.Memory), conf.Parallelism, conf.KeyLength)\n\n\tvar b bytes.Buffer\n\tif _, err := fmt.Fprintf(\n\t\t&b,\n\t\t\"$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s\",\n\t\targon2.Version, toKB(conf.Memory), conf.Iterations, conf.Parallelism,\n\t\tbase64.RawStdEncoding.EncodeToString(salt),\n\t\tbase64.RawStdEncoding.EncodeToString(hash),\n\t); err != nil {\n\t\tspan.RecordError(err)\n\t\tspan.SetStatus(codes.Error, err.Error())\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\treturn b.Bytes(), nil\n}\n\nfunc (h *Argon2) Understands(hash []byte) bool {\n\treturn IsArgon2idHash(hash)\n}\n" }, { "path": "hash/hasher_bcrypt.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hash\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/ory/kratos/text\"\n\t\"github.com/ory/x/otelx\"\n\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/kratos/schema\"\n\n\t\"golang.org/x/crypto/bcrypt\"\n\n\t\"github.com/ory/kratos/driver/config\"\n)\n\ntype Bcrypt struct {\n\tc BcryptConfiguration\n}\n\ntype BcryptConfiguration interface {\n\tconfig.Provider\n}\n\nfunc NewHasherBcrypt(c BcryptConfiguration) *Bcrypt {\n\treturn &Bcrypt{c: c}\n}\n\nfunc (h *Bcrypt) Generate(ctx context.Context, password []byte) (_ []byte, err error) {\n\tconf := h.c.Config().HasherBcrypt(ctx)\n\n\t_, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, \"hash.Generate\", trace.WithAttributes(\n\t\tattribute.String(\"hash.type\", \"bcrypt\"),\n\t\tattribute.String(\"hash.config\", fmt.Sprintf(\"%#v\", conf)),\n\t))\n\tdefer otelx.End(span, &err)\n\n\tif err := validateBcryptPasswordLength(password); err != nil {\n\t\treturn nil, err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn nil, ctx.Err()\n\t}\n\n\thash, err := bcrypt.GenerateFromPassword(password, int(conf.Cost))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn hash, nil\n}\n\nfunc validateBcryptPasswordLength(password []byte) error {\n\t// Bcrypt truncates the password to the first 72 bytes, following the OpenBSD implementation,\n\t// so if password is longer than 72 bytes, function returns an error\n\t// See https://en.wikipedia.org/wiki/Bcrypt#User_input\n\tif len(password) > 72 {\n\t\treturn schema.NewPasswordPolicyViolationError(\n\t\t\t\"#/password\",\n\t\t\ttext.NewErrorValidationPasswordMaxLength(72, len(password)),\n\t\t)\n\t}\n\treturn nil\n}\n\nfunc (h *Bcrypt) Understands(hash []byte) bool {\n\treturn IsBcryptHash(hash)\n}\n" }, { "path": "hash/hasher_pbkdf2.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hash\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/rand\"\n\t\"crypto/sha1\" //#nosec G505 -- compatibility for imported passwords\n\t\"crypto/sha256\"\n\t\"crypto/sha512\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"hash\"\n\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/codes\"\n\t\"go.opentelemetry.io/otel/trace\"\n\t\"golang.org/x/crypto/pbkdf2\"\n\t\"golang.org/x/crypto/sha3\"\n\n\t\"github.com/ory/x/otelx\"\n)\n\ntype Pbkdf2 struct {\n\tAlgorithm string\n\tIterations uint32\n\tSaltLength uint32\n\tKeyLength uint32\n}\n\nfunc (h *Pbkdf2) Generate(ctx context.Context, password []byte) (_ []byte, err error) {\n\t_, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, \"hash.Generate\", trace.WithAttributes(\n\t\tattribute.String(\"hash.type\", \"pbkdf2\"),\n\t\tattribute.String(\"hash.config\", fmt.Sprintf(\"%#v\", h)),\n\t))\n\tdefer otelx.End(span, &err)\n\n\tsalt := make([]byte, h.SaltLength)\n\tif _, err := rand.Read(salt); err != nil {\n\t\treturn nil, err\n\t}\n\n\t// ensure that the context is not canceled before doing the heavy lifting\n\tif ctx.Err() != nil {\n\t\treturn nil, ctx.Err()\n\t}\n\n\tkey := pbkdf2.Key(password, salt, int(h.Iterations), int(h.KeyLength), getPseudorandomFunctionForPbkdf2(h.Algorithm))\n\n\tvar b bytes.Buffer\n\tif _, err := fmt.Fprintf(\n\t\t&b,\n\t\t\"$pbkdf2-%s$i=%d,l=%d$%s$%s\",\n\t\th.Algorithm,\n\t\th.Iterations,\n\t\th.KeyLength,\n\t\tbase64.RawStdEncoding.EncodeToString(salt),\n\t\tbase64.RawStdEncoding.EncodeToString(key),\n\t); err != nil {\n\t\tspan.RecordError(err)\n\t\tspan.SetStatus(codes.Error, err.Error())\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\treturn b.Bytes(), nil\n}\n\nfunc (h *Pbkdf2) Understands(hash []byte) bool {\n\treturn IsPbkdf2Hash(hash)\n}\n\nfunc getPseudorandomFunctionForPbkdf2(alg string) func() hash.Hash {\n\tswitch alg {\n\tcase \"sha1\":\n\t\treturn sha1.New\n\tcase \"sha224\":\n\t\treturn sha3.New224\n\tcase \"sha256\":\n\t\treturn sha256.New\n\tcase \"sha384\":\n\t\treturn sha3.New384\n\tcase \"sha512\":\n\t\treturn sha512.New\n\tdefault:\n\t\treturn sha256.New\n\t}\n}\n" }, { "path": "hash/hasher_scrypt.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hash\n\ntype Scrypt struct {\n\tCost uint32\n\tBlock uint32\n\tParrellization uint32\n\tSaltLength uint32\n\tKeyLength uint32\n}\n" }, { "path": "hash/hasher_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hash_test\n\nimport (\n\t\"crypto/rand\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc mkpw(t *testing.T, length int) []byte {\n\tpw := make([]byte, length)\n\t_, err := rand.Read(pw)\n\trequire.NoError(t, err)\n\treturn pw\n}\n\nfunc TestArgonHasher(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\th := hash.NewHasherArgon2(reg)\n\tfor _, pwLength := range []int{\n\t\t8,\n\t\t16,\n\t\t32,\n\t\t64,\n\t\t128,\n\t} {\n\t\tpwLength := pwLength\n\t\tt.Run(fmt.Sprintf(\"length=%dchars\", pwLength), func(t *testing.T) {\n\t\t\tt.Parallel()\n\t\t\tpw := mkpw(t, pwLength)\n\t\t\ths, err := h.Generate(ctx, pw)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.NotEqual(t, pw, hs)\n\n\t\t\tt.Logf(\"hash: %s\", hs)\n\t\t\trequire.NoError(t, hash.CompareArgon2id(ctx, pw, hs))\n\n\t\t\tmod := make([]byte, len(pw))\n\t\t\tcopy(mod, pw)\n\t\t\tmod[len(pw)-1] = ^pw[len(pw)-1]\n\t\t\trequire.Error(t, hash.CompareArgon2id(ctx, mod, hs))\n\t\t})\n\t}\n}\n\nfunc TestBcryptHasherGeneratesErrorWhenPasswordIsLong(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\thasher := hash.NewHasherBcrypt(reg)\n\n\tpassword := mkpw(t, 73)\n\tres, err := hasher.Generate(ctx, password)\n\n\tassert.Error(t, err, \"password is too long\")\n\tassert.Nil(t, res)\n}\n\nfunc TestBcryptHasherGeneratesHash(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\thasher := hash.NewHasherBcrypt(reg)\n\tfor _, pwLength := range []int{\n\t\t8,\n\t\t16,\n\t\t32,\n\t\t64,\n\t\t72,\n\t} {\n\t\tpwLength := pwLength\n\t\tt.Run(fmt.Sprintf(\"length=%dchars\", pwLength), func(t *testing.T) {\n\t\t\tt.Parallel()\n\t\t\tpw := mkpw(t, pwLength)\n\t\t\ths, err := hasher.Generate(ctx, pw)\n\n\t\t\tassert.Nil(t, err)\n\t\t\tassert.True(t, hasher.Understands(hs))\n\n\t\t\t// Valid format: $2a$12$[22 character salt][31 character hash]\n\t\t\tassert.Equal(t, 60, len(string(hs)), \"invalid bcrypt hash length\")\n\t\t\tassert.Equal(t, \"$2a$12$\", string(hs)[:7], \"invalid bcrypt identifier\")\n\t\t})\n\t}\n}\n\nfunc TestComparatorBcryptFailsWhenPasswordIsTooLong(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\tpassword := mkpw(t, 73)\n\terr := hash.CompareBcrypt(ctx, password, []byte(\"hash\"))\n\n\tassert.Error(t, err, \"password is too long\")\n}\n\nfunc TestComparatorBcryptSuccess(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\t_, reg := pkg.NewVeryFastRegistryWithoutDB(t)\n\thasher := hash.NewHasherBcrypt(reg)\n\tfor _, pwLength := range []int{\n\t\t8,\n\t\t16,\n\t\t32,\n\t\t64,\n\t\t72,\n\t} {\n\t\tpwLength := pwLength\n\t\tt.Run(fmt.Sprintf(\"length=%dchars\", pwLength), func(t *testing.T) {\n\t\t\tt.Parallel()\n\t\t\tpw := mkpw(t, pwLength)\n\n\t\t\ths, err := hasher.Generate(ctx, pw)\n\n\t\t\tassert.Nil(t, err)\n\t\t\tassert.True(t, hasher.Understands(hs))\n\n\t\t\terr = hash.CompareBcrypt(ctx, pw, hs)\n\t\t\tassert.Nil(t, err, \"hash validation fails\")\n\t\t})\n\t}\n}\n\nfunc TestComparatorBcryptFail(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\tfor _, pwLength := range []int{\n\t\t8,\n\t\t16,\n\t\t32,\n\t\t64,\n\t\t72,\n\t} {\n\t\tpwLength := pwLength\n\t\tt.Run(fmt.Sprintf(\"length=%dchars\", pwLength), func(t *testing.T) {\n\t\t\tt.Parallel()\n\t\t\tpw := mkpw(t, pwLength)\n\t\t\tmod := make([]byte, len(pw))\n\t\t\tcopy(mod, pw)\n\t\t\tmod[len(pw)-1] = ^pw[len(pw)-1]\n\n\t\t\terr := hash.CompareBcrypt(ctx, pw, mod)\n\t\t\tassert.Error(t, err)\n\t\t})\n\t}\n}\n\nfunc TestPbkdf2Hasher(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\tfor _, pwLength := range []int{\n\t\t8,\n\t\t16,\n\t\t32,\n\t\t64,\n\t\t128,\n\t} {\n\t\tpwLength := pwLength\n\t\tt.Run(fmt.Sprintf(\"length=%dchars\", pwLength), func(t *testing.T) {\n\t\t\tt.Parallel()\n\t\t\tfor _, algorithm := range []string{\n\t\t\t\t\"sha1\",\n\t\t\t\t\"sha224\",\n\t\t\t\t\"sha256\",\n\t\t\t\t\"sha384\",\n\t\t\t\t\"sha512\",\n\t\t\t} {\n\t\t\t\talgorithm := algorithm\n\t\t\t\tt.Run(fmt.Sprintf(\"algorithm=%s\", algorithm), func(t *testing.T) {\n\t\t\t\t\tt.Parallel()\n\t\t\t\t\thasher := &hash.Pbkdf2{\n\t\t\t\t\t\tAlgorithm: algorithm,\n\t\t\t\t\t\tIterations: 100_000,\n\t\t\t\t\t\tSaltLength: 32,\n\t\t\t\t\t\tKeyLength: 32,\n\t\t\t\t\t}\n\t\t\t\t\tpw := mkpw(t, pwLength)\n\t\t\t\t\tt.Logf(\"%d\", pwLength)\n\t\t\t\t\ths, err := hasher.Generate(ctx, pw)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\tassert.NotEqual(t, pw, hs)\n\n\t\t\t\t\tt.Logf(\"hash: %s\", hs)\n\t\t\t\t\trequire.NoError(t, hash.ComparePbkdf2(ctx, pw, hs))\n\n\t\t\t\t\tassert.True(t, hasher.Understands(hs))\n\n\t\t\t\t\tmod := make([]byte, len(pw))\n\t\t\t\t\tcopy(mod, pw)\n\t\t\t\t\tmod[len(pw)-1] = ^pw[len(pw)-1]\n\t\t\t\t\trequire.Error(t, hash.ComparePbkdf2(ctx, mod, hs))\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t}\n}\n\nfunc TestCompare(t *testing.T) {\n\tt.Parallel()\n\tctx := t.Context()\n\n\tt.Run(\"unknown\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$unknown$12$o6hx.Wog/wvFSkT/Bp/6DOxCtLRTDj7lm9on9suF/WaCGNVHbkfL6\")))\n\t})\n\n\tt.Run(\"bcrypt\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$2a$12$o6hx.Wog/wvFSkT/Bp/6DOxCtLRTDj7lm9on9suF/WaCGNVHbkfL6\")))\n\t\tassert.Nil(t, hash.CompareBcrypt(ctx, []byte(\"test\"), []byte(\"$2a$12$o6hx.Wog/wvFSkT/Bp/6DOxCtLRTDj7lm9on9suF/WaCGNVHbkfL6\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$2a$12$o6hx.Wog/wvFSkT/Bp/6DOxCtLRTDj7lm9on9suF/WaCGNVHbkfL7\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$2a$15$GRvRO2nrpYTEuPQX6AieaOlZ4.7nMGsXpt.QWMev1zrP86JNspZbO\")))\n\t\tassert.Nil(t, hash.CompareBcrypt(ctx, []byte(\"test\"), []byte(\"$2a$15$GRvRO2nrpYTEuPQX6AieaOlZ4.7nMGsXpt.QWMev1zrP86JNspZbO\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$2a$15$GRvRO2nrpYTEuPQX6AieaOlZ4.7nMGsXpt.QWMev1zrP86JNspZb1\")))\n\t})\n\n\tt.Run(\"Argon2\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$argon2id$v=19$m=32,t=2,p=4$cm94YnRVOW5jZzFzcVE4bQ$MNzk5BtR2vUhrp6qQEjRNw\")))\n\t\tassert.Nil(t, hash.CompareArgon2id(ctx, []byte(\"test\"), []byte(\"$argon2id$v=19$m=32,t=2,p=4$cm94YnRVOW5jZzFzcVE4bQ$MNzk5BtR2vUhrp6qQEjRNw\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$argon2id$v=19$m=32,t=2,p=4$cm94YnRVOW5jZzFzcVE4bQ$MNzk5BtR2vUhrp6qQEjRN2\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$argon2i$v=19$m=65536,t=3,p=4$kk51rW/vxIVCYn+EG4kTSg$NyT88uraJ6im6dyha/M5jhXvpqlEdlS/9fEm7ScMb8c\")))\n\t\tassert.Nil(t, hash.CompareArgon2i(ctx, []byte(\"test\"), []byte(\"$argon2i$v=19$m=65536,t=3,p=4$kk51rW/vxIVCYn+EG4kTSg$NyT88uraJ6im6dyha/M5jhXvpqlEdlS/9fEm7ScMb8c\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$argon2i$v=19$m=65536,t=3,p=4$pZ+27D6B0bCi0DwSmANF1w$4RNCUu4Uyu7eTIvzIdSuKz+I9idJlX/ykn6J10/W0EU\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$argon2id$v=19$m=32,t=5,p=4$cm94YnRVOW5jZzFzcVE4bQ$fBxypOL0nP/zdPE71JtAV71i487LbX3fJI5PoTN6Lp4\")))\n\t\tassert.Nil(t, hash.CompareArgon2id(ctx, []byte(\"test\"), []byte(\"$argon2id$v=19$m=32,t=5,p=4$cm94YnRVOW5jZzFzcVE4bQ$fBxypOL0nP/zdPE71JtAV71i487LbX3fJI5PoTN6Lp4\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$argon2id$v=19$m=32,t=5,p=4$cm94YnRVOW5jZzFzcVE4bQ$fBxypOL0nP/zdPE71JtAV71i487LbX3fJI5PoTN6Lp5\")))\n\t})\n\n\tt.Run(\"pbkdf2\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha256$i=100000,l=32$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpI\")))\n\t\tassert.Nil(t, hash.ComparePbkdf2(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha256$i=100000,l=32$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpI\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha256$i=100000,l=32$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpp\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha512$i=100000,l=32$bdHBpn7OWOivJMVJypy2UqR0UnaD5prQXRZevj/05YU$+wArTfv1a+bNGO1iZrmEdVjhA+lL11wF4/IxpgYfPwc\")))\n\t\tassert.Nil(t, hash.ComparePbkdf2(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha512$i=100000,l=32$bdHBpn7OWOivJMVJypy2UqR0UnaD5prQXRZevj/05YU$+wArTfv1a+bNGO1iZrmEdVjhA+lL11wF4/IxpgYfPwc\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha512$i=100000,l=32$bdHBpn7OWOivJMVJypy2UqR0UnaD5prQXRZevj/05YU$+wArTfv1a+bNGO1iZrmEdVjhA+lL11wF4/IxpgYfPww\")))\n\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha256$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpI\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha256$aaaa$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpI\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha256$i=100000,l=32$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXcc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpI\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha256$i=100000,l=32$1jP+5Zxpxgtee/iPxGgOz0RfE9/KJuDElP1ley4VxXc$QJxzfvdbHYBpydCbHoFg3GJEqMFULwskiuqiJctoYpII\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$pbkdf2-sha512$I=100000,l=32$bdHBpn7OWOivJMVJypy2UqR0UnaD5prQXRZevj/05YU$+wArTfv1a+bNGO1iZrmEdVjhA+lL11wF4/IxpgYfPwc\")))\n\t})\n\n\tt.Run(\"scrypt\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t\tassert.Nil(t, hash.CompareScrypt(ctx, []byte(\"test\"), []byte(\"$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYF=\")))\n\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$scrypt$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$scrypt$ln=16384,r=8,p=1$(2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$scrypt$ln=16384,r=8,p=1$(2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$(MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$scrypt$ln=16385,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"tesu\"), []byte(\"$scrypt$ln=16384,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"tesu\"), []byte(\"$scrypt$ln=abc,r=8,p=1$2npRo7P03Mt8keSoMbyD/tKFWyUzjiQf2svUaNDSrhA=$MiCzNcIplSMqSBrm4HckjYqYhaVPPjTARTzwB1cVNYE=\")))\n\t})\n\n\tt.Run(\"firescrypt\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"8x4WjoDbSxJZdR\"), []byte(\"$firescrypt$ln=14,r=8,p=1$sPtDhWcd1MfdAw==$xbSou7FOl6mChCyzpCPIQ7tku7nsQMTFtyOZSXXd7tjBa4NtimOx7v42Gv2SfzPQu1oxM2/k4SsbOu73wlKe1A==$Bw==$YE0dO4bwD4JnJafh6lZZfkp1MtKzuKAXQcDCJNJNyeCHairWHKENOkbh3dzwaCdizzOspwr/FITUVlnOAwPKyw==\")))\n\t\tassert.Nil(t, hash.CompareFirebaseScrypt(ctx, []byte(\"8x4WjoDbSxJZdR\"), []byte(\"$firescrypt$ln=14,r=8,p=1$sPtDhWcd1MfdAw==$xbSou7FOl6mChCyzpCPIQ7tku7nsQMTFtyOZSXXd7tjBa4NtimOx7v42Gv2SfzPQu1oxM2/k4SsbOu73wlKe1A==$Bw==$YE0dO4bwD4JnJafh6lZZfkp1MtKzuKAXQcDCJNJNyeCHairWHKENOkbh3dzwaCdizzOspwr/FITUVlnOAwPKyw==\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"8x4WjoDbSxJZdR\"), []byte(\"$firescrypt$ln=14,r=8,p=1$sPtDhWcd1MfdAw==$xbSou7FOl6mChCyzpCPIQ7tku7nsQMTFtyOZSXXd7tjBa4NtimOx7v42Gv2SfzPQu1oxM2/k4SsbOu73wlKe1A==$Bw==$YE0dO4bwD4JnJafh6lZZfkp1MtKzuKAXQcDCJNJNyeCHairWHKENOkbh3dzwaCdizzOspwr/FITUVlnOAwPKyc==\")))\n\t})\n\n\tt.Run(\"SSHA\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test123\"), []byte(\"{SSHA}JFZFs0oHzxbMwkSJmYVeI8MnTDy/276a\")))\n\t\tassert.Nil(t, hash.CompareSSHA(ctx, []byte(\"test123\"), []byte(\"{SSHA}JFZFs0oHzxbMwkSJmYVeI8MnTDy/276a\")))\n\t\tassert.Error(t, hash.CompareSSHA(ctx, []byte(\"badtest\"), []byte(\"{SSHA}JFZFs0oHzxbMwkSJmYVeI8MnTDy/276a\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"\"), []byte(\"{SSHA}tooshort\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test123\"), []byte(\"{SSHA256}czO44OTV17PcF1cRxWrLZLy9xHd7CWyVYplr1rOhuMlx/7IK\")))\n\t\tassert.Nil(t, hash.CompareSSHA(ctx, []byte(\"test123\"), []byte(\"{SSHA256}czO44OTV17PcF1cRxWrLZLy9xHd7CWyVYplr1rOhuMlx/7IK\")))\n\t\tassert.Error(t, hash.CompareSSHA(ctx, []byte(\"badtest\"), []byte(\"{SSHA256}czO44OTV17PcF1cRxWrLZLy9xHd7CWyVYplr1rOhuMlx/7IK\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test123\"), []byte(\"{SSHA512}xPUl/px+1cG55rUH4rzcwxdOIPSB2TingLpiJJumN2xyDWN4Ix1WQG3ihnvHaWUE8MYNkvMi5rf0C9NYixHsE6Yh59M=\")))\n\t\tassert.Nil(t, hash.CompareSSHA(ctx, []byte(\"test123\"), []byte(\"{SSHA512}xPUl/px+1cG55rUH4rzcwxdOIPSB2TingLpiJJumN2xyDWN4Ix1WQG3ihnvHaWUE8MYNkvMi5rf0C9NYixHsE6Yh59M=\")))\n\t\tassert.Error(t, hash.CompareSSHA(ctx, []byte(\"badtest\"), []byte(\"{SSHA512}xPUl/px+1cG55rUH4rzcwxdOIPSB2TingLpiJJumN2xyDWN4Ix1WQG3ihnvHaWUE8MYNkvMi5rf0C9NYixHsE6Yh59M=\")))\n\t\tassert.Error(t, hash.CompareSSHA(ctx, []byte(\"test123\"), []byte(\"{SSHAnotExistent}xPUl/px+1cG55rUH4rzcwxdOIPSB2TingLpiJJumN2xyDWN4Ix1WQG3ihnvHaWUE8MYNkvMi5rf0C9NYixHsE6Yh59M=\")))\n\t})\n\n\tt.Run(\"sha1\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t//pf: {SALT}{PASSWORD}\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"wrongpass\"), []byte(\"$sha1$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"tset\"), []byte(\"$sha1$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\t// wrong salt\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$pf=e1NBTFR9e1BBU1NXT1JEfQ==$cDJvb3ZrZGJ6cQ==$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\t// salt not encoded\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$pf=e1NBTFR9e1BBU1NXT1JEfQ==$5opmkgz03r$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"BwS^514g^cv@Z\"), []byte(\"$sha1$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$99h9net4BXl7qdTRaiGUobLROxM=\")))\n\t\t// no format string\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$pf=$NW9wbWtnejAzcg==$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$$NW9wbWtnejAzcg==$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\t// wrong number of parameters\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$NW9wbWtnejAzcg==$2qU2SGWP8viTM1md3FiI3+rjWXQ=\")))\n\t\t// pf: ??staticPrefix??{SALT}{PASSWORD}\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$pf=Pz9zdGF0aWNQcmVmaXg/P3tTQUxUfXtQQVNTV09SRH0=$NW9wbWtnejAzcg==$SAAxMUn7jxckQXkBmsVF0nHwqso=\")))\n\t\t// pf: {PASSWORD}%%{SALT}\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$pf=e1BBU1NXT1JEfSUle1NBTFR9$NW9wbWtnejAzcg==$YX0AW8/MW5ojUlnzTaR43ucHCog=\")))\n\t\t// pf: ${PASSWORD}${SALT}$\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha1$pf=JHtQQVNTV09SRH0ke1NBTFR9JA==$NW9wbWtnejAzcg==$iE5n1yjX3oAdxRHwZ4u57I4LpQo=\")))\n\t})\n\n\tt.Run(\"sha256\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t//pf: {SALT}{PASSWORD}\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha256$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$0gfRVLCvtBCk20udLDEY5vNhujWx7RGjwRIS1ebMsLY=\")))\n\t\tassert.Nil(t, hash.CompareSHA(ctx, []byte(\"test\"), []byte(\"$sha256$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$0gfRVLCvtBCk20udLDEY5vNhujWx7RGjwRIS1ebMsLY=\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"wrongpass\"), []byte(\"$sha256$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$0gfRVLCvtBCk20udLDEY5vNhujWx7RGjwRIS1ebMsLY=\")))\n\t\t//pf: {SALT}$${PASSWORD}\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha256$pf=e1NBTFR9JCR7UEFTU1dPUkR9$NW9wbWtnejAzcg==$HokCOi9OtiZaZRvnkgemV3B4UUHpI7kA8zq/EZWH2NY=\")))\n\t})\n\n\tt.Run(\"sha512\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\t//pf: {SALT}{PASSWORD}\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha512$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$6ctpVuApMNp0CgBXcdHw/GC562eFEFGr4gpgANX8ZYsX+j5B19IkdmOY2Fytsz3QUwSWdGcUjbqwgJGTH0UYvw==\")))\n\t\tassert.Nil(t, hash.CompareSHA(ctx, []byte(\"test\"), []byte(\"$sha512$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$6ctpVuApMNp0CgBXcdHw/GC562eFEFGr4gpgANX8ZYsX+j5B19IkdmOY2Fytsz3QUwSWdGcUjbqwgJGTH0UYvw==\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"wrongpass\"), []byte(\"$sha512$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$6ctpVuApMNp0CgBXcdHw/GC562eFEFGr4gpgANX8ZYsX+j5B19IkdmOY2Fytsz3QUwSWdGcUjbqwgJGTH0UYvw==\")))\n\t\t//pf: {SALT}$${PASSWORD}\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha512$pf=e1NBTFR9JCR7UEFTU1dPUkR9$NW9wbWtnejAzcg==$1F9BPW8UtdJkZ9Dhlf+D4X4dJ9xfuH8y04EfuCP2k4aGPPq/aWxU9/xe3LydHmYW1/K3zu3NFO9ETVrZettz3w==\")))\n\t})\n\n\tt.Run(\"sha unknown\", func(t *testing.T) {\n\t\tt.Parallel()\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$shaNotExistent$pf=e1NBTFR9e1BBU1NXT1JEfQ==$NW9wbWtnejAzcg==$6ctpVuApMNp0CgBXcdHw/GC562eFEFGr4gpgANX8ZYsX+j5B19IkdmOY2Fytsz3QUwSWdGcUjbqwgJGTH0UYvw==\")))\n\t})\n\n\tt.Run(\"md5\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5$CY9rzUYh03PK3k6DJie09g==\")))\n\t\tassert.Nil(t, hash.CompareMD5(ctx, []byte(\"test\"), []byte(\"$md5$CY9rzUYh03PK3k6DJie09g==\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5$WhBei51A4TKXgNYuoiZdig==\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5$Dk/E5LQLsx4yt8QbUbvpdg==\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$ptoWyof5SobW+pbZu2QXoQ==\")))\n\t\tassert.Nil(t, hash.CompareMD5(ctx, []byte(\"ory\"), []byte(\"$md5$ptoWyof5SobW+pbZu2QXoQ==\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$4skj967KRHFsnPFoL5dMMw==\")))\n\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$$\")), hash.ErrInvalidHash)\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$$$\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$pf=$$\")))\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$pf=MTIz$Z$\")), base64.CorruptInputError(0))\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$pf=MTIz$Z$\")), base64.CorruptInputError(0))\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5$pf=MTIz$MTIz$Z\")), base64.CorruptInputError(0))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5$pf=e1NBTFR9e1BBU1NXT1JEfQ==$MTIz$q+RdKCgc+ipCAcm5ChQwlQ==\"))) // pf={SALT}{PASSWORD} salt=123\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5$pf=e1NBTFR9e1BBU1NXT1JEfQ==$MTIz$hh8ZTp1hGPPZQqcr4+UXSQ==\")))\n\n\t\tassert.Nil(t, hash.CompareMD5(ctx, []byte(\"test\"), []byte(\"$md5$pf=e1NBTFR9JCR7UEFTU1dPUkR9$MTIzNA==$ud392Z8rfZ+Ou7ZFXYLKbA==\"))) // pf={SALT}$${PASSWORD} salt=1234\n\t\tassert.Error(t, hash.CompareMD5(ctx, []byte(\"test1\"), []byte(\"$md5$pf=e1NBTFR9JCR7UEFTU1dPUkR9$MTIzNA==$ud392Z8rfZ+Ou7ZFXYLKbA==\")))\n\n\t\tassert.Nil(t, hash.CompareMD5(ctx, []byte(\"ory\"), []byte(\"$md5$pf=e1BBU1NXT1JEfXtTQUxUfSQ/$MTIzNDU2Nzg5$8PhwWanVRnpJAFK4NUjR0w==\"))) // pf={PASSWORD}{SALT}$? salt=123456789\n\t\tassert.Error(t, hash.CompareMD5(ctx, []byte(\"ory1\"), []byte(\"$md5$pf=e1BBU1NXT1JEfXtTQUxUfSQ/$MTIzNDU2Nzg5$8PhwWanVRnpJAFK4NUjR0w==\")))\n\t})\n\n\tt.Run(\"md5-crypt\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5-crypt$TVEiiKNb$SN6/pUaRQS/E8Jh46As2C/\")))\n\t\tassert.Nil(t, hash.CompareMD5Crypt(ctx, []byte(\"test\"), []byte(\"$md5-crypt$TVEiiKNb$SN6/pUaRQS/E8Jh46As2C/\")))\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5-crypt$$whuMjZj.HMFoaTaZRRtkO0\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5-crypt$xWMlm2eL$GGTOpgZu4p2k6ORprAu3b.\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5-crypt$xWMlm2eL$GGTOpgZu4p2k6ORprAu3b.\")))\n\t\tassert.Nil(t, hash.CompareMD5Crypt(ctx, []byte(\"ory\"), []byte(\"$md5-crypt$xWMlm2eL$GGTOpgZu4p2k6ORprAu3b.\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5-crypt$E7zjruqF$RTglYR1CzBHwwiTk9nVzx1\")))\n\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5-crypt$$\")), hash.ErrMismatchedHashAndPassword)\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$md5-crypt$$$\")))\n\t\t// per crypt(5), `md5crypt` can be run without a salt, but the salt section must still be present\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$md5-crypt$whuMjZj.HMFoaTaZRRtkO0\")), \"md5crypt decode error: provided encoded hash has an invalid format\")\n\t})\n\n\tt.Run(\"sha256-crypt\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha256-crypt$rounds=535000$05R.9KB6UC2kLI3w$Q/zslzx./JjkAVPTwp6th7nW5l7JU91Gte/UmIh.U78\")))\n\t\tassert.Nil(t, hash.CompareSHA256Crypt(ctx, []byte(\"test\"), []byte(\"$sha256-crypt$rounds=535000$05R.9KB6UC2kLI3w$Q/zslzx./JjkAVPTwp6th7nW5l7JU91Gte/UmIh.U78\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha256-crypt$rounds=535000$awpcR7lDlnK/S7WE$vHU7KkQwyjfGz6u4MUi7.lH9htK/l63HloTsX1ZMz.3\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha256-crypt$rounds=535000$awpcR7lDlnK/S7WE$vHU7KkQwyjfGz6u4MUi7.lH9htK/l63HloTsX1ZMz.3\")))\n\t\tassert.Nil(t, hash.CompareSHA256Crypt(ctx, []byte(\"ory\"), []byte(\"$sha256-crypt$rounds=535000$awpcR7lDlnK/S7WE$vHU7KkQwyjfGz6u4MUi7.lH9htK/l63HloTsX1ZMz.3\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha256-crypt$rounds=535000$T95kH8e37IGVdxzJ$gLeaNa6qRog.bx4Bzqp63ceWItH6nSAal6c3WmT5GHB\")))\n\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha256-crypt$$\")), \"shacrypt decode error: provided encoded hash has an invalid format\")\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha256-crypt$$$\")))\n\t})\n\n\tt.Run(\"sha512-crypt\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$sha512-crypt$rounds=656000$3LVbIAVxR//cRajw$uuNasMW.RYxlGzIRFU1Was70BPSa933AjxhZIGJdJBOlqJAHlgqa0yuiuq5JHF/ryNGryJkj87G9i3G2HPSXg1\")))\n\t\tassert.Nil(t, hash.CompareSHA512Crypt(ctx, []byte(\"test\"), []byte(\"$sha512-crypt$rounds=656000$3LVbIAVxR//cRajw$uuNasMW.RYxlGzIRFU1Was70BPSa933AjxhZIGJdJBOlqJAHlgqa0yuiuq5JHF/ryNGryJkj87G9i3G2HPSXg1\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$5$rounds=535000$awpcR7lDlnK/S7WE$vHU7KkQwyjfGz6u4MUi7.lH9htK/l63HloTsX1ZMz.3\")))\n\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha512-crypt$rounds=656000$0baQbxBrfpKqvizk$Q9cYk1MeNAlECPgpG3jjfNI2DumLqd0yHbxzLdxiX6nsSD5i9n0awcbiCf8R5DzpIYxeBPznPcb1wtzlgUKtH0\")))\n\t\tassert.Nil(t, hash.CompareSHA512Crypt(ctx, []byte(\"ory\"), []byte(\"$sha512-crypt$rounds=656000$0baQbxBrfpKqvizk$Q9cYk1MeNAlECPgpG3jjfNI2DumLqd0yHbxzLdxiX6nsSD5i9n0awcbiCf8R5DzpIYxeBPznPcb1wtzlgUKtH0\")))\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha512-crypt$rounds=656000$hNcDLFO63bkYVDZf$Mt9dhH0xqfxWZ6Pu8zXw.Ku5f15IRTweuaDcUc.ObXWGn7B1h8YIWLmArZd8psd2mrUVswCXLAVptmISr.8iI/\")))\n\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha512-crypt$$\")), \"shacrypt decode error: provided encoded hash has an invalid format\")\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$sha512-crypt$$$\")))\n\t})\n\n\tt.Run(\"hmac errors\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Missing Key\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=\")), hash.ErrInvalidHash)\n\t\tassert.Error(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=\")))\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$\")), hash.ErrMismatchedHashAndPassword)\n\t\tassert.Error(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$\")))\n\t\t//Missing Password Hash\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md5$MTIzNDU=\")), hash.ErrInvalidHash)\n\t\tassert.Error(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-md5$MTIzNDU=\")))\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md5$$MTIzNDU=\")), hash.ErrMismatchedHashAndPassword)\n\t\tassert.Error(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-md5$$MTIzNDU=\")))\n\t\t//Missing Password Hash and Key\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md5$\")), hash.ErrInvalidHash)\n\t\tassert.Error(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-md5$\")))\n\t\t//Missing Hash Algorithm\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNDU=\")), hash.ErrUnknownHashAlgorithm)\n\t\tassert.Error(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNDU=\")))\n\t\t//Missing Invalid Hash Algorithm\n\t\tassert.ErrorIs(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-invalid$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNDU=\")), hash.ErrUnknownHashAlgorithm)\n\t\tassert.Error(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-invalid$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNDU=\")))\n\n\t})\n\n\tt.Run(\"hmac-md4\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Valid\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md4$MWQ5ZTI4Nzc2Zjg4YmE2MTQ5YjQ0OTMyOGE4NWU4YjA=$MTIzNDU=\")))\n\t\tassert.Nil(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-md4$MWQ5ZTI4Nzc2Zjg4YmE2MTQ5YjQ0OTMyOGE4NWU4YjA=$MTIzNDU=\")))\n\t\t//Wrong Key\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md4$MWQ5ZTI4Nzc2Zjg4YmE2MTQ5YjQ0OTMyOGE4NWU4YjA=$MTIzNA==\")), hash.ErrMismatchedHashAndPassword)\n\t\t//Different password\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$hmac-md4$MWQ5ZTI4Nzc2Zjg4YmE2MTQ5YjQ0OTMyOGE4NWU4YjA=$MTIzNDU=\")))\n\t})\n\n\tt.Run(\"hmac-md5\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Valid\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNDU=\")))\n\t\tassert.Nil(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNDU=\")))\n\n\t\t//Wrong Key\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNA==\")))\n\t\t//Different password\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$hmac-md5$ZmU4Njk3Zjc0MmQwODA0MDVkMTI3MGU2MTYzMzE2Zjk=$MTIzNDU=\")))\n\n\t})\n\n\tt.Run(\"hmac-sha1\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Valid\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha1$NDMyNjcxZTUyY2Y2YTBmYjZjZDE2NjQxYjAwNjFiZjAwOGEzNWM5MA==$MTIzNDU=\")))\n\t\tassert.Nil(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-sha1$NDMyNjcxZTUyY2Y2YTBmYjZjZDE2NjQxYjAwNjFiZjAwOGEzNWM5MA==$MTIzNDU=\")))\n\n\t\t//Wrong Key\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha1$NDMyNjcxZTUyY2Y2YTBmYjZjZDE2NjQxYjAwNjFiZjAwOGEzNWM5MA==$MTIzNA==\")))\n\t\t//Different password\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$hmac-sha1$NDMyNjcxZTUyY2Y2YTBmYjZjZDE2NjQxYjAwNjFiZjAwOGEzNWM5MA==$MTIzNDU=\")))\n\n\t})\n\n\tt.Run(\"hmac-sha224\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Valid\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha224$YmUwYmYzM2EwNGRlNDE0YjQzNjBhNmIyOThmNmIyYzI4OWQyMzk3MDUwZDFjMzliYjVmMDMyOTQ=$MTIzNDU=\")))\n\t\tassert.Nil(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-sha224$YmUwYmYzM2EwNGRlNDE0YjQzNjBhNmIyOThmNmIyYzI4OWQyMzk3MDUwZDFjMzliYjVmMDMyOTQ=$MTIzNDU=\")))\n\n\t\t//Wrong Key\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha224$YmUwYmYzM2EwNGRlNDE0YjQzNjBhNmIyOThmNmIyYzI4OWQyMzk3MDUwZDFjMzliYjVmMDMyOTQ=$MTIzNA==\")))\n\t\t//Different password\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$hmac-sha224$YmUwYmYzM2EwNGRlNDE0YjQzNjBhNmIyOThmNmIyYzI4OWQyMzk3MDUwZDFjMzliYjVmMDMyOTQ=$MTIzNDU=\")))\n\n\t})\n\n\tt.Run(\"hmac-sha256\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Valid\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha256$ZTAzMWJhMWMyOTM4YjFkMjgzZjkxOWExZGY5YWM2NmMxOTJhN2RkNzQ0MzJkNWZkNGFkYTI5OTk0MWJhMTA5Zg==$MTIzNDU=\")))\n\t\tassert.Nil(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-sha256$ZTAzMWJhMWMyOTM4YjFkMjgzZjkxOWExZGY5YWM2NmMxOTJhN2RkNzQ0MzJkNWZkNGFkYTI5OTk0MWJhMTA5Zg==$MTIzNDU=\")))\n\n\t\t//Wrong Key\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha256$ZTAzMWJhMWMyOTM4YjFkMjgzZjkxOWExZGY5YWM2NmMxOTJhN2RkNzQ0MzJkNWZkNGFkYTI5OTk0MWJhMTA5Zg==$MTIzNA==\")))\n\t\t//Different password\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$hmac-sha256$ZTAzMWJhMWMyOTM4YjFkMjgzZjkxOWExZGY5YWM2NmMxOTJhN2RkNzQ0MzJkNWZkNGFkYTI5OTk0MWJhMTA5Zg==$MTIzNDU=\")))\n\n\t})\n\n\tt.Run(\"hmac-sha384\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Valid\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha384$ZWEyMGM3NGE4Y2UzMTljNTdjZTlhZGQyYTZjNDE0MGQ4YjMwYWIwOWM4OTRiNWQ4MmZjODlhMzBhMmQzNGE5NmQ0NDY1NWRhYjQ2ZjhiYjBkNTRmYjk5YWZkZTA1MGY1$MTIzNDU=\")))\n\t\tassert.Nil(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-sha384$ZWEyMGM3NGE4Y2UzMTljNTdjZTlhZGQyYTZjNDE0MGQ4YjMwYWIwOWM4OTRiNWQ4MmZjODlhMzBhMmQzNGE5NmQ0NDY1NWRhYjQ2ZjhiYjBkNTRmYjk5YWZkZTA1MGY1$MTIzNDU=\")))\n\n\t\t//Wrong Key\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha384$ZWEyMGM3NGE4Y2UzMTljNTdjZTlhZGQyYTZjNDE0MGQ4YjMwYWIwOWM4OTRiNWQ4MmZjODlhMzBhMmQzNGE5NmQ0NDY1NWRhYjQ2ZjhiYjBkNTRmYjk5YWZkZTA1MGY1$MTIzNA==\")))\n\t\t//Different password\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$hmac-sha384$ZWEyMGM3NGE4Y2UzMTljNTdjZTlhZGQyYTZjNDE0MGQ4YjMwYWIwOWM4OTRiNWQ4MmZjODlhMzBhMmQzNGE5NmQ0NDY1NWRhYjQ2ZjhiYjBkNTRmYjk5YWZkZTA1MGY1$MTIzNDU=\")))\n\n\t})\n\n\tt.Run(\"hmac-sha512\", func(t *testing.T) {\n\t\tt.Parallel()\n\n\t\t//Valid\n\t\tassert.Nil(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha512$OTFmODY0ZTI1NmU0ZjVhYjhiMDViZGFmNGVmNGZmMGVlNTY4ODYwNWJhYTk4MTk2OTgyMzc3NzI1YTc4MzcxMTMzNzZmY2YxYTk5MGMxM2RiZDk2MGFmMmQ1YzRmODdlMGMwYTNkYjcyNjY0NjM4NGE4YzQ2MjNhZDZkN2UxZTE=$MTIzNDU=\")))\n\t\tassert.Nil(t, hash.CompareHMAC(ctx, []byte(\"test\"), []byte(\"$hmac-sha512$OTFmODY0ZTI1NmU0ZjVhYjhiMDViZGFmNGVmNGZmMGVlNTY4ODYwNWJhYTk4MTk2OTgyMzc3NzI1YTc4MzcxMTMzNzZmY2YxYTk5MGMxM2RiZDk2MGFmMmQ1YzRmODdlMGMwYTNkYjcyNjY0NjM4NGE4YzQ2MjNhZDZkN2UxZTE=$MTIzNDU=\")))\n\n\t\t//Wrong Key\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"test\"), []byte(\"$hmac-sha512$OTFmODY0ZTI1NmU0ZjVhYjhiMDViZGFmNGVmNGZmMGVlNTY4ODYwNWJhYTk4MTk2OTgyMzc3NzI1YTc4MzcxMTMzNzZmY2YxYTk5MGMxM2RiZDk2MGFmMmQ1YzRmODdlMGMwYTNkYjcyNjY0NjM4NGE4YzQ2MjNhZDZkN2UxZTE=$MTIzNA==\")))\n\t\t//Different password\n\t\tassert.Error(t, hash.Compare(ctx, []byte(\"ory\"), []byte(\"$hmac-sha512$OTFmODY0ZTI1NmU0ZjVhYjhiMDViZGFmNGVmNGZmMGVlNTY4ODYwNWJhYTk4MTk2OTgyMzc3NzI1YTc4MzcxMTMzNzZmY2YxYTk5MGMxM2RiZDk2MGFmMmQ1YzRmODdlMGMwYTNkYjcyNjY0NjM4NGE4YzQ2MjNhZDZkN2UxZTE=$MTIzNDU=\")))\n\n\t})\n}\n" }, { "path": "hydra/fake.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hydra\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/ory/herodot\"\n\thydraclientgo \"github.com/ory/hydra-client-go/v2\"\n)\n\nconst (\n\tFakeInvalidLoginChallenge = \"2e98454e-031b-4870-9ad6-8517df1ce604\"\n\tFakeValidLoginChallenge = \"5ff59a39-ecc5-467e-bb10-26644c0700ee\"\n\tFakePostLoginURL = \"https://www.example.com/fake-post-login\"\n)\n\nvar ErrFakeAcceptLoginRequestFailed = errors.New(\"failed to accept login request\")\n\ntype FakeHydra struct {\n\tSkip bool\n\tRequestURL string\n}\n\nvar _ Hydra = &FakeHydra{}\n\nfunc NewFake() *FakeHydra {\n\treturn &FakeHydra{\n\t\tRequestURL: \"https://www.ory.sh\",\n\t}\n}\n\nfunc (h *FakeHydra) AcceptLoginRequest(_ context.Context, params AcceptLoginRequestParams) (string, error) {\n\tif params.SessionID == \"\" {\n\t\treturn \"\", errors.New(\"session id must not be empty\")\n\t}\n\tswitch params.LoginChallenge {\n\tcase FakeInvalidLoginChallenge:\n\t\treturn \"\", ErrFakeAcceptLoginRequestFailed\n\tcase FakeValidLoginChallenge:\n\t\treturn FakePostLoginURL, nil\n\tdefault:\n\t\tpanic(\"unknown fake login_challenge \" + params.LoginChallenge)\n\t}\n}\n\nfunc (h *FakeHydra) GetLoginRequest(_ context.Context, loginChallenge string) (*hydraclientgo.OAuth2LoginRequest, error) {\n\tswitch loginChallenge {\n\tcase FakeInvalidLoginChallenge:\n\t\treturn nil, herodot.ErrBadRequest.WithReasonf(\"Unable to get OAuth 2.0 Login Challenge.\")\n\tcase FakeValidLoginChallenge:\n\t\treturn &hydraclientgo.OAuth2LoginRequest{\n\t\t\tRequestUrl: h.RequestURL,\n\t\t\tSkip: h.Skip,\n\t\t}, nil\n\tdefault:\n\t\tpanic(\"unknown fake login_challenge \" + loginChallenge)\n\t}\n}\n" }, { "path": "hydra/hydra.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hydra\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/sqlxx\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\thydraclientgo \"github.com/ory/hydra-client-go/v2\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/session\"\n)\n\ntype (\n\thydraDependencies interface {\n\t\tconfig.Provider\n\t\thttpx.ClientProvider\n\t}\n\tProvider interface {\n\t\tHydra() Hydra\n\t}\n\tAcceptLoginRequestParams struct {\n\t\tLoginChallenge string\n\t\tIdentityID string\n\t\tSessionID string\n\t\tAuthenticationMethods session.AuthenticationMethods\n\t}\n\tHydra interface {\n\t\tAcceptLoginRequest(ctx context.Context, params AcceptLoginRequestParams) (string, error)\n\t\tGetLoginRequest(ctx context.Context, loginChallenge string) (*hydraclientgo.OAuth2LoginRequest, error)\n\t}\n\tDefaultHydra struct {\n\t\td hydraDependencies\n\t}\n)\n\nfunc NewDefaultHydra(d hydraDependencies) *DefaultHydra {\n\treturn &DefaultHydra{\n\t\td: d,\n\t}\n}\n\nfunc GetLoginChallengeID(conf *config.Config, r *http.Request) (sqlxx.NullString, error) {\n\tif !r.URL.Query().Has(\"login_challenge\") {\n\t\treturn \"\", nil\n\t} else if conf.OAuth2ProviderURL(r.Context()) == nil {\n\t\treturn \"\", errors.WithStack(herodot.ErrMisconfiguration.WithReason(\"refusing to parse login_challenge query parameter because \" + config.ViperKeyOAuth2ProviderURL + \" is invalid or unset\"))\n\t}\n\n\tloginChallenge := r.URL.Query().Get(\"login_challenge\")\n\tif loginChallenge == \"\" {\n\t\treturn \"\", errors.WithStack(herodot.ErrBadRequest.WithReason(\"the login_challenge parameter is present but empty\"))\n\t}\n\n\treturn sqlxx.NullString(loginChallenge), nil\n}\n\nfunc (h *DefaultHydra) getAdminURL(ctx context.Context) (string, error) {\n\tu := h.d.Config().OAuth2ProviderURL(ctx)\n\tif u == nil {\n\t\treturn \"\", errors.WithStack(herodot.ErrMisconfiguration.WithReason(config.ViperKeyOAuth2ProviderURL + \" is not configured\"))\n\t}\n\treturn u.String(), nil\n}\n\nfunc (h *DefaultHydra) getAdminAPIClient(ctx context.Context) (hydraclientgo.OAuth2API, error) {\n\turl, err := h.getAdminURL(ctx)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tconfiguration := hydraclientgo.NewConfiguration()\n\tconfiguration.Servers = hydraclientgo.ServerConfigurations{{URL: url}}\n\n\tclient := h.d.HTTPClient(ctx).StandardClient()\n\tif header := h.d.Config().OAuth2ProviderHeader(ctx); header != nil {\n\t\tclient.Transport = httpx.WrapTransportWithHeader(client.Transport, header)\n\t}\n\n\tconfiguration.HTTPClient = client\n\treturn hydraclientgo.NewAPIClient(configuration).OAuth2API, nil\n}\n\nfunc (h *DefaultHydra) AcceptLoginRequest(ctx context.Context, params AcceptLoginRequestParams) (string, error) {\n\tremember := h.d.Config().SessionPersistentCookie(ctx)\n\trememberFor := int64(h.d.Config().SessionLifespan(ctx) / time.Second)\n\n\talr := hydraclientgo.NewAcceptOAuth2LoginRequest(params.IdentityID)\n\talr.IdentityProviderSessionId = ¶ms.SessionID\n\talr.Remember = &remember\n\talr.RememberFor = &rememberFor\n\talr.Amr = []string{}\n\tfor _, r := range params.AuthenticationMethods {\n\t\talr.Amr = append(alr.Amr, string(r.Method))\n\t}\n\n\taa, err := h.getAdminAPIClient(ctx)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tresp, r, err := aa.AcceptOAuth2LoginRequest(ctx).LoginChallenge(params.LoginChallenge).AcceptOAuth2LoginRequest(*alr).Execute()\n\tif err != nil {\n\t\tinnerErr := herodot.ErrInternalServerError.WithWrap(err).WithReasonf(\"Unable to accept OAuth 2.0 Login Challenge.\")\n\t\tif r != nil {\n\t\t\tinnerErr = innerErr.\n\t\t\t\tWithDetail(\"status_code\", r.StatusCode).\n\t\t\t\tWithDebug(err.Error())\n\t\t}\n\n\t\tif openApiErr := new(hydraclientgo.GenericOpenAPIError); errors.As(err, &openApiErr) {\n\t\t\tswitch oauth2Err := openApiErr.Model().(type) {\n\t\t\tcase hydraclientgo.ErrorOAuth2:\n\t\t\t\tinnerErr = innerErr.WithDetail(\"oauth2_error_hint\", oauth2Err.GetErrorHint())\n\t\t\tcase *hydraclientgo.ErrorOAuth2:\n\t\t\t\tinnerErr = innerErr.WithDetail(\"oauth2_error_hint\", oauth2Err.GetErrorHint())\n\t\t\t}\n\t\t}\n\n\t\treturn \"\", errors.WithStack(innerErr)\n\t}\n\n\treturn resp.RedirectTo, nil\n}\n\nfunc (h *DefaultHydra) GetLoginRequest(ctx context.Context, loginChallenge string) (*hydraclientgo.OAuth2LoginRequest, error) {\n\tif loginChallenge == \"\" {\n\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReason(\"invalid login_challenge\"))\n\t}\n\n\taa, err := h.getAdminAPIClient(ctx)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thlr, r, err := aa.GetOAuth2LoginRequest(ctx).LoginChallenge(loginChallenge).Execute()\n\tif err != nil {\n\t\tvar innerErr *herodot.DefaultError\n\t\tif r == nil || r.StatusCode >= 500 {\n\t\t\tinnerErr = &herodot.ErrInternalServerError\n\t\t} else {\n\t\t\tinnerErr = &herodot.ErrBadRequest\n\t\t}\n\t\tinnerErr = innerErr.WithReasonf(\"Unable to get OAuth 2.0 Login Challenge.\")\n\t\tif r != nil {\n\t\t\tinnerErr = innerErr.\n\t\t\t\tWithDetail(\"status_code\", r.StatusCode).\n\t\t\t\tWithDebug(err.Error())\n\t\t}\n\n\t\tif openApiErr := new(hydraclientgo.GenericOpenAPIError); errors.As(err, &openApiErr) {\n\t\t\tswitch oauth2Err := openApiErr.Model().(type) {\n\t\t\tcase hydraclientgo.ErrorOAuth2:\n\t\t\t\tinnerErr = innerErr.WithDetail(\"oauth2_error_hint\", oauth2Err.GetErrorHint())\n\t\t\tcase *hydraclientgo.ErrorOAuth2:\n\t\t\t\tinnerErr = innerErr.WithDetail(\"oauth2_error_hint\", oauth2Err.GetErrorHint())\n\t\t\t}\n\t\t}\n\n\t\treturn nil, errors.WithStack(innerErr)\n\t}\n\n\treturn hlr, nil\n}\n" }, { "path": "hydra/hydra_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage hydra_test\n\nimport (\n\t\"net/http\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/hydra\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/sqlxx\"\n\t\"github.com/ory/x/urlx\"\n)\n\nfunc requestFromChallenge(s string) *http.Request {\n\treturn &http.Request{URL: urlx.ParseOrPanic(\"https://hydra?login_challenge=\" + s)}\n}\n\nfunc TestGetLoginChallengeID(t *testing.T) {\n\tuuidChallenge := \"b346a452-e8fb-4828-8ef8-a4dbc98dc23a\"\n\tblobChallenge := \"1337deadbeefcafe\"\n\tdefaultConfig := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation())\n\tconfigWithHydra := config.MustNew(t, logrusx.New(\"\", \"\"), &contextx.Default{}, configx.SkipValidation(), configx.WithValues(map[string]interface{}{\n\t\tconfig.ViperKeyOAuth2ProviderURL: \"https://hydra\",\n\t}))\n\n\ttype args struct {\n\t\tconf *config.Config\n\t\tr *http.Request\n\t}\n\ttests := []struct {\n\t\tname string\n\t\targs args\n\t\twant string\n\t\tassertErr assert.ErrorAssertionFunc\n\t}{\n\t\t{\n\t\t\tname: \"no login challenge; hydra is not configured\",\n\t\t\targs: args{\n\t\t\t\tconf: defaultConfig,\n\t\t\t\tr: &http.Request{URL: urlx.ParseOrPanic(\"https://hydra\")},\n\t\t\t},\n\t\t\twant: \"\",\n\t\t\tassertErr: assert.NoError,\n\t\t},\n\t\t{\n\t\t\tname: \"no login challenge; hydra is configured\",\n\t\t\targs: args{\n\t\t\t\tconf: configWithHydra,\n\t\t\t\tr: &http.Request{URL: urlx.ParseOrPanic(\"https://hydra\")},\n\t\t\t},\n\t\t\twant: \"\",\n\t\t\tassertErr: assert.NoError,\n\t\t},\n\t\t{\n\t\t\tname: \"empty login challenge; hydra is configured\",\n\t\t\targs: args{\n\t\t\t\tconf: configWithHydra,\n\t\t\t\tr: requestFromChallenge(\"\"),\n\t\t\t},\n\t\t\twant: \"\",\n\t\t\tassertErr: assert.Error,\n\t\t},\n\t\t{\n\t\t\tname: \"login_challenge is present; Hydra is not configured\",\n\t\t\targs: args{\n\t\t\t\tconf: defaultConfig,\n\t\t\t\tr: requestFromChallenge(uuidChallenge),\n\t\t\t},\n\t\t\twant: \"\",\n\t\t\tassertErr: assert.Error,\n\t\t},\n\t\t{\n\t\t\tname: \"login_challenge is present; hydra is configured\",\n\t\t\targs: args{\n\t\t\t\tconf: configWithHydra,\n\t\t\t\tr: requestFromChallenge(uuidChallenge),\n\t\t\t},\n\t\t\twant: uuidChallenge,\n\t\t\tassertErr: assert.NoError,\n\t\t},\n\t\t{\n\t\t\tname: \"login_challenge is present & non-uuid; hydra is configured\",\n\t\t\targs: args{\n\t\t\t\tconf: configWithHydra,\n\t\t\t\tr: requestFromChallenge(blobChallenge),\n\t\t\t},\n\t\t\twant: blobChallenge,\n\t\t\tassertErr: assert.NoError,\n\t\t},\n\t}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tgot, err := hydra.GetLoginChallengeID(tt.args.conf, tt.args.r)\n\t\t\ttt.assertErr(t, err)\n\t\t\tassert.Equal(t, sqlxx.NullString(tt.want), got)\n\t\t})\n\t}\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=PATCH_should_allow_to_update_credential_password-endpoint=admin.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"c6eaf1da-4c4e-5da0-aa91-77299464d869@ory.sh\"\n ],\n \"config\": {\n \"hashed_password\": \"foo\",\n \"some-random-key\": \" some-random-value\"\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"c6eaf1da-4c4e-5da0-aa91-77299464d869@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=PATCH_should_allow_to_update_credential_password-endpoint=public.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"c6eaf1da-4c4e-5da0-aa91-77299464d869@ory.sh\"\n ],\n \"config\": {\n \"hashed_password\": \"foo\",\n \"some-random-key\": \" some-random-value\"\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"c6eaf1da-4c4e-5da0-aa91-77299464d869@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=PATCH_should_allow_to_update_credential_password.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"c6eaf1da-4c4e-5da0-aa91-77299464d869@ory.sh\"\n ],\n \"config\": {\n \"hashed_password\": \"secret\",\n \"some-random-key\": \" some-random-value\"\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"c6eaf1da-4c4e-5da0-aa91-77299464d869@ory.sh\"\n },\n \"metadata_public\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_cleartext_password_and_oidc_credentials.json", "content": "{\n \"credentials\": {\n \"oidc\": {\n \"type\": \"oidc\",\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"import-2\",\n \"provider\": \"google\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"import-2\",\n \"provider\": \"github\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0\n },\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-2@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n },\n \"saml\": {\n \"type\": \"saml\",\n \"identifiers\": [\n \"okta:import-saml-2\",\n \"onelogin:import-saml-2\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"import-saml-2\",\n \"provider\": \"okta\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"import-saml-2\",\n \"provider\": \"onelogin\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-2@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=SSHA.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-6@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-6@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=SSHA256.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-7@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-7@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=SSHA512.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-8@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-8@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=argon2i.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-2@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-2@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=argon2id.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-3@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-3@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=bcrypt2.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-1@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-1@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=hmac.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-9@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-9@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=md5.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-5@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-5@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=pkbdf2.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-0@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-0@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_hashed_passwords-hash=scrypt.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-hash-4@ory.sh\"\n ],\n \"config\": {\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-hash-4@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_not-normalized_email.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"uppercased@ory.sh\"\n ],\n \"config\": {},\n \"version\": 0\n }\n },\n \"schema_id\": \"customer\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"UpperCased@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"value\": \"uppercased@ory.sh\",\n \"verified\": true,\n \"via\": \"email\",\n \"status\": \"completed\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"value\": \"uppercased@ory.sh\",\n \"via\": \"email\"\n }\n ],\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_organization_oidc_and_saml_credentials.json", "content": "{\n \"credentials\": {\n \"oidc\": {\n \"type\": \"oidc\",\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"import-org-3\",\n \"provider\": \"google\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"ad6a7dac-4eef-4f09-8e58-c099c14b6c36\"\n },\n {\n \"subject\": \"import-org-3\",\n \"provider\": \"github\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"ad6a7dac-4eef-4f09-8e58-c099c14b6c36\"\n }\n ]\n },\n \"version\": 0\n },\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-3@ory.sh\"\n ],\n \"config\": {},\n \"version\": 0\n },\n \"saml\": {\n \"type\": \"saml\",\n \"identifiers\": [\n \"okta:import-saml-org-3\",\n \"onelogin:import-saml-org-3\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"import-saml-org-3\",\n \"provider\": \"okta\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"ad6a7dac-4eef-4f09-8e58-c099c14b6c36\"\n },\n {\n \"subject\": \"import-saml-org-3\",\n \"provider\": \"onelogin\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"ad6a7dac-4eef-4f09-8e58-c099c14b6c36\"\n }\n ]\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-3@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-with_password_migration_hook_enabled.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"pw-migration-hook@ory.sh\"\n ],\n \"config\": {\n \"use_password_migration_hook\": true\n },\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"pw-migration-hook@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-without_any_credentials.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"import-1@ory.sh\"\n ],\n \"config\": {},\n \"version\": 0\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"import-1@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_be_able_to_import_users-without_traits.json", "content": "{\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_delete_credential_of_a_specific_user_and_no_longer_be_able_to_retrieve_it-type=remove_webauthn_passwordless_and_multiple_fido_mfa_type-admin.json", "content": "{\n \"credentials\": {\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [],\n \"config\": {\n \"credentials\": [\n {\n \"public_key\": \"cFFFQ0F5WWdBU0ZZSU1KTFFoSnhRUnpobktQVGNQQ1VPRE9teFlEWW8yb2JybTliaHA1bHZTWjNJbGdnWGpoWnZKYVBVcUY5UFhxWnFUZFdZUFI3UitiMm4vV2krSXhLS1hzUzRyVT0=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"cmM0QUFqVzh4Z3BraXdzbDhmQlZBdz09\",\n \"sign_count\": 0,\n \"clone_warning\": false\n },\n \"display_name\": \"test\",\n \"added_at\": \"2022-12-16T14:11:55Z\",\n \"is_passwordless\": true\n },\n {\n \"public_key\": \"cFFFQ0F5WWdBU0ZZSU1KTFFoSnhRUnpobktQVGNQQ1VPRE9teFlEWW8yb2JybTliaHA1bHZTWjNJbGdnWGpoWnZKYVBVcUY5UFhxWnFUZFdZUFI3UitiMm4vV2krSXhLS1hzUzRyVT0=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"cmM0QUFqVzh4Z3BraXdzbDhmQlZBdz09\",\n \"sign_count\": 0,\n \"clone_warning\": false\n },\n \"display_name\": \"test\",\n \"added_at\": \"2022-12-16T14:11:55Z\",\n \"is_passwordless\": true\n }\n ],\n \"user_handle\": \"RWY1SmlNcE1Sd3V6YXVXcy85SjBnUT09\"\n },\n \"version\": 1\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_delete_credential_of_a_specific_user_and_no_longer_be_able_to_retrieve_it-type=remove_webauthn_passwordless_and_multiple_fido_mfa_type-public.json", "content": "{\n \"credentials\": {\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [],\n \"config\": {\n \"credentials\": [\n {\n \"public_key\": \"cFFFQ0F5WWdBU0ZZSU1KTFFoSnhRUnpobktQVGNQQ1VPRE9teFlEWW8yb2JybTliaHA1bHZTWjNJbGdnWGpoWnZKYVBVcUY5UFhxWnFUZFdZUFI3UitiMm4vV2krSXhLS1hzUzRyVT0=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"cmM0QUFqVzh4Z3BraXdzbDhmQlZBdz09\",\n \"sign_count\": 0,\n \"clone_warning\": false\n },\n \"display_name\": \"test\",\n \"added_at\": \"2022-12-16T14:11:55Z\",\n \"is_passwordless\": true\n },\n {\n \"public_key\": \"cFFFQ0F5WWdBU0ZZSU1KTFFoSnhRUnpobktQVGNQQ1VPRE9teFlEWW8yb2JybTliaHA1bHZTWjNJbGdnWGpoWnZKYVBVcUY5UFhxWnFUZFdZUFI3UitiMm4vV2krSXhLS1hzUzRyVT0=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"cmM0QUFqVzh4Z3BraXdzbDhmQlZBdz09\",\n \"sign_count\": 0,\n \"clone_warning\": false\n },\n \"display_name\": \"test\",\n \"added_at\": \"2022-12-16T14:11:55Z\",\n \"is_passwordless\": true\n }\n ],\n \"user_handle\": \"RWY1SmlNcE1Sd3V6YXVXcy85SjBnUT09\"\n },\n \"version\": 1\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_delete_credential_of_a_specific_user_and_no_longer_be_able_to_retrieve_it-type=remove_webauthn_passwordless_type-admin.json", "content": "{\n \"credentials\": {\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [],\n \"config\": {\n \"credentials\": [\n {\n \"added_at\": \"2022-12-16T14:11:55Z\",\n \"public_key\": \"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\",\n \"display_name\": \"test\",\n \"authenticator\": {\n \"aaguid\": \"rc4AAjW8xgpkiwsl8fBVAw==\",\n \"sign_count\": 0,\n \"clone_warning\": false\n },\n \"is_passwordless\": true,\n \"attestation_type\": \"none\"\n }\n ],\n \"user_handle\": \"Ef5JiMpMRwuzauWs/9J0gQ==\"\n },\n \"version\": 1\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_delete_credential_of_a_specific_user_and_no_longer_be_able_to_retrieve_it-type=remove_webauthn_passwordless_type-public.json", "content": "{\n \"credentials\": {\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [],\n \"config\": {\n \"credentials\": [\n {\n \"added_at\": \"2022-12-16T14:11:55Z\",\n \"public_key\": \"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\",\n \"display_name\": \"test\",\n \"authenticator\": {\n \"aaguid\": \"rc4AAjW8xgpkiwsl8fBVAw==\",\n \"sign_count\": 0,\n \"clone_warning\": false\n },\n \"is_passwordless\": true,\n \"attestation_type\": \"none\"\n }\n ],\n \"user_handle\": \"Ef5JiMpMRwuzauWs/9J0gQ==\"\n },\n \"version\": 1\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-case=should_list_all_identities_with_credentials-include_credential=oidc_should_include_OIDC_credentials_config.json", "content": "\"{\\\"providers\\\":[{\\\"initial_id_token\\\":\\\"id_token0\\\",\\\"initial_access_token\\\":\\\"access_token0\\\",\\\"initial_refresh_token\\\":\\\"refresh_token0\\\",\\\"subject\\\":\\\"foo\\\",\\\"provider\\\":\\\"bar\\\"},{\\\"initial_id_token\\\":\\\"id_token1\\\",\\\"initial_access_token\\\":\\\"access_token1\\\",\\\"initial_refresh_token\\\":\\\"refresh_token1\\\",\\\"subject\\\":\\\"baz\\\",\\\"provider\\\":\\\"zab\\\"}]}\"\n" }, { "path": "identity/.snapshots/TestHandler-suite=PATCH_identities-case=success-assert=identity_0.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"version\": 0\n }\n },\n \"external_id\": \"external-id-Batch-Import-0\",\n \"metadata_admin\": {\n \"admin-0\": \"admin\"\n },\n \"metadata_public\": {\n \"public-0\": \"public\"\n },\n \"organization_id\": null,\n \"schema_id\": \"multiple_emails\",\n \"state\": \"active\",\n \"traits\": {\n \"emails\": [\n \"Batch-Import-0-0@ory.sh\",\n \"Batch-Import-0-1@ory.sh\",\n \"Batch-Import-0-2@ory.sh\",\n \"Batch-Import-0-3@ory.sh\"\n ],\n \"username\": \"Batch-Import-0-0@ory.sh\"\n }\n}\n" }, { "path": "identity/.snapshots/TestHandler-suite=PATCH_identities-case=success-assert=identity_1.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"version\": 0\n }\n },\n \"metadata_admin\": {\n \"admin-1\": \"admin\"\n },\n \"metadata_public\": {\n \"public-1\": \"public\"\n },\n \"organization_id\": null,\n \"schema_id\": \"multiple_emails\",\n \"state\": \"active\",\n \"traits\": {\n \"emails\": [\n \"batch-import-1-0@ory.sh\",\n \"batch-import-1-1@ory.sh\",\n \"batch-import-1-2@ory.sh\",\n \"batch-import-1-3@ory.sh\"\n ],\n \"username\": \"batch-import-1-0@ory.sh\"\n }\n}\n" }, { "path": "identity/.snapshots/TestHandler-suite=PATCH_identities-case=success-assert=identity_2.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"version\": 0\n }\n },\n \"external_id\": \"external-id-batch-import-2\",\n \"metadata_admin\": {\n \"admin-2\": \"admin\"\n },\n \"metadata_public\": {\n \"public-2\": \"public\"\n },\n \"organization_id\": null,\n \"schema_id\": \"multiple_emails\",\n \"state\": \"active\",\n \"traits\": {\n \"emails\": [\n \"batch-import-2-0@ory.sh\",\n \"batch-import-2-1@ory.sh\",\n \"batch-import-2-2@ory.sh\",\n \"batch-import-2-3@ory.sh\"\n ],\n \"username\": \"batch-import-2-0@ory.sh\"\n }\n}\n" }, { "path": "identity/.snapshots/TestHandler-suite=PATCH_identities-case=success-assert=identity_3.json", "content": "{\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"version\": 0\n }\n },\n \"metadata_admin\": {\n \"admin-3\": \"admin\"\n },\n \"metadata_public\": {\n \"public-3\": \"public\"\n },\n \"organization_id\": null,\n \"schema_id\": \"multiple_emails\",\n \"state\": \"active\",\n \"traits\": {\n \"emails\": [\n \"batch-import-3-0@ory.sh\",\n \"batch-import-3-1@ory.sh\",\n \"batch-import-3-2@ory.sh\",\n \"batch-import-3-3@ory.sh\"\n ],\n \"username\": \"batch-import-3-0@ory.sh\"\n }\n}\n" }, { "path": "identity/.snapshots/TestHandler-suite=create_and_update-case=should_get_identity_with_credentials-case=should_get_identity_with_password_and_webauthn_credentials_included.json", "content": "{\n \"credentials\": {\n \"oidc\": {\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"version\": 0\n },\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"bar\",\n \"zab\"\n ],\n \"config\": {\n \"some\": \"secret\"\n },\n \"version\": 0\n },\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"bar\",\n \"foo\"\n ],\n \"config\": {\n \"some\": \"secret\",\n \"user_handle\": \"rVIFaWRcTTuQLkXFmQWpgA==\"\n },\n \"version\": 1\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-suite=create_and_update-case=should_get_identity_with_credentials-case=should_get_identity_with_password_credentials_included.json", "content": "{\n \"credentials\": {\n \"oidc\": {\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"version\": 0\n },\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"bar\",\n \"zab\"\n ],\n \"config\": {\n \"some\": \"secret\"\n },\n \"version\": 0\n },\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"bar\",\n \"foo\"\n ],\n \"version\": 1\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestHandler-suite=create_and_update-case=should_get_identity_with_credentials-case=should_get_identity_without_credentials_included.json", "content": "{\n \"credentials\": {\n \"oidc\": {\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"version\": 0\n },\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"bar\",\n \"zab\"\n ],\n \"version\": 0\n },\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"bar\",\n \"foo\"\n ],\n \"version\": 1\n }\n },\n \"schema_id\": \"default\",\n \"state\": \"active\",\n \"traits\": {},\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-OIDC_new_credential_with_organization.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"github:12345\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"12345\",\n \"provider\": \"github\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-OIDC_new_credential_without_organization.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"github:12345\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"12345\",\n \"provider\": \"github\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-OIDC_update_credential_with_organization.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"google:67890\",\n \"github:12345\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"67890\",\n \"provider\": \"google\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"12345\",\n \"provider\": \"github\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-OIDC_update_credential_without_organization.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"google:67890\",\n \"github:12345\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"67890\",\n \"provider\": \"google\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"12345\",\n \"provider\": \"github\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-OIDC_update_with_multiple_providers.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"google:67890\",\n \"github:12345\",\n \"gitlab:abcdef\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"67890\",\n \"provider\": \"google\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"12345\",\n \"provider\": \"github\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"\n },\n {\n \"subject\": \"abcdef\",\n \"provider\": \"gitlab\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-SAML_new_credential_with_organization.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"okta:user123\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"user123\",\n \"provider\": \"okta\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-SAML_new_credential_without_organization.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"okta:user123\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"user123\",\n \"provider\": \"okta\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-SAML_update_credential_with_organization.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"onelogin:user456\",\n \"okta:user123\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"user456\",\n \"provider\": \"onelogin\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"user123\",\n \"provider\": \"okta\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-SAML_update_credential_without_organization.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"onelogin:user456\",\n \"okta:user123\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"user456\",\n \"provider\": \"onelogin\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"user123\",\n \"provider\": \"okta\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestImportCredentials-SAML_update_with_multiple_providers.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"onelogin:user456\",\n \"okta:user123\",\n \"auth0:user789\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"user456\",\n \"provider\": \"onelogin\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n },\n {\n \"subject\": \"user123\",\n \"provider\": \"okta\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"organization\": \"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"\n },\n {\n \"subject\": \"user789\",\n \"provider\": \"auth0\",\n \"initial_id_token\": \"\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestMarshalIdentityWithAll.json", "content": "{\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": null,\n \"config\": {\n \"some\": \"secret\"\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=0.json", "content": "{\n \"type\": \"password\",\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=1.json", "content": "{\n \"type\": \"password\",\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=10.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"sms\",\n \"address\": \"+4917667111638\"\n },\n {\n \"channel\": \"email\",\n \"address\": \"foo@ory.sh\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=11.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"sms\",\n \"address\": \"+4917667111638\"\n },\n {\n \"channel\": \"email\",\n \"address\": \"foo@ory.sh\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=12.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"sms\",\n \"address\": \"+4917667111638\"\n },\n {\n \"channel\": \"email\",\n \"address\": \"bar@ory.sh\"\n },\n {\n \"channel\": \"email\",\n \"address\": \"foo@ory.sh\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=13.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"bar@ory.sh\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=2.json", "content": "{\n \"type\": \"webauthn\",\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=3.json", "content": "{\n \"type\": \"password\",\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=4.json", "content": "{\n \"type\": \"webauthn\",\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=5.json", "content": "{\n \"type\": \"webauthn\",\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=6.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"foo@ory.sh\"\n }\n ]\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=7.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"foo@ory.sh\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=8.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"foo@ory.sh\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestSchemaExtensionCredentials-case=9.json", "content": "{\n \"type\": \"code\",\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"sms\",\n \"address\": \"+4917667111638\"\n },\n {\n \"channel\": \"email\",\n \"address\": \"foo@ory.sh\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestToNode.json", "content": "{\n \"type\": \"text\",\n \"group\": \"lookup_secret\",\n \"attributes\": {\n \"text\": {\n \"id\": 1050015,\n \"text\": \"used, bar, baz, used\",\n \"type\": \"info\",\n \"context\": {\n \"secrets\": [\n {\n \"id\": 1050014,\n \"text\": \"Secret was used at 2021-08-17 11:32:38 +0000 UTC\",\n \"type\": \"info\",\n \"context\": {\n \"used_at\": \"2021-08-17T11:32:38Z\",\n \"used_at_unix\": 1629199958\n }\n },\n {\n \"id\": 1050009,\n \"text\": \"bar\",\n \"type\": \"info\",\n \"context\": {\n \"secret\": \"bar\"\n }\n },\n {\n \"id\": 1050009,\n \"text\": \"baz\",\n \"type\": \"info\",\n \"context\": {\n \"secret\": \"baz\"\n }\n },\n {\n \"id\": 1050014,\n \"text\": \"Secret was used at 2021-08-17 11:32:48 +0000 UTC\",\n \"type\": \"info\",\n \"context\": {\n \"used_at\": \"2021-08-17T11:32:48Z\",\n \"used_at_unix\": 1629199968\n }\n }\n ]\n }\n },\n \"id\": \"lookup_secret_codes\",\n \"node_type\": \"text\"\n },\n \"messages\": [],\n \"meta\": {\n \"label\": {\n \"id\": 1050010,\n \"text\": \"These are your back up recovery codes. Please keep them in a safe place!\",\n \"type\": \"info\"\n }\n }\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-empty_credentials.json", "content": "{\n \"id\": \"00000000-0000-0000-0000-000000000000\",\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=code-from=v0_with_correct_value.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"code\": {\n \"type\": \"code\",\n \"identifiers\": [\n \"hi@example.org\"\n ],\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"hi@example.org\"\n }\n ]\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=code-from=v0_with_email_empty_space_value-with_one_identifier.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"code\": {\n \"type\": \"code\",\n \"identifiers\": [\n \"hi@example.org\"\n ],\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"hi@example.org\"\n }\n ]\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=code-from=v0_with_email_empty_space_value-with_two_identifiers.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"code\": {\n \"type\": \"code\",\n \"identifiers\": [\n \"foo@example.org\",\n \"bar@example.org\"\n ],\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"foo@example.org\"\n },\n {\n \"channel\": \"email\",\n \"address\": \"bar@example.org\"\n }\n ]\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=code-from=v0_with_empty_value.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"code\": {\n \"type\": \"code\",\n \"identifiers\": [\n \"hi@example.org\"\n ],\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"hi@example.org\"\n }\n ]\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=code-from=v0_with_unknown_value.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"code\": {\n \"type\": \"code\",\n \"identifiers\": [\n \"hi@example.org\"\n ],\n \"config\": {\n \"addresses\": [\n {\n \"channel\": \"email\",\n \"address\": \"hi@example.org\"\n }\n ]\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=code-from=v2_with_empty_value.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"code\": {\n \"type\": \"code\",\n \"identifiers\": [\n \"foo@example.org\",\n \"+12341234\"\n ],\n \"config\": {\n \"addresses\": [\n {\n \"address\": \"foo@example.org\",\n \"channel\": \"email\"\n },\n {\n \"address\": \"+12341234\",\n \"channel\": \"sms\"\n }\n ]\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\"\n ],\n \"config\": {\n \"credentials\": [\n {\n \"id\": \"HQ4LaIJ9NiqS1r0CQpWY+K0gMvhOq4yk5BHuO/YlitcurSpBK7weDXOvBcuN4lvn6DAmjGfmj/J/6bpOmtdT8Q==\",\n \"public_key\": \"pQECAyYgASFYILAYFLoH1T8bQMSbPrNBCMMS5U7OFWRwv2U+GkAoiBADIlggBv+8ni7XVZYBB8ufMbP/d9fDxbmOkVVHOgcJifnoOR4=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"AAAAAAAAAAAAAAAAAAAAAA==\",\n \"sign_count\": 4,\n \"clone_warning\": false\n },\n \"display_name\": \"asdf\",\n \"added_at\": \"2022-02-28T16:40:39Z\",\n \"is_passwordless\": false\n },\n {\n \"id\": \"1Q4LaIJ9NiqS1r0CQpWY+K0gMvhOq4yk5BHuO/YlitcurSpBK7weDXOvBcuN4lvn6DAmjGfmj/J/6bpOmtdT8Q==\",\n \"public_key\": \"pQECAyYgASFYILAYFLoH1T8bQMSbPrNBCMMS5U7OFWRwv2U+GkAoiBADIlggBv+8ni7XVZYBB8ufMbP/d9fDxbmOkVVHOgcJifnoOR4=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"AAAAAAAAAAAAAAAAAAAAAA==\",\n \"sign_count\": 4,\n \"clone_warning\": false\n },\n \"display_name\": \"asdf\",\n \"added_at\": \"2022-02-28T16:40:39Z\",\n \"is_passwordless\": false\n }\n ],\n \"user_handle\": \"TWT6CCD8RQ2+vevXx7biSQ==\"\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json", "content": "{\n \"id\": \"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\",\n \"credentials\": {\n \"webauthn\": {\n \"type\": \"webauthn\",\n \"identifiers\": [],\n \"config\": {\n \"credentials\": [\n {\n \"id\": \"HQ4LaIJ9NiqS1r0CQpWY+K0gMvhOq4yk5BHuO/YlitcurSpBK7weDXOvBcuN4lvn6DAmjGfmj/J/6bpOmtdT8Q==\",\n \"public_key\": \"pQECAyYgASFYILAYFLoH1T8bQMSbPrNBCMMS5U7OFWRwv2U+GkAoiBADIlggBv+8ni7XVZYBB8ufMbP/d9fDxbmOkVVHOgcJifnoOR4=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"AAAAAAAAAAAAAAAAAAAAAA==\",\n \"sign_count\": 4,\n \"clone_warning\": false\n },\n \"display_name\": \"asdf\",\n \"added_at\": \"2022-02-28T16:40:39Z\",\n \"is_passwordless\": true\n }\n ],\n \"user_handle\": \"2gZaSs9fTEeGmsBlC4gfgg==\"\n },\n \"version\": 1,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n },\n \"schema_id\": \"\",\n \"schema_url\": \"\",\n \"state\": \"\",\n \"traits\": null,\n \"metadata_public\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\",\n \"organization_id\": null\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-multi-credential=oidc.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-multi-credential=password.json", "content": "{\n \"type\": \"password\",\n \"identifiers\": [\n \"zab\",\n \"bar\"\n ],\n \"config\": {\n \"some\": \"secret\"\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-multi-credential=saml.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"qux\",\n \"quz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-multi-credential=webauthn.json", "content": "{\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"foo\",\n \"bar\"\n ],\n \"config\": {\n \"some\": \"secret\"\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-webauthn-credential=oidc.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-webauthn-credential=password.json", "content": "{\n \"type\": \"password\",\n \"identifiers\": [\n \"zab\",\n \"bar\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-webauthn-credential=saml.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"qux\",\n \"quz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=include-webauthn-credential=webauthn.json", "content": "{\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"foo\",\n \"bar\"\n ],\n \"config\": {\n \"some\": \"secret\"\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=no-include-credential=oidc.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=no-include-credential=password.json", "content": "{\n \"type\": \"password\",\n \"identifiers\": [\n \"zab\",\n \"bar\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=no-include-credential=saml.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"qux\",\n \"quz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=no-include-credential=webauthn.json", "content": "{\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"foo\",\n \"bar\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=oidc-credential=oidc.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"initial_id_token\": \"foo\",\n \"initial_access_token\": \"\",\n \"initial_refresh_token\": \"\",\n \"subject\": \"bar\",\n \"provider\": \"oidc1\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=oidc-credential=password.json", "content": "{\n \"type\": \"password\",\n \"identifiers\": [\n \"zab\",\n \"bar\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=oidc-credential=saml.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"qux\",\n \"quz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=oidc-credential=webauthn.json", "content": "{\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"foo\",\n \"bar\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=saml-credential=oidc.json", "content": "{\n \"type\": \"oidc\",\n \"identifiers\": [\n \"bar\",\n \"baz\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=saml-credential=password.json", "content": "{\n \"type\": \"password\",\n \"identifiers\": [\n \"zab\",\n \"bar\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=saml-credential=saml.json", "content": "{\n \"type\": \"saml\",\n \"identifiers\": [\n \"qux\",\n \"quz\"\n ],\n \"config\": {\n \"providers\": [\n {\n \"subject\": \"qux\",\n \"provider\": \"saml1\"\n }\n ]\n },\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/.snapshots/TestWithDeclassifiedCredentials-case=saml-credential=webauthn.json", "content": "{\n \"type\": \"webauthn\",\n \"identifiers\": [\n \"foo\",\n \"bar\"\n ],\n \"version\": 0,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n}\n" }, { "path": "identity/address.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nconst (\n\tAddressTypeEmail = \"email\"\n\tAddressTypeSMS = \"sms\"\n)\n" }, { "path": "identity/credentials.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/wI2L/jsondiff\"\n\n\t\"github.com/ory/kratos/ui/node\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\n// In nearly all cases, credential types have a constant id.\n// To make it potentially faster, and not need any data in the database,\n// we define this constant map. In 99.999% of the cases, a look up in this map is a hit and it's fast.\n// In the unlikely event that this is a miss, e.g. for very old self-hosted deployments from a time where\n// credential type ids used to be dynamic, we do a database look-up.\nvar ConstantCredentialsTypeToId = map[CredentialsType]string{\n\tCredentialsTypePassword: \"78c1b41d-8341-4507-aa60-aff1d4369670\", // gitleaks:allow\n\tCredentialsTypeOIDC: \"6fa5e2e0-bfce-4631-b62b-cf2b0252b289\", // gitleaks:allow\n\tCredentialsTypeTOTP: \"5e29b036-aa47-457f-9fe6-aa8b854a752b\", // gitleaks:allow\n\tCredentialsTypeLookup: \"567a0730-7f48-4dd7-a13d-df87a51c245f\", // gitleaks:allow\n\tCredentialsTypeWebAuthn: \"6b213fa0-e6ad-46cb-8878-b088d2ce2e3c\", // gitleaks:allow\n\tCredentialsTypeCodeAuth: \"14f3b7e2-8725-4068-be39-8a796485fd97\", // gitleaks:allow\n\tCredentialsTypePasskey: \"8d0ca544-9bf6-45d3-bd75-0bbb3aeba3c7\", // gitleaks:allow\n\tCredentialsTypeSAML: \"7bddcf6c-f50e-4a18-9b0f-429114c33419\", // gitleaks:allow\n}\n\n// Authenticator Assurance Level (AAL)\n//\n// The authenticator assurance level can be one of \"aal1\", \"aal2\", or \"aal3\". A higher number means that it is harder\n// for an attacker to compromise the account.\n//\n// Generally, \"aal1\" implies that one authentication factor was used while AAL2 implies that two factors (e.g.\n// password + TOTP) have been used.\n//\n// To learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials\n//\n// swagger:model authenticatorAssuranceLevel\ntype AuthenticatorAssuranceLevel string\n\nconst (\n\tNoAuthenticatorAssuranceLevel AuthenticatorAssuranceLevel = \"aal0\"\n\tAuthenticatorAssuranceLevel1 AuthenticatorAssuranceLevel = \"aal1\"\n\tAuthenticatorAssuranceLevel2 AuthenticatorAssuranceLevel = \"aal2\"\n)\n\ntype NullableAuthenticatorAssuranceLevel struct {\n\tsql.NullString\n}\n\n// NewNullableAuthenticatorAssuranceLevel returns a new NullableAuthenticatorAssuranceLevel\nfunc NewNullableAuthenticatorAssuranceLevel(aal AuthenticatorAssuranceLevel) NullableAuthenticatorAssuranceLevel {\n\tswitch aal {\n\tcase NoAuthenticatorAssuranceLevel:\n\t\tfallthrough\n\tcase AuthenticatorAssuranceLevel1:\n\t\tfallthrough\n\tcase AuthenticatorAssuranceLevel2:\n\t\treturn NullableAuthenticatorAssuranceLevel{sql.NullString{\n\t\t\tString: string(aal),\n\t\t\tValid: true,\n\t\t}}\n\tdefault:\n\t\treturn NullableAuthenticatorAssuranceLevel{sql.NullString{}}\n\t}\n}\n\n// ToAAL returns the AuthenticatorAssuranceLevel value of the given NullableAuthenticatorAssuranceLevel.\nfunc (n NullableAuthenticatorAssuranceLevel) ToAAL() (AuthenticatorAssuranceLevel, bool) {\n\tif !n.Valid {\n\t\treturn \"\", false\n\t}\n\tswitch n.String {\n\tcase string(NoAuthenticatorAssuranceLevel):\n\t\treturn NoAuthenticatorAssuranceLevel, true\n\tcase string(AuthenticatorAssuranceLevel1):\n\t\treturn AuthenticatorAssuranceLevel1, true\n\tcase string(AuthenticatorAssuranceLevel2):\n\t\treturn AuthenticatorAssuranceLevel2, true\n\tdefault:\n\t\treturn \"\", false\n\t}\n}\n\n// CredentialsType represents several different credential types, like password credentials, passwordless credentials,\n// and so on.\n//\n// swagger:enum CredentialsType\ntype CredentialsType string\n\n// Please make sure to add all of these values to the test that ensures they are created during migration\nconst (\n\tCredentialsTypePassword CredentialsType = \"password\"\n\tCredentialsTypeOIDC CredentialsType = \"oidc\"\n\tCredentialsTypeTOTP CredentialsType = \"totp\"\n\tCredentialsTypeLookup CredentialsType = \"lookup_secret\"\n\tCredentialsTypeWebAuthn CredentialsType = \"webauthn\"\n\tCredentialsTypeCodeAuth CredentialsType = \"code\"\n\tCredentialsTypePasskey CredentialsType = \"passkey\"\n\tCredentialsTypeProfile CredentialsType = \"profile\"\n\tCredentialsTypeSAML CredentialsType = \"saml\"\n)\n\nfunc (c CredentialsType) String() string {\n\treturn string(c)\n}\n\nfunc (c CredentialsType) ToUiNodeGroup() node.UiNodeGroup {\n\tswitch c {\n\tcase CredentialsTypePassword:\n\t\treturn node.PasswordGroup\n\tcase CredentialsTypeOIDC, CredentialsTypeSAML:\n\t\treturn node.OpenIDConnectGroup\n\tcase CredentialsTypeTOTP:\n\t\treturn node.TOTPGroup\n\tcase CredentialsTypeWebAuthn:\n\t\treturn node.WebAuthnGroup\n\tcase CredentialsTypeLookup:\n\t\treturn node.LookupGroup\n\tcase CredentialsTypeCodeAuth:\n\t\treturn node.CodeGroup\n\tcase CredentialsTypePasskey:\n\t\treturn node.PasskeyGroup\n\tdefault:\n\t\treturn node.DefaultGroup\n\t}\n}\n\nvar AllCredentialTypes = []CredentialsType{\n\tCredentialsTypePassword,\n\tCredentialsTypeOIDC,\n\t// CredentialsTypeSAML, placeholder for the OEL version\n\tCredentialsTypeTOTP,\n\tCredentialsTypeLookup,\n\tCredentialsTypeWebAuthn,\n\tCredentialsTypeCodeAuth,\n\tCredentialsTypePasskey,\n}\n\nconst (\n\t// CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).\n\t// It is not used within the credentials object itself.\n\tCredentialsTypeRecoveryLink CredentialsType = \"link_recovery\"\n\tCredentialsTypeRecoveryCode CredentialsType = \"code_recovery\"\n)\n\n// ParseCredentialsType parses a string into a CredentialsType or returns false as the second argument.\nfunc ParseCredentialsType(in string) (CredentialsType, bool) {\n\tswitch t := CredentialsType(in); t {\n\tcase CredentialsTypePassword,\n\t\tCredentialsTypeOIDC,\n\t\tCredentialsTypeSAML,\n\t\tCredentialsTypeTOTP,\n\t\tCredentialsTypeLookup,\n\t\tCredentialsTypeWebAuthn,\n\t\tCredentialsTypeCodeAuth,\n\t\tCredentialsTypeRecoveryLink,\n\t\tCredentialsTypeRecoveryCode,\n\t\tCredentialsTypePasskey:\n\t\treturn t, true\n\t}\n\treturn \"\", false\n}\n\n// Credentials represents a specific credential type\n//\n// swagger:model identityCredentials\ntype Credentials struct {\n\tID uuid.UUID `json:\"-\" db:\"id\"`\n\n\t// Type discriminates between different types of credentials.\n\tType CredentialsType `json:\"type\" db:\"-\"`\n\tIdentityCredentialTypeID uuid.UUID `json:\"-\" db:\"identity_credential_type_id\"`\n\n\t// Identifiers represent a list of unique identifiers this credential type matches.\n\tIdentifiers []string `json:\"identifiers\" db:\"-\"`\n\n\t// Config contains the concrete credential payload. This might contain the bcrypt-hashed password, the email\n\t// for passwordless authentication or access_token and refresh tokens from OpenID Connect flows.\n\tConfig sqlxx.JSONRawMessage `json:\"config,omitempty\" db:\"config\"`\n\n\t// Version refers to the version of the credential. Useful when changing the config schema.\n\tVersion int `json:\"version\" db:\"version\"`\n\n\tIdentityID uuid.UUID `json:\"-\" faker:\"-\" db:\"identity_id\"`\n\n\t// CreatedAt is a helper struct field for gobuffalo.pop.\n\tCreatedAt time.Time `json:\"created_at\" db:\"created_at\"`\n\n\t// UpdatedAt is a helper struct field for gobuffalo.pop.\n\tUpdatedAt time.Time `json:\"updated_at\" db:\"updated_at\"`\n\tNID uuid.UUID `json:\"-\" faker:\"-\" db:\"nid\"`\n}\n\nfunc (c Credentials) TableName(context.Context) string {\n\treturn \"identity_credentials\"\n}\n\nfunc (c Credentials) GetID() uuid.UUID {\n\treturn c.ID\n}\n\n// Signature returns a unique string signature for the credential.\nfunc (c Credentials) Signature() string {\n\tsortedIdentifiers := slices.Clone(c.Identifiers)\n\tslices.Sort(sortedIdentifiers)\n\tidentifiersStr := strings.Join(sortedIdentifiers, \",\")\n\n\t// Normalize JSON config to remove whitespace and key ordering differences\n\tvar normalizedConfig any\n\tif len(c.Config) > 0 {\n\t\tif err := json.Unmarshal(c.Config, &normalizedConfig); err != nil {\n\t\t\t// there is not much we can do when unmarshal fails except use the raw value\n\t\t\tnormalizedConfig = c.Config\n\t\t}\n\t}\n\treturn fmt.Sprintf(\"%v|%v|%d|%+v|%v|%v\", c.Type, identifiersStr, c.Version, normalizedConfig, c.IdentityID, c.NID)\n}\n\ntype (\n\t// swagger:ignore\n\tCredentialIdentifier struct {\n\t\tID uuid.UUID `db:\"id\"`\n\t\tIdentifier string `db:\"identifier\"`\n\t\tIdentityID *uuid.UUID `json:\"-\" db:\"identity_id\"`\n\t\tIdentityCredentialsID uuid.UUID `json:\"-\" db:\"identity_credential_id\"`\n\t\tIdentityCredentialsTypeID uuid.UUID `json:\"-\" db:\"identity_credential_type_id\"`\n\t\tCreatedAt time.Time `json:\"created_at\" db:\"created_at\"`\n\t\tUpdatedAt time.Time `json:\"updated_at\" db:\"updated_at\"`\n\t\tNID uuid.UUID `json:\"-\" faker:\"-\" db:\"nid\"`\n\t}\n\n\t// swagger:ignore\n\tCredentialsTypeTable struct {\n\t\tID uuid.UUID `json:\"-\" db:\"id\"`\n\t\tName CredentialsType `json:\"-\" db:\"name\"`\n\t}\n\n\t// swagger:ignore\n\tActiveCredentialsCounter interface {\n\t\tID() CredentialsType\n\t\tCountActiveFirstFactorCredentials(context.Context, map[CredentialsType]Credentials) (int, error)\n\t\tCountActiveMultiFactorCredentials(context.Context, map[CredentialsType]Credentials) (int, error)\n\t}\n\n\t// swagger:ignore\n\tActiveCredentialsCounterStrategyProvider interface {\n\t\tActiveCredentialsCounterStrategies(context.Context) []ActiveCredentialsCounter\n\t}\n)\n\nfunc (c CredentialsTypeTable) TableName(context.Context) string {\n\treturn \"identity_credential_types\"\n}\n\nfunc (c CredentialIdentifier) TableName(context.Context) string {\n\treturn \"identity_credential_identifiers\"\n}\n\nfunc CredentialsEqual(a, b map[CredentialsType]Credentials) bool {\n\tif len(a) != len(b) {\n\t\treturn false\n\t}\n\n\tif len(a) == 0 && len(b) == 0 {\n\t\treturn true\n\t}\n\n\tfor k, expect := range b {\n\t\tactual, found := a[k]\n\t\tif !found {\n\t\t\treturn false\n\t\t}\n\n\t\t// Try to normalize configs (remove spaces etc).\n\t\tpatch, err := jsondiff.CompareJSON(actual.Config, expect.Config)\n\t\tif err != nil {\n\t\t\treturn false\n\t\t}\n\n\t\tif len(patch) > 0 {\n\t\t\treturn false\n\t\t}\n\n\t\texpectIdentifiers, actualIdentifiers := make(map[string]struct{}, len(expect.Identifiers)), make(map[string]struct{}, len(actual.Identifiers))\n\t\tfor _, i := range expect.Identifiers {\n\t\t\texpectIdentifiers[i] = struct{}{}\n\t\t}\n\t\tfor _, i := range actual.Identifiers {\n\t\t\tactualIdentifiers[i] = struct{}{}\n\t\t}\n\t\tif !reflect.DeepEqual(expectIdentifiers, actualIdentifiers) {\n\t\t\treturn false\n\t\t}\n\t}\n\n\treturn true\n}\n" }, { "path": "identity/credentials_code.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"encoding/json\"\n\t\"strings\"\n\n\t\"github.com/ory/herodot\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/stringsx\"\n)\n\ntype CodeChannel string\n\n// Scan implements the sql.Scanner interface for CodeChannel\n// to support proper scanning from database values while removing\n// any trailing whitespace that might be present in\n// PostgreSQL and CockroachDB CHAR fields.\nfunc (c *CodeChannel) Scan(src interface{}) error {\n\tif src == nil {\n\t\t*c = \"\"\n\t\treturn nil\n\t}\n\n\tswitch s := src.(type) {\n\tcase string:\n\t\t*c = CodeChannel(strings.TrimSpace(s))\n\t\treturn nil\n\tcase []byte:\n\t\t*c = CodeChannel(strings.TrimSpace(string(s)))\n\t\treturn nil\n\tdefault:\n\t\treturn errors.Errorf(\"cannot scan %T into CodeChannel\", src)\n\t}\n}\n\nconst (\n\tCodeChannelEmail CodeChannel = AddressTypeEmail\n\tCodeChannelSMS CodeChannel = AddressTypeSMS\n)\n\nfunc NewCodeChannel(value string) (CodeChannel, error) {\n\tswitch f := stringsx.SwitchExact(value); {\n\tcase f.AddCase(string(CodeChannelEmail)):\n\t\treturn CodeChannelEmail, nil\n\tcase f.AddCase(string(CodeChannelSMS)):\n\t\treturn CodeChannelSMS, nil\n\tdefault:\n\t\treturn \"\", errors.Wrap(ErrInvalidCodeAddressType, f.ToUnknownCaseErr().Error())\n\t}\n}\n\n// CredentialsCode represents a one time login/registration code\n//\n// swagger:model identityCredentialsCode\ntype CredentialsCode struct {\n\tAddresses []CredentialsCodeAddress `json:\"addresses\"`\n}\n\n// swagger:model identityCredentialsCodeAddress\ntype CredentialsCodeAddress struct {\n\t// The type of the address for this code\n\tChannel CodeChannel `json:\"channel\"`\n\n\t// The address for this code\n\tAddress string `json:\"address\"`\n}\n\nvar ErrInvalidCodeAddressType = herodot.ErrMisconfiguration.WithReasonf(\"The address type for sending OTP codes is not supported.\")\n\nfunc (c *CredentialsCodeAddress) UnmarshalJSON(data []byte) (err error) {\n\ttype alias CredentialsCodeAddress\n\tvar ac alias\n\tif err := json.Unmarshal(data, &ac); err != nil {\n\t\treturn err\n\t}\n\n\tac.Channel, err = NewCodeChannel(string(ac.Channel))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t*c = CredentialsCodeAddress(ac)\n\treturn nil\n}\n" }, { "path": "identity/credentials_code_test.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"encoding/json\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n)\n\nfunc TestCredentialsCodeAddressUnmarshalJSON(t *testing.T) {\n\ttests := []struct {\n\t\tname string\n\t\tinput string\n\t\twant CredentialsCodeAddress\n\t\twantErr bool\n\t}{\n\t\t{\n\t\t\tname: \"valid email address\",\n\t\t\tinput: `{\"channel\": \"email\", \"address\": \"user@example.com\"}`,\n\t\t\twant: CredentialsCodeAddress{\n\t\t\t\tChannel: CodeChannelEmail,\n\t\t\t\tAddress: \"user@example.com\",\n\t\t\t},\n\t\t\twantErr: false,\n\t\t},\n\t\t{\n\t\t\tname: \"valid SMS address\",\n\t\t\tinput: `{\"channel\": \"sms\", \"address\": \"+1234567890\"}`,\n\t\t\twant: CredentialsCodeAddress{\n\t\t\t\tChannel: CodeChannelSMS,\n\t\t\t\tAddress: \"+1234567890\",\n\t\t\t},\n\t\t\twantErr: false,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid address type\",\n\t\t\tinput: `{\"channel\": \"invalid\", \"address\": \"user@example.com\"}`,\n\t\t\twant: CredentialsCodeAddress{},\n\t\t\twantErr: true,\n\t\t},\n\t\t{\n\t\t\tname: \"missing channel field\",\n\t\t\tinput: `{\"address\": \"user@example.com\"}`,\n\t\t\twant: CredentialsCodeAddress{},\n\t\t\twantErr: true,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid JSON structure\",\n\t\t\tinput: `{\"channel\": \"email\", \"address\": \"user@example.com\"`,\n\t\t\twant: CredentialsCodeAddress{},\n\t\t\twantErr: true,\n\t\t},\n\t}\n\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tvar got CredentialsCodeAddress\n\t\t\terr := json.Unmarshal([]byte(tt.input), &got)\n\t\t\tif tt.wantErr {\n\t\t\t\tassert.Error(t, err)\n\t\t\t} else {\n\t\t\t\tassert.NoError(t, err)\n\t\t\t\tassert.Equal(t, tt.want, got)\n\t\t\t}\n\t\t})\n\t}\n}\n\nfunc TestNewCodeAddressType(t *testing.T) {\n\ttests := []struct {\n\t\tname string\n\t\tinput string\n\t\twant CodeChannel\n\t\twantErr bool\n\t}{\n\t\t{\n\t\t\tname: \"valid email address type\",\n\t\t\tinput: \"email\",\n\t\t\twant: CodeChannelEmail,\n\t\t\twantErr: false,\n\t\t},\n\t\t{\n\t\t\tname: \"valid SMS address type\",\n\t\t\tinput: \"sms\",\n\t\t\twant: CodeChannelSMS,\n\t\t\twantErr: false,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid address type\",\n\t\t\tinput: \"invalid\",\n\t\t\twant: \"\",\n\t\t\twantErr: true,\n\t\t},\n\t}\n\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tgot, err := NewCodeChannel(tt.input)\n\t\t\tif tt.wantErr {\n\t\t\t\tassert.Error(t, err)\n\t\t\t} else {\n\t\t\t\tassert.NoError(t, err)\n\t\t\t\tassert.Equal(t, tt.want, got)\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "identity/credentials_lookup.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"time\"\n\n\t\"github.com/ory/kratos/text\"\n\t\"github.com/ory/kratos/ui/node\"\n\n\t\"github.com/ory/x/sqlxx\"\n)\n\n// CredentialsConfig is the struct that is being used as part of the identity credentials.\ntype CredentialsLookupConfig struct {\n\t// List of recovery codes\n\tRecoveryCodes []RecoveryCode `json:\"recovery_codes\"`\n}\n\nfunc (c *CredentialsLookupConfig) ToNode() *node.Node {\n\tmessages := make([]text.Message, len(c.RecoveryCodes))\n\tformatted := make([]string, len(c.RecoveryCodes))\n\tfor k, code := range c.RecoveryCodes {\n\t\tif time.Time(code.UsedAt).IsZero() {\n\t\t\tmessages[k] = *text.NewInfoSelfServiceSettingsLookupSecret(code.Code)\n\t\t\tformatted[k] = code.Code\n\t\t} else {\n\t\t\tmessages[k] = *text.NewInfoSelfServiceSettingsLookupSecretUsed(time.Time(code.UsedAt).UTC())\n\t\t\tformatted[k] = \"used\"\n\t\t}\n\t}\n\n\treturn node.NewTextField(node.LookupCodes, text.NewInfoSelfServiceSettingsLookupSecretList(formatted, messages), node.LookupGroup).\n\t\tWithMetaLabel(text.NewInfoSelfServiceSettingsLookupSecretsLabel())\n}\n\ntype RecoveryCode struct {\n\t// A recovery code\n\tCode string `json:\"code\"`\n\n\t// UsedAt indicates whether and when a recovery code was used.\n\tUsedAt sqlxx.NullTime `json:\"used_at,omitempty\"`\n}\n" }, { "path": "identity/credentials_lookup_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity_test\n\nimport (\n\t_ \"embed\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/ory/x/sqlxx\"\n)\n\nfunc TestToNode(t *testing.T) {\n\tc := identity.CredentialsLookupConfig{RecoveryCodes: []identity.RecoveryCode{\n\t\t{Code: \"foo\", UsedAt: sqlxx.NullTime(time.Unix(1629199958, 0).UTC())},\n\t\t{Code: \"bar\"},\n\t\t{Code: \"baz\"},\n\t\t{Code: \"oof\", UsedAt: sqlxx.NullTime(time.Unix(1629199968, 0).UTC())},\n\t}}\n\n\ttesthelpers.SnapshotTExcept(t, c.ToNode(), []string{})\n}\n" }, { "path": "identity/credentials_migrate.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/tidwall/gjson\"\n\t\"github.com/tidwall/sjson\"\n\n\t\"github.com/pkg/errors\"\n)\n\nfunc UpgradeWebAuthnCredentials(i *Identity, c *Credentials) (err error) {\n\tif c.Type != CredentialsTypeWebAuthn {\n\t\treturn nil\n\t}\n\n\tversion := c.Version\n\tif version == 0 {\n\t\tif gjson.GetBytes(c.Config, \"user_handle\").String() == \"\" {\n\t\t\tid, err := json.Marshal(i.ID[:])\n\t\t\tif err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\n\t\t\tc.Config, err = sjson.SetRawBytes(c.Config, \"user_handle\", id)\n\t\t\tif err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\t\t}\n\n\t\tvar index = -1\n\t\tvar err error\n\t\tgjson.GetBytes(c.Config, \"credentials\").ForEach(func(_, value gjson.Result) bool {\n\t\t\tindex++\n\n\t\t\tif value.Get(\"is_passwordless\").Exists() {\n\t\t\t\treturn true\n\t\t\t}\n\n\t\t\tc.Config, err = sjson.SetBytes(c.Config, fmt.Sprintf(\"credentials.%d.is_passwordless\", index), false)\n\t\t\treturn err == nil\n\t\t})\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tc.Version = 1\n\t}\n\treturn nil\n}\n\n// UpgradeCredentials migrates a set of older WebAuthn credentials to newer ones.\nfunc UpgradeCredentials(i *Identity) error {\n\tfor k := range i.Credentials {\n\t\tc := i.Credentials[k]\n\t\tif err := UpgradeWebAuthnCredentials(i, &c); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tif err := UpgradeCodeCredentials(&c); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\ti.Credentials[k] = c\n\t}\n\treturn nil\n}\n\nfunc UpgradeCodeCredentials(c *Credentials) (err error) {\n\tif c.Type != CredentialsTypeCodeAuth {\n\t\treturn nil\n\t}\n\n\tversion := c.Version\n\tif version == 0 {\n\t\taddressType := strings.ToLower(strings.TrimSpace(gjson.GetBytes(c.Config, \"address_type\").String()))\n\n\t\tchannel, err := NewCodeChannel(addressType)\n\t\tif err != nil {\n\t\t\t// We know that in some cases the address type can be empty. In this case, we default to email\n\t\t\t// as sms is a new addition to the address_type introduced in this PR.\n\t\t\tchannel = CodeChannelEmail\n\t\t}\n\n\t\tc.Config, err = sjson.DeleteBytes(c.Config, \"used_at\")\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tc.Config, err = sjson.DeleteBytes(c.Config, \"address_type\")\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tfor _, id := range c.Identifiers {\n\t\t\tif id == \"\" {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tc.Config, err = sjson.SetBytes(c.Config, \"addresses.-1\", &CredentialsCodeAddress{\n\t\t\t\tAddress: id,\n\t\t\t\tChannel: channel,\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\t\t}\n\n\t\t// This is needed because sjson adds spaces which can trip string comparisons.\n\t\tc.Config, err = json.Marshal(json.RawMessage(c.Config))\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tc.Version = 1\n\t}\n\treturn nil\n}\n" }, { "path": "identity/credentials_migrate_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t_ \"embed\"\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/x/snapshotx\"\n)\n\n//go:embed stub/webauthn/v0.json\nvar webAuthnV0 []byte\n\n//go:embed stub/webauthn/v1.json\nvar webAuthnV1 []byte\n\nfunc TestUpgradeCredentials(t *testing.T) {\n\tt.Run(\"empty credentials\", func(t *testing.T) {\n\t\ti := &Identity{}\n\n\t\terr := UpgradeCredentials(i)\n\t\trequire.NoError(t, err)\n\t\twc := WithCredentialsAndAdminMetadataInJSON(*i)\n\t\tsnapshotx.SnapshotTExcept(t, &wc, nil)\n\t})\n\n\trun := func(t *testing.T, identifiers []string, config string, version int, credentialsType CredentialsType, expectedVersion int) {\n\t\tif identifiers == nil {\n\t\t\tidentifiers = []string{\"hi@example.org\"}\n\t\t}\n\t\ti := &Identity{\n\t\t\tID: uuid.FromStringOrNil(\"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\"),\n\t\t\tCredentials: map[CredentialsType]Credentials{\n\t\t\t\tcredentialsType: {\n\t\t\t\t\tIdentifiers: identifiers,\n\t\t\t\t\tType: credentialsType,\n\t\t\t\t\tVersion: version,\n\t\t\t\t\tConfig: []byte(config),\n\t\t\t\t}},\n\t\t}\n\n\t\trequire.NoError(t, UpgradeCredentials(i))\n\t\twc := WithCredentialsAndAdminMetadataInJSON(*i)\n\t\tsnapshotx.SnapshotT(t, &wc)\n\t\tassert.Equal(t, expectedVersion, i.Credentials[credentialsType].Version)\n\t}\n\n\tt.Run(\"type=code\", func(t *testing.T) {\n\t\tt.Run(\"from=v0 with email empty space value\", func(t *testing.T) {\n\t\t\tt.Run(\"with one identifier\", func(t *testing.T) {\n\t\t\t\trun(t, nil, `{\"address_type\": \"email \", \"used_at\": {\"Time\": \"0001-01-01T00:00:00Z\", \"Valid\": false}}`, 0, CredentialsTypeCodeAuth, 1)\n\t\t\t})\n\n\t\t\tt.Run(\"with two identifiers\", func(t *testing.T) {\n\t\t\t\trun(t, []string{\"foo@example.org\", \"bar@example.org\"}, `{\"address_type\": \"email \", \"used_at\": {\"Time\": \"0001-01-01T00:00:00Z\", \"Valid\": false}}`, 0, CredentialsTypeCodeAuth, 1)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"from=v0 with empty value\", func(t *testing.T) {\n\t\t\trun(t, nil, `{\"address_type\": \"\", \"used_at\": {\"Time\": \"0001-01-01T00:00:00Z\", \"Valid\": false}}`, 0, CredentialsTypeCodeAuth, 1)\n\t\t})\n\n\t\tt.Run(\"from=v0 with correct value\", func(t *testing.T) {\n\t\t\trun(t, nil, `{\"address_type\": \"email\", \"used_at\": {\"Time\": \"0001-01-01T00:00:00Z\", \"Valid\": false}}`, 0, CredentialsTypeCodeAuth, 1)\n\t\t})\n\n\t\tt.Run(\"from=v0 with unknown value\", func(t *testing.T) {\n\t\t\trun(t, nil, `{\"address_type\": \"other\", \"used_at\": {\"Time\": \"0001-01-01T00:00:00Z\", \"Valid\": false}}`, 0, CredentialsTypeCodeAuth, 1)\n\t\t})\n\n\t\tt.Run(\"from=v2 with empty value\", func(t *testing.T) {\n\t\t\trun(t, []string{\"foo@example.org\", \"+12341234\"}, `{\"addresses\": [{\"address\":\"foo@example.org\",\"channel\":\"email\"},{\"address\":\"+12341234\",\"channel\":\"sms\"}]}`, 1, CredentialsTypeCodeAuth, 1)\n\t\t})\n\t})\n\n\tt.Run(\"type=webauthn\", func(t *testing.T) {\n\t\tt.Run(\"from=v0\", func(t *testing.T) {\n\t\t\trun(t, []string{\"4d64fa08-20fc-450d-bebd-ebd7c7b6e249\"}, string(webAuthnV0), 0, CredentialsTypeWebAuthn, 1)\n\t\t})\n\n\t\tt.Run(\"from=v1\", func(t *testing.T) {\n\n\t\t\trun(t, []string{}, string(webAuthnV1), 1, CredentialsTypeWebAuthn, 1)\n\t\t})\n\t})\n}\n" }, { "path": "identity/credentials_oidc.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/x\"\n)\n\n// CredentialsOIDC is contains the configuration for credentials of the type oidc.\n//\n// swagger:model identityCredentialsOidc\ntype CredentialsOIDC struct {\n\tProviders []CredentialsOIDCProvider `json:\"providers\"`\n}\n\n// CredentialsOIDCProvider is contains a specific OpenID COnnect credential for a particular connection (e.g. Google).\n//\n// swagger:model identityCredentialsOidcProvider\ntype CredentialsOIDCProvider struct {\n\tSubject string `json:\"subject\"`\n\tProvider string `json:\"provider\"`\n\tInitialIDToken string `json:\"initial_id_token\"`\n\tInitialAccessToken string `json:\"initial_access_token\"`\n\tInitialRefreshToken string `json:\"initial_refresh_token\"`\n\tOrganization string `json:\"organization,omitempty\"`\n\tUseAutoLink bool `json:\"use_auto_link,omitzero\"`\n}\n\n// swagger:ignore\ntype CredentialsOIDCEncryptedTokens struct {\n\tRefreshToken string `json:\"refresh_token,omitempty\"`\n\tIDToken string `json:\"id_token,omitempty\"`\n\tAccessToken string `json:\"access_token,omitempty\"`\n}\n\nfunc (c *CredentialsOIDCEncryptedTokens) GetRefreshToken() string {\n\tif c == nil {\n\t\treturn \"\"\n\t}\n\treturn c.RefreshToken\n}\n\nfunc (c *CredentialsOIDCEncryptedTokens) GetAccessToken() string {\n\tif c == nil {\n\t\treturn \"\"\n\t}\n\treturn c.AccessToken\n}\n\nfunc (c *CredentialsOIDCEncryptedTokens) GetIDToken() string {\n\tif c == nil {\n\t\treturn \"\"\n\t}\n\treturn c.IDToken\n}\n\n// NewCredentialsOIDC creates a new OIDC credential.\nfunc NewCredentialsOIDC(tokens *CredentialsOIDCEncryptedTokens, provider, subject, organization string) (*Credentials, error) {\n\treturn NewOIDCLikeCredentials(tokens, CredentialsTypeOIDC, provider, subject, organization)\n}\n\n// NewOIDCLikeCredentials creates a new OIDC-like credential.\nfunc NewOIDCLikeCredentials(tokens *CredentialsOIDCEncryptedTokens, t CredentialsType, provider, subject, organization string) (*Credentials, error) {\n\tif provider == \"\" {\n\t\treturn nil, errors.New(\"received empty provider in oidc credentials\")\n\t}\n\n\tif subject == \"\" {\n\t\treturn nil, errors.New(\"received empty provider in oidc credentials\")\n\t}\n\n\tvar b bytes.Buffer\n\tif err := json.NewEncoder(&b).Encode(CredentialsOIDC{\n\t\tProviders: []CredentialsOIDCProvider{\n\t\t\t{\n\t\t\t\tSubject: subject,\n\t\t\t\tProvider: provider,\n\t\t\t\tInitialIDToken: tokens.GetIDToken(),\n\t\t\t\tInitialAccessToken: tokens.GetAccessToken(),\n\t\t\t\tInitialRefreshToken: tokens.GetRefreshToken(),\n\t\t\t\tOrganization: organization,\n\t\t\t},\n\t\t},\n\t}); err != nil {\n\t\treturn nil, errors.WithStack(x.PseudoPanic.\n\t\t\tWithDebugf(\"Unable to encode password options to JSON: %s\", err))\n\t}\n\n\treturn &Credentials{\n\t\tType: t,\n\t\tIdentifiers: []string{OIDCUniqueID(provider, subject)},\n\t\tConfig: b.Bytes(),\n\t}, nil\n}\n\nfunc (c *CredentialsOIDCProvider) GetTokens() *CredentialsOIDCEncryptedTokens {\n\treturn &CredentialsOIDCEncryptedTokens{\n\t\tRefreshToken: c.InitialRefreshToken,\n\t\tIDToken: c.InitialIDToken,\n\t\tAccessToken: c.InitialAccessToken,\n\t}\n}\n\nfunc OIDCUniqueID(provider, subject string) string {\n\treturn fmt.Sprintf(\"%s:%s\", provider, subject)\n}\n\nfunc (c *CredentialsOIDC) Organization() string {\n\tfor _, p := range c.Providers {\n\t\tif p.Organization != \"\" {\n\t\t\treturn p.Organization\n\t\t}\n\t}\n\n\treturn \"\"\n}\n" }, { "path": "identity/credentials_oidc_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestNewCredentialsOIDC(t *testing.T) {\n\t_, err := NewCredentialsOIDC(new(CredentialsOIDCEncryptedTokens), \"\", \"not-empty\", \"\")\n\trequire.Error(t, err)\n\t_, err = NewCredentialsOIDC(new(CredentialsOIDCEncryptedTokens), \"not-empty\", \"\", \"\")\n\trequire.Error(t, err)\n\t_, err = NewCredentialsOIDC(new(CredentialsOIDCEncryptedTokens), \"not-empty\", \"not-empty\", \"\")\n\trequire.NoError(t, err)\n}\n" }, { "path": "identity/credentials_password.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\n// CredentialsPassword is contains the configuration for credentials of the type password.\n//\n// swagger:model identityCredentialsPassword\ntype CredentialsPassword struct {\n\t// HashedPassword is a hash-representation of the password.\n\tHashedPassword string `json:\"hashed_password\"`\n\n\t// UsePasswordMigrationHook is set to true if the password should be migrated\n\t// using the password migration hook. If set, and the HashedPassword is empty, a\n\t// webhook will be called during login to migrate the password.\n\tUsePasswordMigrationHook bool `json:\"use_password_migration_hook,omitempty\"`\n}\n\nfunc (cp *CredentialsPassword) ShouldUsePasswordMigrationHook() bool {\n\treturn cp != nil && cp.HashedPassword == \"\" && cp.UsePasswordMigrationHook\n}\n" }, { "path": "identity/credentials_password_test.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n)\n\nfunc TestCredentialsPassword_ShouldUsePasswordMigrationHook(t *testing.T) {\n\ttests := []struct {\n\t\tname string\n\t\tcp *CredentialsPassword\n\t\twant bool\n\t}{{\n\t\tname: \"pw set\",\n\t\tcp: &CredentialsPassword{\n\t\t\tHashedPassword: \"pw\",\n\t\t\tUsePasswordMigrationHook: true,\n\t\t},\n\t\twant: false,\n\t}, {\n\t\tname: \"pw not set\",\n\t\tcp: &CredentialsPassword{\n\t\t\tHashedPassword: \"\",\n\t\t\tUsePasswordMigrationHook: true,\n\t\t},\n\t\twant: true,\n\t}, {\n\t\tname: \"nil\",\n\t\twant: false,\n\t}, {\n\t\tname: \"pw not set, hook not set\",\n\t\tcp: &CredentialsPassword{\n\t\t\tHashedPassword: \"\",\n\t\t},\n\t\twant: false,\n\t}}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tassert.Equalf(t, tt.want, tt.cp.ShouldUsePasswordMigrationHook(), \"ShouldUsePasswordMigrationHook()\")\n\t\t})\n\t}\n}\n" }, { "path": "identity/credentials_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/mohae/deepcopy\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/x/sqlxx\"\n)\n\nfunc TestCredentialsEqual(t *testing.T) {\n\toriginal := map[CredentialsType]Credentials{\n\t\t\"foo\": {Type: \"foo\", Identifiers: []string{\"bar\"}, Config: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`)},\n\t}\n\n\tderived := deepcopy.Copy(original).(map[CredentialsType]Credentials)\n\tassert.EqualValues(t, original, derived)\n\tderived[\"foo\"].Identifiers[0] = \"baz\"\n\tassert.NotEqual(t, original, derived)\n}\n\nfunc TestAALOrder(t *testing.T) {\n\tassert.True(t, NoAuthenticatorAssuranceLevel < AuthenticatorAssuranceLevel1)\n\tassert.True(t, AuthenticatorAssuranceLevel1 < AuthenticatorAssuranceLevel2)\n}\n\nfunc TestParseCredentialsType(t *testing.T) {\n\tfor _, tc := range []struct {\n\t\tinput string\n\t\texpected CredentialsType\n\t}{\n\t\t{\"password\", CredentialsTypePassword},\n\t\t{\"oidc\", CredentialsTypeOIDC},\n\t\t{\"totp\", CredentialsTypeTOTP},\n\t\t{\"webauthn\", CredentialsTypeWebAuthn},\n\t\t{\"lookup_secret\", CredentialsTypeLookup},\n\t\t{\"link_recovery\", CredentialsTypeRecoveryLink},\n\t\t{\"code_recovery\", CredentialsTypeRecoveryCode},\n\t} {\n\t\tt.Run(\"case=\"+tc.input, func(t *testing.T) {\n\t\t\tactual, ok := ParseCredentialsType(tc.input)\n\t\t\trequire.True(t, ok)\n\t\t\tassert.Equal(t, tc.expected, actual)\n\t\t})\n\t}\n\n\tt.Run(\"case=unknown\", func(t *testing.T) {\n\t\t_, ok := ParseCredentialsType(\"unknown\")\n\t\trequire.False(t, ok)\n\t})\n}\n\nfunc TestCredentials_Hash(t *testing.T) {\n\tbaseID := uuid.Must(uuid.NewV4())\n\tbaseNID := uuid.Must(uuid.NewV4())\n\n\tfor _, tc := range []struct {\n\t\tname string\n\t\tcred1 Credentials\n\t\tcred2 Credentials\n\t\texpectEqual bool\n\t\tdescription string\n\t}{\n\t\t{\n\t\t\tname: \"same json with different whitespace\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\",\"baz\":\"qux\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\n\t\t\t\t\"foo\": \"bar\",\n\t\t\t\t\"baz\": \"qux\"\n\t\t\t}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\texpectEqual: true,\n\t\t\tdescription: \"hashes should be equal for same JSON with different whitespace\",\n\t\t},\n\t\t{\n\t\t\tname: \"same json with different key order\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeCodeAuth,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"address\":\"test@example.com\",\"channel\":\"email\"}]}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeCodeAuth,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"channel\":\"email\",\"address\":\"test@example.com\"}]}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\texpectEqual: true,\n\t\t\tdescription: \"hashes should be equal for same JSON with different key order\",\n\t\t},\n\t\t{\n\t\t\tname: \"nested json with different key order\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeWebAuthn,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"credentials\":[{\"id\":\"abc\",\"public_key\":\"xyz\",\"type\":\"webauthn\"}]}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeWebAuthn,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"credentials\":[{\"type\":\"webauthn\",\"public_key\":\"xyz\",\"id\":\"abc\"}]}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\texpectEqual: true,\n\t\t\tdescription: \"hashes should be equal for nested JSON with different key order\",\n\t\t},\n\t\t{\n\t\t\tname: \"same identifiers in different order\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"a@example.com\", \"b@example.com\", \"c@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"c@example.com\", \"a@example.com\", \"b@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\texpectEqual: true,\n\t\t\tdescription: \"hashes should be equal for same identifiers in different order\",\n\t\t},\n\t\t{\n\t\t\tname: \"different json config\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"different\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\texpectEqual: false,\n\t\t\tdescription: \"hashes should be different for different JSON content\",\n\t\t},\n\t\t{\n\t\t\tname: \"different types\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypePassword,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\texpectEqual: false,\n\t\t\tdescription: \"hashes should be different for different types\",\n\t\t},\n\t\t{\n\t\t\tname: \"different identifiers\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test1@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test2@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\texpectEqual: false,\n\t\t\tdescription: \"hashes should be different for different identifiers\",\n\t\t},\n\t\t{\n\t\t\tname: \"different versions\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 2,\n\t\t\t},\n\t\t\texpectEqual: false,\n\t\t\tdescription: \"hashes should be different for different versions\",\n\t\t},\n\t\t{\n\t\t\tname: \"different identity IDs\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t\tIdentityID: baseID,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t\tIdentityID: uuid.Must(uuid.NewV4()),\n\t\t\t},\n\t\t\texpectEqual: false,\n\t\t\tdescription: \"hashes should be different for different identity IDs\",\n\t\t},\n\t\t{\n\t\t\tname: \"different NIDs\",\n\t\t\tcred1: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t\tNID: baseNID,\n\t\t\t},\n\t\t\tcred2: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"test@example.com\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\tVersion: 1,\n\t\t\t\tNID: uuid.Must(uuid.NewV4()),\n\t\t\t},\n\t\t\texpectEqual: false,\n\t\t\tdescription: \"hashes should be different for different NIDs\",\n\t\t},\n\t} {\n\t\tt.Run(\"case=\"+tc.name, func(t *testing.T) {\n\t\t\thash1 := tc.cred1.Signature()\n\t\t\thash2 := tc.cred2.Signature()\n\n\t\t\tif tc.expectEqual {\n\t\t\t\tassert.Equal(t, hash1, hash2, tc.description)\n\t\t\t} else {\n\t\t\t\tassert.NotEqual(t, hash1, hash2, tc.description)\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "identity/credentials_totp.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\n// CredentialsConfig is the struct that is being used as part of the identity credentials.\ntype CredentialsTOTPConfig struct {\n\t// TOTPURL is the TOTP URL\n\t//\n\t// For more details see: https://github.com/google/google-authenticator/wiki/Key-Uri-Format\n\tTOTPURL string `json:\"totp_url\"`\n}\n" }, { "path": "identity/credentials_webauthn.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"time\"\n\n\t\"github.com/go-webauthn/webauthn/protocol\"\n\n\t\"github.com/go-webauthn/webauthn/webauthn\"\n\n\t\"github.com/ory/kratos/x/webauthnx/aaguid\"\n)\n\n// CredentialsWebAuthnConfig is the struct that is being used as part of the identity credentials.\ntype CredentialsWebAuthnConfig struct {\n\t// List of webauthn credentials.\n\tCredentials CredentialsWebAuthn `json:\"credentials\"`\n\tUserHandle []byte `json:\"user_handle\"`\n}\n\ntype CredentialsWebAuthn []CredentialWebAuthn\n\nfunc CredentialFromWebAuthn(credential *webauthn.Credential, isPasswordless bool) *CredentialWebAuthn {\n\tcred := &CredentialWebAuthn{\n\t\tID: credential.ID,\n\t\tPublicKey: credential.PublicKey,\n\t\tIsPasswordless: isPasswordless,\n\t\tAttestationType: credential.AttestationType,\n\t\tAddedAt: time.Now().UTC().Round(time.Second),\n\t\tAuthenticator: &AuthenticatorWebAuthn{\n\t\t\tAAGUID: credential.Authenticator.AAGUID,\n\t\t\tSignCount: credential.Authenticator.SignCount,\n\t\t\tCloneWarning: credential.Authenticator.CloneWarning,\n\t\t},\n\t\tFlags: &CredentialWebAuthnFlags{\n\t\t\tUserPresent: credential.Flags.UserPresent,\n\t\t\tUserVerified: credential.Flags.UserVerified,\n\t\t\tBackupEligible: credential.Flags.BackupEligible,\n\t\t\tBackupState: credential.Flags.BackupState,\n\t\t},\n\t}\n\tid := aaguid.Lookup(credential.Authenticator.AAGUID)\n\tif id != nil {\n\t\tcred.DisplayName = id.Name\n\t}\n\n\treturn cred\n}\n\nfunc (c CredentialsWebAuthn) ToWebAuthn() (result []webauthn.Credential) {\n\tfor k := range c {\n\t\tresult = append(result, *c[k].ToWebAuthn())\n\t}\n\treturn result\n}\n\n// PasswordlessOnly returns only passwordless credentials.\nfunc (c CredentialsWebAuthn) PasswordlessOnly(authenticatorResponseFlags *protocol.AuthenticatorFlags) (result []webauthn.Credential) {\n\tfor k, cc := range c {\n\t\t// Upgrade path for legacy webauthn credentials. Only possible if we are handling a response from an authenticator.\n\t\tif c[k].Flags == nil && authenticatorResponseFlags != nil {\n\t\t\tc[k].Flags = &CredentialWebAuthnFlags{\n\t\t\t\tBackupEligible: authenticatorResponseFlags.HasBackupEligible(),\n\t\t\t\tBackupState: authenticatorResponseFlags.HasBackupState(),\n\t\t\t}\n\t\t}\n\n\t\tif cc.IsPasswordless {\n\t\t\tresult = append(result, *c[k].ToWebAuthn())\n\t\t}\n\t}\n\treturn result\n}\n\n// ToWebAuthnFiltered returns only the appropriate credentials for the requested\n// AAL. For AAL1, only passwordless credentials are returned, for AAL2, only\n// non-passwordless credentials are returned.\n//\n// authenticatorResponseFlags should be passed if the response is from an authenticator. It will be used to\n// upgrade legacy webauthn credentials' BackupEligible and BackupState flags.\nfunc (c CredentialsWebAuthn) ToWebAuthnFiltered(aal AuthenticatorAssuranceLevel, authenticatorResponseFlags *protocol.AuthenticatorFlags) (result []webauthn.Credential) {\n\tfor k, cc := range c {\n\t\t// Upgrade path for legacy webauthn credentials. Only possible if we are handling a response from an authenticator.\n\t\tif c[k].Flags == nil && authenticatorResponseFlags != nil {\n\t\t\tc[k].Flags = &CredentialWebAuthnFlags{\n\t\t\t\tBackupEligible: authenticatorResponseFlags.HasBackupEligible(),\n\t\t\t\tBackupState: authenticatorResponseFlags.HasBackupState(),\n\t\t\t}\n\t\t}\n\n\t\tif (aal == AuthenticatorAssuranceLevel1 && cc.IsPasswordless) ||\n\t\t\t(aal == AuthenticatorAssuranceLevel2 && !cc.IsPasswordless) {\n\t\t\tresult = append(result, *c[k].ToWebAuthn())\n\t\t}\n\t}\n\treturn result\n}\n\nfunc (c *CredentialWebAuthn) ToWebAuthn() *webauthn.Credential {\n\twc := &webauthn.Credential{\n\t\tID: c.ID,\n\t\tPublicKey: c.PublicKey,\n\t\tAttestationType: c.AttestationType,\n\t\tTransport: c.Transport,\n\t}\n\n\tif c.Authenticator != nil {\n\t\twc.Authenticator = webauthn.Authenticator{\n\t\t\tAAGUID: c.Authenticator.AAGUID,\n\t\t\tSignCount: c.Authenticator.SignCount,\n\t\t\tCloneWarning: c.Authenticator.CloneWarning,\n\t\t}\n\t}\n\n\tif c.Flags != nil {\n\t\twc.Flags = webauthn.CredentialFlags{\n\t\t\tUserPresent: c.Flags.UserPresent,\n\t\t\tUserVerified: c.Flags.UserVerified,\n\t\t\tBackupEligible: c.Flags.BackupEligible,\n\t\t\tBackupState: c.Flags.BackupState,\n\t\t}\n\t}\n\n\tif c.Attestation != nil {\n\t\twc.Attestation = webauthn.CredentialAttestation{\n\t\t\tClientDataJSON: c.Attestation.ClientDataJSON,\n\t\t\tClientDataHash: c.Attestation.ClientDataHash,\n\t\t\tAuthenticatorData: c.Attestation.AuthenticatorData,\n\t\t\tPublicKeyAlgorithm: c.Attestation.PublicKeyAlgorithm,\n\t\t\tObject: c.Attestation.Object,\n\t\t}\n\t}\n\n\treturn wc\n}\n\ntype CredentialWebAuthn struct {\n\tID []byte `json:\"id\"`\n\tPublicKey []byte `json:\"public_key\"`\n\tAttestationType string `json:\"attestation_type\"`\n\tAuthenticator *AuthenticatorWebAuthn `json:\"authenticator,omitempty\"`\n\tDisplayName string `json:\"display_name\"`\n\tAddedAt time.Time `json:\"added_at\"`\n\tIsPasswordless bool `json:\"is_passwordless\"`\n\tFlags *CredentialWebAuthnFlags `json:\"flags,omitempty\"`\n\tTransport []protocol.AuthenticatorTransport `json:\"transport,omitempty\"`\n\tAttestation *CredentialWebAuthnAttestation `json:\"attestation,omitempty\"`\n}\n\ntype CredentialWebAuthnFlags struct {\n\tUserPresent bool `json:\"user_present\"`\n\tUserVerified bool `json:\"user_verified\"`\n\tBackupEligible bool `json:\"backup_eligible\"`\n\tBackupState bool `json:\"backup_state\"`\n}\n\ntype CredentialWebAuthnAttestation struct {\n\tClientDataJSON []byte `json:\"client_dataJSON\"`\n\tClientDataHash []byte `json:\"client_data_hash\"`\n\tAuthenticatorData []byte `json:\"authenticator_data\"`\n\tPublicKeyAlgorithm int64 `json:\"public_key_algorithm\"`\n\tObject []byte `json:\"object\"`\n}\n\ntype AuthenticatorWebAuthn struct {\n\tAAGUID []byte `json:\"aaguid\"`\n\tSignCount uint32 `json:\"sign_count\"`\n\tCloneWarning bool `json:\"clone_warning\"`\n}\n" }, { "path": "identity/credentials_webauthn_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/go-webauthn/webauthn/webauthn\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n)\n\nfunc TestCredentialConversion(t *testing.T) {\n\texpected := &webauthn.Credential{\n\t\tID: []byte(\"abcdef\"),\n\t\tPublicKey: []byte(\"foobar\"),\n\t\tAttestationType: \"test\",\n\t\tAuthenticator: webauthn.Authenticator{\n\t\t\tAAGUID: []byte(\"baz\"),\n\t\t\tSignCount: 1,\n\t\t\tCloneWarning: false,\n\t\t},\n\t}\n\n\tactual := CredentialFromWebAuthn(expected, false).ToWebAuthn()\n\tassert.Equal(t, expected, actual)\n\n\tactualList := CredentialsWebAuthn{*CredentialFromWebAuthn(expected, false)}.ToWebAuthnFiltered(AuthenticatorAssuranceLevel2, nil)\n\tassert.Equal(t, []webauthn.Credential{*expected}, actualList)\n\n\tactualList = CredentialsWebAuthn{*CredentialFromWebAuthn(expected, true)}.ToWebAuthnFiltered(AuthenticatorAssuranceLevel1, nil)\n\tassert.Equal(t, []webauthn.Credential{*expected}, actualList)\n\n\tactualList = CredentialsWebAuthn{*CredentialFromWebAuthn(expected, true)}.ToWebAuthnFiltered(AuthenticatorAssuranceLevel2, nil)\n\tassert.Len(t, actualList, 0)\n\n\tactualList = CredentialsWebAuthn{*CredentialFromWebAuthn(expected, false)}.ToWebAuthnFiltered(AuthenticatorAssuranceLevel1, nil)\n\tassert.Len(t, actualList, 0)\n\n\tfromWebAuthn := CredentialFromWebAuthn(expected, true)\n\tassert.True(t, fromWebAuthn.IsPasswordless)\n\tfromWebAuthn = CredentialFromWebAuthn(expected, false)\n\tassert.False(t, fromWebAuthn.IsPasswordless)\n\n\texpected.Authenticator.AAGUID = uuid.Must(uuid.FromString(\"ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4\")).Bytes()\n\tfromWebAuthn = CredentialFromWebAuthn(expected, false)\n\tassert.Equal(t, \"Google Password Manager\", fromWebAuthn.DisplayName)\n}\n\nfunc TestPasswordlessOnly(t *testing.T) {\n\ta := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte(\"a\")}, false)\n\tb := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte(\"b\")}, false)\n\tc := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte(\"c\")}, true)\n\td := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte(\"d\")}, false)\n\te := *CredentialFromWebAuthn(&webauthn.Credential{ID: []byte(\"e\")}, true)\n\texpected := CredentialsWebAuthn{a, b, c, d, e}\n\n\tactual := expected.PasswordlessOnly(nil)\n\trequire.Len(t, actual, 2)\n\tassert.Equal(t, []webauthn.Credential{*c.ToWebAuthn(), *e.ToWebAuthn()}, actual)\n}\n" }, { "path": "identity/error_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"errors\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n)\n\nfunc TestErrDuplicateCredentials(t *testing.T) {\n\tinner := errors.New(\"inner error\")\n\terr := &ErrDuplicateCredentials{inner, nil, nil, \"\"}\n\tassert.ErrorIs(t, err, inner)\n}\n" }, { "path": "identity/expandables.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport \"github.com/ory/x/sqlxx\"\n\ntype Expandable = sqlxx.Expandable\ntype Expandables = sqlxx.Expandables\n\nconst (\n\tExpandFieldVerifiableAddresses Expandable = \"VerifiableAddresses\"\n\tExpandFieldRecoveryAddresses Expandable = \"RecoveryAddresses\"\n\tExpandFieldCredentials Expandable = \"Credentials\"\n)\n\n// ExpandNothing expands nothing\nvar ExpandNothing = Expandables{}\n\n// ExpandDefault expands the default fields:\n//\n// - Verifiable addresses\n// - Recovery addresses\nvar ExpandDefault = Expandables{\n\tExpandFieldVerifiableAddresses,\n\tExpandFieldRecoveryAddresses,\n}\n\n// ExpandCredentials expands the identity's credentials.\nvar ExpandCredentials = Expandables{\n\tExpandFieldCredentials,\n}\n\n// ExpandEverything expands all the fields of an identity.\nvar ExpandEverything = Expandables{\n\tExpandFieldVerifiableAddresses,\n\tExpandFieldRecoveryAddresses,\n\tExpandFieldCredentials,\n}\n" }, { "path": "identity/extension_credentials.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"sort\"\n\t\"strings\"\n\t\"sync\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/ory/kratos/x\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/x/sqlxx\"\n\t\"github.com/ory/x/stringslice\"\n)\n\ntype SchemaExtensionCredentials struct {\n\ti *Identity\n\tv map[CredentialsType][]string\n\taddresses []CredentialsCodeAddress\n\tl sync.Mutex\n}\n\nfunc NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials {\n\treturn &SchemaExtensionCredentials{i: i}\n}\n\nfunc (r *SchemaExtensionCredentials) setIdentifier(ct CredentialsType, value interface{}) {\n\tcred, ok := r.i.GetCredentials(ct)\n\tif !ok {\n\t\tcred = &Credentials{\n\t\t\tType: ct,\n\t\t\tIdentifiers: []string{},\n\t\t\tConfig: sqlxx.JSONRawMessage{},\n\t\t}\n\t}\n\n\tif r.v == nil {\n\t\tr.v = make(map[CredentialsType][]string)\n\t}\n\n\tr.v[ct] = stringslice.Unique(append(r.v[ct], strings.ToLower(fmt.Sprintf(\"%s\", value))))\n\tcred.Identifiers = r.v[ct]\n\tr.i.SetCredentials(ct, *cred)\n}\n\nfunc (r *SchemaExtensionCredentials) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error {\n\tr.l.Lock()\n\tdefer r.l.Unlock()\n\n\tif s.Credentials.Password.Identifier {\n\t\tr.setIdentifier(CredentialsTypePassword, value)\n\t}\n\n\tif s.Credentials.WebAuthn.Identifier {\n\t\tr.setIdentifier(CredentialsTypeWebAuthn, value)\n\t}\n\n\tif s.Credentials.Code.Identifier {\n\t\tvia, err := NewCodeChannel(s.Credentials.Code.Via)\n\t\tif err != nil {\n\t\t\treturn ctx.Error(\"ory.sh~/kratos/credentials/code/via\", \"channel type %q must be one of %s\", s.Credentials.Code.Via, strings.Join([]string{\n\t\t\t\tstring(CodeChannelEmail),\n\t\t\t\tstring(CodeChannelSMS),\n\t\t\t}, \", \"))\n\t\t}\n\n\t\tcred := r.i.GetCredentialsOr(CredentialsTypeCodeAuth, &Credentials{\n\t\t\tType: CredentialsTypeCodeAuth,\n\t\t\tIdentifiers: []string{},\n\t\t\tConfig: sqlxx.JSONRawMessage(\"{}\"),\n\t\t\tVersion: 1,\n\t\t})\n\n\t\tvar conf CredentialsCode\n\t\tconf.Addresses = r.addresses\n\t\tvalue, err := x.NormalizeIdentifier(fmt.Sprintf(\"%s\", value), string(via))\n\t\tif err != nil {\n\t\t\treturn &jsonschema.ValidationError{Message: err.Error()}\n\t\t}\n\n\t\tconf.Addresses = append(conf.Addresses, CredentialsCodeAddress{\n\t\t\tChannel: via,\n\t\t\tAddress: value,\n\t\t})\n\n\t\tconf.Addresses = lo.UniqBy(conf.Addresses, func(item CredentialsCodeAddress) string {\n\t\t\treturn fmt.Sprintf(\"%x:%s\", item.Address, item.Channel)\n\t\t})\n\n\t\tsort.SliceStable(conf.Addresses, func(i, j int) bool {\n\t\t\tif conf.Addresses[i].Address == conf.Addresses[j].Address {\n\t\t\t\treturn conf.Addresses[i].Channel < conf.Addresses[j].Channel\n\t\t\t}\n\t\t\treturn conf.Addresses[i].Address < conf.Addresses[j].Address\n\t\t})\n\n\t\tif r.v == nil {\n\t\t\tr.v = make(map[CredentialsType][]string)\n\t\t}\n\n\t\tr.v[CredentialsTypeCodeAuth] = stringslice.Unique(append(r.v[CredentialsTypeCodeAuth],\n\t\t\tlo.Map(conf.Addresses, func(item CredentialsCodeAddress, _ int) string {\n\t\t\t\treturn item.Address\n\t\t\t})...,\n\t\t))\n\t\tr.addresses = conf.Addresses\n\n\t\tcred.Identifiers = r.v[CredentialsTypeCodeAuth]\n\t\tcred.Config, err = json.Marshal(conf)\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tr.i.SetCredentials(CredentialsTypeCodeAuth, *cred)\n\t}\n\n\treturn nil\n}\n\nfunc (r *SchemaExtensionCredentials) Finish() error {\n\treturn nil\n}\n" }, { "path": "identity/extension_credentials_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity_test\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t_ \"github.com/ory/jsonschema/v3/fileloader\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/x/snapshotx\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\nfunc TestSchemaExtensionCredentials(t *testing.T) {\n\tfor k, tc := range []struct {\n\t\texpectErr error\n\t\tschema string\n\t\tdoc string\n\t\texpectedIdentifiers []string\n\t\texisting *identity.Credentials\n\t\tct identity.CredentialsType\n\t}{\n\t\t{\n\t\t\tdoc: `{\"email\":\"foo@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\"},\n\t\t\tct: identity.CredentialsTypePassword,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"foo@ory.sh\",\"bar@ory.sh\"], \"username\": \"foobar\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/multi.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\", \"bar@ory.sh\", \"foobar\"},\n\t\t\tct: identity.CredentialsTypePassword,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"foo@ory.sh\",\"bar@ory.sh\"], \"username\": \"foobar\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/multi.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\", \"bar@ory.sh\"},\n\t\t\tct: identity.CredentialsTypeWebAuthn,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"emails\":[\"FOO@ory.sh\",\"bar@ory.sh\"], \"username\": \"foobar\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/multi.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\", \"bar@ory.sh\", \"foobar\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\"},\n\t\t\t},\n\t\t\tct: identity.CredentialsTypePassword,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"foo@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/webauthn.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\"},\n\t\t\tct: identity.CredentialsTypeWebAuthn,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"FOO@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/webauthn.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\"},\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeWebAuthn,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"foo@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/code.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\"},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"FOO@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/code.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\"},\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"FOO@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/code.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"foo@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\", \"foo@ory.sh\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"channel\":\"email\",\"address\":\"not-foo@ory.sh\"}]}`),\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"FOO@ory.sh\",\"phone\":\"+49 176 671 11 638\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/code-phone-email.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"+4917667111638\", \"foo@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\", \"foo@ory.sh\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"channel\":\"email\",\"address\":\"not-foo@ory.sh\"}]}`),\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"FOO@ory.sh\",\"phone\":\"+49 176 671 11 638\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/code-phone-email.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"+4917667111638\", \"foo@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\", \"foo@ory.sh\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"channel\":\"email\",\"address\":\"not-foo@ory.sh\"}]}`),\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"FOO@ory.sh\",\"email2\":\"FOO@ory.sh\",\"phone\":\"+49 176 671 11 638\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/code-phone-email.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"+4917667111638\", \"foo@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\", \"fOo@ory.sh\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"channel\":\"email\",\"address\":\"not-foo@ory.sh\"}]}`),\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"FOO@ory.sh\",\"email2\":\"FOO@ory.sh\",\"email3\":\"bar@ory.sh\",\"phone\":\"+49 176 671 11 638\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/code-phone-email.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"+4917667111638\", \"foo@ory.sh\", \"bar@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"not-foo@ory.sh\", \"fOo@ory.sh\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"channel\":\"email\",\"address\":\"not-foo@ory.sh\"}]}`),\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t\t{\n\t\t\tdoc: `{\"email\":\"bar@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/credentials/email.schema.json\",\n\t\t\texpectedIdentifiers: []string{\"bar@ory.sh\"},\n\t\t\texisting: &identity.Credentials{\n\t\t\t\tIdentifiers: []string{\"foo@ory.sh\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"addresses\":[{\"channel\":\"email\",\"address\":\"foo@ory.sh\"}]}`),\n\t\t\t},\n\t\t\tct: identity.CredentialsTypeCodeAuth,\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\tc := jsonschema.NewCompiler()\n\t\t\trunner, err := schema.NewExtensionRunner(t.Context())\n\t\t\trequire.NoError(t, err)\n\n\t\t\ti := new(identity.Identity)\n\t\t\te := identity.NewSchemaExtensionCredentials(i)\n\t\t\tif tc.existing != nil {\n\t\t\t\ti.SetCredentials(tc.ct, *tc.existing)\n\t\t\t}\n\n\t\t\trunner.AddRunner(e).Register(c)\n\t\t\terr = c.MustCompile(t.Context(), tc.schema).Validate(bytes.NewBufferString(tc.doc))\n\t\t\tif tc.expectErr != nil {\n\t\t\t\trequire.EqualError(t, err, tc.expectErr.Error())\n\t\t\t} else {\n\t\t\t\trequire.NoError(t, err)\n\t\t\t}\n\t\t\trequire.NoError(t, e.Finish())\n\n\t\t\tcredentials, ok := i.GetCredentials(tc.ct)\n\t\t\trequire.True(t, ok)\n\t\t\tassert.ElementsMatch(t, tc.expectedIdentifiers, credentials.Identifiers)\n\t\t\tsnapshotx.SnapshotT(t, credentials, snapshotx.ExceptPaths(\"identifiers\"))\n\t\t})\n\t}\n}\n" }, { "path": "identity/extension_recovery.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"fmt\"\n\t\"maps\"\n\t\"slices\"\n\t\"strings\"\n\t\"sync\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\n\t\"github.com/ory/kratos/schema\"\n)\n\ntype SchemaExtensionRecovery struct {\n\tl sync.Mutex\n\tv []RecoveryAddress\n\ti *Identity\n}\n\nfunc NewSchemaExtensionRecovery(i *Identity) *SchemaExtensionRecovery {\n\treturn &SchemaExtensionRecovery{i: i}\n}\n\nfunc (r *SchemaExtensionRecovery) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error {\n\tr.l.Lock()\n\tdefer r.l.Unlock()\n\n\tvar address *RecoveryAddress\n\tswitch s.Recovery.Via {\n\tcase \"email\":\n\t\tformatString := \"email\"\n\t\tformatter, ok := jsonschema.Formats[formatString]\n\t\tif !ok {\n\t\t\tsupportedKeys := slices.Collect(maps.Keys(jsonschema.Formats))\n\t\t\treturn ctx.Error(\"format\", \"format %q is not supported. Supported formats are [%s]\", formatString, strings.Join(supportedKeys, \", \"))\n\t\t}\n\n\t\tif !formatter(value) {\n\t\t\treturn ctx.Error(\"format\", \"%q is not valid %q\", value, formatString)\n\t\t}\n\n\t\taddress = NewRecoveryEmailAddress(\n\t\t\tstrings.ToLower(strings.TrimSpace(\n\t\t\t\tfmt.Sprintf(\"%s\", value))), r.i.ID)\n\n\tcase \"sms\":\n\t\tformatString := \"tel\"\n\t\tformatter, ok := jsonschema.Formats[formatString]\n\t\tif !ok {\n\t\t\tsupportedKeys := slices.Collect(maps.Keys(jsonschema.Formats))\n\t\t\treturn ctx.Error(\"format\", \"format %q is not supported. Supported formats are [%s]\", formatString, strings.Join(supportedKeys, \", \"))\n\t\t}\n\n\t\tif !formatter(value) {\n\t\t\treturn ctx.Error(\"format\", \"%q is not valid %q\", value, formatString)\n\t\t}\n\n\t\taddress = NewRecoverySMSAddress(\n\t\t\tstrings.TrimSpace(\n\t\t\t\tfmt.Sprintf(\"%s\", value)), r.i.ID)\n\n\tcase \"\":\n\t\treturn nil\n\tdefault:\n\t\treturn ctx.Error(\"\", \"recovery.via has unknown value %q\", s.Recovery.Via)\n\t}\n\n\tif has := r.has(r.i.RecoveryAddresses, address); has != nil {\n\t\tif r.has(r.v, address) == nil {\n\t\t\tr.v = append(r.v, *has)\n\t\t}\n\t\treturn nil\n\t}\n\n\tif has := r.has(r.v, address); has == nil {\n\t\tr.v = append(r.v, *address)\n\t}\n\n\treturn nil\n}\n\nfunc (r *SchemaExtensionRecovery) has(haystack []RecoveryAddress, needle *RecoveryAddress) *RecoveryAddress {\n\tfor _, has := range haystack {\n\t\tif has.Value == needle.Value && has.Via == needle.Via {\n\t\t\treturn &has\n\t\t}\n\t}\n\treturn nil\n}\n\nfunc (r *SchemaExtensionRecovery) Finish() error {\n\tr.i.RecoveryAddresses = r.v\n\treturn nil\n}\n" }, { "path": "identity/extension_recovery_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"testing\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t_ \"github.com/ory/jsonschema/v3/fileloader\"\n\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/x\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestSchemaExtensionRecovery(t *testing.T) {\n\tiid := x.NewUUID()\n\tfor k, tc := range []struct {\n\t\texpectErr error\n\t\tschema string\n\t\tdoc string\n\t\texpect []RecoveryAddress\n\t\texisting []RecoveryAddress\n\t\tdescription string\n\t}{\n\t\t{\n\t\t\tdescription: \"valid email, no existing\",\n\t\t\tdoc: `{\"username\":\"foo@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/email.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tdescription: \"valid email, some existing, no overlap\",\n\t\t\tdoc: `{\"username\":\"foo@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/email.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t\texisting: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tdescription: \"valid emails, some existing, overlap\",\n\t\t\tdoc: `{\"emails\":[\"baz@ory.sh\",\"foo@ory.sh\"]}`,\n\t\t\tschema: \"file://./stub/extension/recovery/email.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tValue: \"baz@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t\texisting: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tdescription: \"valid emails, no existing, overlap\",\n\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"foo@ory.sh\",\"baz@ory.sh\"]}`,\n\t\t\tschema: \"file://./stub/extension/recovery/email.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tValue: \"baz@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t\texisting: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tdescription: \"invalid email\",\n\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"bar@ory.sh\"], \"username\": \"foobar\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/email.schema.json\",\n\t\t\texpectErr: errors.New(\"I[#/username] S[#/properties/username/format] \\\"foobar\\\" is not valid \\\"email\\\"\"),\n\t\t},\n\t\t{\n\t\t\tdescription: \"valid emails, no existing\",\n\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"bar@ory.sh\",\"bar@ory.sh\"], \"username\": \"foobar@ory.sh\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/email.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tValue: \"foobar@ory.sh\",\n\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\n\t\t{\n\t\t\tdescription: \"valid phone number, no existing\",\n\t\t\tdoc: `{\"telephoneNumber\":\"+68672098006\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/sms.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"+68672098006\",\n\t\t\t\t\tVia: AddressTypeSMS,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tdescription: \"valid phone number, some existing, no overlap\",\n\t\t\tdoc: `{\"telephoneNumber\":\"+68672098006\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/sms.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"+68672098006\",\n\t\t\t\t\tVia: AddressTypeSMS,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t\texisting: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"+12 345 67890123\",\n\t\t\t\t\tVia: AddressTypeSMS,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tdescription: \"valid phone number, some existing, overlap\",\n\t\t\tdoc: `{\"telephoneNumber\":\"+68672098006\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/sms.schema.json\",\n\t\t\texpect: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"+68672098006\",\n\t\t\t\t\tVia: AddressTypeSMS,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t\texisting: []RecoveryAddress{\n\t\t\t\t{\n\t\t\t\t\tValue: \"+68672098006\",\n\t\t\t\t\tVia: AddressTypeSMS,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tValue: \"+33 07856952\",\n\t\t\t\t\tVia: AddressTypeSMS,\n\t\t\t\t\tIdentityID: iid,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tdescription: \"invalid phone number\",\n\t\t\tdoc: `{\"telephoneNumber\": \"foobar\"}`,\n\t\t\tschema: \"file://./stub/extension/recovery/sms.schema.json\",\n\t\t\t// We get 2 errors: one from the JSON schema `format` validation and one from the Go validation.\n\t\t\texpectErr: errors.New(\"I[#/telephoneNumber] S[#/properties/telephoneNumber] validation failed\\n I[#/telephoneNumber] S[#/properties/telephoneNumber/format] \\\"foobar\\\" is not valid \\\"tel\\\"\\n I[#/telephoneNumber] S[#/properties/telephoneNumber/format] \\\"foobar\\\" is not valid \\\"tel\\\"\"),\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d description=%s\", k, tc.description), func(t *testing.T) {\n\t\t\tid := &Identity{ID: iid, RecoveryAddresses: tc.existing}\n\t\t\tc := jsonschema.NewCompiler()\n\t\t\trunner, err := schema.NewExtensionRunner(t.Context())\n\t\t\trequire.NoError(t, err)\n\n\t\t\te := NewSchemaExtensionRecovery(id)\n\t\t\trunner.AddRunner(e).Register(c)\n\n\t\t\terr = c.MustCompile(t.Context(), tc.schema).Validate(bytes.NewBufferString(tc.doc))\n\t\t\tif tc.expectErr != nil {\n\t\t\t\trequire.EqualError(t, err, tc.expectErr.Error())\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\trequire.NoError(t, e.Finish())\n\n\t\t\taddresses := id.RecoveryAddresses\n\t\t\trequire.Len(t, addresses, len(tc.expect))\n\n\t\t\tfor _, actual := range addresses {\n\t\t\t\tvar found bool\n\t\t\t\tfor _, expect := range tc.expect {\n\t\t\t\t\tif reflect.DeepEqual(actual, expect) {\n\t\t\t\t\t\tfound = true\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tassert.True(t, found, \"%+v not in %+v\", actual, tc.expect)\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "identity/extension_verification.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"fmt\"\n\t\"maps\"\n\t\"slices\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/kratos/schema\"\n)\n\nfunc init() {\n\tjsonschema.Formats[\"no-validate\"] = func(v interface{}) bool {\n\t\treturn true\n\t}\n}\n\ntype SchemaExtensionVerification struct {\n\tlifespan time.Duration\n\tl sync.Mutex\n\tv []VerifiableAddress\n\ti *Identity\n}\n\nfunc NewSchemaExtensionVerification(i *Identity, lifespan time.Duration) *SchemaExtensionVerification {\n\treturn &SchemaExtensionVerification{i: i, lifespan: lifespan}\n}\n\nconst (\n\tChannelTypeEmail = \"email\"\n\tChannelTypeSMS = \"sms\"\n)\n\nfunc (r *SchemaExtensionVerification) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error {\n\tr.l.Lock()\n\tdefer r.l.Unlock()\n\n\tif s.Verification.Via == \"\" {\n\t\treturn nil\n\t}\n\n\tformat, ok := s.RawSchema[\"format\"]\n\tif !ok {\n\t\tformat = \"\"\n\t}\n\tformatString, ok := format.(string)\n\tif !ok {\n\t\treturn nil\n\t}\n\n\tif formatString == \"\" {\n\t\tswitch s.Verification.Via {\n\t\tcase ChannelTypeEmail:\n\t\t\tformatString = \"email\"\n\t\t\tformatter, ok := jsonschema.Formats[formatString]\n\t\t\tif !ok {\n\t\t\t\tsupportedKeys := slices.Collect(maps.Keys(jsonschema.Formats))\n\t\t\t\treturn ctx.Error(\"format\", \"format %q is not supported. Supported formats are [%s]\", formatString, strings.Join(supportedKeys, \", \"))\n\t\t\t}\n\n\t\t\tif !formatter(value) {\n\t\t\t\treturn ctx.Error(\"format\", \"%q is not valid %q\", value, formatString)\n\t\t\t}\n\t\tdefault:\n\t\t\treturn ctx.Error(\"format\", \"no format specified. A format is required if verification is enabled. If this was intentional, please set \\\"format\\\" to \\\"no-validate\\\"\")\n\t\t}\n\t}\n\n\tvar normalized string\n\tswitch formatString {\n\tcase \"email\":\n\t\tnormalized = strings.ToLower(strings.TrimSpace(fmt.Sprintf(\"%s\", value)))\n\tdefault:\n\t\tnormalized = strings.TrimSpace(fmt.Sprintf(\"%s\", value))\n\t}\n\n\taddress := NewVerifiableAddress(normalized, r.i.ID, s.Verification.Via)\n\tr.appendAddress(address)\n\treturn nil\n}\n\nfunc (r *SchemaExtensionVerification) Finish() error {\n\tr.i.VerifiableAddresses = merge(r.v, r.i.VerifiableAddresses)\n\treturn nil\n}\n\n// merge merges the base with the overrides through comparison with `has`. It changes the base slice in place.\nfunc merge(base []VerifiableAddress, overrides []VerifiableAddress) []VerifiableAddress {\n\tfor i := range base {\n\t\tif override := has(overrides, &base[i]); override != nil {\n\t\t\tbase[i] = *override\n\t\t}\n\t}\n\n\treturn base\n}\n\nfunc (r *SchemaExtensionVerification) appendAddress(address *VerifiableAddress) {\n\tif h := has(r.i.VerifiableAddresses, address); h != nil {\n\t\tif has(r.v, address) == nil {\n\t\t\tr.v = append(r.v, *h)\n\t\t}\n\t\treturn\n\t}\n\n\tif has(r.v, address) == nil {\n\t\tr.v = append(r.v, *address)\n\t}\n}\n\nfunc has(haystack []VerifiableAddress, needle *VerifiableAddress) *VerifiableAddress {\n\tfor _, has := range haystack {\n\t\tif has.Value == needle.Value && has.Via == needle.Via {\n\t\t\treturn &has\n\t\t}\n\t}\n\treturn nil\n}\n" }, { "path": "identity/extension_verification_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"net\"\n\t\"reflect\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t_ \"github.com/ory/jsonschema/v3/fileloader\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/x\"\n)\n\nconst (\n\temailSchemaPath = \"file://./stub/extension/verify/email.schema.json\"\n\tphoneSchemaPath = \"file://./stub/extension/verify/phone.schema.json\"\n\tmissingFormatSchemaPath = \"file://./stub/extension/verify/missing-format.schema.json\"\n\tlegacyEmailMissingFormatSchemaPath = \"file://./stub/extension/verify/legacy-email-missing-format.schema.json\"\n\tnoValidateSchemaPath = \"file://./stub/extension/verify/no-validate.schema.json\"\n)\n\nfunc TestSchemaExtensionVerification(t *testing.T) {\n\tnet.IP{}.IsPrivate()\n\tt.Run(\"address verification\", func(t *testing.T) {\n\t\tiid := x.NewUUID()\n\n\t\tfor _, tc := range []struct {\n\t\t\tname string\n\t\t\tschema string\n\t\t\texpectErr error\n\t\t\tdoc string\n\t\t\texisting []VerifiableAddress\n\t\t\texpect []VerifiableAddress\n\t\t}{\n\t\t\t{\n\t\t\t\tname: \"email:must create new address\",\n\t\t\t\tschema: emailSchemaPath,\n\t\t\t\tdoc: `{\"username\":\"foo@ory.sh\"}`,\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"email:must create new address because new and existing doesn't match\",\n\t\t\t\tschema: emailSchemaPath,\n\t\t\t\tdoc: `{\"username\":\"foo@ory.sh\"}`,\n\t\t\t\texisting: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"email:must find existing address in case of match\",\n\t\t\t\tschema: emailSchemaPath,\n\t\t\t\tdoc: `{\"emails\":[\"baz@ory.sh\",\"foo@ory.sh\"]}`,\n\t\t\t\texisting: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"baz@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"email:must return only one address in case of duplication\",\n\t\t\t\tschema: emailSchemaPath,\n\t\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"foo@ory.sh\",\"baz@ory.sh\"]}`,\n\t\t\t\texisting: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"baz@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"email:must return error for malformed input\",\n\t\t\t\tschema: emailSchemaPath,\n\t\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"bar@ory.sh\"], \"username\": \"foobar\"}`,\n\t\t\t\texpectErr: errors.New(\"I[#/username] S[#/properties/username/format] \\\"foobar\\\" is not valid \\\"email\\\"\"),\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"email:must merge email addresses from multiple attributes\",\n\t\t\t\tschema: emailSchemaPath,\n\t\t\t\tdoc: `{\"emails\":[\"foo@ory.sh\",\"bar@ory.sh\",\"bar@ory.sh\"], \"username\": \"foobar@ory.sh\"}`,\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foo@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"bar@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"foobar@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"phone:must create new address\",\n\t\t\t\tschema: phoneSchemaPath,\n\t\t\t\tdoc: `{\"username\":\"+18004444444\"}`,\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+18004444444\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"phone:must create new address because new and existing doesn't match\",\n\t\t\t\tschema: phoneSchemaPath,\n\t\t\t\tdoc: `{\"username\":\"+18004444444\"}`,\n\t\t\t\texisting: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+442087599036\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+18004444444\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"phone:must find existing addresses in case of match\",\n\t\t\t\tschema: phoneSchemaPath,\n\t\t\t\tdoc: `{\"phones\":[\"+18004444444\",\"+442087599036\"]}`,\n\t\t\t\texisting: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+442087599036\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+380634872774\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+442087599036\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+18004444444\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"phone:must return only one address in case of duplication\",\n\t\t\t\tschema: phoneSchemaPath,\n\t\t\t\tdoc: `{\"phones\": [\"+18004444444\",\"+18004444444\",\"+442087599036\"]}`,\n\t\t\t\texisting: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+18004444444\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+380634872774\",\n\t\t\t\t\t\tVerified: true,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusCompleted,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+18004444444\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+442087599036\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"phone:must merge phones from multiple attributes\",\n\t\t\t\tschema: phoneSchemaPath,\n\t\t\t\tdoc: `{\"phones\": [\"+18004444444\",\"+18004444444\",\"+442087599036\"], \"username\": \"+380634872774\"}`,\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+18004444444\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+442087599036\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+380634872774\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"phone:must return error for malformed input\",\n\t\t\t\tschema: phoneSchemaPath,\n\t\t\t\tdoc: `{\"phones\":[\"+18004444444\",\"+18004444444\",\"12112112\"], \"username\": \"+380634872774\"}`,\n\t\t\t\texpectErr: errors.New(\"I[#/phones/2] S[#/properties/phones/items/format] \\\"12112112\\\" is not valid \\\"tel\\\"\"),\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"missing format returns an error\",\n\t\t\t\tschema: missingFormatSchemaPath,\n\t\t\t\tdoc: `{\"phone\": \"+380634872774\"}`,\n\t\t\t\texpectErr: errors.New(\"I[#/phone] S[#/properties/phone/format] no format specified. A format is required if verification is enabled. If this was intentional, please set \\\"format\\\" to \\\"no-validate\\\"\"),\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"missing format works for email if format is missing\",\n\t\t\t\tschema: legacyEmailMissingFormatSchemaPath,\n\t\t\t\tdoc: `{\"email\": \"user@ory.sh\"}`,\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"user@ory.sh\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeEmail,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\tname: \"format: no-validate works\",\n\t\t\t\tschema: noValidateSchemaPath,\n\t\t\t\tdoc: `{\"phone\": \"not a phone number\"}`,\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"not a phone number\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t{\n\t\t\t\t// see https://github.com/ory/kratos/issues/3933\n\t\t\t\tname: \"phone:should parse +16453331111\",\n\t\t\t\tschema: phoneSchemaPath,\n\t\t\t\tdoc: `{\"phones\":[\"+16453331111\"]}`,\n\t\t\t\texpect: []VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: \"+16453331111\",\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\t\t\tVia: ChannelTypeSMS,\n\t\t\t\t\t\tIdentityID: iid,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t} {\n\t\t\tt.Run(fmt.Sprintf(\"case=%v\", tc.name), func(t *testing.T) {\n\t\t\t\tid := &Identity{ID: iid, VerifiableAddresses: tc.existing}\n\n\t\t\t\tc := jsonschema.NewCompiler()\n\n\t\t\t\trunner, err := schema.NewExtensionRunner(t.Context())\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\te := NewSchemaExtensionVerification(id, time.Minute)\n\t\t\t\trunner.AddRunner(e).Register(c)\n\n\t\t\t\terr = c.MustCompile(t.Context(), tc.schema).Validate(bytes.NewBufferString(tc.doc))\n\t\t\t\tif tc.expectErr != nil {\n\t\t\t\t\trequire.EqualError(t, err, tc.expectErr.Error())\n\t\t\t\t\treturn\n\t\t\t\t} else {\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t}\n\n\t\t\t\trequire.NoError(t, e.Finish())\n\n\t\t\t\taddresses := id.VerifiableAddresses\n\t\t\t\trequire.Len(t, addresses, len(tc.expect))\n\n\t\t\t\tmustContainAddress(t, tc.expect, addresses)\n\t\t\t})\n\t\t}\n\t})\n}\n\nfunc mustContainAddress(t *testing.T, expected, actual []VerifiableAddress) {\n\tfor _, act := range actual {\n\t\tvar found bool\n\t\tfor _, expect := range expected {\n\t\t\tif reflect.DeepEqual(act, expect) {\n\t\t\t\tfound = true\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t\tassert.True(t, found, \"%+v not in %+v\", act, expected)\n\t}\n}\n\nfunc TestMergeVerifiableAddresses(t *testing.T) {\n\tfor _, tt := range []struct {\n\t\tname string\n\t\tbase, overrides, expected []VerifiableAddress\n\t}{\n\t\t{\n\t\t\tname: \"empty base\",\n\t\t\tbase: []VerifiableAddress{},\n\t\t\toverrides: []VerifiableAddress{{\n\t\t\t\tValue: \"override@ory.sh\",\n\t\t\t\tVia: \"email\",\n\t\t\t}},\n\t\t\texpected: []VerifiableAddress{},\n\t\t}, {\n\t\t\tname: \"no overlap\",\n\t\t\tbase: []VerifiableAddress{{\n\t\t\t\tValue: \"base@ory.sh\",\n\t\t\t\tVia: \"email\",\n\t\t\t}},\n\t\t\toverrides: []VerifiableAddress{{\n\t\t\t\tValue: \"override@ory.sh\",\n\t\t\t\tVia: \"email\",\n\t\t\t}},\n\t\t\texpected: []VerifiableAddress{{\n\t\t\t\tValue: \"base@ory.sh\",\n\t\t\t\tVia: \"email\",\n\t\t\t}},\n\t\t}, {\n\t\t\tname: \"overrides\",\n\t\t\tbase: []VerifiableAddress{\n\t\t\t\t{Value: \"base@ory.sh\", Via: \"email\"},\n\t\t\t\t{Value: \"common-1-is-overwritten@ory.sh\", Via: \"email\"},\n\t\t\t\t{Value: \"common-2-is-ignored@ory.sh\", Via: \"no match\"},\n\t\t\t},\n\t\t\toverrides: []VerifiableAddress{\n\t\t\t\t{Value: \"common-1-is-overwritten@ory.sh\", Via: \"email\", Verified: true, Status: VerifiableAddressStatusCompleted},\n\t\t\t\t{Value: \"common-2-is-ignored@ory.sh\", Via: \"wrong via\"},\n\t\t\t\t{Value: \"override-only-is-ignored@ory.sh\", Via: \"email\"},\n\t\t\t},\n\t\t\texpected: []VerifiableAddress{\n\t\t\t\t{Value: \"base@ory.sh\", Via: \"email\"},\n\t\t\t\t{Value: \"common-1-is-overwritten@ory.sh\", Via: \"email\", Verified: true, Status: VerifiableAddressStatusCompleted},\n\t\t\t\t{Value: \"common-2-is-ignored@ory.sh\", Via: \"no match\"},\n\t\t\t},\n\t\t},\n\t} {\n\t\tt.Run(\"case=\"+tt.name, func(t *testing.T) {\n\t\t\tassert.Equal(t, tt.expected, merge(tt.base, tt.overrides))\n\t\t})\n\t}\n}\n" }, { "path": "identity/handler.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"io\"\n\t\"net/http\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/ory/kratos/x/nosurfx\"\n\t\"github.com/ory/kratos/x/redir\"\n\t\"github.com/ory/x/httprouterx\"\n\t\"github.com/ory/x/httpx\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/crdbx\"\n\t\"github.com/ory/x/pagination/keysetpagination\"\n\n\t\"github.com/ory/x/pagination/migrationpagination\"\n\t\"github.com/ory/x/pagination/pagepagination\"\n\t\"github.com/ory/x/sqlcon\"\n\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/kratos/x\"\n\n\t\"github.com/ory/kratos/cipher\"\n\n\t\"github.com/ory/herodot\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/decoderx\"\n\t\"github.com/ory/x/jsonx\"\n\t\"github.com/ory/x/openapix\"\n\t\"github.com/ory/x/sqlxx\"\n\t\"github.com/ory/x/urlx\"\n\n\t\"github.com/ory/kratos/driver/config\"\n)\n\nconst (\n\tRouteCollection = \"/identities\"\n\tRouteItem = RouteCollection + \"/{id}\"\n\tRouteCredentialItem = RouteItem + \"/credentials/{type}\"\n\n\tBatchPatchIdentitiesLimit = 1000\n\tBatchPatchIdentitiesWithPasswordLimit = 200\n)\n\ntype (\n\tdependencies interface {\n\t\tPoolProvider\n\t\tPrivilegedPoolProvider\n\t\tManagementProvider\n\t\thttpx.WriterProvider\n\t\tconfig.Provider\n\t\tnosurfx.CSRFProvider\n\t\tcipher.Provider\n\t\thash.HashProvider\n\t}\n\tHandlerProvider interface {\n\t\tIdentityHandler() *Handler\n\t}\n\tHandler struct{ r dependencies }\n)\n\nfunc NewHandler(r dependencies) *Handler { return &Handler{r: r} }\n\nfunc (h *Handler) RegisterPublicRoutes(public *httprouterx.RouterPublic) {\n\th.r.CSRFHandler().IgnoreGlobs(\n\t\tRouteCollection,\n\t\tRouteCollection+\"/*\",\n\t\tRouteCollection+\"/*/credentials/*\",\n\t\thttprouterx.AdminPrefix+RouteCollection,\n\t\thttprouterx.AdminPrefix+RouteCollection+\"/*\",\n\t\thttprouterx.AdminPrefix+RouteCollection+\"/*/credentials/*\",\n\t)\n\n\tpublic.GET(RouteCollection, redir.RedirectToAdminRoute(h.r))\n\tpublic.GET(RouteCollection+\"/by/external/{externalID}\", redir.RedirectToAdminRoute(h.r))\n\tpublic.GET(RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.DELETE(RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.POST(RouteCollection, redir.RedirectToAdminRoute(h.r))\n\tpublic.PUT(RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.PATCH(RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.DELETE(RouteCredentialItem, redir.RedirectToAdminRoute(h.r))\n\n\tpublic.GET(httprouterx.AdminPrefix+RouteCollection, redir.RedirectToAdminRoute(h.r))\n\tpublic.GET(httprouterx.AdminPrefix+RouteCollection+\"/by/external/{externalID}\", redir.RedirectToAdminRoute(h.r))\n\tpublic.GET(httprouterx.AdminPrefix+RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.DELETE(httprouterx.AdminPrefix+RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.POST(httprouterx.AdminPrefix+RouteCollection, redir.RedirectToAdminRoute(h.r))\n\tpublic.PUT(httprouterx.AdminPrefix+RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.PATCH(httprouterx.AdminPrefix+RouteItem, redir.RedirectToAdminRoute(h.r))\n\tpublic.DELETE(httprouterx.AdminPrefix+RouteCredentialItem, redir.RedirectToAdminRoute(h.r))\n}\n\nfunc (h *Handler) RegisterAdminRoutes(admin *httprouterx.RouterAdmin) {\n\tadmin.GET(RouteCollection, h.list)\n\tadmin.GET(RouteItem, h.get)\n\tadmin.GET(RouteCollection+\"/by/external/{externalID}\", h.getByExternalID)\n\tadmin.DELETE(RouteItem, h.delete)\n\tadmin.PATCH(RouteItem, h.patch)\n\n\tadmin.POST(RouteCollection, h.create)\n\tadmin.PATCH(RouteCollection, h.batchPatchIdentities)\n\tadmin.PUT(RouteItem, h.update)\n\n\tadmin.DELETE(RouteCredentialItem, h.deleteIdentityCredentials)\n}\n\n// Paginated Identity List Response\n//\n// swagger:response listIdentities\ntype _ struct {\n\tmigrationpagination.ResponseHeaderAnnotation\n\n\t// List of identities\n\t//\n\t// in:body\n\tBody []Identity\n}\n\n// Paginated List Identity Parameters\n//\n// Note: Filters cannot be combined.\n//\n// swagger:parameters listIdentities\ntype _ struct {\n\tmigrationpagination.RequestParameters\n\n\t// Retrieve multiple identities by their IDs.\n\t//\n\t// This parameter has the following limitations:\n\t//\n\t// - Duplicate or non-existent IDs are ignored.\n\t// - The order of returned IDs may be different from the request.\n\t// - This filter does not support pagination. You must implement your own pagination as the maximum number of items returned by this endpoint may not exceed a certain threshold (currently 500).\n\t//\n\t// required: false\n\t// in: query\n\tIdsFilter []string `json:\"ids\"`\n\n\t// CredentialsIdentifier is the identifier (username, email) of the credentials to look up using exact match.\n\t// Only one of CredentialsIdentifier and CredentialsIdentifierSimilar can be used.\n\t//\n\t// required: false\n\t// in: query\n\tCredentialsIdentifier string `json:\"credentials_identifier\"`\n\n\t// This is an EXPERIMENTAL parameter that WILL CHANGE. Do NOT rely on consistent, deterministic behavior.\n\t// THIS PARAMETER WILL BE REMOVED IN AN UPCOMING RELEASE WITHOUT ANY MIGRATION PATH.\n\t//\n\t// CredentialsIdentifierSimilar is the (partial) identifier (username, email) of the credentials to look up using similarity search.\n\t// Only one of CredentialsIdentifier and CredentialsIdentifierSimilar can be used.\n\t//\n\t// required: false\n\t// in: query\n\tCredentialsIdentifierSimilar string `json:\"preview_credentials_identifier_similar\"`\n\n\t// Include Credentials in Response\n\t//\n\t// Include any credential, for example `password` or `oidc`, in the response. When set to `oidc`, This will return\n\t// the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.\n\t//\n\t// required: false\n\t// in: query\n\tDeclassifyCredentials []string `json:\"include_credential\"`\n\n\t// List identities that belong to a specific organization.\n\t//\n\t// required: false\n\t// in: query\n\tOrganizationID string `json:\"organization_id\"`\n\n\tcrdbx.ConsistencyRequestParameters\n}\n\nfunc parseListIdentitiesParameters(r *http.Request) (params ListIdentityParameters, err error) {\n\tquery := r.URL.Query()\n\tvar requestedFilters int\n\n\tparams.Expand = ExpandDefault\n\n\tif ids := query[\"ids\"]; len(ids) > 0 {\n\t\trequestedFilters++\n\t\tfor _, v := range ids {\n\t\t\tid, err := uuid.FromString(v)\n\t\t\tif err != nil {\n\t\t\t\treturn params, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Invalid UUID value `%s` for parameter `ids`.\", v))\n\t\t\t}\n\t\t\tparams.IdsFilter = append(params.IdsFilter, id)\n\t\t}\n\t}\n\tif len(params.IdsFilter) > 500 {\n\t\treturn params, errors.WithStack(herodot.ErrBadRequest.WithReason(\"The number of ids to filter must not exceed 500.\"))\n\t}\n\n\tif orgID := query.Get(\"organization_id\"); orgID != \"\" {\n\t\trequestedFilters++\n\t\tparams.OrganizationID, err = uuid.FromString(orgID)\n\t\tif err != nil {\n\t\t\treturn params, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Invalid UUID value `%s` for parameter `organization_id`.\", orgID))\n\t\t}\n\t}\n\n\tif identifier := query.Get(\"credentials_identifier\"); identifier != \"\" {\n\t\trequestedFilters++\n\t\tparams.Expand = ExpandEverything\n\t\tparams.CredentialsIdentifier = identifier\n\t}\n\n\tif identifier := query.Get(\"preview_credentials_identifier_similar\"); identifier != \"\" {\n\t\trequestedFilters++\n\t\tparams.Expand = ExpandEverything\n\t\tparams.CredentialsIdentifierSimilar = identifier\n\t}\n\n\tfor _, v := range query[\"include_credential\"] {\n\t\tparams.Expand = ExpandEverything\n\t\ttc, ok := ParseCredentialsType(v)\n\t\tif !ok {\n\t\t\treturn params, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Invalid value `%s` for parameter `include_credential`.\", v))\n\t\t}\n\t\tparams.DeclassifyCredentials = append(params.DeclassifyCredentials, tc)\n\t}\n\n\tif requestedFilters > 1 {\n\t\treturn params, errors.WithStack(herodot.ErrBadRequest.WithReason(\"You cannot combine multiple filters in this API\"))\n\t}\n\n\tparams.KeySetPagination, params.PagePagination, err = x.ParseKeysetOrPagePagination(r)\n\tif err != nil {\n\t\treturn params, err\n\t}\n\tparams.ConsistencyLevel = crdbx.ConsistencyLevelFromRequest(r)\n\n\treturn params, nil\n}\n\n// swagger:route GET /admin/identities identity listIdentities\n//\n// # List Identities\n//\n// Lists all [identities](https://www.ory.sh/docs/kratos/concepts/identity-user-model) in the system. Note: filters cannot be combined.\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 200: listIdentities\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-medium\nfunc (h *Handler) list(w http.ResponseWriter, r *http.Request) {\n\tparams, err := parseListIdentitiesParameters(r)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tis, nextPage, err := h.r.IdentityPool().ListIdentities(r.Context(), params)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tif params.PagePagination != nil {\n\t\ttotal := int64(len(is))\n\t\tif params.CredentialsIdentifier == \"\" {\n\t\t\ttotal, err = h.r.IdentityPool().CountIdentities(r.Context())\n\t\t\tif err != nil {\n\t\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t\tu := *r.URL\n\t\tpagepagination.PaginationHeader(w, &u, total, params.PagePagination.Page, params.PagePagination.ItemsPerPage)\n\t} else if nextPage != nil {\n\t\tu := *r.URL\n\t\tkeysetpagination.Header(w, &u, nextPage)\n\t}\n\n\t// Identities using the marshaler for including metadata_admin\n\tisam := make([]WithCredentialsAndAdminMetadataInJSON, len(is))\n\tfor i, identity := range is {\n\t\temit, err := identity.WithDeclassifiedCredentials(r.Context(), h.r, params.DeclassifyCredentials)\n\t\tif err != nil {\n\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\treturn\n\t\t}\n\n\t\tisam[i] = WithCredentialsAndAdminMetadataInJSON(*emit)\n\t}\n\n\th.r.Writer().Write(w, r, isam)\n}\n\n// Get Identity Parameters\n//\n// swagger:parameters getIdentity\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype getIdentity struct {\n\t// ID must be set to the ID of identity you want to get\n\t//\n\t// required: true\n\t// in: path\n\tID string `json:\"id\"`\n\n\t// Include Credentials in Response\n\t//\n\t// Include any credential, for example `password` or `oidc`, in the response. When set to `oidc`, This will return\n\t// the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.\n\t//\n\t// required: false\n\t// in: query\n\tDeclassifyCredentials []CredentialsType `json:\"include_credential\"`\n}\n\n// Get Identity By External ID Parameters\n//\n// swagger:parameters getIdentityByExternalID\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype getIdentityByExternalID struct {\n\t// ExternalID must be set to the ID of identity you want to get\n\t//\n\t// required: true\n\t// in: path\n\tExternalID string `json:\"externalID\"`\n\n\t// Include Credentials in Response\n\t//\n\t// Include any credential, for example `password` or `oidc`, in the response. When set to `oidc`, This will return\n\t// the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.\n\t//\n\t// required: false\n\t// in: query\n\tDeclassifyCredentials []CredentialsType `json:\"include_credential\"`\n}\n\n// swagger:route GET /admin/identities/{id} identity getIdentity\n//\n// # Get an Identity\n//\n// Return an [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) by its ID. You can optionally\n// include credentials (e.g. social sign in connections) in the response by using the `include_credential` query parameter.\n//\n//\tConsumes:\n//\t- application/json\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 200: identity\n//\t 404: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-low\nfunc (h *Handler) get(w http.ResponseWriter, r *http.Request) {\n\ti, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), x.ParseUUID(r.PathValue(\"id\")))\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tincludeCredentials := r.URL.Query()[\"include_credential\"]\n\tvar declassify []CredentialsType\n\tfor _, v := range includeCredentials {\n\t\ttc, ok := ParseCredentialsType(v)\n\t\tif ok {\n\t\t\tdeclassify = append(declassify, tc)\n\t\t} else {\n\t\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Invalid value `%s` for parameter `include_credential`.\", declassify)))\n\t\t\treturn\n\t\t}\n\t}\n\n\temit, err := i.WithDeclassifiedCredentials(r.Context(), h.r, declassify)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\th.r.Writer().Write(w, r, WithCredentialsAndAdminMetadataInJSON(*emit))\n}\n\n// swagger:route GET /admin/identities/by/external/{externalID} identity getIdentityByExternalID\n//\n// # Get an Identity by its External ID\n//\n// Return an [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) by its external ID. You can optionally\n// include credentials (e.g. social sign in connections) in the response by using the `include_credential` query parameter.\n//\n//\tConsumes:\n//\t- application/json\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 200: identity\n//\t 404: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-medium\nfunc (h *Handler) getByExternalID(w http.ResponseWriter, r *http.Request) {\n\texternalID := r.PathValue(\"externalID\")\n\tif externalID == \"\" {\n\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReason(\"The external ID must not be empty.\")))\n\t\treturn\n\t}\n\ti, err := h.r.PrivilegedIdentityPool().FindIdentityByExternalID(r.Context(), externalID, ExpandEverything)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tincludeCredentials := r.URL.Query()[\"include_credential\"]\n\tvar declassify []CredentialsType\n\tfor _, v := range includeCredentials {\n\t\ttc, ok := ParseCredentialsType(v)\n\t\tif ok {\n\t\t\tdeclassify = append(declassify, tc)\n\t\t} else {\n\t\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Invalid value `%s` for parameter `include_credential`.\", declassify)))\n\t\t\treturn\n\t\t}\n\t}\n\n\temit, err := i.WithDeclassifiedCredentials(r.Context(), h.r, declassify)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\th.r.Writer().Write(w, r, WithCredentialsAndAdminMetadataInJSON(*emit))\n}\n\n// Create Identity Parameters\n//\n// swagger:parameters createIdentity\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype createIdentity struct {\n\t// in: body\n\tBody CreateIdentityBody\n}\n\n// Create Identity Body\n//\n// swagger:model createIdentityBody\ntype CreateIdentityBody struct {\n\t// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.\n\t//\n\t// required: true\n\tSchemaID string `json:\"schema_id\"`\n\n\t// Traits represent an identity's traits. The identity is able to create, modify, and delete traits\n\t// in a self-service manner. The input will always be validated against the JSON Schema defined\n\t// in `schema_url`.\n\t//\n\t// required: true\n\tTraits json.RawMessage `json:\"traits\"`\n\n\t// Credentials represents all credentials that can be used for authenticating this identity.\n\t//\n\t// Use this structure to import credentials for a user.\n\tCredentials *IdentityWithCredentials `json:\"credentials\"`\n\n\t// VerifiableAddresses contains all the addresses that can be verified by the user.\n\t//\n\t// Use this structure to import verified addresses for an identity. Please keep in mind\n\t// that the address needs to be represented in the Identity Schema or this field will be overwritten\n\t// on the next identity update.\n\tVerifiableAddresses []VerifiableAddress `json:\"verifiable_addresses\"`\n\n\t// RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\t//\n\t// Use this structure to import recovery addresses for an identity. Please keep in mind\n\t// that the address needs to be represented in the Identity Schema or this field will be overwritten\n\t// on the next identity update.\n\tRecoveryAddresses []RecoveryAddress `json:\"recovery_addresses\"`\n\n\t// Store metadata about the identity which the identity itself can see when calling for example the\n\t// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.\n\tMetadataPublic json.RawMessage `json:\"metadata_public\"`\n\n\t// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`.\n\tMetadataAdmin json.RawMessage `json:\"metadata_admin,omitempty\"`\n\n\t// State is the identity's state.\n\t//\n\t// required: false\n\tState State `json:\"state\"`\n\n\t// OrganizationID is the ID of the organization to which the identity belongs.\n\t//\n\t// required: false\n\tOrganizationID uuid.NullUUID `json:\"organization_id\"`\n\n\t// ExternalID is an optional external ID of the identity. This is used to link\n\t// the identity to an external system. If set, the external ID must be unique\n\t// across all identities.\n\t//\n\t// required: false\n\tExternalID string `json:\"external_id,omitempty\"`\n}\n\n// Create Identity and Import Credentials\n//\n// swagger:model identityWithCredentials\ntype IdentityWithCredentials struct {\n\t// Password if set will import a password credential.\n\tPassword *AdminIdentityImportCredentialsPassword `json:\"password\"`\n\n\t// OIDC if set will import an OIDC credential.\n\tOIDC *AdminIdentityImportCredentialsOIDC `json:\"oidc\"`\n\n\t// OIDC if set will import an OIDC credential.\n\tSAML *AdminIdentityImportCredentialsSAML `json:\"saml\"`\n}\n\n// Create Identity and Import Password Credentials\n//\n// swagger:model identityWithCredentialsPassword\ntype AdminIdentityImportCredentialsPassword struct {\n\t// Configuration options for the import.\n\tConfig AdminIdentityImportCredentialsPasswordConfig `json:\"config\"`\n}\n\n// Create Identity and Import Password Credentials Configuration\n//\n// swagger:model identityWithCredentialsPasswordConfig\ntype AdminIdentityImportCredentialsPasswordConfig struct {\n\t// The hashed password in [PHC format](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#hashed-passwords)\n\tHashedPassword string `json:\"hashed_password\"`\n\n\t// The password in plain text if no hash is available.\n\tPassword string `json:\"password\"`\n\n\t// If set to true, the password will be migrated using the password migration hook.\n\tUsePasswordMigrationHook bool `json:\"use_password_migration_hook,omitempty\"`\n}\n\n// Create Identity and Import Social Sign In Credentials\n//\n// swagger:model identityWithCredentialsOidc\ntype AdminIdentityImportCredentialsOIDC struct {\n\t// Configuration options for the import.\n\tConfig AdminIdentityImportCredentialsOIDCConfig `json:\"config\"`\n}\n\n// swagger:model identityWithCredentialsOidcConfig\ntype AdminIdentityImportCredentialsOIDCConfig struct {\n\t// A list of OpenID Connect Providers\n\tProviders []AdminCreateIdentityImportCredentialsOIDCProvider `json:\"providers\"`\n}\n\n// Create Identity and Import Social Sign In Credentials Configuration\n//\n// swagger:model identityWithCredentialsOidcConfigProvider\ntype AdminCreateIdentityImportCredentialsOIDCProvider struct {\n\t// The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token.\n\t//\n\t// required: true\n\tSubject string `json:\"subject\"`\n\n\t// The OpenID Connect provider to link the subject to. Usually something like `google` or `github`.\n\t//\n\t// required: true\n\tProvider string `json:\"provider\"`\n\n\t// If set, this credential allows the user to sign in using the OpenID Connect provider without setting the subject first.\n\t//\n\t// required: false\n\tUseAutoLink bool `json:\"use_auto_link,omitempty\"`\n\n\t// The organization to assign for the provider.\n\tOrganization uuid.NullUUID `json:\"organization,omitempty\"`\n}\n\n// Payload to import SAML credentials\n//\n// swagger:model identityWithCredentialsSaml\ntype AdminIdentityImportCredentialsSAML struct {\n\t// Configuration options for the import.\n\tConfig AdminIdentityImportCredentialsSAMLConfig `json:\"config\"`\n}\n\n// Payload of SAML providers\n//\n// swagger:model identityWithCredentialsSamlConfig\ntype AdminIdentityImportCredentialsSAMLConfig struct {\n\t// A list of SAML Providers\n\tProviders []AdminCreateIdentityImportCredentialsSAMLProvider `json:\"providers\"`\n}\n\n// Payload of specific SAML provider\n//\n// swagger:model identityWithCredentialsSamlConfigProvider\ntype AdminCreateIdentityImportCredentialsSAMLProvider struct {\n\t// The unique subject of the SAML connection. This value must be immutable at the source.\n\t//\n\t// required: true\n\tSubject string `json:\"subject\"`\n\n\t// The SAML provider to link the subject to.\n\t//\n\t// required: true\n\tProvider string `json:\"provider\"`\n\n\t// The organization to assign for the provider.\n\tOrganization uuid.NullUUID `json:\"organization\"`\n}\n\n// swagger:route POST /admin/identities identity createIdentity\n//\n// # Create an Identity\n//\n// Create an [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model). This endpoint can also be used to\n// [import credentials](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities)\n// for instance passwords, social sign in configurations or multifactor methods.\n//\n//\tConsumes:\n//\t- application/json\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 201: identity\n//\t 400: errorGeneric\n//\t 409: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-high\nfunc (h *Handler) create(w http.ResponseWriter, r *http.Request) {\n\tvar cr CreateIdentityBody\n\tif err := jsonx.NewStrictDecoder(r.Body).Decode(&cr); err != nil {\n\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithError(err.Error())))\n\t\treturn\n\t}\n\n\ti, err := h.identityFromCreateIdentityBody(r.Context(), &cr)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tif err := h.r.IdentityManager().Create(r.Context(), i); err != nil {\n\t\tif errors.Is(err, sqlcon.ErrUniqueViolation) {\n\t\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrConflict.WithReason(\"This identity conflicts with another identity that already exists.\")))\n\t\t} else {\n\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t}\n\t\treturn\n\t}\n\n\th.r.Writer().WriteCreated(w, r,\n\t\turlx.AppendPaths(\n\t\t\th.r.Config().SelfAdminURL(r.Context()),\n\t\t\t\"identities\",\n\t\t\ti.ID.String(),\n\t\t).String(),\n\t\tWithCredentialsNoConfigAndAdminMetadataInJSON(*i),\n\t)\n}\n\nfunc (h *Handler) identityFromCreateIdentityBody(ctx context.Context, cr *CreateIdentityBody) (*Identity, error) {\n\tstateChangedAt := sqlxx.NullTime(time.Now())\n\tstate := StateActive\n\tif cr.State != \"\" {\n\t\tif err := cr.State.IsValid(); err != nil {\n\t\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"%s\", err).WithWrap(err))\n\t\t}\n\t\tstate = cr.State\n\t}\n\n\ti := &Identity{\n\t\tSchemaID: cr.SchemaID,\n\t\tTraits: []byte(cr.Traits),\n\t\tState: state,\n\t\tStateChangedAt: &stateChangedAt,\n\t\tVerifiableAddresses: cr.VerifiableAddresses,\n\t\tRecoveryAddresses: cr.RecoveryAddresses,\n\t\tMetadataAdmin: []byte(cr.MetadataAdmin),\n\t\tMetadataPublic: []byte(cr.MetadataPublic),\n\t\tOrganizationID: cr.OrganizationID,\n\t\tExternalID: sqlxx.NullString(cr.ExternalID),\n\t}\n\t// Lowercase all emails, because the schema extension will otherwise not find them.\n\tfor k := range i.VerifiableAddresses {\n\t\ti.VerifiableAddresses[k].Value = strings.ToLower(i.VerifiableAddresses[k].Value)\n\t}\n\tfor k := range i.RecoveryAddresses {\n\t\ti.RecoveryAddresses[k].Value = strings.ToLower(i.RecoveryAddresses[k].Value)\n\t}\n\n\tif err := h.importCredentials(ctx, i, cr.Credentials); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn i, nil\n}\n\n// swagger:route PATCH /admin/identities identity batchPatchIdentities\n//\n// # Create multiple identities\n//\n// Creates multiple [identities](https://www.ory.com/docs/kratos/concepts/identity-user-model).\n//\n// You can also use this endpoint to [import credentials](https://www.ory.com/docs/kratos/manage-identities/import-user-accounts-identities),\n// including passwords, social sign-in settings, and multi-factor authentication methods.\n//\n// If the patch includes hashed passwords you can import up to 1,000 identities per request.\n//\n// If the patch includes at least one plaintext password you can import up to 200 identities per request.\n//\n// Avoid importing large batches with plaintext passwords. They can cause timeouts as the passwords need to be hashed before they are stored.\n//\n// If at least one identity is imported successfully, the response status is 200 OK.\n// If all imports fail, the response is one of the following 4xx errors:\n// - 400 Bad Request: The request payload is invalid or improperly formatted.\n// - 409 Conflict: Duplicate identities or conflicting data were detected.\n//\n// If you get a 504 Gateway Timeout:\n// - Reduce the batch size\n// - Avoid duplicate identities\n// - Pre-hash passwords with BCrypt\n//\n// If the issue persists, contact support.\n//\n//\tConsumes:\n//\t- application/json\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 200: batchPatchIdentitiesResponse\n//\t 400: errorGeneric\n//\t 409: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-high\nfunc (h *Handler) batchPatchIdentities(w http.ResponseWriter, r *http.Request) {\n\tvar (\n\t\treq BatchPatchIdentitiesBody\n\t\tres batchPatchIdentitiesResponse\n\t)\n\tif err := jsonx.NewStrictDecoder(r.Body).Decode(&req); err != nil {\n\t\th.r.Writer().WriteErrorCode(w, r, http.StatusBadRequest, errors.WithStack(err))\n\t\treturn\n\t}\n\n\tif len(req.Identities) > BatchPatchIdentitiesLimit {\n\t\th.r.Writer().WriteErrorCode(w, r, http.StatusBadRequest,\n\t\t\terrors.WithStack(herodot.ErrBadRequest.WithReasonf(\n\t\t\t\t\"The maximum number of identities per request that can be created or deleted at once is %d.\",\n\t\t\t\tBatchPatchIdentitiesLimit)))\n\t\treturn\n\t}\n\n\tres.Identities = make([]*BatchIdentityPatchResponse, len(req.Identities))\n\t// Array to look up the index of the identity in the identities array.\n\tindexInIdentities := make([]*int, len(req.Identities))\n\tidentities := make([]*Identity, 0, len(req.Identities))\n\n\tvar withUnHashedPasswordCount int\n\tfor i, patch := range req.Identities {\n\t\tif patch.Create != nil {\n\t\t\tres.Identities[i] = &BatchIdentityPatchResponse{\n\t\t\t\tAction: ActionCreate,\n\t\t\t\tPatchID: patch.ID,\n\t\t\t}\n\t\t\tidentity, err := h.identityFromCreateIdentityBody(r.Context(), patch.Create)\n\t\t\tif err != nil {\n\t\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tidentities = append(identities, identity)\n\t\t\tidx := len(identities) - 1\n\t\t\tindexInIdentities[i] = &idx\n\n\t\t\tif patch.Create.Credentials != nil && patch.Create.Credentials.Password != nil &&\n\t\t\t\tpatch.Create.Credentials.Password.Config.Password != \"\" {\n\t\t\t\twithUnHashedPasswordCount++\n\t\t\t}\n\t\t}\n\t}\n\n\tif withUnHashedPasswordCount > BatchPatchIdentitiesWithPasswordLimit {\n\t\th.r.Writer().WriteErrorCode(w, r, http.StatusBadRequest,\n\t\t\terrors.WithStack(herodot.ErrBadRequest.WithReasonf(\n\t\t\t\t\"The maximum number of identities per request that can be created with a plaintext password is %d.\",\n\t\t\t\tBatchPatchIdentitiesWithPasswordLimit)))\n\t\treturn\n\t}\n\n\terr := h.r.IdentityManager().CreateIdentities(r.Context(), identities)\n\tpartialErr := new(CreateIdentitiesError)\n\tif err != nil && !errors.As(err, &partialErr) {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\tfor resIdx, identitiesIdx := range indexInIdentities {\n\t\tif identitiesIdx != nil {\n\t\t\tident := identities[*identitiesIdx]\n\t\t\t// Check if the identity was created successfully.\n\t\t\tif failed := partialErr.Find(ident); failed != nil {\n\t\t\t\tres.Identities[resIdx].Action = ActionError\n\t\t\t\tres.Identities[resIdx].Error = failed.Error\n\t\t\t} else {\n\t\t\t\tres.Identities[resIdx].IdentityID = &ident.ID\n\t\t\t}\n\t\t}\n\t}\n\n\th.r.Writer().Write(w, r, &res)\n}\n\n// Update Identity Parameters\n//\n// swagger:parameters updateIdentity\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype updateIdentity struct {\n\t// ID must be set to the ID of identity you want to update\n\t//\n\t// required: true\n\t// in: path\n\tID string `json:\"id\"`\n\n\t// in: body\n\tBody UpdateIdentityBody\n}\n\n// Update Identity Body\n//\n// swagger:model updateIdentityBody\ntype UpdateIdentityBody struct {\n\t// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\n\t// will update the Identity's SchemaID.\n\t//\n\t// required: true\n\tSchemaID string `json:\"schema_id\"`\n\n\t// Traits represent an identity's traits. The identity is able to create, modify, and delete traits\n\t// in a self-service manner. The input will always be validated against the JSON Schema defined\n\t// in `schema_id`.\n\t//\n\t// required: true\n\tTraits json.RawMessage `json:\"traits\"`\n\n\t// Credentials represents all credentials that can be used for authenticating this identity.\n\t//\n\t// Use this structure to import credentials for a user.\n\t// Note: this wil override completely identity's credentials. If used incorrectly, this can cause a user to lose\n\t// access to their account!\n\tCredentials *IdentityWithCredentials `json:\"credentials\"`\n\n\t// Store metadata about the identity which the identity itself can see when calling for example the\n\t// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.\n\tMetadataPublic json.RawMessage `json:\"metadata_public\"`\n\n\t// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`.\n\tMetadataAdmin json.RawMessage `json:\"metadata_admin,omitempty\"`\n\n\t// State is the identity's state.\n\t//\n\t// required: true\n\tState State `json:\"state\"`\n\n\t// ExternalID is an optional external ID of the identity. This is used to link\n\t// the identity to an external system. If set, the external ID must be unique\n\t// across all identities.\n\t//\n\t// required: false\n\tExternalID string `json:\"external_id,omitempty\"`\n}\n\n// swagger:route PUT /admin/identities/{id} identity updateIdentity\n//\n// # Update an Identity\n//\n// This endpoint updates an [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model). The full identity\n// payload, except credentials, is expected. For partial updates, use the [patchIdentity](https://www.ory.sh/docs/reference/api#tag/identity/operation/patchIdentity) operation.\n//\n// A credential can be provided via the `credentials` field in the request body.\n// If provided, the credentials will be imported and added to the existing credentials of the identity.\n//\n//\tConsumes:\n//\t- application/json\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 200: identity\n//\t 400: errorGeneric\n//\t 404: errorGeneric\n//\t 409: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-high\nfunc (h *Handler) update(w http.ResponseWriter, r *http.Request) {\n\tvar ur UpdateIdentityBody\n\tif err := decoderx.Decode(r, &ur,\n\t\tdecoderx.HTTPJSONDecoder()); err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tid := x.ParseUUID(r.PathValue(\"id\"))\n\tidentity, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), id)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tif ur.SchemaID != \"\" {\n\t\tidentity.SchemaID = ur.SchemaID\n\t}\n\n\tif ur.State != \"\" && identity.State != ur.State {\n\t\tif err := ur.State.IsValid(); err != nil {\n\t\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"%s\", err).WithWrap(err)))\n\t\t\treturn\n\t\t}\n\n\t\tstateChangedAt := sqlxx.NullTime(time.Now())\n\n\t\tidentity.State = ur.State\n\t\tidentity.StateChangedAt = &stateChangedAt\n\t}\n\n\tidentity.Traits = []byte(ur.Traits)\n\tidentity.MetadataPublic = []byte(ur.MetadataPublic)\n\tidentity.MetadataAdmin = []byte(ur.MetadataAdmin)\n\tidentity.ExternalID = sqlxx.NullString(ur.ExternalID)\n\n\t// Although this is PUT and not PATCH, if the Credentials are not supplied keep the old one\n\tif ur.Credentials != nil {\n\t\tif err := h.importCredentials(r.Context(), identity, ur.Credentials); err != nil {\n\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\treturn\n\t\t}\n\t}\n\n\tif err := h.r.IdentityManager().Update(\n\t\tr.Context(),\n\t\tidentity,\n\t\tManagerAllowWriteProtectedTraits,\n\t); err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\th.r.Writer().Write(w, r, WithCredentialsNoConfigAndAdminMetadataInJSON(*identity))\n}\n\n// Delete Identity Parameters\n//\n// swagger:parameters deleteIdentity\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype deleteIdentity struct {\n\t// ID is the identity's ID.\n\t//\n\t// required: true\n\t// in: path\n\tID string `json:\"id\"`\n}\n\n// swagger:route DELETE /admin/identities/{id} identity deleteIdentity\n//\n// # Delete an Identity\n//\n// Calling this endpoint irrecoverably and permanently deletes the [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) given its ID. This action can not be undone.\n// This endpoint returns 204 when the identity was deleted or 404 if the identity was not found.\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 204: emptyResponse\n//\t 404: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-high\nfunc (h *Handler) delete(w http.ResponseWriter, r *http.Request) {\n\tif err := h.r.PrivilegedIdentityPool().DeleteIdentity(r.Context(), x.ParseUUID(r.PathValue(\"id\"))); err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tw.WriteHeader(http.StatusNoContent)\n}\n\n// Patch Identity Parameters\n//\n// swagger:parameters patchIdentity\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype patchIdentity struct {\n\t// ID must be set to the ID of identity you want to update\n\t//\n\t// required: true\n\t// in: path\n\tID string `json:\"id\"`\n\n\t// in: body\n\tBody openapix.JSONPatchDocument\n}\n\n// swagger:route PATCH /admin/identities/{id} identity patchIdentity\n//\n// # Patch an Identity\n//\n// Partially updates an [identity's](https://www.ory.sh/docs/kratos/concepts/identity-user-model) field using [JSON Patch](https://jsonpatch.com/).\n// The fields `id`, `stateChangedAt` and `credentials` can not be updated using this method.\n//\n//\tConsumes:\n//\t- application/json\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 200: identity\n//\t 400: errorGeneric\n//\t 404: errorGeneric\n//\t 409: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-high\nfunc (h *Handler) patch(w http.ResponseWriter, r *http.Request) {\n\trequestBody, err := io.ReadAll(r.Body)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tid := x.ParseUUID(r.PathValue(\"id\"))\n\tidentity, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), id)\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\toldState := identity.State\n\n\tpatchedIdentity, err := jsonx.ApplyJSONPatch(requestBody, WithCredentialsAndAdminMetadataInJSON(*identity), \"/id\", \"/stateChangedAt\", \"/credentials\", \"/credentials/oidc/**\")\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, errors.WithStack(\n\t\t\therodot.\n\t\t\t\tErrBadRequest.\n\t\t\t\tWithReasonf(\"An error occured when applying the JSON patch\").\n\t\t\t\tWithErrorf(\"%v\", err).\n\t\t\t\tWithWrap(err),\n\t\t))\n\t\treturn\n\t}\n\n\tif oldState != patchedIdentity.State {\n\t\t// Check if the changed state was actually valid\n\t\tif err := patchedIdentity.State.IsValid(); err != nil {\n\t\t\th.r.Writer().WriteError(w, r, errors.WithStack(\n\t\t\t\therodot.\n\t\t\t\t\tErrBadRequest.\n\t\t\t\t\tWithReasonf(\"The supplied state ('%s') was not valid. Valid states are ('%s', '%s').\", string(patchedIdentity.State), StateActive, StateInactive).\n\t\t\t\t\tWithErrorf(\"%v\", err).\n\t\t\t\t\tWithWrap(err),\n\t\t\t))\n\t\t\treturn\n\t\t}\n\n\t\t// If the state changed, we need to update the timestamp of it\n\t\tstateChangedAt := sqlxx.NullTime(time.Now())\n\t\tpatchedIdentity.StateChangedAt = &stateChangedAt\n\t}\n\n\tupdatedIdentity := Identity(patchedIdentity)\n\n\tif err := h.r.IdentityManager().Update(\n\t\tr.Context(),\n\t\t&updatedIdentity,\n\t\tManagerAllowWriteProtectedTraits,\n\t); err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\th.r.Writer().Write(w, r, WithCredentialsNoConfigAndAdminMetadataInJSON(updatedIdentity))\n}\n\n// Delete Credential Parameters\n//\n// swagger:parameters deleteIdentityCredentials\ntype _ struct {\n\t// ID is the identity's ID.\n\t//\n\t// required: true\n\t// in: path\n\tID string `json:\"id\"`\n\n\t// Type is the type of credentials to delete.\n\t//\n\t// required: true\n\t// in: path\n\tType CredentialsType `json:\"type\"`\n\n\t// Identifier is the identifier of the OIDC/SAML credential to delete.\n\t// Find the identifier by calling the `GET /admin/identities/{id}?include_credential={oidc,saml}` endpoint.\n\t//\n\t// required: false\n\t// in: query\n\tIdentifier string `json:\"identifier\"`\n}\n\n// swagger:route DELETE /admin/identities/{id}/credentials/{type} identity deleteIdentityCredentials\n//\n// # Delete a credential for a specific identity\n//\n// Delete an [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) credential by its type.\n// You cannot delete passkeys or code auth credentials through this API.\n//\n//\tConsumes:\n//\t- application/json\n//\n//\tProduces:\n//\t- application/json\n//\n//\tSchemes: http, https\n//\n//\tSecurity:\n//\t oryAccessToken:\n//\n//\tResponses:\n//\t 204: emptyResponse\n//\t 404: errorGeneric\n//\t default: errorGeneric\n//\n//\tExtensions:\n//\t x-ory-ratelimit-bucket: kratos-admin-high\nfunc (h *Handler) deleteIdentityCredentials(w http.ResponseWriter, r *http.Request) {\n\tctx := r.Context()\n\tidentity, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(ctx, x.ParseUUID(r.PathValue(\"id\")))\n\tif err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tcred, ok := identity.GetCredentials(CredentialsType(r.PathValue(\"type\")))\n\tif !ok {\n\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrNotFound.WithReasonf(\"You tried to remove a %s but this user have no %s set up.\", r.PathValue(\"type\"), r.PathValue(\"type\"))))\n\t\treturn\n\t}\n\n\tswitch cred.Type {\n\tcase CredentialsTypeLookup, CredentialsTypeTOTP:\n\t\tidentity.DeleteCredentialsType(cred.Type)\n\tcase CredentialsTypeWebAuthn:\n\t\tif err = identity.deleteCredentialWebAuthFromIdentity(); err != nil {\n\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\treturn\n\t\t}\n\tcase CredentialsTypePassword, CredentialsTypeOIDC, CredentialsTypeSAML:\n\t\tfirstFactor, err := h.r.IdentityManager().CountActiveFirstFactorCredentials(ctx, identity)\n\t\tif err != nil {\n\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\treturn\n\t\t}\n\t\tif firstFactor < 2 {\n\t\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReason(\"You cannot remove the last first factor credential.\")))\n\t\t\treturn\n\t\t}\n\t\tswitch cred.Type {\n\t\tcase CredentialsTypePassword:\n\t\t\tif err := identity.deleteCredentialPassword(); err != nil {\n\t\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\tcase CredentialsTypeOIDC, CredentialsTypeSAML:\n\t\t\tif err := identity.deleteCredentialOIDCSAMLFromIdentity(cred.Type, r.URL.Query().Get(\"identifier\")); err != nil {\n\t\t\t\th.r.Writer().WriteError(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\tdefault:\n\t\t// A bunch of credential type deletions are not yet implemented, e.g. passkeys, etc.\n\t\th.r.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Credentials type %s cannot be deleted.\", cred.Type)))\n\t\treturn\n\t}\n\n\tif err := h.r.IdentityManager().Update(\n\t\tctx,\n\t\tidentity,\n\t\tManagerAllowWriteProtectedTraits,\n\t); err != nil {\n\t\th.r.Writer().WriteError(w, r, err)\n\t\treturn\n\t}\n\n\tw.WriteHeader(http.StatusNoContent)\n}\n" }, { "path": "identity/handler_import.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/kratos/x\"\n)\n\nfunc (h *Handler) importCredentials(ctx context.Context, i *Identity, creds *IdentityWithCredentials) error {\n\tif creds == nil {\n\t\treturn nil\n\t}\n\n\t// This method only support password and OIDC import at the moment.\n\t// If other methods are added please ensure that the available AAL is set correctly in the identity.\n\t//\n\t// It would actually be good if we would validate the identity post-creation to see if the credentials are working.\n\tif creds.Password != nil {\n\t\t// This method is somewhat hacky, because it does not set the credential's identifier. It relies on the\n\t\t// identity validation to set the identifier, which is called after this method.\n\t\t//\n\t\t// It would be good to make this explicit.\n\t\tif err := h.importPasswordCredentials(ctx, i, creds.Password); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tif creds.OIDC != nil {\n\t\tif err := h.importOIDCCredentials(ctx, i, creds.OIDC); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tif creds.SAML != nil {\n\t\tif err := h.importSAMLCredentials(ctx, i, creds.SAML); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (h *Handler) importPasswordCredentials(ctx context.Context, i *Identity, creds *AdminIdentityImportCredentialsPassword) (err error) {\n\tif creds.Config.UsePasswordMigrationHook {\n\t\treturn i.SetCredentialsWithConfig(CredentialsTypePassword, Credentials{}, CredentialsPassword{UsePasswordMigrationHook: true})\n\t}\n\n\t// In here we deliberately ignore any password policies as the point here is to import passwords, even if they\n\t// are not matching the policy, as the user needs to able to sign in with their old password.\n\thashed := []byte(creds.Config.HashedPassword)\n\tif len(creds.Config.Password) > 0 {\n\t\t// Importing a clear text password\n\t\thashed, err = h.r.Hasher(ctx).Generate(ctx, []byte(creds.Config.Password))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcreds.Config.HashedPassword = string(hashed)\n\t}\n\n\tif !(hash.IsValidHashFormat(hashed)) {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"The imported password does not match any known hash format. For more information see https://www.ory.sh/dr/2\"))\n\t}\n\n\treturn i.SetCredentialsWithConfig(CredentialsTypePassword, Credentials{}, CredentialsPassword{HashedPassword: string(hashed)})\n}\n\nfunc (h *Handler) importOIDCCredentials(_ context.Context, i *Identity, creds *AdminIdentityImportCredentialsOIDC) error {\n\tvar target CredentialsOIDC\n\tc, ok := i.GetCredentials(CredentialsTypeOIDC)\n\tif !ok {\n\t\tvar providers []CredentialsOIDCProvider\n\t\tvar ids []string\n\t\tfor _, p := range creds.Config.Providers {\n\t\t\tids = append(ids, OIDCUniqueID(p.Provider, p.Subject))\n\t\t\tprovider := CredentialsOIDCProvider{\n\t\t\t\tSubject: p.Subject,\n\t\t\t\tProvider: p.Provider,\n\t\t\t\tUseAutoLink: p.UseAutoLink,\n\t\t\t}\n\t\t\tif p.Organization.Valid {\n\t\t\t\tprovider.Organization = p.Organization.UUID.String()\n\t\t\t}\n\t\t\tproviders = append(providers, provider)\n\t\t}\n\n\t\treturn i.SetCredentialsWithConfig(\n\t\t\tCredentialsTypeOIDC,\n\t\t\tCredentials{Identifiers: ids},\n\t\t\tCredentialsOIDC{Providers: providers},\n\t\t)\n\t}\n\n\tif err := json.Unmarshal(c.Config, &target); err != nil {\n\t\treturn errors.WithStack(x.PseudoPanic.WithWrap(err))\n\t}\n\n\tfor _, p := range creds.Config.Providers {\n\t\tc.Identifiers = append(c.Identifiers, OIDCUniqueID(p.Provider, p.Subject))\n\t\tprovider := CredentialsOIDCProvider{\n\t\t\tSubject: p.Subject,\n\t\t\tProvider: p.Provider,\n\t\t\tUseAutoLink: p.UseAutoLink,\n\t\t}\n\t\tif p.Organization.Valid {\n\t\t\tprovider.Organization = p.Organization.UUID.String()\n\t\t}\n\t\ttarget.Providers = append(target.Providers, provider)\n\t}\n\treturn i.SetCredentialsWithConfig(CredentialsTypeOIDC, *c, &target)\n}\n\nfunc (h *Handler) importSAMLCredentials(_ context.Context, i *Identity, creds *AdminIdentityImportCredentialsSAML) error {\n\tvar target CredentialsOIDC\n\tc, ok := i.GetCredentials(CredentialsTypeSAML)\n\tif !ok {\n\t\tvar providers []CredentialsOIDCProvider\n\t\tvar ids []string\n\t\tfor _, p := range creds.Config.Providers {\n\t\t\tids = append(ids, OIDCUniqueID(p.Provider, p.Subject))\n\t\t\tprovider := CredentialsOIDCProvider{\n\t\t\t\tSubject: p.Subject,\n\t\t\t\tProvider: p.Provider,\n\t\t\t}\n\t\t\tif p.Organization.Valid {\n\t\t\t\tprovider.Organization = p.Organization.UUID.String()\n\t\t\t}\n\t\t\tproviders = append(providers, provider)\n\t\t}\n\n\t\treturn i.SetCredentialsWithConfig(\n\t\t\tCredentialsTypeSAML,\n\t\t\tCredentials{Identifiers: ids},\n\t\t\tCredentialsOIDC{Providers: providers},\n\t\t)\n\t}\n\n\tif err := json.Unmarshal(c.Config, &target); err != nil {\n\t\treturn errors.WithStack(x.PseudoPanic.WithWrap(err))\n\t}\n\n\tfor _, p := range creds.Config.Providers {\n\t\tc.Identifiers = append(c.Identifiers, OIDCUniqueID(p.Provider, p.Subject))\n\t\tprovider := CredentialsOIDCProvider{\n\t\t\tSubject: p.Subject,\n\t\t\tProvider: p.Provider,\n\t\t}\n\t\tif p.Organization.Valid {\n\t\t\tprovider.Organization = p.Organization.UUID.String()\n\t\t}\n\t\ttarget.Providers = append(target.Providers, provider)\n\t}\n\treturn i.SetCredentialsWithConfig(CredentialsTypeSAML, *c, &target)\n}\n" }, { "path": "identity/handler_import_test.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/x/snapshotx\"\n)\n\nfunc TestImportCredentials(t *testing.T) {\n\tt.Parallel()\n\tctx := context.Background()\n\n\t// Setup handler with minimal mock requirements\n\th := &Handler{}\n\n\ttestCases := []struct {\n\t\tname string\n\t\tsetupIdentity func() *Identity\n\t\tcredentials interface{}\n\t\tcredType CredentialsType\n\t}{\n\t\t{\n\t\t\tname: \"OIDC new credential without organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\treturn &Identity{}\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsOIDC{\n\t\t\t\tConfig: AdminIdentityImportCredentialsOIDCConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsOIDCProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"github\",\n\t\t\t\t\t\t\tSubject: \"12345\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeOIDC,\n\t\t},\n\t\t{\n\t\t\tname: \"OIDC new credential with organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\treturn &Identity{}\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsOIDC{\n\t\t\t\tConfig: AdminIdentityImportCredentialsOIDCConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsOIDCProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"github\",\n\t\t\t\t\t\t\tSubject: \"12345\",\n\t\t\t\t\t\t\tOrganization: uuid.NullUUID{UUID: uuid.FromStringOrNil(\"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"), Valid: true},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeOIDC,\n\t\t},\n\t\t{\n\t\t\tname: \"OIDC update credential without organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\ti := &Identity{}\n\t\t\t\t_ = i.SetCredentialsWithConfig(\n\t\t\t\t\tCredentialsTypeOIDC,\n\t\t\t\t\tCredentials{\n\t\t\t\t\t\tIdentifiers: []string{OIDCUniqueID(\"google\", \"67890\")},\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsOIDC{\n\t\t\t\t\t\tProviders: []CredentialsOIDCProvider{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tProvider: \"google\",\n\t\t\t\t\t\t\t\tSubject: \"67890\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t)\n\t\t\t\treturn i\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsOIDC{\n\t\t\t\tConfig: AdminIdentityImportCredentialsOIDCConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsOIDCProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"github\",\n\t\t\t\t\t\t\tSubject: \"12345\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeOIDC,\n\t\t},\n\t\t{\n\t\t\tname: \"OIDC update credential with organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\ti := &Identity{}\n\t\t\t\t_ = i.SetCredentialsWithConfig(\n\t\t\t\t\tCredentialsTypeOIDC,\n\t\t\t\t\tCredentials{\n\t\t\t\t\t\tIdentifiers: []string{OIDCUniqueID(\"google\", \"67890\")},\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsOIDC{\n\t\t\t\t\t\tProviders: []CredentialsOIDCProvider{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tProvider: \"google\",\n\t\t\t\t\t\t\t\tSubject: \"67890\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t)\n\t\t\t\treturn i\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsOIDC{\n\t\t\t\tConfig: AdminIdentityImportCredentialsOIDCConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsOIDCProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"github\",\n\t\t\t\t\t\t\tSubject: \"12345\",\n\t\t\t\t\t\t\tOrganization: uuid.NullUUID{UUID: uuid.FromStringOrNil(\"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"), Valid: true},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeOIDC,\n\t\t},\n\t\t{\n\t\t\tname: \"OIDC update with multiple providers\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\ti := &Identity{}\n\t\t\t\t_ = i.SetCredentialsWithConfig(\n\t\t\t\t\tCredentialsTypeOIDC,\n\t\t\t\t\tCredentials{\n\t\t\t\t\t\tIdentifiers: []string{OIDCUniqueID(\"google\", \"67890\")},\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsOIDC{\n\t\t\t\t\t\tProviders: []CredentialsOIDCProvider{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tProvider: \"google\",\n\t\t\t\t\t\t\t\tSubject: \"67890\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t)\n\t\t\t\treturn i\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsOIDC{\n\t\t\t\tConfig: AdminIdentityImportCredentialsOIDCConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsOIDCProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"github\",\n\t\t\t\t\t\t\tSubject: \"12345\",\n\t\t\t\t\t\t\tOrganization: uuid.NullUUID{UUID: uuid.FromStringOrNil(\"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"), Valid: true},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"gitlab\",\n\t\t\t\t\t\t\tSubject: \"abcdef\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeOIDC,\n\t\t},\n\t\t{\n\t\t\tname: \"SAML new credential without organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\treturn &Identity{}\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsSAML{\n\t\t\t\tConfig: AdminIdentityImportCredentialsSAMLConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsSAMLProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"okta\",\n\t\t\t\t\t\t\tSubject: \"user123\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeSAML,\n\t\t},\n\t\t{\n\t\t\tname: \"SAML new credential with organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\treturn &Identity{}\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsSAML{\n\t\t\t\tConfig: AdminIdentityImportCredentialsSAMLConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsSAMLProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"okta\",\n\t\t\t\t\t\t\tSubject: \"user123\",\n\t\t\t\t\t\t\tOrganization: uuid.NullUUID{UUID: uuid.FromStringOrNil(\"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"), Valid: true},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeSAML,\n\t\t},\n\t\t{\n\t\t\tname: \"SAML update credential without organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\ti := &Identity{}\n\t\t\t\t_ = i.SetCredentialsWithConfig(\n\t\t\t\t\tCredentialsTypeSAML,\n\t\t\t\t\tCredentials{\n\t\t\t\t\t\tIdentifiers: []string{OIDCUniqueID(\"onelogin\", \"user456\")},\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsOIDC{\n\t\t\t\t\t\tProviders: []CredentialsOIDCProvider{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tProvider: \"onelogin\",\n\t\t\t\t\t\t\t\tSubject: \"user456\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t)\n\t\t\t\treturn i\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsSAML{\n\t\t\t\tConfig: AdminIdentityImportCredentialsSAMLConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsSAMLProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"okta\",\n\t\t\t\t\t\t\tSubject: \"user123\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeSAML,\n\t\t},\n\t\t{\n\t\t\tname: \"SAML update credential with organization\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\ti := &Identity{}\n\t\t\t\t_ = i.SetCredentialsWithConfig(\n\t\t\t\t\tCredentialsTypeSAML,\n\t\t\t\t\tCredentials{\n\t\t\t\t\t\tIdentifiers: []string{OIDCUniqueID(\"onelogin\", \"user456\")},\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsOIDC{\n\t\t\t\t\t\tProviders: []CredentialsOIDCProvider{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tProvider: \"onelogin\",\n\t\t\t\t\t\t\t\tSubject: \"user456\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t)\n\t\t\t\treturn i\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsSAML{\n\t\t\t\tConfig: AdminIdentityImportCredentialsSAMLConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsSAMLProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"okta\",\n\t\t\t\t\t\t\tSubject: \"user123\",\n\t\t\t\t\t\t\tOrganization: uuid.NullUUID{UUID: uuid.FromStringOrNil(\"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"), Valid: true},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeSAML,\n\t\t},\n\t\t{\n\t\t\tname: \"SAML update with multiple providers\",\n\t\t\tsetupIdentity: func() *Identity {\n\t\t\t\ti := &Identity{}\n\t\t\t\t_ = i.SetCredentialsWithConfig(\n\t\t\t\t\tCredentialsTypeSAML,\n\t\t\t\t\tCredentials{\n\t\t\t\t\t\tIdentifiers: []string{OIDCUniqueID(\"onelogin\", \"user456\")},\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsOIDC{\n\t\t\t\t\t\tProviders: []CredentialsOIDCProvider{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tProvider: \"onelogin\",\n\t\t\t\t\t\t\t\tSubject: \"user456\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t)\n\t\t\t\treturn i\n\t\t\t},\n\t\t\tcredentials: &AdminIdentityImportCredentialsSAML{\n\t\t\t\tConfig: AdminIdentityImportCredentialsSAMLConfig{\n\t\t\t\t\tProviders: []AdminCreateIdentityImportCredentialsSAMLProvider{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"okta\",\n\t\t\t\t\t\t\tSubject: \"user123\",\n\t\t\t\t\t\t\tOrganization: uuid.NullUUID{UUID: uuid.FromStringOrNil(\"e7e3cbae-04cc-45f3-ae52-ea749a2ffaff\"), Valid: true},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tProvider: \"auth0\",\n\t\t\t\t\t\t\tSubject: \"user789\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcredType: CredentialsTypeSAML,\n\t\t},\n\t}\n\n\tfor _, tc := range testCases {\n\t\tt.Run(tc.name, func(t *testing.T) {\n\t\t\t// Setup a fresh identity for each test\n\t\t\ti := tc.setupIdentity()\n\t\t\tvar err error\n\n\t\t\t// Perform the import based on credential type\n\t\t\tswitch tc.credType {\n\t\t\tcase CredentialsTypeOIDC:\n\t\t\t\terr = h.importOIDCCredentials(ctx, i, tc.credentials.(*AdminIdentityImportCredentialsOIDC))\n\t\t\tcase CredentialsTypeSAML:\n\t\t\t\terr = h.importSAMLCredentials(ctx, i, tc.credentials.(*AdminIdentityImportCredentialsSAML))\n\t\t\t}\n\n\t\t\trequire.NoError(t, err)\n\n\t\t\t// Verify credential was set correctly\n\t\t\tcreds, ok := i.GetCredentials(tc.credType)\n\t\t\trequire.True(t, ok, \"credentials should be set\")\n\n\t\t\t// Verify the credentials contain proper identifiers and config\n\t\t\tassert.NotEmpty(t, creds.Identifiers)\n\t\t\tassert.NotEmpty(t, creds.Config)\n\n\t\t\t// Take a snapshot of the credentials\n\t\t\tsnapshotx.SnapshotT(t, creds)\n\n\t\t\t// Additional checks based on credential type\n\t\t\tswitch tc.credType {\n\t\t\tcase CredentialsTypeOIDC:\n\t\t\t\toidcCreds := tc.credentials.(*AdminIdentityImportCredentialsOIDC)\n\t\t\t\tfor _, p := range oidcCreds.Config.Providers {\n\t\t\t\t\tid := OIDCUniqueID(p.Provider, p.Subject)\n\t\t\t\t\tassert.Contains(t, creds.Identifiers, id)\n\t\t\t\t}\n\t\t\tcase CredentialsTypeSAML:\n\t\t\t\tsamlCreds := tc.credentials.(*AdminIdentityImportCredentialsSAML)\n\t\t\t\tfor _, p := range samlCreds.Config.Providers {\n\t\t\t\t\tid := OIDCUniqueID(p.Provider, p.Subject)\n\t\t\t\t\tassert.Contains(t, creds.Identifiers, id)\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "identity/handler_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity_test\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"net/url\"\n\t\"sort\"\n\t\"strconv\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/go-faker/faker/v4\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/peterhellberg/link\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\t\"golang.org/x/crypto/bcrypt\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/hash\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/ioutilx\"\n\t\"github.com/ory/x/randx\"\n\t\"github.com/ory/x/snapshotx\"\n\t\"github.com/ory/x/sqlxx\"\n\t\"github.com/ory/x/urlx\"\n)\n\nvar ignoreDefault = []string{\"id\", \"schema_url\", \"state_changed_at\", \"created_at\", \"updated_at\"}\n\nfunc TestHandler(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t,\n\t\tconfigx.WithValues(testhelpers.IdentitySchemasConfig(map[string]string{\n\t\t\t\"default\": \"file://./stub/identity.schema.json\",\n\t\t\t\"customer\": \"file://./stub/handler/customer.schema.json\",\n\t\t\t\"multiple_emails\": \"file://./stub/handler/multiple_emails.schema.json\",\n\t\t\t\"employee\": \"file://./stub/handler/employee.schema.json\",\n\t\t})),\n\t)\n\n\t// Start kratos server\n\tpublicTS, adminTS := testhelpers.NewKratosServerWithCSRF(t, reg)\n\n\tmockServerURL := urlx.ParseOrPanic(publicTS.URL)\n\tdefaultSchemaExternalURL := (&schema.Schema{ID: \"default\"}).SchemaURL(mockServerURL).String()\n\n\tgetFull := func(t *testing.T, base *httptest.Server, href string, expectCode int) (gjson.Result, *http.Response) {\n\t\tt.Helper()\n\t\tres, err := base.Client().Get(base.URL + href)\n\t\trequire.NoError(t, err)\n\t\tbody, err := io.ReadAll(res.Body)\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\n\t\trequire.EqualValuesf(t, expectCode, res.StatusCode, \"%s\", body)\n\t\treturn gjson.ParseBytes(body), res\n\t}\n\n\tget := func(t *testing.T, base *httptest.Server, href string, expectCode int) gjson.Result {\n\t\tt.Helper()\n\t\tres, _ := getFull(t, base, href, expectCode)\n\t\treturn res\n\t}\n\n\tremove := func(t *testing.T, base *httptest.Server, href string, expectCode int) {\n\t\tt.Helper()\n\t\treq, err := http.NewRequest(\"DELETE\", base.URL+href, nil)\n\t\trequire.NoError(t, err)\n\n\t\tres, err := base.Client().Do(req)\n\t\trequire.NoError(t, err)\n\t\tdefer func() { _ = res.Body.Close() }()\n\n\t\trequire.EqualValues(t, expectCode, res.StatusCode, \"%s\", ioutilx.MustReadAll(res.Body))\n\t}\n\n\tsend := func(t *testing.T, base *httptest.Server, method, href string, expectCode int, send interface{}) gjson.Result {\n\t\tt.Helper()\n\t\tvar b bytes.Buffer\n\t\tswitch raw := send.(type) {\n\t\tcase json.RawMessage:\n\t\t\tb = *bytes.NewBuffer(raw)\n\t\tdefault:\n\t\t\tif send != nil {\n\t\t\t\trequire.NoError(t, json.NewEncoder(&b).Encode(send))\n\t\t\t}\n\t\t}\n\n\t\treq, err := http.NewRequest(method, base.URL+href, &b)\n\t\trequire.NoError(t, err)\n\t\treq.Header.Set(\"Content-Type\", \"application/json\")\n\t\tres, err := base.Client().Do(req)\n\t\trequire.NoError(t, err)\n\t\tbody, err := io.ReadAll(res.Body)\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, res.Body.Close())\n\n\t\trequire.EqualValues(t, expectCode, res.StatusCode, \"%s\", body)\n\t\treturn gjson.ParseBytes(body)\n\t}\n\n\ttype patch map[string]interface{}\n\n\tt.Run(\"case=should return an empty list\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tparsed := get(t, ts, \"/identities\", http.StatusOK)\n\t\t\t\trequire.True(t, parsed.IsArray(), \"%s\", parsed.Raw)\n\t\t\t\tassert.Len(t, parsed.Array(), 0)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should return 404 on a non-existing resource\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t_ = get(t, ts, \"/identities/does-not-exist\", http.StatusNotFound)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should fail to create an identity because schema id does not exist\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar i identity.CreateIdentityBody\n\t\t\t\ti.SchemaID = \"does-not-exist\"\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusBadRequest, &i)\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), \"does-not-exist\", \"%s\", res)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should fail to create an entity because schema is not validating\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar i identity.CreateIdentityBody\n\t\t\t\ti.Traits = []byte(`{\"bar\":123}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusBadRequest, &i)\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), \"I[#/traits/bar] S[#/properties/traits/properties/bar/type] expected string, but got number\")\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should fail to create an entity with schema_url set\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusBadRequest, json.RawMessage(`{\"schema_url\":\"12345\",\"traits\":{}}`))\n\t\t\t\tassert.Contains(t, res.Get(\"error.message\").String(), \"schema_url\")\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create an identity without an ID\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar i identity.CreateIdentityBody\n\t\t\t\ti.Traits = []byte(`{\"bar\":\"baz\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &i)\n\t\t\t\tassert.NotEmpty(t, res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.bar\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Empty(t, res.Get(\"credentials\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create an identity with metadata\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar i identity.CreateIdentityBody\n\t\t\t\ti.Traits = []byte(`{\"bar\":\"baz\"}`)\n\t\t\t\ti.MetadataPublic = []byte(`{\"public\":\"baz\"}`)\n\t\t\t\ti.MetadataAdmin = []byte(`{\"admin\":\"baz\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &i)\n\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"metadata_admin.admin\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"metadata_public.public\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create an identity with an organization ID\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\torgID := uuid.NullUUID{\n\t\t\t\t\tUUID: x.NewUUID(),\n\t\t\t\t\tValid: true,\n\t\t\t\t}\n\t\t\t\ti := identity.CreateIdentityBody{\n\t\t\t\t\tTraits: []byte(`{\"bar\":\"baz\"}`),\n\t\t\t\t\tOrganizationID: orgID,\n\t\t\t\t}\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &i)\n\t\t\t\tassert.EqualValues(t, orgID.UUID.String(), res.Get(\"organization_id\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create an identity with an external ID\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\texternalID := x.NewUUID().String()\n\t\t\t\ti := identity.CreateIdentityBody{\n\t\t\t\t\tTraits: []byte(`{\"bar\":\"baz\"}`),\n\t\t\t\t\tExternalID: externalID,\n\t\t\t\t}\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &i)\n\t\t\t\tassert.EqualValues(t, externalID, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\tres = get(t, ts, \"/identities/by/external/\"+externalID, http.StatusOK)\n\t\t\t\tassert.EqualValues(t, externalID, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should be able to import users\", func(t *testing.T) {\n\t\tignoreDefault := []string{\"id\", \"schema_url\", \"state_changed_at\", \"created_at\", \"updated_at\"}\n\t\tt.Run(\"without any credentials\", func(t *testing.T) {\n\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, identity.CreateIdentityBody{Traits: []byte(`{\"email\": \"import-1@ory.sh\"}`)})\n\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\trequire.NoError(t, err)\n\n\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(ignoreDefault...))\n\t\t})\n\n\t\tt.Run(\"without traits\", func(t *testing.T) {\n\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, json.RawMessage(\"{}\"))\n\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\trequire.NoError(t, err)\n\n\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(ignoreDefault...))\n\t\t})\n\n\t\tt.Run(\"with malformed traits\", func(t *testing.T) {\n\t\t\tsend(t, adminTS, \"POST\", \"/identities\", http.StatusBadRequest, json.RawMessage(`{\"traits\": not valid JSON}`))\n\t\t})\n\n\t\tt.Run(\"with cleartext password and oidc credentials\", func(t *testing.T) {\n\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, identity.CreateIdentityBody{\n\t\t\t\tTraits: []byte(`{\"email\": \"import-2@ory.sh\"}`),\n\t\t\t\tCredentials: &identity.IdentityWithCredentials{\n\t\t\t\t\tPassword: &identity.AdminIdentityImportCredentialsPassword{\n\t\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsPasswordConfig{\n\t\t\t\t\t\t\tPassword: \"123456\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tOIDC: &identity.AdminIdentityImportCredentialsOIDC{\n\t\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsOIDCConfig{\n\t\t\t\t\t\t\tProviders: []identity.AdminCreateIdentityImportCredentialsOIDCProvider{\n\t\t\t\t\t\t\t\t{Subject: \"import-2\", Provider: \"google\"},\n\t\t\t\t\t\t\t\t{Subject: \"import-2\", Provider: \"github\"},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tSAML: &identity.AdminIdentityImportCredentialsSAML{\n\t\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsSAMLConfig{\n\t\t\t\t\t\t\tProviders: []identity.AdminCreateIdentityImportCredentialsSAMLProvider{\n\t\t\t\t\t\t\t\t{Subject: \"import-saml-2\", Provider: \"okta\"},\n\t\t\t\t\t\t\t\t{Subject: \"import-saml-2\", Provider: \"onelogin\"},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t})\n\n\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\trequire.NoError(t, err)\n\n\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(append(ignoreDefault, \"hashed_password\")...), snapshotx.ExceptPaths(\"credentials.oidc.identifiers\"))\n\n\t\t\tidentifiers := actual.Credentials[identity.CredentialsTypeOIDC].Identifiers\n\t\t\tassert.Len(t, identifiers, 2)\n\t\t\tassert.Contains(t, identifiers, \"google:import-2\")\n\t\t\tassert.Contains(t, identifiers, \"github:import-2\")\n\n\t\t\tidentifiers = actual.Credentials[identity.CredentialsTypeSAML].Identifiers\n\t\t\tassert.Len(t, identifiers, 2)\n\t\t\tassert.Contains(t, identifiers, \"okta:import-saml-2\")\n\t\t\tassert.Contains(t, identifiers, \"onelogin:import-saml-2\")\n\n\t\t\trequire.NoError(t, hash.Compare(t.Context(), []byte(\"123456\"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, \"hashed_password\").String())))\n\t\t})\n\n\t\tt.Run(\"with organization oidc and saml credentials\", func(t *testing.T) {\n\t\t\torg := \"ad6a7dac-4eef-4f09-8e58-c099c14b6c36\"\n\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, identity.CreateIdentityBody{\n\t\t\t\tTraits: []byte(`{\"email\": \"import-3@ory.sh\"}`),\n\t\t\t\tCredentials: &identity.IdentityWithCredentials{\n\t\t\t\t\tOIDC: &identity.AdminIdentityImportCredentialsOIDC{\n\t\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsOIDCConfig{\n\t\t\t\t\t\t\tProviders: []identity.AdminCreateIdentityImportCredentialsOIDCProvider{\n\t\t\t\t\t\t\t\t{Subject: \"import-org-3\", Provider: \"google\", Organization: uuid.NullUUID{Valid: true, UUID: uuid.FromStringOrNil(org)}},\n\t\t\t\t\t\t\t\t{Subject: \"import-org-3\", Provider: \"github\", Organization: uuid.NullUUID{Valid: true, UUID: uuid.FromStringOrNil(org)}},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tSAML: &identity.AdminIdentityImportCredentialsSAML{\n\t\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsSAMLConfig{\n\t\t\t\t\t\t\tProviders: []identity.AdminCreateIdentityImportCredentialsSAMLProvider{\n\t\t\t\t\t\t\t\t{Subject: \"import-saml-org-3\", Provider: \"okta\", Organization: uuid.NullUUID{Valid: true, UUID: uuid.FromStringOrNil(org)}},\n\t\t\t\t\t\t\t\t{Subject: \"import-saml-org-3\", Provider: \"onelogin\", Organization: uuid.NullUUID{Valid: true, UUID: uuid.FromStringOrNil(org)}},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t})\n\n\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\trequire.NoError(t, err)\n\n\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(append(ignoreDefault, \"hashed_password\")...), snapshotx.ExceptPaths(\"credentials.oidc.identifiers\"))\n\n\t\t\tidentifiers := actual.Credentials[identity.CredentialsTypeOIDC].Identifiers\n\t\t\tassert.Len(t, identifiers, 2)\n\t\t\tassert.Contains(t, identifiers, \"google:import-org-3\")\n\t\t\tassert.Contains(t, identifiers, \"github:import-org-3\")\n\n\t\t\tidentifiers = actual.Credentials[identity.CredentialsTypeSAML].Identifiers\n\t\t\tassert.Len(t, identifiers, 2)\n\t\t\tassert.Contains(t, identifiers, \"okta:import-saml-org-3\")\n\t\t\tassert.Contains(t, identifiers, \"onelogin:import-saml-org-3\")\n\n\t\t\tassert.Empty(t, []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, \"hashed_password\").String()))\n\t\t})\n\n\t\tt.Run(\"with hashed passwords\", func(t *testing.T) {\n\t\t\tfor i, tt := range []struct{ name, hash, pass string }{\n\t\t\t\t{\n\t\t\t\t\tname: \"pkbdf2\",\n\t\t\t\t\thash: \"$pbkdf2-sha256$i=1000,l=128$e8/arsEf4cvQihdNgqj0Nw$5xQQKNTyeTHx2Ld5/JDE7A\",\n\t\t\t\t\tpass: \"123456\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"bcrypt2\",\n\t\t\t\t\thash: \"$2a$10$ZsCsoVQ3xfBG/K2z2XpBf.tm90GZmtOqtqWcB5.pYd5Eq8y7RlDyq\",\n\t\t\t\t\tpass: \"123456\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"argon2i\",\n\t\t\t\t\thash: \"$argon2i$v=19$m=65536,t=3,p=4$STVE4CQ9qQ1dK/j224VMbA$o8b+k5wdHgBqf7ES+aWG2K7Y9diQ6ahEhbW8zcstXGo\",\n\t\t\t\t\tpass: \"123456\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"argon2id\",\n\t\t\t\t\thash: \"$argon2id$v=19$m=16,t=2,p=1$bVI1aE1SaTV6SGQ3bzdXdw$fnjCcZYmEPOUOjYXsT92Cg\",\n\t\t\t\t\tpass: \"123456\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"scrypt\",\n\t\t\t\t\thash: \"$scrypt$ln=16384,r=8,p=1$ZtQva9xCHzlSELH/mA7Kj5KjH2tCrkbwYzdxknkL0QQ=$pnTcXKaWVT+FwFDdk3vO1K0J7ZgOxdSU1tCJNYmn8zI=\",\n\t\t\t\t\tpass: \"123456\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"md5\",\n\t\t\t\t\thash: \"$md5$4QrcOUm6Wau+VuBX8g+IPg==\",\n\t\t\t\t\tpass: \"123456\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"SSHA\",\n\t\t\t\t\thash: \"{SSHA}JFZFs0oHzxbMwkSJmYVeI8MnTDy/276a\",\n\t\t\t\t\tpass: \"test123\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"SSHA256\",\n\t\t\t\t\thash: \"{SSHA256}czO44OTV17PcF1cRxWrLZLy9xHd7CWyVYplr1rOhuMlx/7IK\",\n\t\t\t\t\tpass: \"test123\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"SSHA512\",\n\t\t\t\t\thash: \"{SSHA512}xPUl/px+1cG55rUH4rzcwxdOIPSB2TingLpiJJumN2xyDWN4Ix1WQG3ihnvHaWUE8MYNkvMi5rf0C9NYixHsE6Yh59M=\",\n\t\t\t\t\tpass: \"test123\",\n\t\t\t\t}, {\n\t\t\t\t\tname: \"hmac\",\n\t\t\t\t\thash: \"$hmac-sha256$YjhhZDA4YTNhNTQ3ZTM1ODI5YjgyMWI3NTM3MDMwMWRkOGM0YjA2YmRkNzc3MWY5YjU0MWE3NTkxNDA2ODcxOA==$MTIzNDU2\",\n\t\t\t\t\tpass: \"123456\",\n\t\t\t\t},\n\t\t\t} {\n\t\t\t\tt.Run(\"hash=\"+tt.name, func(t *testing.T) {\n\t\t\t\t\ttraits := fmt.Sprintf(`{\"email\": \"import-hash-%d@ory.sh\"}`, i)\n\t\t\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, identity.CreateIdentityBody{\n\t\t\t\t\t\tTraits: []byte(traits),\n\t\t\t\t\t\tCredentials: &identity.IdentityWithCredentials{Password: &identity.AdminIdentityImportCredentialsPassword{\n\t\t\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsPasswordConfig{HashedPassword: tt.hash},\n\t\t\t\t\t\t}},\n\t\t\t\t\t})\n\t\t\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(ignoreDefault...), snapshotx.ExceptNestedKeys(\"hashed_password\"))\n\n\t\t\t\t\trequire.NoError(t, hash.Compare(t.Context(), []byte(tt.pass), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, \"hashed_password\").String())))\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"with password migration hook enabled\", func(t *testing.T) {\n\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, identity.CreateIdentityBody{\n\t\t\t\tTraits: []byte(`{\"email\": \"pw-migration-hook@ory.sh\"}`),\n\t\t\t\tCredentials: &identity.IdentityWithCredentials{Password: &identity.AdminIdentityImportCredentialsPassword{\n\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsPasswordConfig{UsePasswordMigrationHook: true},\n\t\t\t\t}},\n\t\t\t})\n\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\trequire.NoError(t, err)\n\n\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(ignoreDefault...), snapshotx.ExceptNestedKeys(\"hashed_password\"))\n\n\t\t\tassert.True(t, gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, \"use_password_migration_hook\").Bool())\n\t\t})\n\n\t\tt.Run(\"with not-normalized email\", func(t *testing.T) {\n\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, identity.CreateIdentityBody{\n\t\t\t\tSchemaID: \"customer\",\n\t\t\t\tTraits: []byte(`{\"email\": \"UpperCased@ory.sh\"}`),\n\t\t\t\tVerifiableAddresses: []identity.VerifiableAddress{{\n\t\t\t\t\tVerified: true,\n\t\t\t\t\tValue: \"UpperCased@ory.sh\",\n\t\t\t\t\tVia: identity.AddressTypeEmail,\n\t\t\t\t\tStatus: identity.VerifiableAddressStatusCompleted,\n\t\t\t\t}},\n\t\t\t\tRecoveryAddresses: []identity.RecoveryAddress{{Value: \"UpperCased@ory.sh\"}},\n\t\t\t})\n\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\trequire.NoError(t, err)\n\n\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\tassert.True(t, actual.VerifiableAddresses[0].Verified)\n\t\t\tassert.Equal(t, \"uppercased@ory.sh\", actual.VerifiableAddresses[0].Value)\n\n\t\t\trequire.Len(t, actual.RecoveryAddresses, 1)\n\t\t\tassert.Equal(t, \"uppercased@ory.sh\", actual.RecoveryAddresses[0].Value)\n\n\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(ignoreDefault...), snapshotx.ExceptNestedKeys(\"verified_at\"))\n\t\t})\n\t})\n\n\tt.Run(\"case=unable to set ID itself\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusBadRequest, json.RawMessage(`{\"id\":\"12345\",\"traits\":{}}`))\n\t\t\t\tassert.Contains(t, res.Raw, \"id\")\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"suite=create and batch list\", func(t *testing.T) {\n\t\tvar ids []uuid.UUID\n\t\tidentitiesAmount := 5\n\t\tlistAmount := 3\n\t\tt.Run(\"case=create multiple identities\", func(t *testing.T) {\n\t\t\tfor i := 0; i < identitiesAmount; i++ {\n\t\t\t\tres := send(t, adminTS, \"POST\", \"/identities\", http.StatusCreated, json.RawMessage(`{\"traits\": {\"bar\":\"baz\"}}`))\n\t\t\t\tassert.NotEmpty(t, res.Get(\"id\").String(), \"%s\", res.Raw)\n\n\t\t\t\tid := x.ParseUUID(res.Get(\"id\").String())\n\t\t\t\tids = append(ids, id)\n\t\t\t}\n\t\t\trequire.Len(t, ids, identitiesAmount)\n\t\t})\n\n\t\tt.Run(\"case=list few identities\", func(t *testing.T) {\n\t\t\tvals := url.Values{}\n\t\t\tvals.Add(\"ids\", ids[0].String()) // duplicate ID is deduplicated in result\n\t\t\tfor i := range listAmount {\n\t\t\t\tvals.Add(\"ids\", ids[i].String())\n\t\t\t}\n\t\t\tres := get(t, adminTS, \"/identities?\"+vals.Encode(), http.StatusOK)\n\n\t\t\tidentities := res.Array()\n\t\t\trequire.Len(t, identities, listAmount)\n\t\t})\n\t})\n\n\tt.Run(\"case=list identities by ID is capped at 500\", func(t *testing.T) {\n\t\tvals := url.Values{}\n\t\tfor range 501 {\n\t\t\tvals.Add(\"ids\", x.NewUUID().String())\n\t\t}\n\t\tres := get(t, adminTS, \"/identities?\"+vals.Encode(), http.StatusBadRequest)\n\t\tassert.Contains(t, res.Get(\"error.reason\").String(), \"must not exceed 500\")\n\t})\n\n\tt.Run(\"case=list identities cannot combine filters\", func(t *testing.T) {\n\t\tfilters := []string{\n\t\t\t\"ids=\" + x.NewUUID().String(),\n\t\t\t\"credentials_identifier=foo@bar.com\",\n\t\t\t\"preview_credentials_identifier_similar=bar.com\",\n\t\t\t\"organization_id=\" + x.NewUUID().String(),\n\t\t}\n\t\tfor i := range filters {\n\t\t\tfor j := range filters {\n\t\t\t\tif i == j {\n\t\t\t\t\tcontinue // OK to use the same filter multiple times. Behavior varies by filter, though.\n\t\t\t\t}\n\n\t\t\t\tu := \"/identities?\" + filters[i] + \"&\" + filters[j]\n\t\t\t\tres := get(t, adminTS, u, http.StatusBadRequest)\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), \"cannot combine multiple filters\")\n\t\t\t}\n\t\t}\n\t})\n\n\tt.Run(\"case=malformed ids should return an error\", func(t *testing.T) {\n\t\tres := get(t, adminTS, \"/identities?ids=not-a-uuid\", http.StatusBadRequest)\n\t\tassert.Contains(t, res.Get(\"error.reason\").String(), \"Invalid UUID value `not-a-uuid` for parameter `ids`.\", \"%s\", res.Raw)\n\t})\n\n\tt.Run(\"suite=create and update\", func(t *testing.T) {\n\t\tvar i identity.Identity\n\t\tcreateOIDCorSAMLIdentity := func(t *testing.T, ct identity.CredentialsType, identifier, accessToken, refreshToken, idToken string, encrypt bool) string {\n\t\t\ttransform := func(token, suffix string) string {\n\t\t\t\tif !encrypt {\n\t\t\t\t\treturn token\n\t\t\t\t}\n\t\t\t\tif token == \"\" {\n\t\t\t\t\treturn \"\"\n\t\t\t\t}\n\t\t\t\tc, err := reg.Cipher(t.Context()).Encrypt(context.Background(), []byte(token+suffix))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\treturn c\n\t\t\t}\n\n\t\t\tiID := x.NewUUID()\n\t\t\ttoJSON := func(c identity.CredentialsOIDC) []byte {\n\t\t\t\tout, err := json.Marshal(&c)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\treturn out\n\t\t\t}\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &identity.Identity{\n\t\t\t\tID: iID,\n\t\t\t\tTraits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, identifier)),\n\t\t\t\tCredentials: map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tct: {\n\t\t\t\t\t\tType: ct,\n\t\t\t\t\t\tIdentifiers: []string{\"bar:\" + identifier},\n\t\t\t\t\t\tConfig: toJSON(identity.CredentialsOIDC{Providers: []identity.CredentialsOIDCProvider{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tSubject: \"foo\",\n\t\t\t\t\t\t\t\tProvider: \"bar\",\n\t\t\t\t\t\t\t\tInitialAccessToken: transform(accessToken, \"0\"),\n\t\t\t\t\t\t\t\tInitialRefreshToken: transform(refreshToken, \"0\"),\n\t\t\t\t\t\t\t\tInitialIDToken: transform(idToken, \"0\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tSubject: \"baz\",\n\t\t\t\t\t\t\t\tProvider: \"zab\",\n\t\t\t\t\t\t\t\tInitialAccessToken: transform(accessToken, \"1\"),\n\t\t\t\t\t\t\t\tInitialRefreshToken: transform(refreshToken, \"1\"),\n\t\t\t\t\t\t\t\tInitialIDToken: transform(idToken, \"1\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t}}),\n\t\t\t\t\t},\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t\tIdentifiers: []string{identifier},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVerifiableAddresses: []identity.VerifiableAddress{\n\t\t\t\t\t{\n\t\t\t\t\t\tID: x.NewUUID(),\n\t\t\t\t\t\tValue: identifier,\n\t\t\t\t\t\tVerified: false,\n\t\t\t\t\t\tCreatedAt: time.Now(),\n\t\t\t\t\t\tIdentityID: iID,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t}))\n\t\t\treturn iID.String()\n\t\t}\n\n\t\tt.Run(\"case=should create an identity with an ID which is ignored\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, json.RawMessage(`{\"traits\": {\"bar\":\"baz\"}}`))\n\t\t\t\t\tstateChangedAt := sqlxx.NullTime(res.Get(\"state_changed_at\").Time())\n\n\t\t\t\t\ti.Traits = []byte(res.Get(\"traits\").Raw)\n\t\t\t\t\ti.ID = x.ParseUUID(res.Get(\"id\").String())\n\t\t\t\t\ti.StateChangedAt = &stateChangedAt\n\t\t\t\t\tassert.NotEmpty(t, res.Get(\"id\").String())\n\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.bar\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.Empty(t, res.Get(\"credentials\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, defaultSchemaExternalURL, res.Get(\"schema_url\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, config.DefaultIdentityTraitsSchemaID, res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should be able to get the identity\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.bar\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, defaultSchemaExternalURL, res.Get(\"schema_url\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, config.DefaultIdentityTraitsSchemaID, res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.Empty(t, res.Get(\"credentials\").String(), \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should return an empty array on a failed lookup with identifier\", func(t *testing.T) {\n\t\t\tres := get(t, adminTS, \"/identities?credentials_identifier=find.by.non.existing.identifier@bar.com\", http.StatusOK)\n\t\t\tassert.EqualValues(t, int64(0), res.Get(\"#\").Int(), \"%s\", res.Raw)\n\t\t})\n\n\t\tt.Run(\"case=should be able to lookup the identity using identifier\", func(t *testing.T) {\n\t\t\tident := &identity.Identity{\n\t\t\t\tCredentials: map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t\tIdentifiers: []string{\"find.by.identifier@bar.com\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`), // foobar\n\t\t\t\t\t},\n\t\t\t\t\tidentity.CredentialsTypeOIDC: {\n\t\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\t\tIdentifiers: []string{\"ProviderID:293b5d9b-1009-4600-a3e9-bd1845de22f2\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(\"{\\\"some\\\" : \\\"secret\\\"}\"),\n\t\t\t\t\t},\n\t\t\t\t\tidentity.CredentialsTypeSAML: {\n\t\t\t\t\t\tType: identity.CredentialsTypeSAML,\n\t\t\t\t\t\tIdentifiers: []string{\"SAMLProviderID:0851ac66-88cc-4775-aee0-9b4c79fdbfb9\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(\"{\\\"saml\\\" : \\\"secret\\\"}\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tState: identity.StateActive,\n\t\t\t\tTraits: identity.Traits(`{\"username\":\"find.by.identifier@bar.com\"}`),\n\t\t\t}\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), ident))\n\n\t\t\tt.Run(\"type=password\", func(t *testing.T) {\n\t\t\t\tres := get(t, adminTS, \"/identities?credentials_identifier=FIND.BY.IDENTIFIER@bar.com\", http.StatusOK)\n\t\t\t\tassert.EqualValues(t, ident.ID.String(), res.Get(\"0.id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"find.by.identifier@bar.com\", res.Get(\"0.traits.username\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, defaultSchemaExternalURL, res.Get(\"0.schema_url\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, config.DefaultIdentityTraitsSchemaID, res.Get(\"0.schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"0.state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"password\", res.Get(\"0.credentials.password.type\").String(), res.Raw)\n\t\t\t\tassert.EqualValues(t, \"1\", res.Get(\"0.credentials.password.identifiers.#\").String(), res.Raw)\n\t\t\t\tassert.EqualValues(t, \"find.by.identifier@bar.com\", res.Get(\"0.credentials.password.identifiers.0\").String(), res.Raw)\n\t\t\t})\n\n\t\t\tt.Run(\"type=oidc\", func(t *testing.T) {\n\t\t\t\tres := get(t, adminTS, \"/identities?credentials_identifier=ProviderID:293b5d9b-1009-4600-a3e9-bd1845de22f2\", http.StatusOK)\n\t\t\t\tassert.EqualValues(t, ident.ID.String(), res.Get(\"0.id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"find.by.identifier@bar.com\", res.Get(\"0.traits.username\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, defaultSchemaExternalURL, res.Get(\"0.schema_url\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, config.DefaultIdentityTraitsSchemaID, res.Get(\"0.schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"0.state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"oidc\", res.Get(\"0.credentials.oidc.type\").String(), res.Raw)\n\t\t\t\trequire.Len(t, res.Get(\"0.credentials.oidc.identifiers\").Array(), 1, res.Raw)\n\t\t\t\tassert.EqualValues(t, \"ProviderID:293b5d9b-1009-4600-a3e9-bd1845de22f2\", res.Get(\"0.credentials.oidc.identifiers.0\").String(), res.Raw)\n\t\t\t})\n\t\t\tt.Run(\"type=oidc\", func(t *testing.T) {\n\t\t\t\tres := get(t, adminTS, \"/identities?credentials_identifier=SAMLProviderID:0851ac66-88cc-4775-aee0-9b4c79fdbfb9\", http.StatusOK)\n\t\t\t\tassert.EqualValues(t, ident.ID.String(), res.Get(\"0.id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"find.by.identifier@bar.com\", res.Get(\"0.traits.username\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, defaultSchemaExternalURL, res.Get(\"0.schema_url\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, config.DefaultIdentityTraitsSchemaID, res.Get(\"0.schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"0.state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"saml\", res.Get(\"0.credentials.saml.type\").String(), res.Raw)\n\t\t\t\tassert.Len(t, res.Get(\"0.credentials.saml.identifiers\").Array(), 1, res.Raw)\n\t\t\t\tassert.EqualValues(t, \"SAMLProviderID:0851ac66-88cc-4775-aee0-9b4c79fdbfb9\", res.Get(\"0.credentials.saml.identifiers.0\").String(), res.Raw)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=should get oidc credential\", func(t *testing.T) {\n\t\t\tid := createOIDCorSAMLIdentity(t, identity.CredentialsTypeOIDC, \"foo.oidc@bar.com\", \"access_token\", \"refresh_token\", \"id_token\", true)\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := get(t, ts, \"/identities/\"+id, http.StatusOK)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.oidc.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+id+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials\").Exists(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials.password\").Exists(), \"password meta should be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password.false\").Exists(), \"password credentials should not be included: %s\", res.Raw)\n\t\t\t\t\tassert.Equal(t, \"bar:foo.oidc@bar.com\", res.Get(\"credentials.oidc.identifiers.0\").Str)\n\n\t\t\t\t\tassert.True(t, res.Get(\"credentials.oidc.config\").Exists(), \"oidc credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"foo\", res.Get(\"credentials.oidc.config.providers.0.subject\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"bar\", res.Get(\"credentials.oidc.config.providers.0.provider\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"access_token0\", res.Get(\"credentials.oidc.config.providers.0.initial_access_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"refresh_token0\", res.Get(\"credentials.oidc.config.providers.0.initial_refresh_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"id_token0\", res.Get(\"credentials.oidc.config.providers.0.initial_id_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"credentials.oidc.config.providers.1.subject\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"zab\", res.Get(\"credentials.oidc.config.providers.1.provider\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"access_token1\", res.Get(\"credentials.oidc.config.providers.1.initial_access_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"refresh_token1\", res.Get(\"credentials.oidc.config.providers.1.initial_refresh_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"id_token1\", res.Get(\"credentials.oidc.config.providers.1.initial_id_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should get saml credential\", func(t *testing.T) {\n\t\t\tid := createOIDCorSAMLIdentity(t, identity.CredentialsTypeSAML, \"foo.saml@bar.com\", \"access_token\", \"refresh_token\", \"id_token\", true)\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := get(t, ts, \"/identities/\"+id, http.StatusOK)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.saml.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+id+\"?include_credential=saml\", http.StatusOK)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials\").Exists(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials.password\").Exists(), \"password meta should be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password.false\").Exists(), \"password credentials should not be included: %s\", res.Raw)\n\n\t\t\t\t\tassert.Equal(t, \"bar:foo.saml@bar.com\", res.Get(\"credentials.saml.identifiers.0\").Str)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials.saml.config\").Exists(), \"SAML config should be included: %s\", res.Raw)\n\n\t\t\t\t\tassert.True(t, res.Get(\"credentials.saml.config\").Exists(), \"saml credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"foo\", res.Get(\"credentials.saml.config.providers.0.subject\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"bar\", res.Get(\"credentials.saml.config.providers.0.provider\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.saml.config.providers.0.initial_access_token\").Exists(), \"SAML details should not be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.saml.config.providers.0.initial_refresh_token\").Exists(), \"SAML details should not be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.saml.config.providers.0.initial_id_token\").Exists(), \"SAML details should not be included: %s\", res.Raw)\n\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"credentials.saml.config.providers.1.subject\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"zab\", res.Get(\"credentials.saml.config.providers.1.provider\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.saml.config.providers.1.initial_access_token\").Exists(), \"SAML details should not be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.saml.config.providers.1.initial_refresh_token\").Exists(), \"SAML details should not be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.saml.config.providers.1.initial_id_token\").Exists(), \"SAML details should not be included: %s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should not fail on empty tokens\", func(t *testing.T) {\n\t\t\tid := createOIDCorSAMLIdentity(t, identity.CredentialsTypeOIDC, \"foo.oidc.empty-tokens@bar.com\", \"\", \"\", \"\", true)\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := get(t, ts, \"/identities/\"+id, http.StatusOK)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.oidc.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+id+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials\").Exists(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials.password\").Exists(), \"password meta should be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password.false\").Exists(), \"password credentials should not be included: %s\", res.Raw)\n\t\t\t\t\tassert.True(t, res.Get(\"credentials.oidc.config\").Exists(), \"oidc credentials should be included: %s\", res.Raw)\n\n\t\t\t\t\tassert.EqualValues(t, \"foo\", res.Get(\"credentials.oidc.config.providers.0.subject\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"bar\", res.Get(\"credentials.oidc.config.providers.0.provider\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"\", res.Get(\"credentials.oidc.config.providers.0.initial_access_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"\", res.Get(\"credentials.oidc.config.providers.0.initial_refresh_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"\", res.Get(\"credentials.oidc.config.providers.0.initial_id_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"credentials.oidc.config.providers.1.subject\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"zab\", res.Get(\"credentials.oidc.config.providers.1.provider\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"\", res.Get(\"credentials.oidc.config.providers.1.initial_access_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"\", res.Get(\"credentials.oidc.config.providers.1.initial_refresh_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"\", res.Get(\"credentials.oidc.config.providers.1.initial_id_token\").String(), \"credentials should be included: %s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should get identity with credentials\", func(t *testing.T) {\n\t\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\tcredentials := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\tidentity.CredentialsTypePassword: {Identifiers: []string{\"zab\", \"bar\"}, Type: identity.CredentialsTypePassword, Config: sqlxx.JSONRawMessage(\"{\\\"some\\\" : \\\"secret\\\"}\")},\n\t\t\t\tidentity.CredentialsTypeOIDC: {Type: identity.CredentialsTypeOIDC, Identifiers: []string{\"bar\", \"baz\"}, Config: sqlxx.JSONRawMessage(\"{\\\"some\\\" : \\\"secret\\\"}\")},\n\t\t\t\tidentity.CredentialsTypeWebAuthn: {Type: identity.CredentialsTypeWebAuthn, Identifiers: []string{\"foo\", \"bar\"}, Config: sqlxx.JSONRawMessage(\"{\\\"some\\\" : \\\"secret\\\", \\\"user_handle\\\": \\\"rVIFaWRcTTuQLkXFmQWpgA==\\\"}\")},\n\t\t\t}\n\t\t\ti.Credentials = credentials\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\t\texcludeKeys := snapshotx.ExceptNestedKeys(\"id\", \"created_at\", \"updated_at\", \"schema_url\", \"state_changed_at\")\n\t\t\tt.Run(\"case=should get identity without credentials included\", func(t *testing.T) {\n\t\t\t\tres := get(t, adminTS, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\tsnapshotx.SnapshotT(t, json.RawMessage(res.Raw), excludeKeys)\n\t\t\t})\n\n\t\t\tt.Run(\"case=should get identity with password credentials included\", func(t *testing.T) {\n\t\t\t\tres := get(t, adminTS, \"/identities/\"+i.ID.String()+\"?include_credential=password\", http.StatusOK)\n\t\t\t\tsnapshotx.SnapshotT(t, json.RawMessage(res.Raw), excludeKeys)\n\t\t\t})\n\n\t\t\tt.Run(\"case=should get identity with password and webauthn credentials included\", func(t *testing.T) {\n\t\t\t\tres := get(t, adminTS, \"/identities/\"+i.ID.String()+\"?include_credential=password&include_credential=webauthn\", http.StatusOK)\n\t\t\t\tsnapshotx.SnapshotT(t, json.RawMessage(res.Raw), excludeKeys)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=should pass if no oidc credentials are set\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, json.RawMessage(`{\"traits\": {\"bar\":\"baz\"}}`))\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+res.Get(\"id\").String(), http.StatusOK)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.oidc.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password.config\").Exists(), \"credentials config should be omitted: %s\", res.Raw)\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+res.Get(\"id\").String()+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.password\").Exists(), \"password credentials should not be included: %s\", res.Raw)\n\t\t\t\t\tassert.False(t, res.Get(\"credentials.oidc\").Exists(), \"oidc credentials should be included: %s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should return empty tokens if decryption fails\", func(t *testing.T) {\n\t\t\tid := createOIDCorSAMLIdentity(t, identity.CredentialsTypeOIDC, \"foo-failed.oidc@bar.com\", \"foo_token\", \"bar_token\", \"id_token\", false)\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String()+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\t\tassert.NotContains(t, res.Raw, \"identifier_credentials\", res.Raw)\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+id+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\t\tassert.Equal(t, \"bar:foo-failed.oidc@bar.com\", res.Get(\"credentials.oidc.identifiers.0\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.Equal(t, \"\", res.Get(\"credentials.oidc.config.providers.0.initial_access_token\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.Equal(t, \"\", res.Get(\"credentials.oidc.config.providers.0.initial_id_token\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.Equal(t, \"\", res.Get(\"credentials.oidc.config.providers.0.initial_refresh_token\").String(), \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should return decrypted token\", func(t *testing.T) {\n\t\t\te, _ := reg.Cipher(t.Context()).Encrypt(context.Background(), []byte(\"foo_token\"))\n\t\t\tid := createOIDCorSAMLIdentity(t, identity.CredentialsTypeOIDC, \"foo-failed-2.oidc@bar.com\", e, \"bar_token\", \"id_token\", false)\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tt.Logf(\"no oidc token\")\n\t\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String()+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\t\tassert.NotContains(t, res.Raw, \"identifier_credentials\", res.Raw)\n\n\t\t\t\t\tt.Logf(\"get oidc token\")\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+id+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\t\tassert.Equal(t, \"bar:foo-failed-2.oidc@bar.com\", res.Get(\"credentials.oidc.identifiers.0\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.Equal(t, \"foo_token\", res.Get(\"credentials.oidc.config.providers.0.initial_access_token\").String(), \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should update an identity and persist the changes\", func(t *testing.T) {\n\t\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, x.NewUUID().String()))}\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\texternalID := x.NewUUID().String()\n\t\t\t\t\tur := identity.UpdateIdentityBody{\n\t\t\t\t\t\tTraits: []byte(`{\"bar\":\"baz\",\"foo\":\"baz\"}`),\n\t\t\t\t\t\tSchemaID: i.SchemaID,\n\t\t\t\t\t\tState: identity.StateInactive,\n\t\t\t\t\t\tMetadataPublic: []byte(`{\"public\":\"metadata\"}`),\n\t\t\t\t\t\tMetadataAdmin: []byte(`{\"admin\":\"metadata\"}`),\n\t\t\t\t\t\tExternalID: externalID,\n\t\t\t\t\t}\n\n\t\t\t\t\tres := send(t, ts, \"PUT\", \"/identities/\"+i.ID.String(), http.StatusOK, &ur)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.bar\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.foo\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_admin.admin\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_public.public\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, identity.StateInactive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\t\t\t\t\tassert.Equal(t, externalID, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.bar\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_admin.admin\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_public.public\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, identity.StateInactive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\t\t\t\t\tassert.Equal(t, externalID, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t\tt.Run(\"case=should update an identity with credentials\", func(t *testing.T) {\n\t\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, x.NewUUID().String()))}\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tcredentials := identity.IdentityWithCredentials{\n\t\t\t\t\t\tPassword: &identity.AdminIdentityImportCredentialsPassword{\n\t\t\t\t\t\t\tConfig: identity.AdminIdentityImportCredentialsPasswordConfig{\n\t\t\t\t\t\t\t\tPassword: \"pswd1234\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\t\t\t\t\tur := identity.UpdateIdentityBody{\n\t\t\t\t\t\tTraits: []byte(`{\"bar\":\"baz\",\"foo\":\"baz\"}`),\n\t\t\t\t\t\tSchemaID: i.SchemaID,\n\t\t\t\t\t\tState: identity.StateInactive,\n\t\t\t\t\t\tMetadataPublic: []byte(`{\"public\":\"metadata\"}`),\n\t\t\t\t\t\tMetadataAdmin: []byte(`{\"admin\":\"metadata\"}`),\n\t\t\t\t\t\tCredentials: &credentials,\n\t\t\t\t\t}\n\n\t\t\t\t\tres := send(t, ts, \"PUT\", \"/identities/\"+i.ID.String(), http.StatusOK, &ur)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.bar\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.foo\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_admin.admin\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_public.public\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, identity.StateInactive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(\"traits.bar\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_admin.admin\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, \"metadata\", res.Get(\"metadata_public.public\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.EqualValues(t, identity.StateInactive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\t\t\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(context.Background(), i.ID)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.NoError(t, hash.Compare(t.Context(), []byte(\"pswd1234\"), []byte(gjson.GetBytes(actual.Credentials[identity.CredentialsTypePassword].Config, \"hashed_password\").String())))\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should delete a user and no longer be able to retrieve it\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, json.RawMessage(`{\"traits\": {\"bar\":\"baz\"}}`))\n\t\t\t\t\tremove(t, ts, \"/identities/\"+res.Get(\"id\").String(), http.StatusNoContent)\n\t\t\t\t\t_ = get(t, ts, \"/identities/\"+res.Get(\"id\").String(), http.StatusNotFound)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should create an identity with linking marker\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\ttrait := x.NewUUID().String()\n\t\t\t\t\tpayload := `\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"traits\": {\n\t\t\t\t\t\t\t\t\"bar\": \"` + trait + `\"\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"credentials\": {\n\t\t\t\t\t\t\t\t\"oidc\": {\n\t\t\t\t\t\t\t\t\t\"config\": {\n\t\t\t\t\t\t\t\t\t\t\"providers\": [\n\t\t\t\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\t\t\t\"subject\": \"` + trait + `\",\n\t\t\t\t\t\t\t\t\t\t\t\t\"provider\": \"bar\",\n\t\t\t\t\t\t\t\t\t\t\t\t\"use_auto_link\": true\n\t\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t]\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}`\n\n\t\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, json.RawMessage(payload))\n\t\t\t\t\ti.ID = x.ParseUUID(res.Get(\"id\").String())\n\n\t\t\t\t\tidentRes := send(t, adminTS, \"GET\", fmt.Sprintf(\"/identities/%s?include_credential=oidc\", i.ID), http.StatusOK, nil)\n\n\t\t\t\t\tassert.True(t, identRes.Get(\"credentials.oidc.config.providers.0.use_auto_link\").Bool())\n\t\t\t\t\tassert.False(t, identRes.Get(\"credentials.oidc.config.providers.0.organization\").Exists())\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should create an identity without linking marker omitempty\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\ttrait := x.NewUUID().String()\n\t\t\t\t\tpayload := `\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"traits\": {\n\t\t\t\t\t\t\t\t\"bar\": \"` + trait + `\"\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"credentials\": {\n\t\t\t\t\t\t\t\t\"oidc\": {\n\t\t\t\t\t\t\t\t\t\"config\": {\n\t\t\t\t\t\t\t\t\t\t\"providers\": [\n\t\t\t\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\t\t\t\"subject\": \"` + trait + `\",\n\t\t\t\t\t\t\t\t\t\t\t\t\"provider\": \"bar\",\n\t\t\t\t\t\t\t\t\t\t\t\t\"use_auto_link\": false\n\t\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t]\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}`\n\t\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, json.RawMessage(payload))\n\t\t\t\t\tstateChangedAt := sqlxx.NullTime(res.Get(\"state_changed_at\").Time())\n\n\t\t\t\t\ti.Traits = []byte(res.Get(\"traits\").Raw)\n\t\t\t\t\ti.ID = x.ParseUUID(res.Get(\"id\").String())\n\t\t\t\t\ti.StateChangedAt = &stateChangedAt\n\t\t\t\t\tassert.NotEmpty(t, res.Get(\"id\").String())\n\n\t\t\t\t\ti, err := reg.Persister().GetIdentityConfidential(context.Background(), i.ID)\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\trequire.False(t, gjson.GetBytes(i.Credentials[identity.CredentialsTypeOIDC].Config, \"providers.0.use_auto_link\").Exists())\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t})\n\n\tt.Run(\"suite=PATCH identities\", func(t *testing.T) {\n\t\tt.Run(\"case=fails with too many patches\", func(t *testing.T) {\n\t\t\ttooMany := make([]*identity.BatchIdentityPatch, identity.BatchPatchIdentitiesLimit+1)\n\t\t\tfor i := range tooMany {\n\t\t\t\ttooMany[i] = &identity.BatchIdentityPatch{Create: validCreateIdentityBody(t, \"too-many-patches\", i, false)}\n\t\t\t}\n\t\t\tres := send(t, adminTS, \"PATCH\", \"/identities\", http.StatusBadRequest,\n\t\t\t\t&identity.BatchPatchIdentitiesBody{Identities: tooMany})\n\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), strconv.Itoa(identity.BatchPatchIdentitiesLimit),\n\t\t\t\t\"the error reason should contain the limit\")\n\t\t})\n\t\tt.Run(\"case=fails with too many identity plain text password patches\", func(t *testing.T) {\n\t\t\ttooMany := make([]*identity.BatchIdentityPatch, identity.BatchPatchIdentitiesWithPasswordLimit+1)\n\t\t\tfor i := range tooMany {\n\t\t\t\ttooMany[i] = &identity.BatchIdentityPatch{Create: validCreateIdentityBody(t, \"too-many-patches\", i, true)}\n\t\t\t}\n\t\t\tres := send(t, adminTS, \"PATCH\", \"/identities\", http.StatusBadRequest,\n\t\t\t\t&identity.BatchPatchIdentitiesBody{Identities: tooMany})\n\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), strconv.Itoa(identity.BatchPatchIdentitiesWithPasswordLimit),\n\t\t\t\t\"the error reason should contain the limit\")\n\t\t})\n\t\tt.Run(\"case=fails some on a bad identity\", func(t *testing.T) {\n\t\t\t// Test setup: we have a list of valid identitiy patches and a list of invalid ones.\n\t\t\t// Each run adds one invalid patch to the list and sends it to the server.\n\t\t\t// --> we expect the server to fail only the bad patches in the list.\n\t\t\t// Finally, we send just valid patches\n\t\t\t// --> we expect the server to succeed all patches in the list.\n\n\t\t\tt.Run(\"case=invalid patches fail\", func(t *testing.T) {\n\t\t\t\tpatches := []*identity.BatchIdentityPatch{\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid\", 0, false)},\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid\", 1, false)},\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{}}, // <-- invalid: missing all fields\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid\", 2, false)},\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid\", 0, false)}, // <-- duplicate\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid\", 3, false)},\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{Traits: json.RawMessage(`\"invalid traits\"`)}}, // <-- invalid traits\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid\", 4, false)},\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{SchemaID: \"nonexistent_schema\", Traits: json.RawMessage(`{}`)}}, // <-- invalid schema ID\n\t\t\t\t}\n\t\t\t\texpectedToPass := []*identity.BatchIdentityPatch{patches[0], patches[1], patches[3], patches[5], patches[7]}\n\n\t\t\t\t// Create unique IDs for each patch\n\t\t\t\tpatchIDs := make([]string, len(patches))\n\t\t\t\tfor i, p := range patches {\n\t\t\t\t\tid := uuid.NewV5(uuid.Nil, fmt.Sprintf(\"%d\", i))\n\t\t\t\t\tp.ID = &id\n\t\t\t\t\tpatchIDs[i] = id.String()\n\t\t\t\t}\n\n\t\t\t\treq := &identity.BatchPatchIdentitiesBody{Identities: patches}\n\t\t\t\tbody := send(t, adminTS, \"PATCH\", \"/identities\", http.StatusOK, req)\n\t\t\t\tvar actions []string\n\t\t\t\trequire.NoErrorf(t, json.Unmarshal(([]byte)(body.Get(\"identities.#.action\").Raw), &actions), \"%s\", body)\n\t\t\t\tassert.Equalf(t,\n\t\t\t\t\t[]string{\"create\", \"create\", \"error\", \"create\", \"error\", \"create\", \"error\", \"create\", \"error\"},\n\t\t\t\t\tactions, \"%s\", body)\n\n\t\t\t\t// Check that all patch IDs are returned\n\t\t\t\tfor i, gotPatchID := range body.Get(\"identities.#.patch_id\").Array() {\n\t\t\t\t\tassert.Equal(t, patchIDs[i], gotPatchID.String())\n\t\t\t\t}\n\n\t\t\t\t// Check specific errors\n\t\t\t\tassert.Equal(t, \"Bad Request\", body.Get(\"identities.2.error.status\").String())\n\t\t\t\tassert.Equal(t, \"Conflict\", body.Get(\"identities.4.error.status\").String())\n\t\t\t\tassert.Equal(t, \"Bad Request\", body.Get(\"identities.6.error.status\").String())\n\t\t\t\tassert.Equal(t, \"Bad Request\", body.Get(\"identities.8.error.status\").String())\n\n\t\t\t\t// Check that error reasons are specific, not generic\n\t\t\t\tassert.NotEqualf(t, \"The request was malformed or contained invalid parameters\",\n\t\t\t\t\tbody.Get(\"identities.2.error.reason\").String(), \"error reason should be specific, not generic: %s\", body)\n\t\t\t\tassert.NotEqualf(t, \"The request was malformed or contained invalid parameters\",\n\t\t\t\t\tbody.Get(\"identities.6.error.reason\").String(), \"error reason should be specific, not generic: %s\", body)\n\t\t\t\tassert.Containsf(t, body.Get(\"identities.8.error.reason\").String(),\n\t\t\t\t\t\"Unable to find JSON Schema ID: nonexistent_schema\", \"error reason should mention the missing schema ID: %s\", body)\n\n\t\t\t\tvar identityIDs []uuid.UUID\n\t\t\t\trequire.NoErrorf(t, json.Unmarshal(([]byte)(body.Get(\"identities.#.identity\").Raw), &identityIDs), \"%s\", body)\n\n\t\t\t\tactualIdentities, _, err := reg.Persister().ListIdentities(t.Context(), identity.ListIdentityParameters{IdsFilter: identityIDs})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tactualIdentityIDs := make([]uuid.UUID, len(actualIdentities))\n\t\t\t\tfor i, id := range actualIdentities {\n\t\t\t\t\tactualIdentityIDs[i] = id.ID\n\t\t\t\t}\n\t\t\t\tassert.ElementsMatchf(t, identityIDs, actualIdentityIDs, \"%s\", body)\n\n\t\t\t\texpectedTraits := make(map[string]string, len(expectedToPass))\n\t\t\t\tfor i, p := range expectedToPass {\n\t\t\t\t\texpectedTraits[identityIDs[i].String()] = string(p.Create.Traits)\n\t\t\t\t}\n\t\t\t\tactualTraits := make(map[string]string, len(actualIdentities))\n\t\t\t\tfor _, id := range actualIdentities {\n\t\t\t\t\tactualTraits[id.ID.String()] = string(id.Traits)\n\t\t\t\t}\n\n\t\t\t\tassert.Equal(t, expectedTraits, actualTraits)\n\t\t\t})\n\n\t\t\tt.Run(\"case=per-item errors surface specific reasons\", func(t *testing.T) {\n\t\t\t\t// Regression test: batch endpoint must propagate specific error reasons\n\t\t\t\t// instead of replacing them with the generic herodot.ErrBadRequest message.\n\t\t\t\tuniqueSuffix := x.NewUUID().String()\n\t\t\t\tpatches := []*identity.BatchIdentityPatch{\n\t\t\t\t\t// 0: valid identity (should succeed)\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\t\tSchemaID: \"multiple_emails\",\n\t\t\t\t\t\tTraits: json.RawMessage(fmt.Sprintf(`{\"emails\":[\"specific-err-%s@ory.sh\"],\"username\":\"specific-err-%s@ory.sh\"}`, uniqueSuffix, uniqueSuffix)),\n\t\t\t\t\t\tState: \"active\",\n\t\t\t\t\t}},\n\t\t\t\t\t// 1: unknown schema ID\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\t\tSchemaID: \"user_v1\",\n\t\t\t\t\t\tTraits: json.RawMessage(`{\"email\":\"test@ory.com\"}`),\n\t\t\t\t\t}},\n\t\t\t\t\t// 2: another unknown schema ID\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\t\tSchemaID: \"completely_made_up\",\n\t\t\t\t\t\tTraits: json.RawMessage(`{}`),\n\t\t\t\t\t}},\n\t\t\t\t\t// 3: traits are not an object (schema validation error)\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\t\tSchemaID: \"employee\",\n\t\t\t\t\t\tTraits: json.RawMessage(`\"just a string\"`),\n\t\t\t\t\t}},\n\t\t\t\t\t// 4: empty body (missing schema defaults to \"default\", but no traits)\n\t\t\t\t\t{Create: &identity.CreateIdentityBody{}},\n\t\t\t\t}\n\n\t\t\t\treq := &identity.BatchPatchIdentitiesBody{Identities: patches}\n\t\t\t\tbody := send(t, adminTS, \"PATCH\", \"/identities\", http.StatusOK, req)\n\n\t\t\t\tvar actions []string\n\t\t\t\trequire.NoErrorf(t, json.Unmarshal([]byte(body.Get(\"identities.#.action\").Raw), &actions), \"%s\", body)\n\t\t\t\tassert.Equalf(t, []string{\"create\", \"error\", \"error\", \"error\", \"error\"}, actions, \"%s\", body)\n\n\t\t\t\tgenericReason := \"The request was malformed or contained invalid parameters\"\n\n\t\t\t\t// Index 1: unknown schema \"user_v1\"\n\t\t\t\tassert.Equalf(t, float64(400), body.Get(\"identities.1.error.code\").Float(), \"%s\", body)\n\t\t\t\tassert.Containsf(t, body.Get(\"identities.1.error.reason\").String(),\n\t\t\t\t\t\"Unable to find JSON Schema ID: user_v1\",\n\t\t\t\t\t\"expected specific schema-not-found reason: %s\", body)\n\n\t\t\t\t// Index 2: unknown schema \"completely_made_up\"\n\t\t\t\tassert.Equalf(t, float64(400), body.Get(\"identities.2.error.code\").Float(), \"%s\", body)\n\t\t\t\tassert.Containsf(t, body.Get(\"identities.2.error.reason\").String(),\n\t\t\t\t\t\"Unable to find JSON Schema ID: completely_made_up\",\n\t\t\t\t\t\"expected specific schema-not-found reason: %s\", body)\n\n\t\t\t\t// Index 3: traits type mismatch (schema validation)\n\t\t\t\tassert.Equalf(t, float64(400), body.Get(\"identities.3.error.code\").Float(), \"%s\", body)\n\t\t\t\tassert.NotEqualf(t, genericReason, body.Get(\"identities.3.error.reason\").String(),\n\t\t\t\t\t\"schema validation error should have a specific reason: %s\", body)\n\n\t\t\t\t// Index 4: empty body (schema validation)\n\t\t\t\tassert.Equalf(t, float64(400), body.Get(\"identities.4.error.code\").Float(), \"%s\", body)\n\t\t\t\tassert.NotEqualf(t, genericReason, body.Get(\"identities.4.error.reason\").String(),\n\t\t\t\t\t\"empty body error should have a specific reason: %s\", body)\n\t\t\t})\n\n\t\t\tt.Run(\"valid patches succeed\", func(t *testing.T) {\n\t\t\t\tvalidPatches := []*identity.BatchIdentityPatch{\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid-patch\", 0, false)},\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid-patch\", 1, false)},\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid-patch\", 2, false)},\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid-patch\", 3, false)},\n\t\t\t\t\t{Create: validCreateIdentityBody(t, \"valid-patch\", 4, false)},\n\t\t\t\t}\n\t\t\t\treq := &identity.BatchPatchIdentitiesBody{Identities: validPatches}\n\t\t\t\tsend(t, adminTS, \"PATCH\", \"/identities\", http.StatusOK, req)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=external_id conflict returns per-item error\", func(t *testing.T) {\n\t\t\t// Regression test for https://github.com/ory-corp/cloud/issues/10580\n\t\t\t// When batch-importing identities with external_id and the external_id\n\t\t\t// already exists, the endpoint should return a per-item conflict error\n\t\t\t// instead of a 500 SQL syntax error.\n\t\t\texternalID1 := \"ext-conflict-\" + x.NewUUID().String()\n\t\t\texternalID2 := \"ext-conflict-\" + x.NewUUID().String()\n\n\t\t\t// First call: create two identities with unique external_ids.\n\t\t\tfirstPatches := []*identity.BatchIdentityPatch{\n\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\tSchemaID: \"multiple_emails\",\n\t\t\t\t\tTraits: json.RawMessage(fmt.Sprintf(`{\"emails\":[\"first-a-%s@ory.sh\"],\"username\":\"first-a-%s@ory.sh\"}`, externalID1, externalID1)),\n\t\t\t\t\tExternalID: externalID1,\n\t\t\t\t\tState: \"active\",\n\t\t\t\t}},\n\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\tSchemaID: \"multiple_emails\",\n\t\t\t\t\tTraits: json.RawMessage(fmt.Sprintf(`{\"emails\":[\"first-b-%s@ory.sh\"],\"username\":\"first-b-%s@ory.sh\"}`, externalID2, externalID2)),\n\t\t\t\t\tExternalID: externalID2,\n\t\t\t\t\tState: \"active\",\n\t\t\t\t}},\n\t\t\t}\n\t\t\tres := send(t, adminTS, \"PATCH\", \"/identities\", http.StatusOK,\n\t\t\t\t&identity.BatchPatchIdentitiesBody{Identities: firstPatches})\n\t\t\tactions := res.Get(\"identities.#.action\").Array()\n\t\t\trequire.Len(t, actions, 2)\n\t\t\tassert.Equal(t, \"create\", actions[0].String())\n\t\t\tassert.Equal(t, \"create\", actions[1].String())\n\n\t\t\t// Second call: different traits/emails, but reuse the same external_ids.\n\t\t\t// The only conflict is on external_id.\n\t\t\tsecondPatches := []*identity.BatchIdentityPatch{\n\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\tSchemaID: \"multiple_emails\",\n\t\t\t\t\tTraits: json.RawMessage(fmt.Sprintf(`{\"emails\":[\"second-a-%s@ory.sh\"],\"username\":\"second-a-%s@ory.sh\"}`, externalID1, externalID1)),\n\t\t\t\t\tExternalID: externalID1,\n\t\t\t\t\tState: \"active\",\n\t\t\t\t}},\n\t\t\t\t{Create: &identity.CreateIdentityBody{\n\t\t\t\t\tSchemaID: \"multiple_emails\",\n\t\t\t\t\tTraits: json.RawMessage(fmt.Sprintf(`{\"emails\":[\"second-b-%s@ory.sh\"],\"username\":\"second-b-%s@ory.sh\"}`, externalID2, externalID2)),\n\t\t\t\t\tExternalID: externalID2,\n\t\t\t\t\tState: \"active\",\n\t\t\t\t}},\n\t\t\t}\n\t\t\tres = send(t, adminTS, \"PATCH\", \"/identities\", http.StatusOK,\n\t\t\t\t&identity.BatchPatchIdentitiesBody{Identities: secondPatches})\n\t\t\tactions = res.Get(\"identities.#.action\").Array()\n\t\t\trequire.Lenf(t, actions, 2, \"%s\", res.Raw)\n\t\t\tassert.Equalf(t, \"error\", actions[0].String(), \"expected conflict error for duplicate external_id: %s\", res.Raw)\n\t\t\tassert.Equalf(t, \"Conflict\", res.Get(\"identities.0.error.status\").String(), \"%s\", res.Raw)\n\t\t\tassert.Equalf(t, \"error\", actions[1].String(), \"expected conflict error for duplicate external_id: %s\", res.Raw)\n\t\t\tassert.Equalf(t, \"Conflict\", res.Get(\"identities.1.error.status\").String(), \"%s\", res.Raw)\n\t\t})\n\n\t\tt.Run(\"case=ignores create nil bodies\", func(t *testing.T) {\n\t\t\tpatches := []*identity.BatchIdentityPatch{\n\t\t\t\t{Create: nil},\n\t\t\t\t{Create: validCreateIdentityBody(t, \"nil-batch-import\", 0, false)},\n\t\t\t\t{Create: nil},\n\t\t\t\t{Create: validCreateIdentityBody(t, \"nil-batch-import\", 1, false)},\n\t\t\t\t{Create: nil},\n\t\t\t\t{Create: validCreateIdentityBody(t, \"nil-batch-import\", 2, false)},\n\t\t\t\t{Create: nil},\n\t\t\t\t{Create: validCreateIdentityBody(t, \"nil-batch-import\", 3, false)},\n\t\t\t\t{Create: nil},\n\t\t\t}\n\t\t\treq := &identity.BatchPatchIdentitiesBody{Identities: patches}\n\t\t\tres := send(t, adminTS, \"PATCH\", \"/identities\", http.StatusOK, req)\n\t\t\tassert.Len(t, res.Get(\"identities\").Array(), len(patches))\n\t\t\tassert.Equal(t, \"null\", res.Get(\"identities.0\").Raw)\n\t\t\tassert.Equal(t, \"null\", res.Get(\"identities.2\").Raw)\n\t\t\tassert.Equal(t, \"null\", res.Get(\"identities.4\").Raw)\n\t\t\tassert.Equal(t, \"null\", res.Get(\"identities.6\").Raw)\n\t\t\tassert.Equal(t, \"null\", res.Get(\"identities.8\").Raw)\n\t\t})\n\n\t\tt.Run(\"case=success\", func(t *testing.T) {\n\t\t\tpatches := []*identity.BatchIdentityPatch{\n\t\t\t\t{Create: validCreateIdentityBody(t, \"Batch-Import\", 0, false)},\n\t\t\t\t{Create: validCreateIdentityBody(t, \"batch-import\", 1, false)},\n\t\t\t\t{Create: validCreateIdentityBody(t, \"batch-import\", 2, false)},\n\t\t\t\t{Create: validCreateIdentityBody(t, \"batch-import\", 3, false)},\n\t\t\t}\n\t\t\treq := &identity.BatchPatchIdentitiesBody{Identities: patches}\n\t\t\tres := send(t, adminTS, \"PATCH\", \"/identities\", http.StatusOK, req)\n\n\t\t\tassert.Len(t, res.Get(\"identities\").Array(), len(patches))\n\n\t\t\tfor i, patch := range patches {\n\t\t\t\tt.Run(fmt.Sprintf(\"assert=identity %d\", i), func(t *testing.T) {\n\t\t\t\t\tidentityID := res.Get(fmt.Sprintf(\"identities.%d.identity\", i)).String()\n\t\t\t\t\trequire.NotEmpty(t, identityID)\n\n\t\t\t\t\tres := get(t, adminTS, \"/identities/\"+identityID, http.StatusOK)\n\t\t\t\t\tsnapshotx.SnapshotT(t, res.Value(), snapshotx.ExceptNestedKeys(\n\t\t\t\t\t\t// All these keys change randomly, so we need to test them individually below\n\t\t\t\t\t\t\"id\", \"schema_url\",\n\t\t\t\t\t\t\"created_at\", \"updated_at\", \"state_changed_at\",\n\t\t\t\t\t\t\"verifiable_addresses\", \"recovery_addresses\", \"identifiers\"))\n\n\t\t\t\t\temails := gjson.Parse(strings.ToLower(gjson.GetBytes(patch.Create.Traits, \"emails\").Raw))\n\t\t\t\t\tassert.Equal(t, identityID, res.Get(\"id\").String())\n\t\t\t\t\tassert.EqualValues(t, patch.Create.Traits, res.Get(\"traits\").Raw)\n\t\t\t\t\tassertJSONArrayElementsMatch(t, emails, res.Get(\"credentials.password.identifiers\"))\n\t\t\t\t\tassertJSONArrayElementsMatch(t, emails, res.Get(\"recovery_addresses.#.value\"))\n\t\t\t\t\tassertJSONArrayElementsMatch(t, emails, res.Get(\"verifiable_addresses.#.value\"))\n\n\t\t\t\t\t// Test that the verified addresses are imported correctly\n\t\t\t\t\tassert.Len(t, res.Get(\"verifiable_addresses.#(verified=true)#\").Array(), 2)\n\t\t\t\t\tassert.Len(t, res.Get(\"verifiable_addresses.#(verified=false)#\").Array(), 2)\n\t\t\t\t\tassert.Len(t, res.Get(\"verifiable_addresses.#(status=pending)#\").Array(), 2)\n\t\t\t\t\tassert.Len(t, res.Get(\"verifiable_addresses.#(status=sent)#\").Array(), 1)\n\t\t\t\t\tassert.Len(t, res.Get(\"verifiable_addresses.#(status=completed)#\").Array(), 1)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t})\n\n\tt.Run(\"case=PATCH update of state should update state changed at timestamp\", func(t *testing.T) {\n\t\tid := x.NewUUID().String()\n\t\temail := \"UPPER\" + id + \"@ory.sh\"\n\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\": %q, \"email\": %q}`, id, email))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/state\", \"value\": identity.StateInactive},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK, &patch)\n\t\t\t\tassert.EqualValues(t, id, res.Get(\"traits.subject\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"traits.email\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_admin.admin\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_public.public\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateInactive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, id, res.Get(\"traits.subject\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"traits.email\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_admin.admin\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_public.public\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateInactive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH update external_id\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tid := x.NewUUID().String()\n\t\t\texternalID1 := x.NewUUID().String()\n\t\t\texternalID2 := x.NewUUID().String()\n\t\t\temail := \"UPPER\" + id + \"@ory.sh\"\n\t\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\": %q, \"email\": %q}`, id, email))}\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\tassert.Empty(t, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\n\t\t\t\tt.Run(\"set external_id works\", func(t *testing.T) {\n\t\t\t\t\tres = send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK,\n\t\t\t\t\t\t&[]patch{{\"op\": \"replace\", \"path\": \"/external_id\", \"value\": externalID1}})\n\t\t\t\t\tassert.EqualValues(t, externalID1, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\tassert.EqualValues(t, externalID1, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tres = get(t, ts, \"/identities/by/external/\"+externalID1, http.StatusOK)\n\t\t\t\t\tassert.EqualValues(t, externalID1, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"set external_id to empty clears it\", func(t *testing.T) {\n\t\t\t\t\tres = send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK,\n\t\t\t\t\t\t&[]patch{{\"op\": \"replace\", \"path\": \"/external_id\", \"value\": \"\"}})\n\t\t\t\t\tassert.Empty(t, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\tassert.Empty(t, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tres = get(t, ts, \"/identities/by/external/\"+externalID1, http.StatusNotFound)\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"set external_id again works\", func(t *testing.T) {\n\t\t\t\t\tres = send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK,\n\t\t\t\t\t\t&[]patch{{\"op\": \"replace\", \"path\": \"/external_id\", \"value\": externalID2}})\n\t\t\t\t\tassert.EqualValues(t, externalID2, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\tassert.EqualValues(t, externalID2, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t\tres = get(t, ts, \"/identities/by/external/\"+externalID2, http.StatusOK)\n\t\t\t\t\tassert.EqualValues(t, externalID2, res.Get(\"external_id\").String(), \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH update with uppercase emails should work\", func(t *testing.T) {\n\t\t// Regression test for https://github.com/ory/kratos/issues/3187\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\temail := \"UPPER\" + x.NewUUID().String() + \"@ory.sh\"\n\t\t\t\tlowercaseEmail := strings.ToLower(email)\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + email + `\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\t\t\t\tassert.EqualValues(t, lowercaseEmail, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, lowercaseEmail, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tidentityID := res.Get(\"id\").String()\n\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\n\t\t\t\t\t\t\"op\": \"replace\",\n\t\t\t\t\t\t\"path\": \"/verifiable_addresses/0/verified\",\n\t\t\t\t\t\t\"value\": true,\n\t\t\t\t\t},\n\t\t\t\t}\n\n\t\t\t\tres = send(t, ts, \"PATCH\", \"/identities/\"+identityID, http.StatusOK, &patch)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"traits.email\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_admin.admin\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_public.public\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+identityID, http.StatusOK)\n\t\t\t\tassert.EqualValues(t, identityID, res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"traits.email\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_admin.admin\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_public.public\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should update verified_at timestamp\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\temail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + email + `\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Falsef(t, res.Get(\"verifiable_addresses.0.verified\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.Falsef(t, res.Get(\"verifiable_addresses.0.verified_at\").Exists(), \"%s\", res.Raw)\n\t\t\t\tidentityID := res.Get(\"id\").String()\n\n\t\t\t\t// set to verified, should also update verified_at timestamp\n\t\t\t\tpatch1 := []patch{\n\t\t\t\t\t{\n\t\t\t\t\t\t\"op\": \"replace\",\n\t\t\t\t\t\t\"path\": \"/verifiable_addresses/0/verified\",\n\t\t\t\t\t\t\"value\": true,\n\t\t\t\t\t},\n\t\t\t\t}\n\n\t\t\t\tnow := time.Now()\n\n\t\t\t\tres = send(t, ts, \"PATCH\", \"/identities/\"+identityID, http.StatusOK, &patch1)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Truef(t, res.Get(\"verifiable_addresses.0.verified\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.updated_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.verified_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+identityID, http.StatusOK)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Truef(t, res.Get(\"verifiable_addresses.0.verified\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.updated_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.verified_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\n\t\t\t\t// update only verified_at timestamp\n\t\t\t\tverifiedAt := time.Date(1999, 1, 7, 8, 23, 19, 0, time.UTC)\n\t\t\t\tpatch2 := []patch{\n\t\t\t\t\t{\n\t\t\t\t\t\t\"op\": \"replace\",\n\t\t\t\t\t\t\"path\": \"/verifiable_addresses/0/verified_at\",\n\t\t\t\t\t\t\"value\": verifiedAt.Format(time.RFC3339),\n\t\t\t\t\t},\n\t\t\t\t}\n\n\t\t\t\tnow = time.Now()\n\t\t\t\tres = send(t, ts, \"PATCH\", \"/identities/\"+identityID, http.StatusOK, &patch2)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Truef(t, res.Get(\"verifiable_addresses.0.verified\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.Equalf(t, verifiedAt, res.Get(\"verifiable_addresses.0.verified_at\").Time(), \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.updated_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+identityID, http.StatusOK)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Truef(t, res.Get(\"verifiable_addresses.0.verified\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.Equalf(t, verifiedAt, res.Get(\"verifiable_addresses.0.verified_at\").Time(), \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.updated_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\n\t\t\t\t// remove verified status\n\t\t\t\tpatch3 := []patch{\n\t\t\t\t\t{\n\t\t\t\t\t\t\"op\": \"replace\",\n\t\t\t\t\t\t\"path\": \"/verifiable_addresses/0/verified\",\n\t\t\t\t\t\t\"value\": false,\n\t\t\t\t\t},\n\t\t\t\t}\n\n\t\t\t\tnow = time.Now()\n\n\t\t\t\tres = send(t, ts, \"PATCH\", \"/identities/\"+identityID, http.StatusOK, &patch3)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Falsef(t, res.Get(\"verifiable_addresses.0.verified\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.Falsef(t, res.Get(\"verifiable_addresses.0.verified_at\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.updated_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+identityID, http.StatusOK)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, email, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Falsef(t, res.Get(\"verifiable_addresses.0.verified\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.Falsef(t, res.Get(\"verifiable_addresses.0.verified_at\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.WithinDurationf(t, now, res.Get(\"verifiable_addresses.0.updated_at\").Time(), 5*time.Second, \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH update should not persist if schema id is invalid\", func(t *testing.T) {\n\t\tsub := x.NewUUID().String()\n\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, sub))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/schema_id\", \"value\": \"invalid-id\"},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusBadRequest, &patch)\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), \"invalid-id\", \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t// Assert that the schema ID is unchanged\n\t\t\t\tassert.EqualValues(t, i.SchemaID, res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, sub, res.Get(\"traits.subject\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_admin.admin\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_public.public\").Exists(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH update should not persist if invalid state is supplied\", func(t *testing.T) {\n\t\tsub := x.NewUUID().String()\n\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, sub))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/state\", \"value\": \"invalid-value\"},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusBadRequest, &patch)\n\t\t\t\tassert.EqualValues(t, \"The supplied state ('invalid-value') was not valid. Valid states are ('active', 'inactive').\", res.Get(\"error.reason\").String(), \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t// Assert that the schema ID is unchanged\n\t\t\t\tassert.EqualValues(t, i.SchemaID, res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, sub, res.Get(\"traits.subject\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_admin.admin\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.False(t, res.Get(\"metadata_public.public\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH update should update nested fields\", func(t *testing.T) {\n\t\tsub := x.NewUUID().String()\n\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, sub))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/traits/subject\", \"value\": \"patched-subject\"},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK, &patch)\n\t\t\t\tassert.EqualValues(t, \"patched-subject\", res.Get(\"traits.subject\").String(), \"%s\", res.Raw)\n\n\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t// Assert that the schema ID is unchanged\n\t\t\t\tassert.EqualValues(t, i.SchemaID, res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"patched-subject\", res.Get(\"traits.subject\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should fail if no JSON payload is sent\", func(t *testing.T) {\n\t\tsub := x.NewUUID().String()\n\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, sub))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusBadRequest, nil)\n\t\t\t\tassert.Equal(t, res.Get(\"error.message\").Str, \"invalid state detected\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should fail if credentials are updated\", func(t *testing.T) {\n\t\tsub := x.NewUUID().String()\n\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, sub))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/credentials\", \"value\": \"patched-credentials\"},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusBadRequest, &patch)\n\n\t\t\t\tassert.EqualValues(t, \"patch includes denied path: /credentials\", res.Get(\"error.message\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should fail if credential orgs are updated\", func(t *testing.T) {\n\t\temail := x.NewUUID().String() + \"@ory.sh\"\n\t\ti := &identity.Identity{Traits: identity.Traits(`{\"email\":\"` + email + `\"}`)}\n\t\ti.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\tIdentifiers: []string{email},\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"provider\": \"some-provider\"}]}`),\n\t\t})\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/credentials/oidc/config/providers/0/organization\", \"value\": \"foo\"},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusBadRequest, &patch)\n\n\t\t\t\tassert.EqualValues(t, \"patch includes denied path: /credentials/oidc/config/providers/0/organization\", res.Get(\"error.message\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should allow to update credential password\", func(t *testing.T) {\n\t\temail := uuid.NewV5(uuid.Nil, t.Name()).String() + \"@ory.sh\"\n\t\ti := &identity.Identity{Traits: identity.Traits(`{\"email\":\"` + email + `\"}`)}\n\t\ti.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\t\tType: identity.CredentialsTypePassword,\n\t\t\tIdentifiers: []string{email},\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\": \"secret\", \"some-random-key\":\" some-random-value\"}`),\n\t\t})\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*i), snapshotx.ExceptNestedKeys(ignoreDefault...))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/credentials/password/config/hashed_password\", \"value\": \"foo\"},\n\t\t\t\t}\n\n\t\t\t\tsend(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK, &patch)\n\n\t\t\t\tupdated, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), i.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, \"foo\",\n\t\t\t\t\tgjson.GetBytes(updated.Credentials[identity.CredentialsTypePassword].Config, \"hashed_password\").String())\n\t\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*updated), snapshotx.ExceptNestedKeys(ignoreDefault...))\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should not invalidate credentials ory/cloud#148\", func(t *testing.T) {\n\t\t// see https://github.com/ory/cloud/issues/148\n\n\t\tcreateCredentials := func(t *testing.T) (*identity.Identity, string, string) {\n\t\t\tt.Helper()\n\t\t\temail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\tpassword := \"ljanf123akf\"\n\t\t\tp, err := reg.Hasher(t.Context()).Generate(context.Background(), []byte(password))\n\t\t\trequire.NoError(t, err)\n\t\t\ti := &identity.Identity{Traits: identity.Traits(`{\"email\":\"` + email + `\"}`)}\n\t\t\ti.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\tIdentifiers: []string{email},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"` + string(p) + `\"}`),\n\t\t\t})\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\t\t\treturn i, email, password\n\t\t}\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\ti, email, password := createCredentials(t)\n\t\t\t\tvalues := func(v url.Values) {\n\t\t\t\t\tv.Set(\"identifier\", email)\n\t\t\t\t\tv.Set(\"password\", password)\n\t\t\t\t}\n\n\t\t\t\t// verify login works initially\n\t\t\t\tloginResponse := testhelpers.SubmitLoginForm(t, true, ts.Client(), ts, values, false, true, 200, \"\")\n\t\t\t\trequire.NotEmpty(t, gjson.Get(loginResponse, \"session_token\").String(), \"expected to find a session token, found none\")\n\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/metadata_public\", \"value\": map[string]string{\"role\": \"user\"}},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK, &patch)\n\t\t\t\tassert.EqualValues(t, \"user\", res.Get(\"metadata_public.role\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.NotEqualValues(t, i.StateChangedAt, sqlxx.NullTime(res.Get(\"state_changed_at\").Time()), \"%s\", res.Raw)\n\n\t\t\t\tloginResponse = testhelpers.SubmitLoginForm(t, true, ts.Client(), ts, values, false, true, 200, \"\")\n\t\t\t\tmsgs := gjson.Get(loginResponse, \"ui.messages\")\n\t\t\t\trequire.Empty(t, msgs.Array(), \"expected to find no messages: %s\", msgs.String())\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should update metadata_admin correctly\", func(t *testing.T) {\n\t\ti := &identity.Identity{Traits: identity.Traits(fmt.Sprintf(`{\"subject\":\"%s\"}`, x.NewUUID().String()))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"add\", \"path\": \"/metadata_admin\", \"value\": \"metadata admin\"},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK, &patch)\n\n\t\t\t\tassert.True(t, res.Get(\"metadata_admin\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"metadata admin\", res.Get(\"metadata_admin\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=PATCH should update nested metadata_admin fields correctly\", func(t *testing.T) {\n\t\tid := x.NewUUID().String()\n\t\ti := &identity.Identity{MetadataAdmin: sqlxx.NullJSONRawMessage(fmt.Sprintf(`{\"id\": \"%s\", \"allowed\": true}`, id))}\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), i))\n\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tpatch := []patch{\n\t\t\t\t\t{\"op\": \"replace\", \"path\": \"/metadata_admin/allowed\", \"value\": \"false\"},\n\t\t\t\t}\n\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/\"+i.ID.String(), http.StatusOK, &patch)\n\n\t\t\t\tassert.True(t, res.Get(\"metadata_admin.allowed\").Exists(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, false, res.Get(\"metadata_admin.allowed\").Bool(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, id, res.Get(\"metadata_admin.id\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should return entity with credentials metadata\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t// create identity with credentials\n\t\t\t\ti := identity.NewIdentity(\"\")\n\t\t\t\ti.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"secret\":\"pst\"}`),\n\t\t\t\t})\n\t\t\t\ti.Traits = identity.Traits(\"{}\")\n\n\t\t\t\trequire.NoError(t, reg.Persister().CreateIdentity(context.Background(), i))\n\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.True(t, res.Get(\"credentials\").Exists())\n\t\t\t\t// Should contain changed date\n\t\t\t\tassert.True(t, res.Get(\"credentials.password.updated_at\").Exists())\n\t\t\t\t// Should not contain secrets\n\t\t\t\tassert.False(t, res.Get(\"credentials.password.config\").Exists())\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should not be able to create an identity with an invalid schema\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"unknown\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusBadRequest, &cr)\n\t\t\t\tassert.Contains(t, res.Raw, \"unknown\")\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should not be able to create an identity with an invalid state\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\"}`)\n\t\t\t\tcr.State = \"invalid-state\"\n\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusBadRequest, &cr)\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), `identity state is not valid`, \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create an identity with a different schema\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\"}`)\n\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\t\t\t\tassert.JSONEq(t, string(cr.Traits), res.Get(\"traits\").Raw, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"employee\", res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, mockServerURL.String()+\"/schemas/ZW1wbG95ZWU\", res.Get(\"schema_url\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create an identity with an explicit active state\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\"}`)\n\t\t\t\tcr.State = identity.StateActive\n\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\t\t\t\tassert.JSONEq(t, string(cr.Traits), res.Get(\"traits\").Raw, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"employee\", res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateActive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, mockServerURL.String()+\"/schemas/ZW1wbG95ZWU\", res.Get(\"schema_url\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create an identity with an explicit inactive state\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\"}`)\n\t\t\t\tcr.State = identity.StateInactive\n\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\t\t\t\tassert.JSONEq(t, string(cr.Traits), res.Get(\"traits\").Raw, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"employee\", res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, identity.StateInactive, res.Get(\"state\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, mockServerURL.String()+\"/schemas/ZW1wbG95ZWU\", res.Get(\"schema_url\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should create and sync metadata and update privileged traits\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\toriginalEmail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + originalEmail + `\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\t\t\t\tassert.EqualValues(t, originalEmail, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, originalEmail, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\n\t\t\t\tid := res.Get(\"id\").String()\n\t\t\t\tupdatedEmail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\t\tres = send(t, ts, \"PUT\", \"/identities/\"+id, http.StatusOK, &identity.UpdateIdentityBody{\n\t\t\t\t\tTraits: []byte(`{\"email\":\"` + updatedEmail + `\", \"department\": \"ory\"}`),\n\t\t\t\t})\n\n\t\t\t\tassert.EqualValues(t, \"employee\", res.Get(\"schema_id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, mockServerURL.String()+\"/schemas/ZW1wbG95ZWU\", res.Get(\"schema_url\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, updatedEmail, res.Get(\"traits.email\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, \"ory\", res.Get(\"traits.department\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, updatedEmail, res.Get(\"recovery_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, updatedEmail, res.Get(\"verifiable_addresses.0.value\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should update the schema id and fail because traits are invalid\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\", \"department\": \"ory\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\n\t\t\t\tid := res.Get(\"id\").String()\n\t\t\t\tres = send(t, ts, \"PUT\", \"/identities/\"+id, http.StatusBadRequest, &identity.UpdateIdentityBody{\n\t\t\t\t\tSchemaID: \"customer\",\n\t\t\t\t\tTraits: cr.Traits,\n\t\t\t\t})\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), `additionalProperties \"department\" not allowed`, \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should fail to update identity if state is invalid\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\", \"department\": \"ory\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\n\t\t\t\tid := res.Get(\"id\").String()\n\t\t\t\tres = send(t, ts, \"PUT\", \"/identities/\"+id, http.StatusBadRequest, &identity.UpdateIdentityBody{\n\t\t\t\t\tState: \"invalid-state\",\n\t\t\t\t\tTraits: []byte(`{\"email\":\"` + faker.Email() + `\", \"department\": \"ory\"}`),\n\t\t\t\t})\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), `identity state is not valid`, \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should update the schema id\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\", \"department\": \"ory\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\n\t\t\t\tid := res.Get(\"id\").String()\n\t\t\t\tres = send(t, ts, \"PUT\", \"/identities/\"+id, http.StatusOK, &identity.UpdateIdentityBody{\n\t\t\t\t\tSchemaID: \"customer\",\n\t\t\t\t\tTraits: []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\", \"address\": \"ory street\"}`),\n\t\t\t\t})\n\t\t\t\tassert.EqualValues(t, \"ory street\", res.Get(\"traits.address\").String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should be able to update multiple identities\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tfor i := 0; i <= 5; i++ {\n\t\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\t\tcr.Traits = []byte(`{\"department\": \"ory\"}`)\n\t\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\n\t\t\t\t\tid := res.Get(\"id\").String()\n\t\t\t\t\t_ = send(t, ts, \"PUT\", \"/identities/\"+id, http.StatusOK, &identity.UpdateIdentityBody{\n\t\t\t\t\t\tSchemaID: \"employee\",\n\t\t\t\t\t\tTraits: []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\"}`),\n\t\t\t\t\t})\n\n\t\t\t\t\t_ = send(t, ts, \"PUT\", \"/identities/\"+id, http.StatusOK, &identity.UpdateIdentityBody{\n\t\t\t\t\t\tSchemaID: \"employee\",\n\t\t\t\t\t\tTraits: []byte(`{}`),\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should fail to update identity if input json is empty or json file does not exist\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tvar cr identity.CreateIdentityBody\n\t\t\t\tcr.SchemaID = \"employee\"\n\t\t\t\tcr.Traits = []byte(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\", \"department\": \"ory\"}`)\n\t\t\t\tres := send(t, ts, \"POST\", \"/identities\", http.StatusCreated, &cr)\n\n\t\t\t\tid := res.Get(\"id\").String()\n\t\t\t\tres = send(t, ts, \"PUT\", \"/identities/\"+id, http.StatusBadRequest, nil)\n\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), `Unable to decode HTTP Request Body because its HTTP `+\n\t\t\t\t\t`Header \"Content-Length\" is zero`, \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should list all identities\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := get(t, ts, \"/identities\", http.StatusOK)\n\t\t\t\tassert.Empty(t, res.Get(\"#.credentials\").Array(), \"credentials config should be omitted\")\n\t\t\t\tassert.Equal(t, res.Get(\"#\").Int(), res.Get(\"#.metadata_public|#\").Int(), \"metadata_public config should be included\")\n\t\t\t\tassert.Equal(t, res.Get(\"#\").Int(), res.Get(\"#.metadata_admin|#\").Int(), \"metadata_admin config should be included\")\n\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(`#(traits.bar==\"baz\").traits.bar`).String())\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"organizations\", func(t *testing.T) {\n\t\tt.Run(\"case=should list organization identities\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\torgID := uuid.Must(uuid.NewV4())\n\t\t\t\t\temail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), &identity.Identity{\n\t\t\t\t\t\tTraits: identity.Traits(`{\"email\":\"` + email + `\"}`),\n\t\t\t\t\t\tOrganizationID: uuid.NullUUID{UUID: orgID, Valid: true},\n\t\t\t\t\t}))\n\n\t\t\t\t\tres := get(t, ts, \"/identities?organization_id=\"+orgID.String(), http.StatusOK)\n\t\t\t\t\tassert.Len(t, res.Array(), 1)\n\t\t\t\t\tassert.EqualValues(t, email, res.Get(`0.traits.email`).String(), \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=malformed organization id should return an error\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tres := get(t, ts, \"/identities?organization_id=not-a-uuid\", http.StatusBadRequest)\n\t\t\t\t\tassert.Contains(t, res.Get(\"error.reason\").String(), \"Invalid UUID value `not-a-uuid` for parameter `organization_id`.\", \"%s\", res.Raw)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=unknown organization id should return an empty list\", func(t *testing.T) {\n\t\t\tfor name, ts := range map[string]*httptest.Server{\"admin\": adminTS} {\n\t\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\t\tid := x.NewUUID()\n\t\t\t\t\tres := get(t, ts, \"/identities?organization_id=\"+id.String(), http.StatusOK)\n\t\t\t\t\tassert.Empty(t, res.Array())\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t})\n\n\tt.Run(\"case=should list all identities with credentials\", func(t *testing.T) {\n\t\tt.Run(\"include_credential=oidc should include OIDC credentials config\", func(t *testing.T) {\n\t\t\tres := get(t, adminTS, \"/identities?include_credential=oidc\", http.StatusOK)\n\t\t\trequire.True(t, res.IsArray())\n\t\t\trequire.GreaterOrEqual(t, len(res.Array()), 2)\n\t\t\tvar foundOIDC, foundSAML bool\n\t\t\tfor _, id := range res.Array() {\n\t\t\t\tif id.Get(\"credentials.oidc.identifiers.0\").Str == \"bar:foo.oidc@bar.com\" {\n\t\t\t\t\tfoundOIDC = true\n\t\t\t\t\tsnapshotx.SnapshotT(t, id.Get(\"credentials.oidc.config\").String())\n\t\t\t\t}\n\t\t\t\tif id.Get(\"credentials.saml.identifiers.0\").Str == \"bar:foo.saml@bar.com\" {\n\t\t\t\t\tfoundSAML = true\n\t\t\t\t\tassert.False(t, id.Get(\"credentials.saml.config\").Exists(), \"SAML config is not included\")\n\t\t\t\t}\n\t\t\t}\n\t\t\tassert.True(t, foundOIDC, \"OIDC credential included\")\n\t\t\tassert.True(t, foundSAML, \"SAML credential included\")\n\t\t})\n\n\t\tt.Run(\"include_credential=saml should not include SAML tokens\", func(t *testing.T) {\n\t\t\tres := get(t, adminTS, \"/identities?include_credential=saml\", http.StatusOK)\n\t\t\tsamlProviders := res.Get(\"#.credentials.saml.config.providers|@flatten\")\n\t\t\tassert.Greaterf(t, samlProviders.Get(\"#.subject|#\").Int(), int64(0), \"SAML config should contain subject: %s\", samlProviders.Raw)\n\t\t\tassert.Zerof(t, res.Get(\"#.initial_id_token|#\").Int(), \"SAML config should not contain initial_id_token: %s\", samlProviders.Raw)\n\t\t})\n\t\tt.Run(\"include_credential=totp should not include OIDC credentials config\", func(t *testing.T) {\n\t\t\tres := get(t, adminTS, \"/identities?include_credential=totp\", http.StatusOK)\n\t\t\tassert.Empty(t, res.Get(\"#.credentials.oidc.config\").Array(), \"OIDC config should not be included\")\n\t\t\tassert.Empty(t, res.Get(\"#.credentials.saml.config\").Array(), \"SAML config should not be included\")\n\t\t})\n\t})\n\n\tt.Run(\"case=should not be able to list all identities with credentials due to wrong credentials type\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := get(t, ts, \"/identities?include_credential=XYZ\", http.StatusBadRequest)\n\t\t\t\tassert.Contains(t, res.Get(\"error.message\").String(), \"The request was malformed or contained invalid parameters\", \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should list all identities with eventual consistency\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := get(t, ts, \"/identities?consistency=eventual\", http.StatusOK)\n\t\t\t\tassert.EqualValues(t, \"baz\", res.Get(`#(traits.bar==\"baz\").traits.bar`).String(), \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should not be able to update an identity that does not exist yet\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := send(t, ts, \"PUT\", \"/identities/not-found\", http.StatusNotFound, json.RawMessage(`{\"traits\": {\"bar\":\"baz\"}}`))\n\t\t\t\tassert.Contains(t, res.Get(\"error.message\").String(), \"Unable to locate the resource\", \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should not be able to patch an identity that does not exist yet\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tres := send(t, ts, \"PATCH\", \"/identities/not-found\", http.StatusNotFound, json.RawMessage(`{\"traits\": {\"bar\":\"baz\"}}`))\n\t\t\t\tassert.Contains(t, res.Get(\"error.message\").String(), \"Unable to locate the resource\", \"%s\", res.Raw)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should return 404 for non-existing identities\", func(t *testing.T) {\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"endpoint=\"+name, func(t *testing.T) {\n\t\t\t\tremove(t, ts, \"/identities/\"+x.NewUUID().String(), http.StatusNotFound)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=should delete credential of a specific user and no longer be able to retrieve it\", func(t *testing.T) {\n\t\ttype M = map[identity.CredentialsType]identity.Credentials\n\t\tcreateIdentity := func(creds M) func(*testing.T) *identity.Identity {\n\t\t\treturn func(t *testing.T) *identity.Identity {\n\t\t\t\ti := identity.NewIdentity(\"\")\n\t\t\t\tfor k, v := range creds {\n\t\t\t\t\tv.Type = k\n\t\t\t\t\tcreds[k] = v\n\t\t\t\t}\n\t\t\t\ti.Credentials = creds\n\t\t\t\ti.Traits = identity.Traits(\"{}\")\n\t\t\t\trequire.NoError(t, reg.Persister().CreateIdentity(context.Background(), i))\n\t\t\t\treturn i\n\t\t\t}\n\t\t}\n\t\tfor name, ts := range map[string]*httptest.Server{\"public\": publicTS, \"admin\": adminTS} {\n\t\t\tt.Run(\"type=remove unknown identity/\"+name, func(t *testing.T) {\n\t\t\t\tremove(t, ts, \"/identities/\"+x.NewUUID().String()+\"/credentials/azerty\", http.StatusNotFound)\n\t\t\t})\n\t\t\tt.Run(\"type=remove unknown type/\"+name, func(t *testing.T) {\n\t\t\t\ti := createIdentity(M{\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tConfig: []byte(`{\"hashed_password\":\"some_valid_hash\"}`),\n\t\t\t\t\t\tIdentifiers: []string{x.NewUUID().String()},\n\t\t\t\t\t},\n\t\t\t\t})(t)\n\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/azerty\", http.StatusNotFound)\n\t\t\t})\n\t\t\tt.Run(\"type=deny to remove password type/\"+name, func(t *testing.T) {\n\t\t\t\ti := createIdentity(M{\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tConfig: []byte(`{\"hashed_password\":\"some_valid_hash\"}`),\n\t\t\t\t\t\tIdentifiers: []string{x.NewUUID().String()},\n\t\t\t\t\t},\n\t\t\t\t})(t)\n\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/password\", http.StatusBadRequest)\n\t\t\t})\n\t\t\tt.Run(\"type=allow to remove password type/\"+name, func(t *testing.T) {\n\t\t\t\tsub := x.NewUUID().String()\n\t\t\t\tpwIdentifier := x.NewUUID().String()\n\t\t\t\ti := createIdentity(M{\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tConfig: []byte(`{\"hashed_password\":\"some_valid_hash\"}`),\n\t\t\t\t\t\tIdentifiers: []string{pwIdentifier},\n\t\t\t\t\t},\n\t\t\t\t\tidentity.CredentialsTypeOIDC: {\n\t\t\t\t\t\tConfig: []byte(fmt.Sprintf(`{\"providers\":[{\"subject\":\"%s\",\"provider\":\"gh\"}]}`, sub)),\n\t\t\t\t\t\tIdentifiers: []string{identity.OIDCUniqueID(\"gh\", sub)},\n\t\t\t\t\t},\n\t\t\t\t})(t)\n\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/password\", http.StatusNoContent)\n\t\t\t\tactual, creds, err := reg.PrivilegedIdentityPool().FindByCredentialsIdentifier(t.Context(), identity.CredentialsTypePassword, pwIdentifier)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, \"{}\", string(creds.Config))\n\t\t\t\tassert.Equal(t, i.ID, actual.ID)\n\t\t\t})\n\t\t\tt.Run(\"type=remove oidc type/\"+name, func(t *testing.T) {\n\t\t\t\t// force ordering among github identifiers\n\t\t\t\tgithubSubject := \"0\" + randx.MustString(7, randx.Numeric)\n\t\t\t\tgithubSubject2 := \"1\" + randx.MustString(7, randx.Numeric)\n\t\t\t\tgoogleSubject := randx.MustString(8, randx.Numeric)\n\t\t\t\tinitialConfig := []byte(fmt.Sprintf(`{\n\t\t\t\t\t\"providers\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"subject\": %q,\n\t\t\t\t\t\t\t\"provider\": \"github\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"subject\": %q,\n\t\t\t\t\t\t\t\"provider\": \"github\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"subject\": %q,\n\t\t\t\t\t\t\t\"provider\": \"google\"\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}`, githubSubject, githubSubject2, googleSubject))\n\t\t\t\tidentifiers := []string{\n\t\t\t\t\tidentity.OIDCUniqueID(\"github\", githubSubject),\n\t\t\t\t\tidentity.OIDCUniqueID(\"github\", githubSubject2),\n\t\t\t\t\tidentity.OIDCUniqueID(\"google\", googleSubject),\n\t\t\t\t}\n\t\t\t\ti := createIdentity(M{\n\t\t\t\t\tidentity.CredentialsTypeOIDC: {\n\t\t\t\t\t\tIdentifiers: identifiers,\n\t\t\t\t\t\tConfig: initialConfig,\n\t\t\t\t\t},\n\t\t\t\t})(t)\n\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String()+\"?include_credential=oidc\", http.StatusOK)\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Len(t, res.Get(\"credentials.oidc.identifiers\").Array(), 3, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.oidc.identifiers.0\").String(), identifiers[0], \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.oidc.identifiers.1\").String(), identifiers[1], \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.oidc.identifiers.2\").String(), identifiers[2], \"%s\", res.Raw)\n\n\t\t\t\toidConfig := gjson.Parse(res.Get(\"credentials.oidc.config\").String())\n\t\t\t\tassert.Len(t, res.Get(\"credentials.oidc.identifiers\").Array(), 3, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.provider\").String(), \"github\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.subject\").String(), githubSubject, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.provider\").String(), \"github\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.subject\").String(), githubSubject2, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.2.provider\").String(), \"google\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.2.subject\").String(), googleSubject, \"%s\", res.Raw)\n\n\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/oidc?identifier=\"+identifiers[1], http.StatusNoContent)\n\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String()+\"?include_credential=oidc\", http.StatusOK)\n\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Len(t, res.Get(\"credentials.oidc.identifiers\").Array(), 2, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.oidc.identifiers.0\").String(), identifiers[0], \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.oidc.identifiers.1\").String(), identifiers[2], \"%s\", res.Raw)\n\n\t\t\t\toidConfig = gjson.Parse(res.Get(\"credentials.oidc.config\").String())\n\t\t\t\tassert.Len(t, res.Get(\"credentials.oidc.identifiers\").Array(), 2, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.provider\").String(), \"github\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.subject\").String(), githubSubject, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.provider\").String(), \"google\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.subject\").String(), googleSubject, \"%s\", res.Raw)\n\t\t\t})\n\t\t\tt.Run(\"type=remove saml type/\"+name, func(t *testing.T) {\n\t\t\t\t// force ordering among identifiers\n\t\t\t\tentraSubject1 := \"0\" + randx.MustString(7, randx.Numeric)\n\t\t\t\tentraSubject2 := \"1\" + randx.MustString(7, randx.Numeric)\n\t\t\t\toktaSubject := randx.MustString(8, randx.Numeric)\n\t\t\t\tinitialConfig := []byte(fmt.Sprintf(`{\n\t\t\t\t\t\"providers\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"subject\": %q,\n\t\t\t\t\t\t\t\"provider\": \"entra\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"subject\": %q,\n\t\t\t\t\t\t\t\"provider\": \"entra\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"subject\": %q,\n\t\t\t\t\t\t\t\"provider\": \"okta\"\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}`, entraSubject1, entraSubject2, oktaSubject))\n\t\t\t\tidentifiers := []string{\n\t\t\t\t\tidentity.OIDCUniqueID(\"entra\", entraSubject1),\n\t\t\t\t\tidentity.OIDCUniqueID(\"entra\", entraSubject2),\n\t\t\t\t\tidentity.OIDCUniqueID(\"okta\", oktaSubject),\n\t\t\t\t}\n\t\t\t\ti := createIdentity(M{\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tIdentifiers: []string{x.NewUUID().String()},\n\t\t\t\t\t\tConfig: []byte(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`), // foobar\n\t\t\t\t\t},\n\t\t\t\t\tidentity.CredentialsTypeWebAuthn: {\n\t\t\t\t\t\tIdentifiers: []string{x.NewUUID().String()},\n\t\t\t\t\t\tConfig: []byte(`{\"credentials\":[{\"is_passwordless\":true}]}`),\n\t\t\t\t\t},\n\t\t\t\t\tidentity.CredentialsTypeSAML: {\n\t\t\t\t\t\tIdentifiers: identifiers,\n\t\t\t\t\t\tConfig: initialConfig,\n\t\t\t\t\t},\n\t\t\t\t})(t)\n\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String()+\"?include_credential=saml\", http.StatusOK)\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Len(t, res.Get(\"credentials.saml.identifiers\").Array(), 3, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.saml.identifiers.0\").String(), identifiers[0], \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.saml.identifiers.1\").String(), identifiers[1], \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.saml.identifiers.2\").String(), identifiers[2], \"%s\", res.Raw)\n\n\t\t\t\toidConfig := gjson.Parse(res.Get(\"credentials.saml.config\").String())\n\t\t\t\tassert.Len(t, res.Get(\"credentials.saml.identifiers\").Array(), 3, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.provider\").String(), \"entra\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.subject\").String(), entraSubject1, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.provider\").String(), \"entra\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.subject\").String(), entraSubject2, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.2.provider\").String(), \"okta\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.2.subject\").String(), oktaSubject, \"%s\", res.Raw)\n\n\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/saml?identifier=\"+identifiers[1], http.StatusNoContent)\n\t\t\t\tres = get(t, ts, \"/identities/\"+i.ID.String()+\"?include_credential=saml\", http.StatusOK)\n\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\t\t\t\tassert.Len(t, res.Get(\"credentials.saml.identifiers\").Array(), 2, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.saml.identifiers.0\").String(), identifiers[0], \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, res.Get(\"credentials.saml.identifiers.1\").String(), identifiers[2], \"%s\", res.Raw)\n\n\t\t\t\toidConfig = gjson.Parse(res.Get(\"credentials.saml.config\").String())\n\t\t\t\tassert.Len(t, res.Get(\"credentials.saml.identifiers\").Array(), 2, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.provider\").String(), \"entra\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.0.subject\").String(), entraSubject1, \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.provider\").String(), \"okta\", \"%s\", res.Raw)\n\t\t\t\tassert.EqualValues(t, oidConfig.Get(\"providers.1.subject\").String(), oktaSubject, \"%s\", res.Raw)\n\t\t\t})\n\t\t\tt.Run(\"type=remove webauthn passwordless type/\"+name, func(t *testing.T) {\n\t\t\t\texpected := `{\"credentials\":[{\"id\":\"THTndqZP5Mjvae1BFvJMaMfEMm7O7HE1ju+7PBaYA7Y=\",\"added_at\":\"2022-12-16T14:11:55Z\",\"public_key\":\"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\",\"display_name\":\"test\",\"authenticator\":{\"aaguid\":\"rc4AAjW8xgpkiwsl8fBVAw==\",\"sign_count\":0,\"clone_warning\":false},\"is_passwordless\":true,\"attestation_type\":\"none\"}],\"user_handle\":\"Ef5JiMpMRwuzauWs/9J0gQ==\"}`\n\t\t\t\ti := createIdentity(M{identity.CredentialsTypeWebAuthn: {Config: []byte(expected)}})(t)\n\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/webauthn\", http.StatusNoContent)\n\t\t\t\t// Check that webauthn has not been deleted\n\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\n\t\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(append(ignoreDefault, \"hashed_password\")...), snapshotx.ExceptPaths(\"credentials.oidc.identifiers\"))\n\t\t\t})\n\t\t\tt.Run(\"type=remove webauthn passwordless and multiple fido mfa type/\"+name, func(t *testing.T) {\n\t\t\t\tmessage, err := json.Marshal(identity.CredentialsWebAuthnConfig{\n\t\t\t\t\tCredentials: identity.CredentialsWebAuthn{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t// Passwordless 1\n\t\t\t\t\t\t\tID: []byte(\"THTndqZP5Mjvae1BFvJMaMfEMm7O7HE1ju+7PBaYA7Y=\"),\n\t\t\t\t\t\t\tAddedAt: time.Date(2022, 12, 16, 14, 11, 55, 0, time.UTC),\n\t\t\t\t\t\t\tPublicKey: []byte(\"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\"),\n\t\t\t\t\t\t\tDisplayName: \"test\",\n\t\t\t\t\t\t\tAuthenticator: &identity.AuthenticatorWebAuthn{\n\t\t\t\t\t\t\t\tAAGUID: []byte(\"rc4AAjW8xgpkiwsl8fBVAw==\"),\n\t\t\t\t\t\t\t\tSignCount: 0,\n\t\t\t\t\t\t\t\tCloneWarning: false,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tIsPasswordless: true,\n\t\t\t\t\t\t\tAttestationType: \"none\",\n\t\t\t\t\t\t}, {\n\t\t\t\t\t\t\t// Passwordless 2\n\t\t\t\t\t\t\tID: []byte(\"THTndqZP5Mjvae1BFvJMaMfEMm7O7HE2ju+7PBaYA7Y=\"),\n\t\t\t\t\t\t\tAddedAt: time.Date(2022, 12, 16, 14, 11, 55, 0, time.UTC),\n\t\t\t\t\t\t\tPublicKey: []byte(\"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\"),\n\t\t\t\t\t\t\tDisplayName: \"test\",\n\t\t\t\t\t\t\tAuthenticator: &identity.AuthenticatorWebAuthn{\n\t\t\t\t\t\t\t\tAAGUID: []byte(\"rc4AAjW8xgpkiwsl8fBVAw==\"),\n\t\t\t\t\t\t\t\tSignCount: 0,\n\t\t\t\t\t\t\t\tCloneWarning: false,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tIsPasswordless: true,\n\t\t\t\t\t\t\tAttestationType: \"none\",\n\t\t\t\t\t\t}, {\n\t\t\t\t\t\t\t// MFA 1\n\t\t\t\t\t\t\tID: []byte(\"THTndqZP5Mjvae1BFvJMaMfEMm7O7HE3ju+7PBaYA7Y=\"),\n\t\t\t\t\t\t\tAddedAt: time.Date(2022, 12, 16, 14, 11, 55, 0, time.UTC),\n\t\t\t\t\t\t\tPublicKey: []byte(\"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\"),\n\t\t\t\t\t\t\tDisplayName: \"test\",\n\t\t\t\t\t\t\tAuthenticator: &identity.AuthenticatorWebAuthn{\n\t\t\t\t\t\t\t\tAAGUID: []byte(\"rc4AAjW8xgpkiwsl8fBVAw==\"),\n\t\t\t\t\t\t\t\tSignCount: 0,\n\t\t\t\t\t\t\t\tCloneWarning: false,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tIsPasswordless: false,\n\t\t\t\t\t\t\tAttestationType: \"none\",\n\t\t\t\t\t\t}, {\n\t\t\t\t\t\t\t// MFA 2\n\t\t\t\t\t\t\tID: []byte(\"THTndqZP5Mjvae1BFvJMaMfEMm7O7HE4ju+7PBaYA7Y=\"),\n\t\t\t\t\t\t\tAddedAt: time.Date(2022, 12, 16, 14, 11, 55, 0, time.UTC),\n\t\t\t\t\t\t\tPublicKey: []byte(\"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\"),\n\t\t\t\t\t\t\tDisplayName: \"test\",\n\t\t\t\t\t\t\tAuthenticator: &identity.AuthenticatorWebAuthn{\n\t\t\t\t\t\t\t\tAAGUID: []byte(\"rc4AAjW8xgpkiwsl8fBVAw==\"),\n\t\t\t\t\t\t\t\tSignCount: 0,\n\t\t\t\t\t\t\t\tCloneWarning: false,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tIsPasswordless: false,\n\t\t\t\t\t\t\tAttestationType: \"none\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tUserHandle: []byte(\"Ef5JiMpMRwuzauWs/9J0gQ==\"),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\ti := createIdentity(M{identity.CredentialsTypeWebAuthn: {Config: message}})(t)\n\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/webauthn\", http.StatusNoContent)\n\t\t\t\t// Check that webauthn has not been deleted\n\t\t\t\tres := get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\tassert.EqualValues(t, i.ID.String(), res.Get(\"id\").String(), \"%s\", res.Raw)\n\n\t\t\t\tactual, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), uuid.FromStringOrNil(res.Get(\"id\").String()))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tsnapshotx.SnapshotT(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), snapshotx.ExceptNestedKeys(append(ignoreDefault, \"hashed_password\")...), snapshotx.ExceptPaths(\"credentials.oidc.identifiers\"))\n\t\t\t})\n\t\t\tfor ct, ctConf := range map[identity.CredentialsType][]byte{\n\t\t\t\tidentity.CredentialsTypeLookup: []byte(`{\"recovery_codes\": [{\"code\": \"aaa\"}]}`),\n\t\t\t\tidentity.CredentialsTypeTOTP: []byte(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\tidentity.CredentialsTypeWebAuthn: []byte(`{\"credentials\":[{\"id\":\"THTndqZP5Mjvae1BFvJMaMfEMm7O7HE1ju+7PBaYA7Y=\",\"added_at\":\"2022-12-16T14:11:55Z\",\"public_key\":\"pQECAyYgASFYIMJLQhJxQRzhnKPTcPCUODOmxYDYo2obrm9bhp5lvSZ3IlggXjhZvJaPUqF9PXqZqTdWYPR7R+b2n/Wi+IxKKXsS4rU=\",\"display_name\":\"test\",\"authenticator\":{\"aaguid\":\"rc4AAjW8xgpkiwsl8fBVAw==\",\"sign_count\":0,\"clone_warning\":false},\"is_passwordless\":false,\"attestation_type\":\"none\"}],\"user_handle\":\"Ef5JiMpMRwuzauWs/9J0gQ==\"}`),\n\t\t\t} {\n\t\t\t\tt.Run(\"type=remove \"+string(ct)+\"/\"+name, func(t *testing.T) {\n\t\t\t\t\tfor _, tc := range []struct {\n\t\t\t\t\t\tdesc string\n\t\t\t\t\t\texist bool\n\t\t\t\t\t\tsetup func(t *testing.T) *identity.Identity\n\t\t\t\t\t}{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tdesc: \"with\",\n\t\t\t\t\t\t\texist: true,\n\t\t\t\t\t\t\tsetup: createIdentity(M{\n\t\t\t\t\t\t\t\tidentity.CredentialsTypePassword: {Config: []byte(`{\"secret\":\"pst\"}`)},\n\t\t\t\t\t\t\t\tct: {Config: ctConf},\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tdesc: \"without\",\n\t\t\t\t\t\t\texist: false,\n\t\t\t\t\t\t\tsetup: createIdentity(M{\n\t\t\t\t\t\t\t\tidentity.CredentialsTypePassword: {Config: []byte(`{\"secret\":\"pst\"}`)},\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tdesc: \"multiple\",\n\t\t\t\t\t\t\texist: true,\n\t\t\t\t\t\t\tsetup: createIdentity(M{\n\t\t\t\t\t\t\t\tidentity.CredentialsTypePassword: {Config: []byte(`{\"secret\":\"pst\"}`)},\n\t\t\t\t\t\t\t\tidentity.CredentialsTypeOIDC: {Config: []byte(`{\"id\":\"pst\"}`)},\n\t\t\t\t\t\t\t\tct: {Config: ctConf},\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t},\n\t\t\t\t\t} {\n\t\t\t\t\t\tt.Run(\"type=remove \"+string(ct)+\"/\"+name+\"/\"+tc.desc, func(t *testing.T) {\n\t\t\t\t\t\t\ti := tc.setup(t)\n\t\t\t\t\t\t\tcredName := string(ct)\n\t\t\t\t\t\t\t// Initial Querying\n\t\t\t\t\t\t\tresBefore := get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\t\t\tassert.EqualValues(t, i.ID.String(), resBefore.Get(\"id\").String(), \"%s\", resBefore.Raw)\n\t\t\t\t\t\t\tassert.True(t, resBefore.Get(\"credentials\").Exists())\n\t\t\t\t\t\t\tif tc.exist {\n\t\t\t\t\t\t\t\tassert.True(t, resBefore.Get(\"credentials\").Get(credName).Exists())\n\t\t\t\t\t\t\t\t// Remove\n\t\t\t\t\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/\"+credName, http.StatusNoContent)\n\t\t\t\t\t\t\t\t// Query back\n\t\t\t\t\t\t\t\tresAfter := get(t, ts, \"/identities/\"+i.ID.String(), http.StatusOK)\n\t\t\t\t\t\t\t\tassert.EqualValues(t, i.ID.String(), resAfter.Get(\"id\").String(), \"%s\", resAfter.Raw)\n\t\t\t\t\t\t\t\tassert.True(t, resAfter.Get(\"credentials\").Exists())\n\t\t\t\t\t\t\t\t// Check results\n\t\t\t\t\t\t\t\texpected := resBefore.Get(\"credentials\").Map()\n\t\t\t\t\t\t\t\tdelete(expected, credName)\n\t\t\t\t\t\t\t\texpectedKeys := x.Keys(expected)\n\t\t\t\t\t\t\t\tsort.Strings(expectedKeys)\n\t\t\t\t\t\t\t\tresult := resAfter.Get(\"credentials\").Map()\n\t\t\t\t\t\t\t\tresultKeys := x.Keys(result)\n\t\t\t\t\t\t\t\tsort.Strings(resultKeys)\n\t\t\t\t\t\t\t\tassert.Equal(t, resultKeys, expectedKeys)\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\tassert.False(t, resBefore.Get(\"credentials\").Get(credName).Exists())\n\t\t\t\t\t\t\t\tremove(t, ts, \"/identities/\"+i.ID.String()+\"/credentials/\"+credName, http.StatusNotFound)\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t})\n\t\t\t\t\t}\n\t\t\t\t})\n\t\t\t}\n\t\t}\n\t})\n\n\tt.Run(\"case=should paginate all identities\", func(t *testing.T) {\n\t\t// Start new server\n\t\t_, reg := pkg.NewFastRegistryWithMocks(t,\n\t\t\tconfigx.WithValues(testhelpers.IdentitySchemasConfig(map[string]string{\n\t\t\t\t\"default\": \"file://./stub/identity.schema.json\",\n\t\t\t\t\"customer\": \"file://./stub/handler/customer.schema.json\",\n\t\t\t\t\"multiple_emails\": \"file://./stub/handler/multiple_emails.schema.json\",\n\t\t\t\t\"employee\": \"file://./stub/handler/employee.schema.json\",\n\t\t\t})),\n\t\t)\n\t\t_, ts := testhelpers.NewKratosServerWithCSRF(t, reg)\n\n\t\tvar toCreate []*identity.Identity\n\t\tcount := 500\n\t\tfor range count {\n\t\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\ti.Traits = identity.Traits(`{\"email\":\"` + x.NewUUID().String() + `@ory.sh\"}`)\n\t\t\ttoCreate = append(toCreate, i)\n\t\t}\n\n\t\trequire.NoError(t, reg.PrivilegedIdentityPool().CreateIdentities(context.Background(), toCreate...))\n\n\t\tfor _, perPage := range []int{10, 50, 100, 500} {\n\t\t\tt.Run(fmt.Sprintf(\"perPage=%d\", perPage), func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\tbody, _ := getFull(t, ts, fmt.Sprintf(\"/identities?per_page=%d\", perPage), http.StatusOK)\n\t\t\t\tassert.Len(t, body.Array(), perPage)\n\t\t\t})\n\t\t}\n\n\t\tt.Run(\"iterate over next page\", func(t *testing.T) {\n\t\t\tperPage := 10\n\n\t\t\trun := func(t *testing.T, path string, knownIDs map[string]struct{}) (next *url.URL, res *http.Response) {\n\t\t\t\tt.Logf(\"Requesting %s\", path)\n\t\t\t\tbody, res := getFull(t, ts, path, http.StatusOK)\n\t\t\t\tfor _, i := range body.Array() {\n\t\t\t\t\tid := i.Get(\"id\").String()\n\t\t\t\t\t_, seen := knownIDs[id]\n\t\t\t\t\trequire.Falsef(t, seen, \"ID %s was previously returned from the API\", id)\n\t\t\t\t\tknownIDs[id] = struct{}{}\n\t\t\t\t}\n\t\t\t\tlinks := link.ParseResponse(res)\n\t\t\t\tif nextLink, ok := links[\"next\"]; ok {\n\t\t\t\t\tnext, err := url.Parse(nextLink.URI)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\treturn next, res\n\t\t\t\t}\n\t\t\t\treturn nil, res\n\t\t\t}\n\n\t\t\tt.Run(\"using token pagination\", func(t *testing.T) {\n\t\t\t\tknownIDs := make(map[string]struct{})\n\t\t\t\tvar pages int\n\t\t\t\tpath := fmt.Sprintf(\"/admin/identities?page_size=%d\", perPage)\n\t\t\t\tfor {\n\t\t\t\t\tpages++\n\t\t\t\t\tnext, res := run(t, path, knownIDs)\n\t\t\t\t\tassert.NotContains(t, res.Header, \"X-Total-Count\", \"not supported in token pagination\")\n\t\t\t\t\tif next == nil {\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t\tassert.NotContains(t, next.Query(), \"page\")\n\t\t\t\t\tassert.NotContains(t, next.Query(), \"per_page\")\n\t\t\t\t\tpath = next.Path + \"?\" + next.Query().Encode()\n\t\t\t\t}\n\n\t\t\t\tassert.Len(t, knownIDs, count)\n\t\t\t\tassert.Equal(t, count/perPage, pages)\n\t\t\t})\n\n\t\t\tt.Run(\"using page pagination\", func(t *testing.T) {\n\t\t\t\tknownIDs := make(map[string]struct{})\n\t\t\t\tvar pages int\n\t\t\t\tpath := fmt.Sprintf(\"/admin/identities?page=0&per_page=%d\", perPage)\n\t\t\t\tfor {\n\t\t\t\t\tpages++\n\t\t\t\t\tnext, res := run(t, path, knownIDs)\n\t\t\t\t\tassert.Equal(t, strconv.Itoa(count), res.Header.Get(\"X-Total-Count\"))\n\t\t\t\t\tif next == nil {\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t\tpath = next.Path + \"?\" + next.Query().Encode()\n\t\t\t\t}\n\n\t\t\t\tassert.Len(t, knownIDs, count)\n\t\t\t\tassert.Equal(t, count/perPage, pages)\n\t\t\t})\n\t\t})\n\t})\n}\n\nfunc validCreateIdentityBody(t *testing.T, prefix string, i int, plainPassword bool) *identity.CreateIdentityBody {\n\tvar (\n\t\tverifiableAddresses []identity.VerifiableAddress\n\t\trecoveryAddresses []identity.RecoveryAddress\n\t)\n\ttraits := struct {\n\t\tEmails []string `json:\"emails\"`\n\t\tUsername string `json:\"username\"`\n\t}{}\n\n\tverificationStates := []identity.VerifiableAddressStatus{\n\t\tidentity.VerifiableAddressStatusPending,\n\t\tidentity.VerifiableAddressStatusSent,\n\t\tidentity.VerifiableAddressStatusCompleted,\n\t}\n\n\tfor j := range 4 {\n\t\temail := fmt.Sprintf(\"%s-%d-%d@ory.sh\", prefix, i, j)\n\t\ttraits.Emails = append(traits.Emails, email)\n\t\tverifiableAddresses = append(verifiableAddresses, identity.VerifiableAddress{\n\t\t\tValue: email,\n\t\t\tVia: identity.AddressTypeEmail,\n\t\t\tVerified: j%2 == 0,\n\t\t\tStatus: verificationStates[j%len(verificationStates)],\n\t\t})\n\t\trecoveryAddresses = append(recoveryAddresses, identity.RecoveryAddress{\n\t\t\tValue: email,\n\t\t\tVia: identity.AddressTypeEmail,\n\t\t})\n\t}\n\ttraits.Username = traits.Emails[0]\n\trawTraits, _ := json.Marshal(traits)\n\tconf := identity.AdminIdentityImportCredentialsPasswordConfig{\n\t\tPassword: fmt.Sprintf(\"password-%d\", i),\n\t}\n\tif !plainPassword {\n\t\tg, err := bcrypt.GenerateFromPassword([]byte(fmt.Sprintf(\"password-%d\", i)), 6)\n\t\trequire.NoError(t, err)\n\t\tconf.Password = string(g)\n\t}\n\texternalID := \"\"\n\tif i%2 == 0 {\n\t\texternalID = fmt.Sprintf(\"external-id-%s-%d\", prefix, i)\n\t}\n\treturn &identity.CreateIdentityBody{\n\t\tSchemaID: \"multiple_emails\",\n\t\tTraits: rawTraits,\n\t\tCredentials: &identity.IdentityWithCredentials{\n\t\t\tPassword: &identity.AdminIdentityImportCredentialsPassword{\n\t\t\t\tConfig: conf,\n\t\t\t},\n\t\t},\n\t\tVerifiableAddresses: verifiableAddresses,\n\t\tRecoveryAddresses: recoveryAddresses,\n\t\tMetadataPublic: json.RawMessage(fmt.Sprintf(`{\"public-%d\":\"public\"}`, i)),\n\t\tMetadataAdmin: json.RawMessage(fmt.Sprintf(`{\"admin-%d\":\"admin\"}`, i)),\n\t\tState: \"active\",\n\t\tExternalID: externalID,\n\t}\n}\n\nfunc assertJSONArrayElementsMatch(t *testing.T, expected, actual gjson.Result, msgAndArgs ...any) {\n\tt.Helper()\n\n\tvar expectedStrings, actualStrings []string\n\texpected.ForEach(func(_, value gjson.Result) bool {\n\t\texpectedStrings = append(expectedStrings, value.String())\n\t\treturn true\n\t})\n\tactual.ForEach(func(_, value gjson.Result) bool {\n\t\tactualStrings = append(actualStrings, value.String())\n\t\treturn true\n\t})\n\n\tassert.ElementsMatch(t, expectedStrings, actualStrings, msgAndArgs...)\n}\n" }, { "path": "identity/identity.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\t\"database/sql/driver\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"slices\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/samber/lo\"\n\t\"github.com/tidwall/gjson\"\n\t\"github.com/tidwall/sjson\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/cipher\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/x/pagination/keysetpagination\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\n// An Identity's State\n//\n// The state can either be `active` or `inactive`.\n//\n// swagger:enum State\ntype State string\n\nconst (\n\tStateActive State = \"active\"\n\tStateInactive State = \"inactive\"\n)\n\nfunc (lt State) IsValid() error {\n\tswitch lt {\n\tcase StateActive, StateInactive:\n\t\treturn nil\n\t}\n\treturn errors.New(\"identity state is not valid\")\n}\n\n// Identity represents an Ory Kratos identity\n//\n// An [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) represents a (human) user in Ory.\n//\n// swagger:model identity\ntype Identity struct {\n\t// ID is the identity's unique identifier.\n\t//\n\t// The Identity ID can not be changed and can not be chosen. This ensures future\n\t// compatibility and optimization for distributed stores such as CockroachDB.\n\t//\n\t// required: true\n\tID uuid.UUID `json:\"id\" faker:\"-\" db:\"id\"`\n\n\t// ExternalID is an optional external ID of the identity. This is used to link\n\t// the identity to an external system. If set, the external ID must be unique\n\t// across all identities.\n\t//\n\t// required: false\n\tExternalID sqlxx.NullString `json:\"external_id,omitempty\" faker:\"-\" db:\"external_id\"`\n\n\t// Credentials represents all credentials that can be used for authenticating this identity.\n\tCredentials map[CredentialsType]Credentials `json:\"credentials,omitempty\" faker:\"-\" db:\"-\"`\n\n\t// InternalAvailableAAL defines the maximum available AAL for this identity.\n\t//\n\t// - If the user has at least one two-factor authentication method configured, the AAL will be 2.\n\t// - If the user has only a password configured, the AAL will be 1.\n\t//\n\t// This field is AAL2 as soon as a second factor credential is found. A first factor is not required for this\n\t// field to return `aal2`.\n\t//\n\t// This field is primarily used to determine whether the user needs to upgrade to AAL2 without having to check\n\t// all the credentials in the database. Use with caution!\n\tInternalAvailableAAL NullableAuthenticatorAssuranceLevel `json:\"-\" faker:\"-\" db:\"available_aal\"`\n\n\t// // IdentifierCredentials contains the access and refresh token for oidc identifier\n\t// IdentifierCredentials []IdentifierCredential `json:\"identifier_credentials,omitempty\" faker:\"-\" db:\"-\"`\n\n\t// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.\n\t//\n\t// required: true\n\tSchemaID string `json:\"schema_id\" faker:\"-\" db:\"schema_id\"`\n\n\t// SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.\n\t//\n\t// format: url\n\t// required: true\n\tSchemaURL string `json:\"schema_url\" faker:\"-\" db:\"-\"`\n\n\t// State is the identity's state.\n\t//\n\t// This value has currently no effect.\n\tState State `json:\"state\" faker:\"-\" db:\"state\"`\n\n\t// StateChangedAt contains the last time when the identity's state changed.\n\tStateChangedAt *sqlxx.NullTime `json:\"state_changed_at,omitempty\" faker:\"-\" db:\"state_changed_at\"`\n\n\t// Traits represent an identity's traits. The identity is able to create, modify, and delete traits\n\t// in a self-service manner. The input will always be validated against the JSON Schema defined\n\t// in `schema_url`.\n\t//\n\t// required: true\n\tTraits Traits `json:\"traits\" faker:\"-\" db:\"traits\"`\n\n\t// VerifiableAddresses contains all the addresses that can be verified by the user.\n\t//\n\t// Extensions:\n\t// ---\n\t// x-omitempty: true\n\t// ---\n\tVerifiableAddresses []VerifiableAddress `json:\"verifiable_addresses,omitempty\" faker:\"-\" has_many:\"identity_verifiable_addresses\" fk_id:\"identity_id\" order_by:\"id asc\"`\n\n\t// RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\t//\n\t// Extensions:\n\t// ---\n\t// x-omitempty: true\n\t// ---\n\tRecoveryAddresses []RecoveryAddress `json:\"recovery_addresses,omitempty\" faker:\"-\" has_many:\"identity_recovery_addresses\" fk_id:\"identity_id\" order_by:\"id asc\"`\n\n\t// Store metadata about the identity which the identity itself can see when calling for example the\n\t// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.\n\tMetadataPublic sqlxx.NullJSONRawMessage `json:\"metadata_public\" faker:\"-\" db:\"metadata_public\"`\n\n\t// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`.\n\tMetadataAdmin sqlxx.NullJSONRawMessage `json:\"metadata_admin,omitempty\" faker:\"-\" db:\"metadata_admin\"`\n\n\t// CreatedAt is a helper struct field for gobuffalo.pop.\n\tCreatedAt time.Time `json:\"created_at\" db:\"created_at\"`\n\n\t// UpdatedAt is a helper struct field for gobuffalo.pop.\n\tUpdatedAt time.Time `json:\"updated_at\" db:\"updated_at\"`\n\tNID uuid.UUID `json:\"-\" faker:\"-\" db:\"nid\"`\n\tOrganizationID uuid.NullUUID `json:\"organization_id,omitempty\" faker:\"-\" db:\"organization_id\"`\n}\n\nfunc (i *Identity) PageToken() keysetpagination.PageToken {\n\treturn keysetpagination.StringPageToken(i.ID.String())\n}\n\nfunc DefaultPageToken() keysetpagination.PageToken {\n\treturn keysetpagination.StringPageToken(uuid.Nil.String())\n}\n\n// Traits represent an identity's traits. The identity is able to create, modify, and delete traits\n// in a self-service manner. The input will always be validated against the JSON Schema defined\n// in `schema_url`.\n//\n// swagger:model identityTraits\ntype Traits json.RawMessage\n\nfunc (t *Traits) Scan(value any) error {\n\treturn sqlxx.JSONScan(t, value)\n}\n\nfunc (t Traits) Value() (driver.Value, error) {\n\treturn string(t), nil\n}\n\nfunc (t *Traits) String() string {\n\treturn string(*t)\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (t Traits) MarshalJSON() ([]byte, error) {\n\tif t == nil {\n\t\treturn []byte(\"null\"), nil\n\t}\n\treturn t, nil\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (t *Traits) UnmarshalJSON(data []byte) error {\n\tif t == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\t*t = append((*t)[0:0], data...)\n\treturn nil\n}\n\nfunc (i Identity) TableName(context.Context) string {\n\treturn \"identities\"\n}\n\nfunc (i *Identity) IsActive() bool {\n\treturn i.State == StateActive\n}\n\nfunc (i *Identity) SetCredentials(t CredentialsType, c Credentials) {\n\tif i.Credentials == nil {\n\t\ti.Credentials = make(map[CredentialsType]Credentials)\n\t}\n\n\tc.Type = t\n\tc.IdentityID = i.ID\n\ti.Credentials[t] = c\n}\n\nfunc (i *Identity) SetCredentialsWithConfig(t CredentialsType, c Credentials, conf any) (err error) {\n\tif i.Credentials == nil {\n\t\ti.Credentials = make(map[CredentialsType]Credentials)\n\t}\n\n\tc.Config, err = json.Marshal(conf)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to encode %s credentials to JSON: %s\", t, err))\n\t}\n\n\tc.Type = t\n\ti.Credentials[t] = c\n\treturn nil\n}\n\nfunc (i *Identity) DeleteCredentialsType(t CredentialsType) {\n\tif i.Credentials == nil {\n\t\treturn\n\t}\n\n\tdelete(i.Credentials, t)\n}\n\n// GetCredentialsOr returns the credentials for a given CredentialsType. If the\n// credentials do not exist, the fallback is returned.\nfunc (i *Identity) GetCredentialsOr(t CredentialsType, fallback *Credentials) *Credentials {\n\tc, ok := i.GetCredentials(t)\n\tif !ok {\n\t\treturn fallback\n\t}\n\treturn c\n}\n\ntype CredentialsOptions func(c *Credentials)\n\nfunc WithAdditionalIdentifier(identifier string) CredentialsOptions {\n\treturn func(c *Credentials) {\n\t\tc.Identifiers = append(c.Identifiers, identifier)\n\t}\n}\n\nfunc (i *Identity) UpsertCredentialsConfig(t CredentialsType, conf []byte, version int, opt ...CredentialsOptions) {\n\tc, ok := i.GetCredentials(t)\n\tif !ok {\n\t\tc = &Credentials{}\n\t}\n\n\tfor _, optionFn := range opt {\n\t\toptionFn(c)\n\t}\n\n\tc.Type = t\n\tc.IdentityID = i.ID\n\tc.Config = conf\n\tc.Version = version\n\n\ti.SetCredentials(t, *c)\n}\n\nfunc (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool) {\n\tif c, ok := i.Credentials[t]; ok {\n\t\treturn &c, true\n\t}\n\n\treturn nil, false\n}\n\nfunc (i *Identity) ParseCredentials(t CredentialsType, config any) (*Credentials, error) {\n\tif c, ok := i.Credentials[t]; ok {\n\t\tif err := json.Unmarshal(c.Config, config); err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\treturn &c, nil\n\t}\n\n\treturn nil, herodot.ErrNotFound.WithReasonf(\"identity does not have credential type %s\", t)\n}\n\nfunc (i *Identity) CopyWithoutCredentials() *Identity {\n\tii := *i\n\tii.Credentials = nil\n\treturn &ii\n}\n\n// MergeOIDCCredentials merges the new credentials into the existing credentials.\n// If the provider already exists, the provider is replace and the identifier is\n// updated. This function requires the new credentials to have exactly one\n// provider and one identifier, as returned by identity.NewCredentialsOIDC.\nfunc (i *Identity) MergeOIDCCredentials(t CredentialsType, newCreds Credentials) (err error) {\n\tcreds, ok := i.Credentials[t]\n\tif !ok {\n\t\ti.SetCredentials(t, newCreds)\n\t\treturn nil\n\t}\n\n\tvar conf CredentialsOIDC\n\tif err = json.Unmarshal(creds.Config, &conf); err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to decode old %s credentials from JSON: %s\", creds.Config, err))\n\t}\n\n\tvar newConf CredentialsOIDC\n\tif err = json.Unmarshal(newCreds.Config, &newConf); err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to decode new %s credentials from JSON: %s\", newCreds.Config, err))\n\t}\n\n\tif len(newConf.Providers) != 1 {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Expected exactly one provider to merge credentials.\"))\n\t}\n\tnewProvider := newConf.Providers[0]\n\n\t// The identifier should have been set already, but we set it here just in case.\n\tif len(newCreds.Identifiers) != 1 {\n\t\tnewCreds.Identifiers = []string{OIDCUniqueID(newProvider.Provider, newProvider.Subject)}\n\t}\n\n\t// Delete `use_auto_link` providers and their identifiers\n\tvar obsoleteIdentifiers []string\n\tconf.Providers = slices.DeleteFunc(conf.Providers, func(p CredentialsOIDCProvider) bool {\n\t\tif p.Provider == newProvider.Provider && p.UseAutoLink {\n\t\t\tobsoleteIdentifiers = append(obsoleteIdentifiers, OIDCUniqueID(p.Provider, p.Subject))\n\t\t\treturn true\n\t\t}\n\t\treturn false\n\t})\n\tcreds.Identifiers = slices.DeleteFunc(creds.Identifiers, func(identifier string) bool {\n\t\treturn slices.Contains(obsoleteIdentifiers, identifier)\n\t})\n\n\tcreds.Identifiers = append(creds.Identifiers, newCreds.Identifiers...)\n\tconf.Providers = append(conf.Providers, newProvider)\n\n\treturn i.SetCredentialsWithConfig(t, creds, conf)\n}\n\nfunc NewIdentity(traitsSchemaID string) *Identity {\n\tif traitsSchemaID == \"\" {\n\t\ttraitsSchemaID = config.DefaultIdentityTraitsSchemaID\n\t}\n\n\tstateChangedAt := sqlxx.NullTime(time.Now().UTC())\n\treturn &Identity{\n\t\tID: uuid.Nil,\n\t\tCredentials: map[CredentialsType]Credentials{},\n\t\tTraits: Traits(\"{}\"),\n\t\tSchemaID: traitsSchemaID,\n\t\tVerifiableAddresses: []VerifiableAddress{},\n\t\tState: StateActive,\n\t\tStateChangedAt: &stateChangedAt,\n\t}\n}\n\nfunc (i Identity) GetID() uuid.UUID {\n\treturn i.ID\n}\n\nfunc (i Identity) MarshalJSON() ([]byte, error) {\n\ttype localIdentity Identity\n\ti.Credentials = nil\n\ti.MetadataAdmin = nil\n\tresult, err := json.Marshal(localIdentity(i))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn result, nil\n}\n\nfunc (i *Identity) UnmarshalJSON(b []byte) error {\n\ttype localIdentity Identity\n\terr := json.Unmarshal(b, (*localIdentity)(i))\n\ti.Credentials = nil\n\ti.MetadataAdmin = nil\n\treturn err\n}\n\n// SetAvailableAAL sets the InternalAvailableAAL field based on the credentials stored in the identity.\n//\n// If a second factor is set up, the AAL will be set to 2. If only a first factor is set up, the AAL will be set to 1.\n//\n// A first factor is NOT required for the AAL to be set to 2 if a second factor is set up.\nfunc (i *Identity) SetAvailableAAL(ctx context.Context, m *Manager) (err error) {\n\tif c, err := m.CountActiveMultiFactorCredentials(ctx, i); err != nil {\n\t\treturn err\n\t} else if c > 0 {\n\t\ti.InternalAvailableAAL = NewNullableAuthenticatorAssuranceLevel(AuthenticatorAssuranceLevel2)\n\t\treturn nil\n\t}\n\n\tif c, err := m.CountActiveFirstFactorCredentials(ctx, i); err != nil {\n\t\treturn err\n\t} else if c > 0 {\n\t\ti.InternalAvailableAAL = NewNullableAuthenticatorAssuranceLevel(AuthenticatorAssuranceLevel1)\n\t\treturn nil\n\t}\n\n\ti.InternalAvailableAAL = NewNullableAuthenticatorAssuranceLevel(NoAuthenticatorAssuranceLevel)\n\treturn nil\n}\n\ntype WithAdminMetadataInJSON Identity\n\nfunc (i WithAdminMetadataInJSON) MarshalJSON() ([]byte, error) {\n\ttype localIdentity Identity\n\ti.Credentials = nil\n\treturn json.Marshal(localIdentity(i))\n}\n\ntype WithCredentialsAndAdminMetadataInJSON Identity\n\nfunc (i WithCredentialsAndAdminMetadataInJSON) MarshalJSON() ([]byte, error) {\n\ttype localIdentity Identity\n\treturn json.Marshal(localIdentity(i))\n}\n\ntype WithCredentialsNoConfigAndAdminMetadataInJSON Identity\n\nfunc (i WithCredentialsNoConfigAndAdminMetadataInJSON) MarshalJSON() ([]byte, error) {\n\ttype localIdentity Identity\n\tfor k, v := range i.Credentials {\n\t\tv.Config = nil\n\t\ti.Credentials[k] = v\n\t}\n\treturn json.Marshal(localIdentity(i))\n}\n\nfunc (i *Identity) Validate() error {\n\texpected := i.NID\n\tif expected == uuid.Nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReason(\"Received empty nid.\"))\n\t}\n\n\ti.RecoveryAddresses = lo.Filter(i.RecoveryAddresses, func(v RecoveryAddress, key int) bool {\n\t\treturn v.NID == expected\n\t})\n\n\ti.VerifiableAddresses = lo.Filter(i.VerifiableAddresses, func(v VerifiableAddress, key int) bool {\n\t\treturn v.NID == expected\n\t})\n\n\tfor k := range i.Credentials {\n\t\tc := i.Credentials[k]\n\t\tif c.NID != expected {\n\t\t\tdelete(i.Credentials, k)\n\t\t\tcontinue\n\t\t}\n\t}\n\n\treturn nil\n}\n\n// CollectVerifiableAddresses returns a slice of all verifiable addresses of the given identities.\nfunc CollectVerifiableAddresses(i []*Identity) (res []VerifiableAddress) {\n\tres = make([]VerifiableAddress, 0, len(i))\n\tfor _, id := range i {\n\t\tres = append(res, id.VerifiableAddresses...)\n\t}\n\n\treturn res\n}\n\n// CollectRecoveryAddresses returns a slice of all recovery addresses of the given identities.\nfunc CollectRecoveryAddresses(i []*Identity) (res []RecoveryAddress) {\n\tres = make([]RecoveryAddress, 0, len(i))\n\tfor _, id := range i {\n\t\tres = append(res, id.RecoveryAddresses...)\n\t}\n\n\treturn res\n}\n\nfunc (i *Identity) WithDeclassifiedCredentials(ctx context.Context, c cipher.Provider, includeCredentials []CredentialsType) (*Identity, error) {\n\tcredsToPublish := make(map[CredentialsType]Credentials, len(i.Credentials))\n\n\tfor ct, original := range i.Credentials {\n\t\tif !slices.Contains(includeCredentials, ct) {\n\t\t\ttoPublish := original\n\t\t\ttoPublish.Config = []byte{}\n\t\t\tcredsToPublish[ct] = toPublish\n\t\t\tcontinue\n\t\t}\n\n\t\tswitch ct {\n\t\tcase CredentialsTypeOIDC, CredentialsTypeSAML:\n\t\t\ttoPublish := original\n\t\t\ttoPublish.Config = []byte{}\n\n\t\t\tvar i int\n\t\t\tvar err error\n\t\t\tgjson.GetBytes(original.Config, \"providers\").ForEach(func(_, v gjson.Result) bool {\n\t\t\t\tif ct == CredentialsTypeOIDC {\n\t\t\t\t\t// Don't expose these for SAML\n\t\t\t\t\tfor _, token := range []string{\"initial_id_token\", \"initial_access_token\", \"initial_refresh_token\"} {\n\t\t\t\t\t\tkey := fmt.Sprintf(\"%d.%s\", i, token)\n\t\t\t\t\t\tciphertext := v.Get(token).String()\n\n\t\t\t\t\t\tplaintext, decryptErr := c.Cipher(ctx).Decrypt(ctx, ciphertext)\n\t\t\t\t\t\tif decryptErr != nil {\n\t\t\t\t\t\t\tplaintext = []byte{}\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttoPublish.Config, err = sjson.SetBytes(toPublish.Config, \"providers.\"+key, string(plaintext))\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn false\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\ttoPublish.Config, err = sjson.SetBytes(toPublish.Config, fmt.Sprintf(\"providers.%d.subject\", i), v.Get(\"subject\").String())\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn false\n\t\t\t\t}\n\n\t\t\t\ttoPublish.Config, err = sjson.SetBytes(toPublish.Config, fmt.Sprintf(\"providers.%d.provider\", i), v.Get(\"provider\").String())\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn false\n\t\t\t\t}\n\n\t\t\t\tif org := v.Get(\"organization\").String(); org != \"\" {\n\t\t\t\t\ttoPublish.Config, err = sjson.SetBytes(toPublish.Config, fmt.Sprintf(\"providers.%d.organization\", i), org)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn false\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif useAutoLink := v.Get(\"use_auto_link\").Bool(); useAutoLink {\n\t\t\t\t\ttoPublish.Config, err = sjson.SetBytes(toPublish.Config, fmt.Sprintf(\"providers.%d.use_auto_link\", i), useAutoLink)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn false\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\ti++\n\t\t\t\treturn true\n\t\t\t})\n\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tcredsToPublish[ct] = toPublish\n\t\tdefault:\n\t\t\tcredsToPublish[ct] = original\n\t\t}\n\t}\n\n\tii := *i\n\tii.Credentials = credsToPublish\n\treturn &ii, nil\n}\n\nfunc (i *Identity) deleteCredentialPassword() error {\n\tcred, ok := i.GetCredentials(CredentialsTypePassword)\n\tif !ok {\n\t\treturn errors.WithStack(herodot.ErrNotFound.WithReasonf(\"You tried to remove a password credential but this user has no such credential set up.\"))\n\t}\n\tcred.Config = []byte(\"{}\")\n\ti.SetCredentials(CredentialsTypePassword, *cred)\n\treturn nil\n}\n\nfunc (i *Identity) deleteCredentialWebAuthFromIdentity() error {\n\tcred, ok := i.GetCredentials(CredentialsTypeWebAuthn)\n\tif !ok {\n\t\t// This should never happend as it's checked earlier in the code;\n\t\t// But we never know...\n\t\treturn errors.WithStack(herodot.ErrNotFound.WithReasonf(\"You tried to remove a WebAuthn credential but this user has no such credential set up.\"))\n\t}\n\n\tvar cc CredentialsWebAuthnConfig\n\tif err := json.Unmarshal(cred.Config, &cc); err != nil {\n\t\t// Database has been tampered or the json schema are incompatible (migration issue);\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to decode identity credentials.\").WithDebug(err.Error()))\n\t}\n\n\tupdated := make([]CredentialWebAuthn, 0)\n\tfor k, cred := range cc.Credentials {\n\t\tif cred.IsPasswordless {\n\t\t\tupdated = append(updated, cc.Credentials[k])\n\t\t}\n\t}\n\n\tif len(updated) == 0 {\n\t\ti.DeleteCredentialsType(CredentialsTypeWebAuthn)\n\t\treturn nil\n\t}\n\n\tcc.Credentials = updated\n\tmessage, err := json.Marshal(cc)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to encode identity credentials.\").WithDebug(err.Error()))\n\t}\n\n\tcred.Config = message\n\ti.SetCredentials(CredentialsTypeWebAuthn, *cred)\n\treturn nil\n}\n\nfunc (i *Identity) deleteCredentialOIDCSAMLFromIdentity(ct CredentialsType, identifierToDelete string) error {\n\tswitch ct {\n\tcase CredentialsTypeOIDC, CredentialsTypeSAML:\n\t\t// ok\n\tdefault:\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unexpected credential type encountered: got %q, expected [%s, %s]\", ct, CredentialsTypeOIDC, CredentialsTypeSAML))\n\t}\n\tif identifierToDelete == \"\" {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"You must provide an identifier to delete this credential.\"))\n\t}\n\t_, hasOIDC := i.GetCredentials(ct)\n\tif !hasOIDC {\n\t\treturn errors.WithStack(herodot.ErrNotFound.WithReasonf(\"You tried to remove a %s credential but this user has no such credential set up.\", ct))\n\t}\n\tvar oidcConfig CredentialsOIDC\n\tcreds, err := i.ParseCredentials(ct, &oidcConfig)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to decode identity credentials.\").WithDebug(err.Error()))\n\t}\n\n\tupdatedIdentifiers := make([]string, 0, len(oidcConfig.Providers))\n\tupdatedProviders := make([]CredentialsOIDCProvider, 0, len(oidcConfig.Providers))\n\tvar found bool\n\tfor _, cfg := range oidcConfig.Providers {\n\t\tif identifierToDelete == OIDCUniqueID(cfg.Provider, cfg.Subject) {\n\t\t\tfound = true\n\t\t\tcontinue\n\t\t}\n\t\tupdatedIdentifiers = append(updatedIdentifiers, OIDCUniqueID(cfg.Provider, cfg.Subject))\n\t\tupdatedProviders = append(updatedProviders, cfg)\n\t}\n\tif !found {\n\t\treturn errors.WithStack(herodot.ErrNotFound.WithReasonf(\"The identifier `%s` was not found among OIDC credentials.\", identifierToDelete))\n\t}\n\tcreds.Identifiers = updatedIdentifiers\n\tcreds.Config, err = json.Marshal(&CredentialsOIDC{Providers: updatedProviders})\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to encode identity credentials.\").WithDebug(err.Error()))\n\t}\n\ti.Credentials[ct] = *creds\n\treturn nil\n}\n\n// Patch Identities Parameters\n//\n// swagger:parameters batchPatchIdentities\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype batchPatchIdentitites struct {\n\t// in: body\n\tBody BatchPatchIdentitiesBody\n}\n\n// Patch Identities Body\n//\n// swagger:model patchIdentitiesBody\n//\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype BatchPatchIdentitiesBody struct {\n\t// Identities holds the list of patches to apply\n\t//\n\t// required\n\tIdentities []*BatchIdentityPatch `json:\"identities\"`\n\n\t// Future fields:\n\t// RemotePatchesURL string\n\t// Async bool\n}\n\n// Payload for patching an identity\n//\n// swagger:model identityPatch\n//\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype BatchIdentityPatch struct {\n\t// The identity to create.\n\tCreate *CreateIdentityBody `json:\"create\"`\n\n\t// The ID of this patch.\n\t//\n\t// The patch ID is optional. If specified, the ID will be returned in the\n\t// response, so consumers of this API can correlate the response with the\n\t// patch.\n\tID *uuid.UUID `json:\"patch_id\"`\n}\n\n// swagger:enum BatchPatchAction\n//\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype BatchPatchAction string\n\nconst (\n\t// Create this identity.\n\tActionCreate BatchPatchAction = \"create\"\n\n\t// Error indicates that the patch failed.\n\tActionError BatchPatchAction = \"error\"\n\n\t// Future actions:\n\t//\n\t// Delete this identity.\n\t// ActionDelete BatchPatchAction = \"delete\"\n\t//\n\t// ActionUpdate BatchPatchAction = \"update\"\n)\n\n// Patch identities response\n//\n// swagger:model batchPatchIdentitiesResponse\n//\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype batchPatchIdentitiesResponse struct {\n\t// The patch responses for the individual identities.\n\tIdentities []*BatchIdentityPatchResponse `json:\"identities\"`\n}\n\n// Response for a single identity patch\n//\n// swagger:model identityPatchResponse\n//\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype BatchIdentityPatchResponse struct {\n\t// The action for this specific patch\n\tAction BatchPatchAction `json:\"action\"`\n\n\t// The identity ID payload of this patch\n\tIdentityID *uuid.UUID `json:\"identity,omitempty\"`\n\n\t// The ID of this patch response, if an ID was specified in the patch.\n\tPatchID *uuid.UUID `json:\"patch_id,omitempty\"`\n\n\t// The error message, if the action was \"error\".\n\tError *herodot.DefaultError `json:\"error,omitempty\"`\n}\n" }, { "path": "identity/identity_recovery.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n)\n\ntype (\n\t// RecoveryAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.\n\tRecoveryAddressStatus string\n\n\t// swagger:model recoveryIdentityAddress\n\tRecoveryAddress struct {\n\t\tID uuid.UUID `json:\"id\" db:\"id\" faker:\"-\"`\n\n\t\t// required: true\n\t\tValue string `json:\"value\" db:\"value\"`\n\n\t\t// required: true\n\t\tVia string `json:\"via\" db:\"via\"`\n\n\t\t// IdentityID is a helper struct field for gobuffalo.pop.\n\t\tIdentityID uuid.UUID `json:\"-\" faker:\"-\" db:\"identity_id\"`\n\t\t// CreatedAt is a helper struct field for gobuffalo.pop.\n\t\tCreatedAt time.Time `json:\"created_at\" faker:\"-\" db:\"created_at\"`\n\t\t// UpdatedAt is a helper struct field for gobuffalo.pop.\n\t\tUpdatedAt time.Time `json:\"updated_at\" faker:\"-\" db:\"updated_at\"`\n\t\tNID uuid.UUID `json:\"-\" faker:\"-\" db:\"nid\"`\n\t}\n)\n\nfunc (a RecoveryAddress) TableName() string { return \"identity_recovery_addresses\" }\nfunc (a RecoveryAddress) GetID() uuid.UUID { return a.ID }\n\n// Signature returns a unique string representation for the recovery address.\nfunc (a RecoveryAddress) Signature() string {\n\treturn fmt.Sprintf(\"%v|%v|%v|%v\", a.Value, a.Via, a.IdentityID, a.NID)\n}\n\nfunc NewRecoveryEmailAddress(\n\tvalue string,\n\tidentity uuid.UUID,\n) *RecoveryAddress {\n\treturn &RecoveryAddress{\n\t\tValue: value,\n\t\tVia: AddressTypeEmail,\n\t\tIdentityID: identity,\n\t}\n}\n\nfunc NewRecoverySMSAddress(\n\tvalue string,\n\tidentity uuid.UUID,\n) *RecoveryAddress {\n\treturn &RecoveryAddress{\n\t\tValue: value,\n\t\tVia: AddressTypeSMS,\n\t\tIdentityID: identity,\n\t}\n}\n" }, { "path": "identity/identity_recovery_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/ory/kratos/x\"\n)\n\nfunc TestNewRecoveryEmailAddress(t *testing.T) {\n\tiid := x.NewUUID()\n\ta := NewRecoveryEmailAddress(\"foo@ory.sh\", iid)\n\n\tassert.Equal(t, a.Value, \"foo@ory.sh\")\n\tassert.Equal(t, a.Via, AddressTypeEmail)\n\tassert.Equal(t, iid, a.IdentityID)\n\tassert.Equal(t, uuid.Nil, a.ID)\n}\n\n// TestRecoveryAddress_Hash tests that the hash considers all fields that are\n// written to the database (ignoring some well-known fields like the ID or\n// timestamps).\nfunc TestRecoveryAddress_Hash(t *testing.T) {\n\tcases := []struct {\n\t\tname string\n\t\ta RecoveryAddress\n\t}{\n\t\t{\n\t\t\tname: \"full fields\",\n\t\t\ta: RecoveryAddress{\n\t\t\t\tID: x.NewUUID(),\n\t\t\t\tValue: \"foo@bar.me\",\n\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\tCreatedAt: time.Now(),\n\t\t\t\tUpdatedAt: time.Now(),\n\t\t\t\tIdentityID: x.NewUUID(),\n\t\t\t\tNID: x.NewUUID(),\n\t\t\t},\n\t\t}, {\n\t\t\tname: \"empty fields\",\n\t\t\ta: RecoveryAddress{},\n\t\t}, {\n\t\t\tname: \"email constructor\",\n\t\t\ta: *NewRecoveryEmailAddress(\"foo@ory.sh\", x.NewUUID()),\n\t\t},\n\t\t{\n\t\t\tname: \"full fields\",\n\t\t\ta: RecoveryAddress{\n\t\t\t\tID: x.NewUUID(),\n\t\t\t\tValue: \"6502530000\",\n\t\t\t\tVia: AddressTypeSMS,\n\t\t\t\tCreatedAt: time.Now(),\n\t\t\t\tUpdatedAt: time.Now(),\n\t\t\t\tIdentityID: x.NewUUID(),\n\t\t\t\tNID: x.NewUUID(),\n\t\t\t},\n\t\t}, {\n\t\t\tname: \"SMS constructor\",\n\t\t\ta: *NewRecoverySMSAddress(\"6502530000\", x.NewUUID()),\n\t\t},\n\t}\n\n\tfor _, tc := range cases {\n\t\tt.Run(\"case=\"+tc.name, func(t *testing.T) {\n\t\t\tassert.Equal(t,\n\t\t\t\treflectiveHash(tc.a),\n\t\t\t\ttc.a.Signature(),\n\t\t\t)\n\t\t})\n\t}\n\n}\n" }, { "path": "identity/identity_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/kratos/cipher\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/snapshotx\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\nfunc TestNewIdentity(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\tassert.Equal(t, uuid.Nil, i.ID)\n\tassert.NotEmpty(t, i.Traits)\n\tassert.NotNil(t, i.Credentials)\n\tassert.True(t, i.IsActive())\n}\n\nfunc TestIdentityCredentialsOr(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.Credentials = nil\n\n\texpected := &Credentials{ID: x.NewUUID(), Type: CredentialsTypePassword}\n\tassert.Equal(t, expected, i.GetCredentialsOr(CredentialsTypePassword, expected))\n\n\texpected = &Credentials{ID: x.NewUUID(), Type: CredentialsTypeWebAuthn}\n\ti.SetCredentials(CredentialsTypeWebAuthn, *expected)\n\n\tassert.Equal(t, expected, i.GetCredentialsOr(CredentialsTypeWebAuthn, nil))\n}\n\nfunc TestIdentityCredentialsOrCreate(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.Credentials = nil\n\n\texpected := &Credentials{Config: []byte(\"true\"), IdentityID: i.ID, Type: CredentialsTypePassword}\n\ti.UpsertCredentialsConfig(CredentialsTypePassword, []byte(\"true\"), 0)\n\tactual, ok := i.GetCredentials(CredentialsTypePassword)\n\tassert.True(t, ok)\n\tassert.Equal(t, expected, actual)\n}\n\nfunc TestIdentityCredentials(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.Credentials = nil\n\n\t// Shouldn't error if map is nil\n\ti.DeleteCredentialsType(CredentialsTypeTOTP)\n\n\texpectedTOTP := Credentials{ID: x.NewUUID(), Type: CredentialsTypeTOTP}\n\ti.SetCredentials(CredentialsTypeTOTP, expectedTOTP)\n\tactual, found := i.GetCredentials(CredentialsTypeTOTP)\n\tassert.True(t, found, \"should set and find the credential if map was nil\")\n\tassert.Equal(t, &expectedTOTP, actual)\n\n\texpectedPassword := Credentials{ID: x.NewUUID(), Type: CredentialsTypePassword}\n\ti.SetCredentials(CredentialsTypePassword, expectedPassword)\n\tactual, found = i.GetCredentials(CredentialsTypePassword)\n\tassert.True(t, found, \"should set and find the credential if map was not nil\")\n\tassert.Equal(t, &expectedPassword, actual)\n\n\texpectedOIDC := Credentials{ID: x.NewUUID()}\n\ti.SetCredentials(CredentialsTypeOIDC, expectedOIDC)\n\tactual, found = i.GetCredentials(CredentialsTypeOIDC)\n\tassert.True(t, found)\n\tassert.Equal(t, expectedOIDC.ID, actual.ID)\n\tassert.Equal(t, CredentialsTypeOIDC, actual.Type, \"should set the type if we forgot to set it in the credentials struct\")\n\n\ti.DeleteCredentialsType(CredentialsTypePassword)\n\t_, found = i.GetCredentials(CredentialsTypePassword)\n\tassert.False(t, found, \"should delete a credential properly\")\n\n\tactual, found = i.GetCredentials(CredentialsTypeTOTP)\n\tassert.True(t, found, \"but not alter other credentials\")\n\tassert.Equal(t, &expectedTOTP, actual)\n}\n\nfunc TestMarshalExcludesCredentials(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.Credentials = map[CredentialsType]Credentials{\n\t\tCredentialsTypePassword: {\n\t\t\tID: uuid.UUID{},\n\t\t},\n\t}\n\n\trawJSON, err := json.Marshal(i)\n\trequire.NoError(t, err)\n\n\tcreds := gjson.GetBytes(rawJSON, \"credentials\")\n\tassert.Falsef(t, creds.Exists(), \"Credentials should not be rendered to JSON, but got: %q\", creds.Raw)\n\n\t// To ensure the original identity is not changed / Unmarshal has no side effects:\n\trequire.NotEmpty(t, i.Credentials)\n}\n\nfunc TestMarshalExcludesCredentialsByReference(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.Credentials = map[CredentialsType]Credentials{\n\t\tCredentialsTypePassword: {\n\t\t\tID: uuid.UUID{},\n\t\t},\n\t}\n\n\tvar b bytes.Buffer\n\trequire.Nil(t, json.NewEncoder(&b).Encode(&i))\n\n\tassert.False(t, gjson.Get(b.String(), \"credentials\").Exists(), \"Credentials should not be rendered to json\")\n\n\t// To ensure the original identity is not changed / Unmarshal has no side effects:\n\trequire.NotEmpty(t, i.Credentials)\n}\n\nfunc TestMarshalIgnoresAdminMetadata(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.MetadataAdmin = []byte(`{\"admin\":\"bar\"}`)\n\ti.MetadataPublic = []byte(`{\"public\":\"bar\"}`)\n\n\tvar b bytes.Buffer\n\trequire.Nil(t, json.NewEncoder(&b).Encode(&i))\n\n\tassert.False(t, gjson.Get(b.String(), \"metadata_admin.admin\").Exists(), \"Admin metadata should not be rendered to json but got: %s\", b.String())\n\tassert.Equal(t, \"bar\", gjson.Get(b.String(), \"metadata_public.public\").String(), \"Public metadata should be rendered to json\")\n\n\t// To ensure the original identity is not changed / Unmarshal has no side effects:\n\trequire.NotEmpty(t, i.MetadataAdmin)\n\trequire.NotEmpty(t, i.MetadataPublic)\n}\n\nfunc TestUnMarshallIgnoresCredentials(t *testing.T) {\n\tt.Parallel()\n\n\tjsonText := `{\"id\":\"3234ad11-49c6-49e2-bfac-537f3e06cd85\",\"schema_id\":\"default\",\"schema_url\":\"\",\"traits\":{}, \"credentials\" : {\"password\":{\"type\":\"\",\"identifiers\":null,\"config\":null,\"updatedAt\":\"0001-01-01T00:00:00Z\"}}}`\n\tvar i Identity\n\terr := json.Unmarshal([]byte(jsonText), &i)\n\tassert.Nil(t, err)\n\n\tassert.Nil(t, i.Credentials)\n\tassert.Equal(t, \"3234ad11-49c6-49e2-bfac-537f3e06cd85\", i.ID.String())\n}\n\nfunc TestUnMarshallIgnoresAdminMetadata(t *testing.T) {\n\tt.Parallel()\n\n\tjsonText := `{\"id\":\"3234ad11-49c6-49e2-bfac-537f3e06cd85\",\"schema_id\":\"default\",\"schema_url\":\"\",\"traits\":{}, \"admin_metadata\" : {\"foo\":\"bar\"}}`\n\tvar i Identity\n\terr := json.Unmarshal([]byte(jsonText), &i)\n\tassert.Nil(t, err)\n\n\tassert.Nil(t, i.MetadataAdmin)\n}\n\nfunc TestMarshalIdentityWithCredentialsWhenCredentialsNil(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.Credentials = nil\n\n\tvar b bytes.Buffer\n\trequire.Nil(t, json.NewEncoder(&b).Encode(WithCredentialsNoConfigAndAdminMetadataInJSON(*i)))\n\n\tassert.False(t, gjson.Get(b.String(), \"credentials\").Exists())\n}\n\nfunc TestMarshalIdentityWithAdminMetadata(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\ti.MetadataAdmin = []byte(`{\"some\":\"metadata\"}`)\n\n\tvar b bytes.Buffer\n\trequire.Nil(t, json.NewEncoder(&b).Encode(WithAdminMetadataInJSON(*i)))\n\tassert.Equal(t, \"metadata\", gjson.GetBytes(i.MetadataAdmin, \"some\").String(), \"Original metadata_admin should not be touched by marshalling\")\n}\n\nfunc TestMarshalIdentityWithCredentialsNoConfig(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\tcredentials := map[CredentialsType]Credentials{\n\t\tCredentialsTypePassword: {\n\t\t\tType: CredentialsTypePassword,\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"some\":\"secret\"}`),\n\t\t},\n\t}\n\ti.Credentials = credentials\n\ti.MetadataAdmin = []byte(`{\"some\":\"metadata\"}`)\n\n\trawJSON, err := json.Marshal((*WithCredentialsNoConfigAndAdminMetadataInJSON)(i))\n\trequire.NoError(t, err)\n\n\tcredentialsInJSON := gjson.GetBytes(rawJSON, \"credentials\")\n\tassert.Truef(t, credentialsInJSON.Exists(), \"Credentials should be rendered to JSON, but got: %q\", credentialsInJSON.Raw)\n\n\tassert.JSONEq(t, `{\"password\":{\"type\":\"password\",\"identifiers\":null,\"updated_at\":\"0001-01-01T00:00:00Z\",\"created_at\":\"0001-01-01T00:00:00Z\",\"version\":0}}`, credentialsInJSON.Raw)\n\tassert.Equal(t, credentials, i.Credentials, \"Original credentials should not be touched by marshalling\")\n\tassert.Equal(t, \"metadata\", gjson.GetBytes(i.MetadataAdmin, \"some\").String(), \"Original metadata_admin should not be touched by marshalling\")\n}\n\nfunc TestMarshalIdentityWithAll(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\tcredentials := map[CredentialsType]Credentials{\n\t\tCredentialsTypePassword: {\n\t\t\tType: CredentialsTypePassword,\n\t\t\tConfig: sqlxx.JSONRawMessage(\"{\\\"some\\\" : \\\"secret\\\"}\"),\n\t\t},\n\t}\n\ti.Credentials = credentials\n\ti.MetadataAdmin = []byte(`{\"some\":\"metadata\"}`)\n\n\tvar b bytes.Buffer\n\trequire.Nil(t, json.NewEncoder(&b).Encode(WithCredentialsAndAdminMetadataInJSON(*i)))\n\n\tcredentialsInJSON := gjson.Get(b.String(), \"credentials\")\n\tassert.True(t, credentialsInJSON.Exists())\n\n\tsnapshotx.SnapshotT(t, json.RawMessage(credentialsInJSON.Raw))\n\tassert.Equal(t, credentials, i.Credentials, \"Original credentials should not be touched by marshalling\")\n\tassert.Equal(t, \"metadata\", gjson.GetBytes(i.MetadataAdmin, \"some\").String(), \"Original credentials should not be touched by marshalling\")\n}\n\nfunc TestValidateNID(t *testing.T) {\n\tt.Parallel()\n\n\tnid := x.NewUUID()\n\tfor k, tc := range []struct {\n\t\ti *Identity\n\t\texpect *Identity\n\t\texpectedErr bool\n\t}{\n\t\t{i: &Identity{}, expectedErr: true},\n\t\t{i: &Identity{NID: nid}},\n\t\t{\n\t\t\ti: &Identity{NID: nid, RecoveryAddresses: []RecoveryAddress{{NID: x.NewUUID()}}},\n\t\t\texpect: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{}, RecoveryAddresses: []RecoveryAddress{}},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{{NID: x.NewUUID()}}},\n\t\t\texpect: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{}, RecoveryAddresses: []RecoveryAddress{}},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{NID: nid, Credentials: map[CredentialsType]Credentials{CredentialsTypePassword: {NID: x.NewUUID()}}},\n\t\t\texpect: &Identity{NID: nid, Credentials: map[CredentialsType]Credentials{}, VerifiableAddresses: []VerifiableAddress{}, RecoveryAddresses: []RecoveryAddress{}},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{{NID: x.NewUUID()}}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}},\n\t\t\texpect: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{{NID: nid}}, RecoveryAddresses: []RecoveryAddress{{NID: x.NewUUID()}}},\n\t\t\texpect: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{{NID: nid}}, RecoveryAddresses: []RecoveryAddress{}},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{{NID: nid}}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}},\n\t\t\texpect: &Identity{NID: nid, VerifiableAddresses: []VerifiableAddress{{NID: nid}}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{NID: nid, Credentials: map[CredentialsType]Credentials{CredentialsTypePassword: {NID: x.NewUUID()}}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}, VerifiableAddresses: []VerifiableAddress{{NID: nid}}},\n\t\t\texpect: &Identity{NID: nid, Credentials: map[CredentialsType]Credentials{}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}, VerifiableAddresses: []VerifiableAddress{{NID: nid}}},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{NID: nid, Credentials: map[CredentialsType]Credentials{CredentialsTypePassword: {NID: nid}}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}, VerifiableAddresses: []VerifiableAddress{{NID: nid}}},\n\t\t\texpect: &Identity{NID: nid, Credentials: map[CredentialsType]Credentials{CredentialsTypePassword: {NID: nid}}, RecoveryAddresses: []RecoveryAddress{{NID: nid}}, VerifiableAddresses: []VerifiableAddress{{NID: nid}}},\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\terr := tc.i.Validate()\n\t\t\tif tc.expectedErr {\n\t\t\t\trequire.Error(t, err)\n\t\t\t} else {\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tif tc.expect != nil {\n\t\t\t\t\tassert.EqualValues(t, tc.expect, tc.i)\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t}\n}\n\n// TestRecoveryAddresses tests the CollectRecoveryAddresses are collected from all identities.\nfunc TestRecoveryAddresses(t *testing.T) {\n\tt.Parallel()\n\n\tvar addresses []RecoveryAddress\n\n\tfor i := range 10 {\n\t\taddresses = append(addresses, RecoveryAddress{\n\t\t\tValue: fmt.Sprintf(\"address-%d\", i),\n\t\t})\n\t}\n\n\tid1 := &Identity{RecoveryAddresses: addresses[:5]}\n\tid2 := &Identity{}\n\tid3 := &Identity{RecoveryAddresses: addresses[5:]}\n\n\tassert.Equal(t, addresses, CollectRecoveryAddresses([]*Identity{id1, id2, id3}))\n}\n\n// TestVerifiableAddresses tests the VerfifableAddresses are collected from all identities.\nfunc TestVerifiableAddresses(t *testing.T) {\n\tt.Parallel()\n\n\tvar addresses []VerifiableAddress\n\n\tfor i := 0; i < 10; i++ {\n\t\taddresses = append(addresses, VerifiableAddress{\n\t\t\tValue: fmt.Sprintf(\"address-%d\", i),\n\t\t})\n\t}\n\n\tid1 := &Identity{VerifiableAddresses: addresses[:5]}\n\tid2 := &Identity{}\n\tid3 := &Identity{VerifiableAddresses: addresses[5:]}\n\n\tassert.Equal(t, addresses, CollectVerifiableAddresses([]*Identity{id1, id2, id3}))\n}\n\ntype cipherProvider struct{}\n\nfunc (c *cipherProvider) Cipher(context.Context) cipher.Cipher {\n\treturn cipher.NewNoop()\n}\n\nfunc TestWithDeclassifiedCredentials(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\tcredentials := map[CredentialsType]Credentials{\n\t\tCredentialsTypePassword: {\n\t\t\tIdentifiers: []string{\"zab\", \"bar\"},\n\t\t\tType: CredentialsTypePassword,\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"some\": \"secret\"}`),\n\t\t},\n\t\tCredentialsTypeOIDC: {\n\t\t\tType: CredentialsTypeOIDC,\n\t\t\tIdentifiers: []string{\"bar\", \"baz\"},\n\t\t\t// hint:\n\t\t\t//\techo '666f6f' | xxd -r -p\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"subject\":\"bar\",\"provider\":\"oidc1\",\"initial_id_token\":\"666f6f\"}]}`),\n\t\t},\n\t\tCredentialsTypeSAML: {\n\t\t\tType: CredentialsTypeSAML,\n\t\t\tIdentifiers: []string{\"qux\", \"quz\"},\n\t\t\t// hint:\n\t\t\t//\techo 'this should not appear in output' | xxd -ps -c 0\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"subject\":\"qux\",\"provider\":\"saml1\",\"initial_id_token\":\"746869732073686f756c64206e6f742061707065617220696e206f75747075740a\"}]}`),\n\t\t},\n\t\tCredentialsTypeWebAuthn: {\n\t\t\tType: CredentialsTypeWebAuthn,\n\t\t\tIdentifiers: []string{\"foo\", \"bar\"},\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"some\": \"secret\"}`),\n\t\t},\n\t}\n\ti.Credentials = credentials\n\n\tt.Run(\"case=no-include\", func(t *testing.T) {\n\t\tactualIdentity, err := i.WithDeclassifiedCredentials(t.Context(), &cipherProvider{}, nil)\n\t\trequire.NoError(t, err)\n\n\t\tfor ct, actual := range actualIdentity.Credentials {\n\t\t\tt.Run(\"credential=\"+string(ct), func(t *testing.T) {\n\t\t\t\tsnapshotx.SnapshotT(t, actual)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=include-webauthn\", func(t *testing.T) {\n\t\tactualIdentity, err := i.WithDeclassifiedCredentials(t.Context(), &cipherProvider{}, []CredentialsType{CredentialsTypeWebAuthn})\n\t\trequire.NoError(t, err)\n\n\t\tfor ct, actual := range actualIdentity.Credentials {\n\t\t\tt.Run(\"credential=\"+string(ct), func(t *testing.T) {\n\t\t\t\tsnapshotx.SnapshotT(t, actual)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=include-multi\", func(t *testing.T) {\n\t\tactualIdentity, err := i.WithDeclassifiedCredentials(t.Context(), &cipherProvider{}, []CredentialsType{CredentialsTypeWebAuthn, CredentialsTypePassword})\n\t\trequire.NoError(t, err)\n\n\t\tfor ct, actual := range actualIdentity.Credentials {\n\t\t\tt.Run(\"credential=\"+string(ct), func(t *testing.T) {\n\t\t\t\tsnapshotx.SnapshotT(t, actual)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"case=oidc\", func(t *testing.T) {\n\t\tactualIdentity, err := i.WithDeclassifiedCredentials(t.Context(), &cipherProvider{}, []CredentialsType{CredentialsTypeOIDC})\n\t\trequire.NoError(t, err)\n\n\t\tfor ct, actual := range actualIdentity.Credentials {\n\t\t\tt.Run(\"credential=\"+string(ct), func(t *testing.T) {\n\t\t\t\tsnapshotx.SnapshotT(t, actual)\n\t\t\t})\n\t\t}\n\t})\n\tt.Run(\"case=saml\", func(t *testing.T) {\n\t\tactualIdentity, err := i.WithDeclassifiedCredentials(t.Context(), &cipherProvider{}, []CredentialsType{CredentialsTypeSAML})\n\t\trequire.NoError(t, err)\n\n\t\tfor ct, actual := range actualIdentity.Credentials {\n\t\t\tt.Run(\"credential=\"+string(ct), func(t *testing.T) {\n\t\t\t\tsnapshotx.SnapshotT(t, actual)\n\t\t\t})\n\t\t}\n\t})\n}\n\nfunc TestDeleteCredentialOIDCSAMLFromIdentity(t *testing.T) {\n\tt.Parallel()\n\n\ti := NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\n\terr := i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeOIDC, \"\")\n\tassert.Error(t, err)\n\terr = i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeOIDC, \"does-not-exist\")\n\tassert.Error(t, err)\n\terr = i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeSAML, \"\")\n\tassert.Error(t, err)\n\terr = i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeSAML, \"does-not-exist\")\n\tassert.Error(t, err)\n\n\tcredentials := map[CredentialsType]Credentials{\n\t\tCredentialsTypePassword: {\n\t\t\tIdentifiers: []string{\"zab\", \"bar\"},\n\t\t\tType: CredentialsTypePassword,\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"some\" : \"secret\"}`),\n\t\t},\n\t\tCredentialsTypeOIDC: {\n\t\t\tType: CredentialsTypeOIDC,\n\t\t\tIdentifiers: []string{\"bar:1234\", \"baz:5678\"},\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"provider\": \"bar\", \"subject\": \"1234\"}, {\"provider\": \"baz\", \"subject\": \"5678\"}]}`),\n\t\t},\n\t\tCredentialsTypeSAML: {\n\t\t\tType: CredentialsTypeSAML,\n\t\t\tIdentifiers: []string{\"bar:1234\", \"baz:5678\"},\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"provider\": \"bar\", \"subject\": \"1234\"}, {\"provider\": \"baz\", \"subject\": \"5678\"}]}`),\n\t\t},\n\t\tCredentialsTypeWebAuthn: {\n\t\t\tType: CredentialsTypeWebAuthn,\n\t\t\tIdentifiers: []string{\"foo\", \"bar\"},\n\t\t\tConfig: sqlxx.JSONRawMessage(`{\"some\" : \"secret\"}`),\n\t\t},\n\t}\n\ti.Credentials = credentials\n\n\terr = i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeOIDC, \"zab\")\n\tassert.Error(t, err)\n\terr = i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeOIDC, \"foo\")\n\tassert.Error(t, err)\n\terr = i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeOIDC, \"bar\")\n\tassert.Error(t, err, \"matches multiple OIDC credentials\")\n\n\trequire.NoError(t, i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeOIDC, \"bar:1234\"))\n\n\tassert.Len(t, i.Credentials, 4)\n\n\tassert.Contains(t, i.Credentials, CredentialsTypePassword)\n\tassert.EqualValues(t, i.Credentials[CredentialsTypePassword].Identifiers, []string{\"zab\", \"bar\"})\n\n\tassert.Contains(t, i.Credentials, CredentialsTypeWebAuthn)\n\tassert.EqualValues(t, i.Credentials[CredentialsTypeWebAuthn].Identifiers, []string{\"foo\", \"bar\"})\n\n\tassert.Contains(t, i.Credentials, CredentialsTypeSAML)\n\tassert.EqualValues(t, i.Credentials[CredentialsTypeSAML].Identifiers, []string{\"bar:1234\", \"baz:5678\"})\n\n\tassert.Contains(t, i.Credentials, CredentialsTypeOIDC)\n\n\toidc, ok := i.GetCredentials(CredentialsTypeOIDC)\n\trequire.True(t, ok)\n\tassert.EqualValues(t, oidc.Identifiers, []string{\"baz:5678\"})\n\tvar cfg CredentialsOIDC\n\t_, err = i.ParseCredentials(CredentialsTypeOIDC, &cfg)\n\trequire.NoError(t, err)\n\tassert.EqualValues(t, CredentialsOIDC{Providers: []CredentialsOIDCProvider{{Provider: \"baz\", Subject: \"5678\"}}}, cfg)\n\n\trequire.NoError(t, i.deleteCredentialOIDCSAMLFromIdentity(CredentialsTypeSAML, \"baz:5678\"))\n\n\tassert.Len(t, i.Credentials, 4)\n\tassert.Contains(t, i.Credentials, CredentialsTypeOIDC)\n\tassert.EqualValues(t, i.Credentials[CredentialsTypeOIDC].Identifiers, []string{\"baz:5678\"})\n\n\tassert.Contains(t, i.Credentials, CredentialsTypeSAML)\n\tsaml, ok := i.GetCredentials(CredentialsTypeSAML)\n\trequire.True(t, ok)\n\tassert.EqualValues(t, saml.Identifiers, []string{\"bar:1234\"})\n\tvar samlCfg CredentialsOIDC\n\t_, err = i.ParseCredentials(CredentialsTypeSAML, &samlCfg)\n\trequire.NoError(t, err)\n\tassert.EqualValues(t, CredentialsOIDC{Providers: []CredentialsOIDCProvider{{Provider: \"bar\", Subject: \"1234\"}}}, samlCfg)\n}\n\nfunc TestMergeOIDCCredentials(t *testing.T) {\n\tt.Parallel()\n\n\tfor _, tc := range []struct {\n\t\tname string\n\t\tidentity *Identity\n\t\tnewCredentials Credentials\n\n\t\texpectedIdentity *Identity\n\t\tassertErr assert.ErrorAssertionFunc\n\t}{\n\t\t{\n\t\t\tname: \"adds OIDC credential if not exists\",\n\t\t\tidentity: &Identity{},\n\t\t\tnewCredentials: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\":[{\"provider\":\"oidc\",\"subject\":\"1234\"}]}`),\n\t\t\t},\n\n\t\t\texpectedIdentity: &Identity{\n\t\t\t\tCredentials: map[CredentialsType]Credentials{\n\t\t\t\t\tCredentialsTypeOIDC: {\n\t\t\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\":[{\"provider\":\"oidc\",\"subject\":\"1234\"}]}`),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tname: \"merges OIDC credential if exists\",\n\t\t\tidentity: &Identity{\n\t\t\t\tCredentials: map[CredentialsType]Credentials{\n\t\t\t\t\tCredentialsTypePassword: {\n\t\t\t\t\t\tType: CredentialsTypePassword,\n\t\t\t\t\t\tIdentifiers: []string{\"user@example.com\"},\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsTypeOIDC: {\n\t\t\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\t\t\tIdentifiers: []string{\"foo\", \"replace:1234\", \"bar\", \"baz\", \"replace:abc\", \"replace:dont-replace\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [\n\t{\"provider\": \"replace\", \"subject\": \"1234\", \"use_auto_link\": true},\n\t{\"provider\": \"dont-touch\", \"subject\": \"foo\"},\n\t{\"provider\": \"replace\", \"subject\": \"abc\", \"use_auto_link\": true},\n\t{\"provider\": \"also-dont-touch\", \"subject\": \"bar\", \"use_auto_link\": true},\n\t{\"provider\": \"replace\", \"subject\": \"dont-replace\", \"use_auto_link\": false}\n]}`),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tnewCredentials: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"provider\": \"replace\", \"subject\": \"new-subject\"}]}`),\n\t\t\t},\n\n\t\t\texpectedIdentity: &Identity{\n\t\t\t\tCredentials: map[CredentialsType]Credentials{\n\t\t\t\t\tCredentialsTypeOIDC: {\n\t\t\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\t\t\tIdentifiers: []string{\"foo\", \"bar\", \"baz\", \"replace:dont-replace\", \"replace:new-subject\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\n \"providers\" : [ {\n \"subject\" : \"foo\",\n \"provider\" : \"dont-touch\",\n \"initial_id_token\" : \"\",\n \"initial_access_token\" : \"\",\n \"initial_refresh_token\" : \"\"\n }, {\n \"subject\" : \"bar\",\n \"provider\" : \"also-dont-touch\",\n \"initial_id_token\" : \"\",\n \"initial_access_token\" : \"\",\n \"initial_refresh_token\" : \"\",\n \"use_auto_link\": true\n }, {\n \"subject\" : \"dont-replace\",\n \"provider\" : \"replace\",\n \"initial_id_token\" : \"\",\n \"initial_access_token\" : \"\",\n \"initial_refresh_token\" : \"\"\n }, {\n \"subject\" : \"new-subject\",\n \"provider\" : \"replace\",\n \"initial_id_token\" : \"\",\n \"initial_access_token\" : \"\",\n \"initial_refresh_token\" : \"\"\n } ]\n}`),\n\t\t\t\t\t},\n\t\t\t\t\tCredentialsTypePassword: {\n\t\t\t\t\t\tType: CredentialsTypePassword,\n\t\t\t\t\t\tIdentifiers: []string{\"user@example.com\"},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tname: \"errs if new credential has no provider\",\n\t\t\tidentity: &Identity{\n\t\t\t\tCredentials: map[CredentialsType]Credentials{\n\t\t\t\t\tCredentialsTypeOIDC: {\n\t\t\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"provider\": \"oidc\", \"subject\": \"1234\"}]}`),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tnewCredentials: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": []}`),\n\t\t\t},\n\n\t\t\tassertErr: assert.Error,\n\t\t},\n\t\t{\n\t\t\tname: \"errs if identity credentials are invalid\",\n\t\t\tidentity: &Identity{\n\t\t\t\tCredentials: map[CredentialsType]Credentials{\n\t\t\t\t\tCredentialsTypeOIDC: {\n\t\t\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(\"invalid\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tnewCredentials: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"provider\": \"replace\", \"subject\": \"new-subject\"}]}`),\n\t\t\t},\n\n\t\t\tassertErr: assert.Error,\n\t\t},\n\t\t{\n\t\t\tname: \"errs if new credential config is invalid\",\n\t\t\tidentity: &Identity{\n\t\t\t\tCredentials: map[CredentialsType]Credentials{\n\t\t\t\t\tCredentialsTypeOIDC: {\n\t\t\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\": [{\"provider\": \"oidc\", \"subject\": \"1234\"}]}`),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tnewCredentials: Credentials{\n\t\t\t\tType: CredentialsTypeOIDC,\n\t\t\t\tIdentifiers: []string{\"oidc:1234\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`invalid`),\n\t\t\t},\n\n\t\t\tassertErr: assert.Error,\n\t\t},\n\t} {\n\t\tt.Run(\"case=\"+tc.name, func(t *testing.T) {\n\t\t\terr := tc.identity.MergeOIDCCredentials(CredentialsTypeOIDC, tc.newCredentials)\n\n\t\t\tif tc.assertErr != nil {\n\t\t\t\ttc.assertErr(t, err)\n\t\t\t} else {\n\t\t\t\trequire.NoError(t, err)\n\t\t\t}\n\n\t\t\tif tc.expectedIdentity != nil {\n\t\t\t\tvar buf bytes.Buffer\n\t\t\t\trequire.NoError(t, json.Compact(&buf, tc.expectedIdentity.Credentials[CredentialsTypeOIDC].Config))\n\t\t\t\ttc.expectedIdentity.UpsertCredentialsConfig(CredentialsTypeOIDC, buf.Bytes(), 0)\n\t\t\t\tassert.EqualExportedValues(t, tc.expectedIdentity, tc.identity)\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "identity/identity_verification.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/sqlxx\"\n)\n\nconst (\n\tVerifiableAddressStatusPending VerifiableAddressStatus = \"pending\"\n\tVerifiableAddressStatusSent VerifiableAddressStatus = \"sent\"\n\tVerifiableAddressStatusCompleted VerifiableAddressStatus = \"completed\"\n)\n\n// VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema\n//\n// swagger:model identityVerifiableAddressStatus\ntype VerifiableAddressStatus string\n\n// VerifiableAddress is an identity's verifiable address\n//\n// swagger:model verifiableIdentityAddress\ntype VerifiableAddress struct {\n\t// The ID\n\t//\n\tID uuid.UUID `json:\"id\" db:\"id\" faker:\"-\"`\n\n\t// The address value\n\t//\n\t// example foo@user.com\n\t// required: true\n\tValue string `json:\"value\" db:\"value\"`\n\n\t// Indicates if the address has already been verified\n\t//\n\t// example: true\n\t// required: true\n\tVerified bool `json:\"verified\" db:\"verified\"`\n\n\t// The delivery method\n\t//\n\t// enum: email,sms\n\t// example: email\n\t// required: true\n\tVia string `json:\"via\" db:\"via\"`\n\n\t// The verified address status\n\t//\n\t// enum: pending,sent,completed\n\t// example: sent\n\t// required: true\n\tStatus VerifiableAddressStatus `json:\"status\" db:\"status\"`\n\n\t// When the address was verified\n\t//\n\t// example: 2014-01-01T23:28:56.782Z\n\t// required: false\n\tVerifiedAt *sqlxx.NullTime `json:\"verified_at,omitempty\" faker:\"-\" db:\"verified_at\"`\n\n\t// When this entry was created\n\t//\n\t// example: 2014-01-01T23:28:56.782Z\n\tCreatedAt time.Time `json:\"created_at\" faker:\"-\" db:\"created_at\"`\n\n\t// When this entry was last updated\n\t//\n\t// example: 2014-01-01T23:28:56.782Z\n\tUpdatedAt time.Time `json:\"updated_at\" faker:\"-\" db:\"updated_at\"`\n\n\t// IdentityID is a helper struct field for gobuffalo.pop.\n\tIdentityID uuid.UUID `json:\"-\" faker:\"-\" db:\"identity_id\"`\n\tNID uuid.UUID `json:\"-\" faker:\"-\" db:\"nid\"`\n}\n\nfunc (a VerifiableAddress) TableName() string {\n\treturn \"identity_verifiable_addresses\"\n}\n\nfunc NewVerifiableEmailAddress(value string, identity uuid.UUID) *VerifiableAddress {\n\treturn NewVerifiableAddress(value, identity, AddressTypeEmail)\n}\n\nfunc NewVerifiableAddress(value string, identity uuid.UUID, channel string) *VerifiableAddress {\n\treturn &VerifiableAddress{\n\t\tValue: value,\n\t\tVerified: false,\n\t\tStatus: VerifiableAddressStatusPending,\n\t\tVia: channel,\n\t\tIdentityID: identity,\n\t}\n}\n\nfunc (a VerifiableAddress) GetID() uuid.UUID {\n\treturn a.ID\n}\n\n// Signature returns a unique string representation for the recovery address.\nfunc (a VerifiableAddress) Signature() string {\n\treturn fmt.Sprintf(\"%v|%v|%v|%v|%v|%v|%v\", a.Value, a.Verified, a.Via, a.Status, a.VerifiedAt, a.IdentityID, a.NID)\n}\n" }, { "path": "identity/identity_verification_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"fmt\"\n\t\"reflect\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/ory/x/sqlxx\"\n\n\t\"github.com/ory/kratos/x\"\n)\n\nfunc TestNewVerifiableEmailAddress(t *testing.T) {\n\tiid := x.NewUUID()\n\ta := NewVerifiableEmailAddress(\"foo@ory.sh\", iid)\n\tvar nullTime *sqlxx.NullTime\n\n\tassert.Equal(t, a.Value, \"foo@ory.sh\")\n\tassert.Equal(t, a.Via, AddressTypeEmail)\n\tassert.Equal(t, a.Status, VerifiableAddressStatusPending)\n\tassert.Equal(t, a.Verified, false)\n\tassert.EqualValues(t, nullTime, a.VerifiedAt)\n\tassert.Equal(t, iid, a.IdentityID)\n\tassert.Equal(t, uuid.Nil, a.ID)\n}\n\nvar tagsIgnoredForHashing = map[string]struct{}{\n\t\"id\": {},\n\t\"created_at\": {},\n\t\"updated_at\": {},\n\t// \"verified_at\": {}, // we explicitly want to be able to update just this field and nothing else\n}\n\nfunc reflectiveHash(record any) string {\n\tvar (\n\t\tval = reflect.ValueOf(record)\n\t\ttyp = reflect.TypeOf(record)\n\t\tvalues = []string{}\n\t)\n\tfor i := 0; i < val.NumField(); i++ {\n\t\tdbTag, ok := typ.Field(i).Tag.Lookup(\"db\")\n\t\tif !ok {\n\t\t\tcontinue\n\t\t}\n\t\tif _, ignore := tagsIgnoredForHashing[dbTag]; ignore {\n\t\t\tcontinue\n\t\t}\n\t\tif !val.Field(i).CanInterface() {\n\t\t\tcontinue\n\t\t}\n\t\tvalues = append(values, fmt.Sprintf(\"%v\", val.Field(i).Interface()))\n\t}\n\treturn strings.Join(values, \"|\")\n}\n\n// TestVerifiableAddress_Hash tests that the hash considers all fields that are\n// written to the database (ignoring some well-known fields like the ID or\n// timestamps).\nfunc TestVerifiableAddress_Hash(t *testing.T) {\n\tnow := sqlxx.NullTime(time.Now())\n\tcases := []struct {\n\t\tname string\n\t\ta VerifiableAddress\n\t}{\n\t\t{\n\t\t\tname: \"full fields\",\n\t\t\ta: VerifiableAddress{\n\t\t\t\tID: x.NewUUID(),\n\t\t\t\tValue: \"foo@bar.me\",\n\t\t\t\tVerified: false,\n\t\t\t\tVia: AddressTypeEmail,\n\t\t\t\tStatus: VerifiableAddressStatusPending,\n\t\t\t\tVerifiedAt: &now,\n\t\t\t\tCreatedAt: time.Now(),\n\t\t\t\tUpdatedAt: time.Now(),\n\t\t\t\tIdentityID: x.NewUUID(),\n\t\t\t\tNID: x.NewUUID(),\n\t\t\t},\n\t\t}, {\n\t\t\tname: \"empty fields\",\n\t\t\ta: VerifiableAddress{},\n\t\t}, {\n\t\t\tname: \"constructor\",\n\t\t\ta: *NewVerifiableEmailAddress(\"foo@ory.sh\", x.NewUUID()),\n\t\t},\n\t}\n\n\tfor _, tc := range cases {\n\t\tt.Run(\"case=\"+tc.name, func(t *testing.T) {\n\t\t\tassert.Equal(t,\n\t\t\t\treflectiveHash(tc.a),\n\t\t\t\ttc.a.Signature(),\n\t\t\t)\n\t\t})\n\t}\n}\n" }, { "path": "identity/manager.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"slices\"\n\t\"sort\"\n\t\"strings\"\n\n\tstderrors \"errors\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/mohae/deepcopy\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nvar ErrProtectedFieldModified = herodot.ErrForbidden.\n\tWithReasonf(`A field was modified that updates one or more credentials-related settings. This action was blocked because an unprivileged method was used to execute the update. This is either a configuration issue or a bug and should be reported to the system administrator.`)\n\ntype (\n\tmanagerDependencies interface {\n\t\tconfig.Provider\n\t\tPoolProvider\n\t\tPrivilegedPoolProvider\n\t\totelx.Provider\n\t\tcourier.Provider\n\t\tValidationProvider\n\t\tActiveCredentialsCounterStrategyProvider\n\t\tlogrusx.Provider\n\t}\n\tManagementProvider interface {\n\t\tIdentityManager() *Manager\n\t}\n\tManager struct {\n\t\tr managerDependencies\n\t}\n\n\tManagerOptions struct {\n\t\tExposeValidationErrors bool\n\t\tAllowWriteProtectedTraits bool\n\t}\n\n\tManagerOption func(*ManagerOptions)\n)\n\nfunc NewManager(r managerDependencies) *Manager {\n\treturn &Manager{r: r}\n}\n\nfunc ManagerExposeValidationErrorsForInternalTypeAssertion(options *ManagerOptions) {\n\toptions.ExposeValidationErrors = true\n}\n\nfunc ManagerAllowWriteProtectedTraits(options *ManagerOptions) {\n\toptions.AllowWriteProtectedTraits = true\n}\n\nfunc newManagerOptions(opts []ManagerOption) *ManagerOptions {\n\tvar o ManagerOptions\n\tfor _, f := range opts {\n\t\tf(&o)\n\t}\n\treturn &o\n}\n\nfunc (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) (err error) {\n\tctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.Create\")\n\tdefer otelx.End(span, &err)\n\n\tif i.SchemaID == \"\" {\n\t\ti.SchemaID = m.r.Config().DefaultIdentityTraitsSchemaID(ctx)\n\t}\n\n\to := newManagerOptions(opts)\n\tif err := m.ValidateIdentity(ctx, i, o); err != nil {\n\t\treturn err\n\t}\n\n\tif err := m.r.PrivilegedIdentityPool().CreateIdentity(ctx, i); err != nil {\n\t\tif errors.Is(err, sqlcon.ErrUniqueViolation) {\n\t\t\treturn m.findExistingAuthMethod(ctx, err, i)\n\t\t}\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (m *Manager) ConflictingIdentity(ctx context.Context, i *Identity) (found *Identity, foundConflictAddress string, conflictAddressType string, err error) {\n\tfor ct, cred := range i.Credentials {\n\t\tfor _, id := range cred.Identifiers {\n\t\t\tfound, _, err = m.r.PrivilegedIdentityPool().FindByCredentialsIdentifier(ctx, ct, id)\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// FindByCredentialsIdentifier does not expand identity credentials.\n\t\t\tif err = m.r.PrivilegedIdentityPool().HydrateIdentityAssociations(ctx, found, ExpandCredentials); err != nil {\n\t\t\t\treturn nil, \"\", \"\", err\n\t\t\t}\n\n\t\t\treturn found, id, ct.String(), nil\n\t\t}\n\t}\n\n\t// If the conflict is not in the identifiers table, it is coming from the verifiable or recovery address.\n\tfor _, va := range i.VerifiableAddresses {\n\t\tconflictingAddress, err := m.r.PrivilegedIdentityPool().FindVerifiableAddressByValue(ctx, va.Via, va.Value)\n\t\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\tcontinue\n\t\t} else if err != nil {\n\t\t\treturn nil, \"\", \"\", err\n\t\t}\n\n\t\tfoundConflictAddress = conflictingAddress.Value\n\t\tfound, err = m.r.PrivilegedIdentityPool().GetIdentity(ctx, conflictingAddress.IdentityID, ExpandCredentials)\n\t\tif err != nil {\n\t\t\treturn nil, \"\", \"\", err\n\t\t}\n\n\t\treturn found, foundConflictAddress, va.Via, nil\n\t}\n\n\t// Last option: check the recovery address\n\tfor _, va := range i.RecoveryAddresses {\n\t\tconflictingAddress, err := m.r.PrivilegedIdentityPool().FindRecoveryAddressByValue(ctx, va.Via, va.Value)\n\t\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\tcontinue\n\t\t} else if err != nil {\n\t\t\treturn nil, \"\", \"\", err\n\t\t}\n\n\t\tfoundConflictAddress = conflictingAddress.Value\n\t\tfound, err = m.r.PrivilegedIdentityPool().GetIdentity(ctx, conflictingAddress.IdentityID, ExpandCredentials)\n\t\tif err != nil {\n\t\t\treturn nil, \"\", \"\", err\n\t\t}\n\n\t\treturn found, foundConflictAddress, string(va.Via), nil\n\t}\n\n\treturn nil, \"\", \"\", sqlcon.ErrNoRows\n}\n\nfunc (m *Manager) findExistingAuthMethod(ctx context.Context, e error, i *Identity) (err error) {\n\tif !m.r.Config().SelfServiceFlowRegistrationLoginHints(ctx) {\n\t\treturn &ErrDuplicateCredentials{error: e}\n\t}\n\n\tfound, foundConflictAddress, conflictingAddressType, err := m.ConflictingIdentity(ctx, i)\n\tif err != nil {\n\t\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\treturn &ErrDuplicateCredentials{error: e}\n\t\t}\n\t\treturn err\n\t}\n\n\t// We need to sort the credentials for the error message to be deterministic.\n\tvar creds []Credentials\n\tfor _, cred := range found.Credentials {\n\t\tcreds = append(creds, cred)\n\t}\n\tsort.Slice(creds, func(i, j int) bool {\n\t\treturn creds[i].Type < creds[j].Type\n\t})\n\n\tduplicateCredErr := &ErrDuplicateCredentials{error: e}\n\t// OIDC credentials are not email addresses but the sub claim from the OIDC provider.\n\t// This is useless for the user, so in that case, we don't set the identifier hint.\n\tif conflictingAddressType != CredentialsTypeOIDC.String() {\n\t\tduplicateCredErr.SetIdentifierHint(strings.Trim(foundConflictAddress, \" \"))\n\t}\n\n\tfor _, cred := range creds {\n\t\tif cred.Config == nil {\n\t\t\tcontinue\n\t\t}\n\n\t\t// Basically, we only have password, oidc, and webauthn as first factor credentials.\n\t\t// We don't care about second factor, because they don't help the user understand how to sign\n\t\t// in to the first factor (obviously).\n\t\tswitch cred.Type {\n\t\tcase CredentialsTypePassword:\n\t\t\tif duplicateCredErr.IdentifierHint() == \"\" && len(cred.Identifiers) == 1 {\n\t\t\t\tduplicateCredErr.SetIdentifierHint(cred.Identifiers[0])\n\t\t\t}\n\n\t\t\tvar cfg CredentialsPassword\n\t\t\tif err := json.Unmarshal(cred.Config, &cfg); err != nil {\n\t\t\t\t// just ignore this credential if the config is invalid\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif cfg.HashedPassword == \"\" {\n\t\t\t\t// just ignore this credential if the hashed password is empty\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tduplicateCredErr.AddCredentialsType(cred.Type)\n\t\tcase CredentialsTypeCodeAuth:\n\t\t\tduplicateCredErr.AddCredentialsType(cred.Type)\n\t\tcase CredentialsTypeOIDC:\n\t\t\tvar cfg CredentialsOIDC\n\t\t\tif err := json.Unmarshal(cred.Config, &cfg); err != nil {\n\t\t\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to JSON decode identity credentials %s for identity %s.\", cred.Type, found.ID))\n\t\t\t}\n\n\t\t\tavailable := make([]string, 0, len(cfg.Providers))\n\t\t\tfor _, provider := range cfg.Providers {\n\t\t\t\tavailable = append(available, provider.Provider)\n\t\t\t}\n\n\t\t\tduplicateCredErr.AddCredentialsType(cred.Type)\n\t\t\tduplicateCredErr.availableOIDCProviders = available\n\t\tcase CredentialsTypeWebAuthn:\n\t\t\tvar cfg CredentialsWebAuthnConfig\n\t\t\tif err := json.Unmarshal(cred.Config, &cfg); err != nil {\n\t\t\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to JSON decode identity credentials %s for identity %s.\", cred.Type, found.ID))\n\t\t\t}\n\n\t\t\tif duplicateCredErr.IdentifierHint() == \"\" && len(cred.Identifiers) == 1 {\n\t\t\t\tduplicateCredErr.SetIdentifierHint(cred.Identifiers[0])\n\t\t\t}\n\t\t\tfor _, webauthn := range cfg.Credentials {\n\t\t\t\tif webauthn.IsPasswordless {\n\t\t\t\t\tduplicateCredErr.AddCredentialsType(cred.Type)\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\t\tcase CredentialsTypePasskey:\n\t\t\tvar cfg CredentialsWebAuthnConfig\n\t\t\tif err := json.Unmarshal(cred.Config, &cfg); err != nil {\n\t\t\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to JSON decode identity credentials %s for identity %s.\", cred.Type, found.ID))\n\t\t\t}\n\n\t\t\tif duplicateCredErr.IdentifierHint() == \"\" && len(cred.Identifiers) == 1 {\n\t\t\t\tduplicateCredErr.SetIdentifierHint(cred.Identifiers[0])\n\t\t\t}\n\t\t\tfor _, webauthn := range cfg.Credentials {\n\t\t\t\tif webauthn.IsPasswordless {\n\t\t\t\t\tduplicateCredErr.AddCredentialsType(cred.Type)\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn duplicateCredErr\n}\n\ntype ErrDuplicateCredentials struct {\n\terror\n\n\tavailableCredentials []CredentialsType\n\tavailableOIDCProviders []string\n\tidentifierHint string\n}\n\nvar _ schema.DuplicateCredentialsHinter = (*ErrDuplicateCredentials)(nil)\n\nfunc (e *ErrDuplicateCredentials) Unwrap() error {\n\treturn e.error\n}\n\nfunc (e *ErrDuplicateCredentials) AddCredentialsType(ct CredentialsType) {\n\te.availableCredentials = append(e.availableCredentials, ct)\n}\n\nfunc (e *ErrDuplicateCredentials) SetIdentifierHint(hint string) {\n\tif hint != \"\" {\n\t\te.identifierHint = hint\n\t}\n}\n\nfunc (e *ErrDuplicateCredentials) AvailableCredentials() []string {\n\tres := make([]string, len(e.availableCredentials))\n\tfor k, v := range e.availableCredentials {\n\t\tres[k] = string(v)\n\t}\n\tslices.Sort(res)\n\n\treturn res\n}\n\nfunc (e *ErrDuplicateCredentials) AvailableOIDCProviders() []string {\n\tif e.availableOIDCProviders == nil {\n\t\treturn []string{}\n\t}\n\tslices.Sort(e.availableOIDCProviders)\n\treturn e.availableOIDCProviders\n}\n\nfunc (e *ErrDuplicateCredentials) IdentifierHint() string {\n\treturn e.identifierHint\n}\n\nfunc (e *ErrDuplicateCredentials) HasHints() bool {\n\treturn len(e.availableCredentials) > 0 || len(e.availableOIDCProviders) > 0 || len(e.identifierHint) > 0\n}\n\ntype FailedIdentity struct {\n\tIdentity *Identity\n\tError *herodot.DefaultError\n}\n\ntype CreateIdentitiesError struct {\n\tfailedIdentities map[*Identity]*herodot.DefaultError\n}\n\nfunc NewCreateIdentitiesError(capacity int) *CreateIdentitiesError {\n\treturn &CreateIdentitiesError{\n\t\tfailedIdentities: make(map[*Identity]*herodot.DefaultError, capacity),\n\t}\n}\n\nfunc (e *CreateIdentitiesError) Error() string {\n\te.init()\n\treturn fmt.Sprintf(\"create identities error: %d identities failed\", len(e.failedIdentities))\n}\n\nfunc (e *CreateIdentitiesError) Unwrap() []error {\n\te.init()\n\tvar errs []error\n\tfor _, err := range e.failedIdentities {\n\t\terrs = append(errs, err)\n\t}\n\treturn errs\n}\n\nfunc (e *CreateIdentitiesError) AddFailedIdentity(ident *Identity, err *herodot.DefaultError) {\n\te.init()\n\te.failedIdentities[ident] = err\n}\n\nfunc (e *CreateIdentitiesError) Merge(other *CreateIdentitiesError) {\n\te.init()\n\tfor k, v := range other.failedIdentities {\n\t\te.failedIdentities[k] = v\n\t}\n}\n\nfunc (e *CreateIdentitiesError) Contains(ident *Identity) bool {\n\te.init()\n\t_, found := e.failedIdentities[ident]\n\treturn found\n}\n\nfunc (e *CreateIdentitiesError) Find(ident *Identity) *FailedIdentity {\n\te.init()\n\tif err, found := e.failedIdentities[ident]; found {\n\t\treturn &FailedIdentity{Identity: ident, Error: err}\n\t}\n\n\treturn nil\n}\n\nfunc (e *CreateIdentitiesError) ErrOrNil() error {\n\tif e == nil || len(e.failedIdentities) == 0 {\n\t\treturn nil\n\t}\n\treturn e\n}\n\nfunc (e *CreateIdentitiesError) init() {\n\tif e.failedIdentities == nil {\n\t\te.failedIdentities = map[*Identity]*herodot.DefaultError{}\n\t}\n}\n\nfunc (m *Manager) CreateIdentities(ctx context.Context, identities []*Identity, opts ...ManagerOption) (err error) {\n\tctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.CreateIdentities\")\n\tdefer otelx.End(span, &err)\n\n\tcreateIdentitiesError := NewCreateIdentitiesError(len(identities))\n\tvalidIdentities := make([]*Identity, 0, len(identities))\n\tfor _, ident := range identities {\n\t\tif ident.SchemaID == \"\" {\n\t\t\tident.SchemaID = m.r.Config().DefaultIdentityTraitsSchemaID(ctx)\n\t\t}\n\n\t\to := newManagerOptions(opts)\n\t\tif err := m.ValidateIdentity(ctx, ident, o); err != nil {\n\t\t\treason := err.Error()\n\t\t\tif e, ok := stderrors.AsType[*herodot.DefaultError](err); ok {\n\t\t\t\treason = e.Reason()\n\t\t\t}\n\t\t\tcreateIdentitiesError.AddFailedIdentity(ident, herodot.ErrBadRequest.WithReason(reason).WithWrap(err))\n\t\t\tcontinue\n\t\t}\n\t\tvalidIdentities = append(validIdentities, ident)\n\t}\n\n\tif err := m.r.PrivilegedIdentityPool().CreateIdentities(ctx, validIdentities...); err != nil {\n\t\tif partialErr := new(CreateIdentitiesError); errors.As(err, &partialErr) {\n\t\t\tcreateIdentitiesError.Merge(partialErr)\n\t\t} else {\n\t\t\treturn err\n\t\t}\n\t}\n\n\treturn createIdentitiesError.ErrOrNil()\n}\n\nfunc (m *Manager) requiresPrivilegedAccess(ctx context.Context, original, updated *Identity, o *ManagerOptions) (err error) {\n\t_, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.requiresPrivilegedAccess\")\n\tdefer otelx.End(span, &err)\n\n\tif !o.AllowWriteProtectedTraits {\n\t\tif !CredentialsEqual(updated.Credentials, original.Credentials) {\n\t\t\t// reset the identity\n\t\t\t*updated = *original\n\n\t\t\treturn errors.WithStack(ErrProtectedFieldModified)\n\t\t}\n\n\t\tif !reflect.DeepEqual(original.VerifiableAddresses, updated.VerifiableAddresses) &&\n\t\t\t/* prevent nil != []string{} */\n\t\t\tlen(original.VerifiableAddresses)+len(updated.VerifiableAddresses) != 0 {\n\t\t\t// reset the identity\n\t\t\t*updated = *original\n\t\t\treturn errors.WithStack(ErrProtectedFieldModified)\n\t\t}\n\t}\n\treturn nil\n}\n\nfunc (m *Manager) Update(ctx context.Context, updated *Identity, opts ...ManagerOption) (err error) {\n\tctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.Update\")\n\tdefer otelx.End(span, &err)\n\n\to := newManagerOptions(opts)\n\tif err := m.ValidateIdentity(ctx, updated, o); err != nil {\n\t\treturn err\n\t}\n\n\toriginal, err := m.r.PrivilegedIdentityPool().GetIdentityConfidential(ctx, updated.ID)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif err := m.requiresPrivilegedAccess(ctx, original, updated, o); err != nil {\n\t\treturn err\n\t}\n\n\treturn m.r.PrivilegedIdentityPool().UpdateIdentity(ctx, updated, DiffAgainst(original))\n}\n\nfunc (m *Manager) UpdateSchemaID(ctx context.Context, id uuid.UUID, schemaID string, opts ...ManagerOption) (err error) {\n\tctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.UpdateSchemaID\")\n\tdefer otelx.End(span, &err)\n\n\to := newManagerOptions(opts)\n\toriginal, err := m.r.PrivilegedIdentityPool().GetIdentityConfidential(ctx, id)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif !o.AllowWriteProtectedTraits && original.SchemaID != schemaID {\n\t\treturn errors.WithStack(ErrProtectedFieldModified)\n\t}\n\n\toriginal.SchemaID = schemaID\n\tif err := m.ValidateIdentity(ctx, original, o); err != nil {\n\t\treturn err\n\t}\n\n\treturn m.r.PrivilegedIdentityPool().UpdateIdentity(ctx, original)\n}\n\nfunc (m *Manager) SetTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) (_ *Identity, err error) {\n\tctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.SetTraits\")\n\tdefer otelx.End(span, &err)\n\n\to := newManagerOptions(opts)\n\toriginal, err := m.r.PrivilegedIdentityPool().GetIdentityConfidential(ctx, id)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// original is used to check whether protected traits were modified\n\tupdated := deepcopy.Copy(original).(*Identity)\n\tupdated.Traits = traits\n\tif err := m.ValidateIdentity(ctx, updated, o); err != nil {\n\t\treturn nil, err\n\t}\n\n\tif err := m.requiresPrivilegedAccess(ctx, original, updated, o); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn updated, nil\n}\n\n// RefreshAvailableAAL refreshes the available AAL for the identity.\n//\n// This method is a no-op if everything is up-to date.\n//\n// Please make sure to load all credentials before using this method.\nfunc (m *Manager) RefreshAvailableAAL(ctx context.Context, i *Identity) (err error) {\n\tif len(i.Credentials) == 0 {\n\t\tif err := m.r.PrivilegedIdentityPool().HydrateIdentityAssociations(ctx, i, ExpandCredentials); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\taalBefore := i.InternalAvailableAAL\n\tif err := i.SetAvailableAAL(ctx, m); err != nil {\n\t\treturn err\n\t}\n\n\tif aalBefore.String != i.InternalAvailableAAL.String || aalBefore.Valid != i.InternalAvailableAAL.Valid {\n\t\treturn m.r.PrivilegedIdentityPool().UpdateIdentityColumns(ctx, i, \"available_aal\")\n\t}\n\n\treturn nil\n}\n\nfunc (m *Manager) UpdateTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) (err error) {\n\tctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.UpdateTraits\")\n\tdefer otelx.End(span, &err)\n\n\tupdated, err := m.SetTraits(ctx, id, traits, opts...)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn m.r.PrivilegedIdentityPool().UpdateIdentity(ctx, updated)\n}\n\nfunc (m *Manager) ValidateIdentity(ctx context.Context, i *Identity, o *ManagerOptions) (err error) {\n\tif err := m.r.IdentityValidator().Validate(ctx, i); err != nil {\n\t\tvar validationErr *jsonschema.ValidationError\n\t\tif errors.As(err, &validationErr) && !o.ExposeValidationErrors {\n\t\t\treturn herodot.ErrBadRequest.WithReasonf(\"%s\", err).WithWrap(err)\n\t\t}\n\t\treturn err\n\t}\n\n\tif err := i.SetAvailableAAL(ctx, m); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (m *Manager) CountActiveFirstFactorCredentials(ctx context.Context, i *Identity) (count int, err error) {\n\t// This trace is more noisy than it's worth in diagnostic power.\n\t// ctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.CountActiveFirstFactorCredentials\")\n\t// defer otelx.End(span, &err)\n\n\tfor _, strategy := range m.r.ActiveCredentialsCounterStrategies(ctx) {\n\t\tcurrent, err := strategy.CountActiveFirstFactorCredentials(ctx, i.Credentials)\n\t\tif err != nil {\n\t\t\treturn 0, err\n\t\t}\n\n\t\tcount += current\n\t}\n\treturn count, nil\n}\n\nfunc (m *Manager) CountActiveMultiFactorCredentials(ctx context.Context, i *Identity) (count int, err error) {\n\t// This trace is more noisy than it's worth in diagnostic power.\n\t// ctx, span := m.r.Tracer(ctx).Tracer().Start(ctx, \"identity.Manager.CountActiveMultiFactorCredentials\")\n\t// defer otelx.End(span, &err)\n\n\tfor _, strategy := range m.r.ActiveCredentialsCounterStrategies(ctx) {\n\t\tcurrent, err := strategy.CountActiveMultiFactorCredentials(ctx, i.Credentials)\n\t\tif err != nil {\n\t\t\treturn 0, err\n\t\t}\n\n\t\tcount += current\n\t}\n\treturn count, nil\n}\n" }, { "path": "identity/manager_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity_test\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/sqlcon\"\n\n\t_ \"embed\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/sqlxx\"\n\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/x\"\n)\n\n//go:embed stub/aal.json\nvar refreshAALStubs []byte\n\nfunc TestManager(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t,\n\t\tconfigx.WithValues(map[string]interface{}{\n\t\t\tconfig.ViperKeyCourierSMTPURL: \"smtp://foo@bar@dev.null/\",\n\t\t\tconfig.ViperKeySelfServiceRegistrationLoginHints: true,\n\t\t\tconfig.ViperKeyDefaultIdentitySchemaID: \"default\",\n\t\t}),\n\t\tconfigx.WithValues(testhelpers.IdentitySchemasConfig(map[string]string{\n\t\t\t\"default\": \"file://./stub/manager.schema.json\",\n\t\t\t\"extension\": \"file://./stub/extension.schema.json\",\n\t\t})),\n\t)\n\n\tt.Run(\"case=should fail to create because validation fails\", func(t *testing.T) {\n\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\ti.Traits = identity.Traits(`{\"email\":\"not an email\"}`)\n\t\trequire.Error(t, reg.IdentityManager().Create(t.Context(), i))\n\t})\n\n\tnewTraits := func(email string, unprotected string) identity.Traits {\n\t\treturn identity.Traits(fmt.Sprintf(`{\"email\":\"%[1]s\",\"email_verify\":\"%[1]s\",\"email_recovery\":\"%[1]s\",\"email_creds\":\"%[1]s\",\"unprotected\": \"%[2]s\"}`, email, unprotected))\n\t}\n\n\tcheckExtensionFields := func(i *identity.Identity, expected string) func(*testing.T) {\n\t\treturn func(t *testing.T) {\n\t\t\trequire.Len(t, i.VerifiableAddresses, 1)\n\t\t\tassert.EqualValues(t, expected, i.VerifiableAddresses[0].Value)\n\t\t\tassert.EqualValues(t, identity.AddressTypeEmail, i.VerifiableAddresses[0].Via)\n\n\t\t\trequire.Len(t, i.RecoveryAddresses, 1)\n\t\t\tassert.EqualValues(t, expected, i.RecoveryAddresses[0].Value)\n\t\t\tassert.EqualValues(t, identity.AddressTypeEmail, i.RecoveryAddresses[0].Via)\n\n\t\t\trequire.NotNil(t, i.Credentials[identity.CredentialsTypePassword])\n\t\t\tassert.Equal(t, []string{expected}, i.Credentials[identity.CredentialsTypePassword].Identifiers)\n\t\t}\n\t}\n\n\tcheckExtensionFieldsForIdentities := func(t *testing.T, expected string, original *identity.Identity) {\n\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\trequire.NoError(t, err)\n\t\tidentities := []identity.Identity{*original, *fromStore}\n\t\tfor k := range identities {\n\t\t\tt.Run(fmt.Sprintf(\"identity=%d\", k), checkExtensionFields(&identities[k], expected))\n\t\t}\n\t}\n\n\tt.Run(\"method=CreateIdentities\", func(t *testing.T) {\n\t\tt.Run(\"case=should set AAL to 2 if password and TOTP is set\", func(t *testing.T) {\n\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\toriginal.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t// By explicitly not setting the identifier, we mimic the behavior of the PATCH endpoint.\n\t\t\t\t\t// This tests a bug we introduced on the PATCH endpoint where the AAL value would not be correct.\n\t\t\t\t\tIdentifiers: []string{},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t},\n\t\t\t\tidentity.CredentialsTypeTOTP: {\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\t// By explicitly not setting the identifier, we mimic the behavior of the PATCH endpoint.\n\t\t\t\t\t// This tests a bug we introduced on the PATCH endpoint where the AAL value would not be correct.\n\t\t\t\t\tIdentifiers: []string{},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t},\n\t\t\t}\n\t\t\trequire.NoError(t, reg.IdentityManager().CreateIdentities(t.Context(), []*identity.Identity{original}))\n\t\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentity(t.Context(), original.ID, identity.ExpandNothing)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tgot, ok := fromStore.InternalAvailableAAL.ToAAL()\n\t\t\trequire.True(t, ok)\n\t\t\tassert.Equal(t, identity.AuthenticatorAssuranceLevel2, got)\n\t\t})\n\t})\n\n\tt.Run(\"method=Create\", func(t *testing.T) {\n\t\tt.Run(\"case=should create identity and track extension fields\", func(t *testing.T) {\n\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\tcheckExtensionFieldsForIdentities(t, email, original)\n\t\t\tgot, ok := original.InternalAvailableAAL.ToAAL()\n\t\t\trequire.True(t, ok)\n\t\t\tassert.Equal(t, identity.NoAuthenticatorAssuranceLevel, got)\n\t\t})\n\n\t\tt.Run(\"case=correctly set AAL\", func(t *testing.T) {\n\t\t\tt.Run(\"case=should set AAL to 0 if no credentials are available\", func(t *testing.T) {\n\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\t\tgot, ok := original.InternalAvailableAAL.ToAAL()\n\t\t\t\trequire.True(t, ok)\n\t\t\t\tassert.Equal(t, identity.NoAuthenticatorAssuranceLevel, got)\n\t\t\t})\n\n\t\t\tt.Run(\"case=should set AAL to 1 if password is set\", func(t *testing.T) {\n\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\t\toriginal.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t\t},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\t\tgot, ok := original.InternalAvailableAAL.ToAAL()\n\t\t\t\trequire.True(t, ok)\n\t\t\t\tassert.Equal(t, identity.AuthenticatorAssuranceLevel1, got)\n\t\t\t})\n\n\t\t\tt.Run(\"case=should set AAL to 2 if password and TOTP is set\", func(t *testing.T) {\n\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\t\toriginal.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t\t},\n\t\t\t\t\tidentity.CredentialsTypeTOTP: {\n\t\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t\t},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\t\tgot, ok := original.InternalAvailableAAL.ToAAL()\n\t\t\t\trequire.True(t, ok)\n\t\t\t\tassert.Equal(t, identity.AuthenticatorAssuranceLevel2, got)\n\t\t\t})\n\n\t\t\tt.Run(\"case=should set AAL to 2 if only TOTP is set\", func(t *testing.T) {\n\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\t\toriginal.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tidentity.CredentialsTypeTOTP: {\n\t\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t\t},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\t\tgot, ok := original.InternalAvailableAAL.ToAAL()\n\t\t\t\trequire.True(t, ok)\n\t\t\t\tassert.Equal(t, identity.AuthenticatorAssuranceLevel2, got)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=should expose validation errors with option\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = identity.Traits(`{\"email\":\"not an email\"}`)\n\t\t\terr := reg.IdentityManager().Create(t.Context(), original, identity.ManagerExposeValidationErrorsForInternalTypeAssertion)\n\t\t\trequire.Error(t, err)\n\t\t\tassert.Contains(t, err.Error(), \"\\\"not an email\\\" is not valid \\\"email\\\"\")\n\t\t})\n\n\t\tt.Run(\"case=should not expose validation errors without option\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = identity.Traits(`{\"email\":\"not an email\"}`)\n\t\t\terr := reg.IdentityManager().Create(t.Context(), original)\n\t\t\trequire.Error(t, err)\n\t\t\tassert.NotContains(t, err.Error(), \"\\\"not an email\\\" is not valid \\\"email\\\"\")\n\t\t})\n\n\t\tt.Run(\"case=should correctly hint at the duplicate credential\", func(t *testing.T) {\n\t\t\tcreateIdentity := func(email string, field string, creds map[identity.CredentialsType]identity.Credentials) *identity.Identity {\n\t\t\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\t\ti.Traits = identity.Traits(fmt.Sprintf(`{\"%s\":\"%s\"}`, field, email))\n\t\t\t\ti.Credentials = creds\n\t\t\t\treturn i\n\t\t\t}\n\n\t\t\tt.Run(\"case=credential identifier duplicate\", func(t *testing.T) {\n\t\t\t\tt.Run(\"type=password\", func(t *testing.T) {\n\t\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\t\tcreds := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\n\t\t\t\t\tfirst := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), first))\n\n\t\t\t\t\tsecond := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\terr := reg.IdentityManager().Create(t.Context(), second)\n\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\tverr := new(identity.ErrDuplicateCredentials)\n\t\t\t\t\tassert.ErrorAs(t, err, &verr)\n\t\t\t\t\tassert.EqualValues(t, []string{identity.CredentialsTypePassword.String()}, verr.AvailableCredentials())\n\t\t\t\t\tassert.Len(t, verr.AvailableOIDCProviders(), 0)\n\t\t\t\t\tassert.Equal(t, verr.IdentifierHint(), email)\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"type=webauthn\", func(t *testing.T) {\n\t\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\t\tcreds := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\t\tidentity.CredentialsTypeWebAuthn: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypeWebAuthn,\n\t\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"credentials\": [{\"is_passwordless\":true}]}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\n\t\t\t\t\tfirst := createIdentity(email, \"email_webauthn\", creds)\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), first))\n\n\t\t\t\t\tsecond := createIdentity(email, \"email_webauthn\", nil)\n\t\t\t\t\terr := reg.IdentityManager().Create(t.Context(), second)\n\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\tverr := new(identity.ErrDuplicateCredentials)\n\t\t\t\t\tassert.ErrorAs(t, err, &verr)\n\t\t\t\t\tassert.EqualValues(t, []string{identity.CredentialsTypeWebAuthn.String()}, verr.AvailableCredentials())\n\t\t\t\t\tassert.Len(t, verr.AvailableOIDCProviders(), 0)\n\t\t\t\t\tassert.Equal(t, verr.IdentifierHint(), email)\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"type=oidc\", func(t *testing.T) {\n\t\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\t\tcreds := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\t\tidentity.CredentialsTypeOIDC: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\t\t\t// Identifiers in OIDC are not email addresses, but a unique user ID.\n\t\t\t\t\t\t\tIdentifiers: []string{\"google:\" + uuid.Must(uuid.NewV4()).String()},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\":[{\"provider\": \"google\"},{\"provider\": \"github\"}]}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\n\t\t\t\t\tfirst := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), first))\n\n\t\t\t\t\tsecond := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\terr := reg.IdentityManager().Create(t.Context(), second)\n\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\tverr := new(identity.ErrDuplicateCredentials)\n\t\t\t\t\tassert.ErrorAs(t, err, &verr)\n\t\t\t\t\tassert.ElementsMatch(t, []string{\"oidc\"}, verr.AvailableCredentials())\n\t\t\t\t\tassert.ElementsMatch(t, []string{\"google\", \"github\"}, verr.AvailableOIDCProviders())\n\t\t\t\t\t// The conflicting identifier is the oidc subject, which is not useful for the user\n\t\t\t\t\tassert.Equal(t, email, verr.IdentifierHint())\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"type=password+oidc+webauthn\", func(t *testing.T) {\n\t\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\t\tcreds := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tidentity.CredentialsTypeOIDC: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\t\t\t// Identifiers in OIDC are not email addresses, but a unique user ID.\n\t\t\t\t\t\t\tIdentifiers: []string{\"google:\" + uuid.Must(uuid.NewV4()).String()},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\":[{\"provider\": \"google\"},{\"provider\": \"github\"}]}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tidentity.CredentialsTypeWebAuthn: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypeWebAuthn,\n\t\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"credentials\": [{\"is_passwordless\":true}]}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\n\t\t\t\t\tfirst := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), first))\n\n\t\t\t\t\tsecond := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\terr := reg.IdentityManager().Create(t.Context(), second)\n\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\tverr := new(identity.ErrDuplicateCredentials)\n\t\t\t\t\tassert.ErrorAs(t, err, &verr)\n\t\t\t\t\tassert.ElementsMatch(t, []string{\"password\", \"oidc\", \"webauthn\"}, verr.AvailableCredentials())\n\t\t\t\t\tassert.ElementsMatch(t, []string{\"google\", \"github\"}, verr.AvailableOIDCProviders())\n\t\t\t\t\tassert.Equal(t, email, verr.IdentifierHint())\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"type=code\", func(t *testing.T) {\n\t\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\t\tcreds := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\t\tidentity.CredentialsTypeCodeAuth: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypeCodeAuth,\n\t\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\n\t\t\t\t\tfirst := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), first))\n\n\t\t\t\t\tsecond := createIdentity(email, \"email_creds\", creds)\n\t\t\t\t\terr := reg.IdentityManager().Create(t.Context(), second)\n\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\tverr := new(identity.ErrDuplicateCredentials)\n\t\t\t\t\tassert.ErrorAs(t, err, &verr)\n\t\t\t\t\tassert.EqualValues(t, []string{identity.CredentialsTypeCodeAuth.String()}, verr.AvailableCredentials())\n\t\t\t\t\tassert.Len(t, verr.AvailableOIDCProviders(), 0)\n\t\t\t\t\tassert.Equal(t, verr.IdentifierHint(), email)\n\t\t\t\t})\n\t\t\t})\n\n\t\t\trunAddress := func(t *testing.T, field string) {\n\t\t\t\tt.Run(\"case=password duplicate\", func(t *testing.T) {\n\t\t\t\t\t// This test mimics a case where an existing user with email + password exists, and the\n\t\t\t\t\t// new user tries to sign up with a verification email (NOT email + password) that matches\n\t\t\t\t\t// this existing record. Here, the end result is that we want to show the\n\t\t\t\t\t// user: \"Sign up with email foo@bar.com and your password instead.\"\n\t\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\t\tcreds := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\n\t\t\t\t\tfirst := createIdentity(email, field, creds)\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), first))\n\n\t\t\t\t\tsecond := createIdentity(email, field, nil)\n\t\t\t\t\terr := reg.IdentityManager().Create(t.Context(), second)\n\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\tverr := new(identity.ErrDuplicateCredentials)\n\t\t\t\t\tassert.ErrorAs(t, err, &verr)\n\t\t\t\t\tassert.EqualValues(t, []string{identity.CredentialsTypePassword.String()}, verr.AvailableCredentials())\n\t\t\t\t\tassert.Len(t, verr.AvailableOIDCProviders(), 0)\n\t\t\t\t\tassert.Equal(t, verr.IdentifierHint(), email)\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"case=OIDC duplicate\", func(t *testing.T) {\n\t\t\t\t\t// This test mimics a case where user signed up using Social Sign In exists, and the\n\t\t\t\t\t// new user tries to sign up with a verification email (NOT email + password) that matches\n\t\t\t\t\t// this existing record (for example by using another social sign in provider.\n\t\t\t\t\t// Here, the end result is that we want to show \"Sign in using google instead\".\n\t\t\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\t\t\tcreds := map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\t\tidentity.CredentialsTypeOIDC: {\n\t\t\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\t\t\t// Identifiers in OIDC are not email addresses, but a unique user ID.\n\t\t\t\t\t\t\tIdentifiers: []string{\"google:\" + uuid.Must(uuid.NewV4()).String()},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"providers\":[{\"provider\": \"google\"},{\"provider\": \"github\"}]}`),\n\t\t\t\t\t\t},\n\t\t\t\t\t}\n\n\t\t\t\t\tfirst := createIdentity(email, field, creds)\n\t\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), first))\n\n\t\t\t\t\tsecond := createIdentity(email, field, nil)\n\t\t\t\t\terr := reg.IdentityManager().Create(t.Context(), second)\n\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\tverr := new(identity.ErrDuplicateCredentials)\n\t\t\t\t\tassert.ErrorAs(t, err, &verr)\n\t\t\t\t\tassert.EqualValues(t, []string{identity.CredentialsTypeOIDC.String()}, verr.AvailableCredentials())\n\t\t\t\t\tassert.EqualValues(t, verr.AvailableOIDCProviders(), []string{\"github\", \"google\"})\n\t\t\t\t\tassert.Equal(t, verr.IdentifierHint(), email)\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tt.Run(\"case=verifiable address\", func(t *testing.T) {\n\t\t\t\trunAddress(t, \"email_verify\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=recovery address\", func(t *testing.T) {\n\t\t\t\trunAddress(t, \"email_recovery\")\n\t\t\t})\n\t\t})\n\t})\n\n\tt.Run(\"method=Update\", func(t *testing.T) {\n\t\tt.Run(\"case=should update identity and update extension fields\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(\"baz@ory.sh\", \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\toriginal.Traits = newTraits(\"bar@ory.sh\", \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original, identity.ManagerAllowWriteProtectedTraits))\n\n\t\t\tcheckExtensionFieldsForIdentities(t, \"bar@ory.sh\", original)\n\t\t})\n\n\t\tt.Run(\"case=should set AAL to 1 if password is set\", func(t *testing.T) {\n\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\toriginal.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t},\n\t\t\t}\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original, identity.ManagerAllowWriteProtectedTraits))\n\t\t\tassert.EqualValues(t, identity.AuthenticatorAssuranceLevel1, original.InternalAvailableAAL.String)\n\t\t})\n\n\t\tt.Run(\"case=should set AAL to 2 if password and TOTP is set\", func(t *testing.T) {\n\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\toriginal.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\tidentity.CredentialsTypePassword: {\n\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"hashed_password\":\"$2a$08$.cOYmAd.vCpDOoiVJrO5B.hjTLKQQ6cAK40u8uB.FnZDyPvVvQ9Q.\"}`),\n\t\t\t\t},\n\t\t\t}\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\tassert.EqualValues(t, identity.AuthenticatorAssuranceLevel1, original.InternalAvailableAAL.String)\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original, identity.ManagerAllowWriteProtectedTraits))\n\t\t\tassert.EqualValues(t, identity.AuthenticatorAssuranceLevel1, original.InternalAvailableAAL.String, \"Updating without changes should not change AAL\")\n\t\t\toriginal.Credentials[identity.CredentialsTypeTOTP] = identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\tIdentifiers: []string{email},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t}\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original, identity.ManagerAllowWriteProtectedTraits))\n\t\t\tassert.EqualValues(t, identity.AuthenticatorAssuranceLevel2, original.InternalAvailableAAL.String)\n\t\t})\n\n\t\tt.Run(\"case=should set AAL to 2 if only TOTP is set\", func(t *testing.T) {\n\t\t\temail := uuid.Must(uuid.NewV4()).String() + \"@ory.sh\"\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(email, \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\toriginal.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\tidentity.CredentialsTypeTOTP: {\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\tIdentifiers: []string{email},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t},\n\t\t\t}\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original, identity.ManagerAllowWriteProtectedTraits))\n\t\t\tassert.True(t, original.InternalAvailableAAL.Valid)\n\t\t\tassert.EqualValues(t, identity.AuthenticatorAssuranceLevel2, original.InternalAvailableAAL.String)\n\t\t})\n\n\t\tt.Run(\"case=should not update protected traits without option\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(\"email-update-1@ory.sh\", \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\toriginal.Traits = newTraits(\"email-update-2@ory.sh\", \"\")\n\t\t\terr := reg.IdentityManager().Update(t.Context(), original)\n\t\t\trequire.Error(t, err)\n\t\t\tassert.Equal(t, identity.ErrProtectedFieldModified, errors.Cause(err))\n\n\t\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\t// As UpdateTraits takes only the ID as a parameter it cannot update the identity in place.\n\t\t\t// That is why we only check the identity in the store.\n\t\t\tcheckExtensionFields(fromStore, \"email-update-1@ory.sh\")(t)\n\t\t})\n\n\t\tt.Run(\"case=should update unprotected traits with multiple credential identifiers\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(\"extension\")\n\t\t\toriginal.Traits = identity.Traits(`{\"email\": \"email-update-ewisdfuja@ory.sh\", \"names\": [\"username1\", \"username2\"], \"age\": 30}`)\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t\t\tassert.Len(t, original.Credentials[identity.CredentialsTypePassword].Identifiers, 3)\n\n\t\t\toriginal.Traits = identity.Traits(`{\"email\": \"email-update-ewisdfuja@ory.sh\", \"names\": [\"username1\", \"username2\"], \"age\": 31}`)\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original))\n\n\t\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.JSONEq(t, string(original.Traits), string(fromStore.Traits))\n\t\t})\n\n\t\tt.Run(\"case=should update unprotected traits with verified user\", func(t *testing.T) {\n\t\t\temail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(email, \"initial\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\t// mock successful verification process\n\t\t\taddr := original.VerifiableAddresses[0]\n\t\t\taddr.Verified = true\n\t\t\taddr.VerifiedAt = new(sqlxx.NullTime(time.Now().UTC()))\n\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().UpdateVerifiableAddress(t.Context(), &addr))\n\n\t\t\t// reload to properly set the verified address\n\t\t\tvar err error\n\t\t\toriginal, err = reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\n\t\t\toriginal.Traits = newTraits(email, \"updated\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original))\n\n\t\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.JSONEq(t, string(original.Traits), string(fromStore.Traits))\n\t\t})\n\n\t\tt.Run(\"case=changing recovery address removes it from the store\", func(t *testing.T) {\n\t\t\toriginalEmail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(originalEmail, \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\tcheckExtensionFields(fromStore, originalEmail)(t)\n\n\t\t\tnewEmail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\toriginal.Traits = newTraits(newEmail, \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Update(t.Context(), original, identity.ManagerAllowWriteProtectedTraits))\n\n\t\t\tfromStore, err = reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\tcheckExtensionFields(fromStore, newEmail)(t)\n\n\t\t\trecoveryAddresses, err := reg.PrivilegedIdentityPool().ListRecoveryAddresses(t.Context(), 0, 500)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tvar foundRecoveryAddress bool\n\t\t\tfor _, a := range recoveryAddresses {\n\t\t\t\tassert.NotEqual(t, a.Value, originalEmail)\n\t\t\t\tif a.Value == newEmail {\n\t\t\t\t\tfoundRecoveryAddress = true\n\t\t\t\t}\n\t\t\t}\n\t\t\trequire.True(t, foundRecoveryAddress)\n\n\t\t\tverifiableAddresses, err := reg.PrivilegedIdentityPool().ListVerifiableAddresses(t.Context(), 0, 500)\n\t\t\trequire.NoError(t, err)\n\t\t\tvar foundVerifiableAddress bool\n\t\t\tfor _, a := range verifiableAddresses {\n\t\t\t\tassert.NotEqual(t, a.Value, originalEmail)\n\t\t\t\tif a.Value == newEmail {\n\t\t\t\t\tfoundVerifiableAddress = true\n\t\t\t\t}\n\t\t\t}\n\t\t\trequire.True(t, foundVerifiableAddress)\n\t\t})\n\t})\n\n\tt.Run(\"method=CountActiveFirstFactorCredentials\", func(t *testing.T) {\n\t\tid := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\tcount, err := reg.IdentityManager().CountActiveFirstFactorCredentials(t.Context(), id)\n\t\trequire.NoError(t, err)\n\t\tassert.Equal(t, 0, count)\n\n\t\tid.Credentials[identity.CredentialsTypePassword] = identity.Credentials{\n\t\t\tType: identity.CredentialsTypePassword,\n\t\t\tIdentifiers: []string{\"foo\"},\n\t\t\tConfig: []byte(`{\"hashed_password\":\"$argon2id$v=19$m=32,t=2,p=4$cm94YnRVOW5jZzFzcVE4bQ$MNzk5BtR2vUhrp6qQEjRNw\"}`),\n\t\t}\n\n\t\tcount, err = reg.IdentityManager().CountActiveFirstFactorCredentials(t.Context(), id)\n\t\trequire.NoError(t, err)\n\t\tassert.Equal(t, 1, count)\n\t})\n\n\tt.Run(\"method=CountActiveMultiFactorCredentials\", func(t *testing.T) {\n\t\tid := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\tcount, err := reg.IdentityManager().CountActiveMultiFactorCredentials(t.Context(), id)\n\t\trequire.NoError(t, err)\n\t\tassert.Equal(t, 0, count)\n\n\t\tid.Credentials[identity.CredentialsTypePassword] = identity.Credentials{\n\t\t\tType: identity.CredentialsTypePassword,\n\t\t\tIdentifiers: []string{\"foo\"},\n\t\t\tConfig: []byte(`{\"hashed_password\":\"$argon2id$v=19$m=32,t=2,p=4$cm94YnRVOW5jZzFzcVE4bQ$MNzk5BtR2vUhrp6qQEjRNw\"}`),\n\t\t}\n\n\t\tcount, err = reg.IdentityManager().CountActiveMultiFactorCredentials(t.Context(), id)\n\t\trequire.NoError(t, err)\n\t\tassert.Equal(t, 0, count)\n\n\t\tid.Credentials[identity.CredentialsTypeWebAuthn] = identity.Credentials{\n\t\t\tType: identity.CredentialsTypeWebAuthn,\n\t\t\tIdentifiers: []string{\"foo\"},\n\t\t\tConfig: []byte(`{\"credentials\":[{\"is_passwordless\":false}]}`),\n\t\t}\n\n\t\tcount, err = reg.IdentityManager().CountActiveMultiFactorCredentials(t.Context(), id)\n\t\trequire.NoError(t, err)\n\t\tassert.Equal(t, 1, count)\n\t})\n\n\tt.Run(\"method=UpdateTraits\", func(t *testing.T) {\n\t\tt.Run(\"case=should update protected traits with option\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(\"email-updatetraits-1@ory.sh\", \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\trequire.NoError(t, reg.IdentityManager().UpdateTraits(\n\t\t\t\tt.Context(), original.ID, newTraits(\"email-updatetraits-2@ory.sh\", \"\"),\n\t\t\t\tidentity.ManagerAllowWriteProtectedTraits))\n\n\t\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\t// As UpdateTraits takes only the ID as a parameter it cannot update the identity in place.\n\t\t\t// That is why we only check the identity in the store.\n\t\t\tcheckExtensionFields(fromStore, \"email-updatetraits-2@ory.sh\")(t)\n\t\t})\n\n\t\tt.Run(\"case=should update identity and update extension fields\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = identity.Traits(`{\"email\":\"baz@ory.sh\",\"email_verify\":\"baz@ory.sh\",\"email_recovery\":\"baz@ory.sh\",\"email_creds\":\"baz@ory.sh\",\"unprotected\": \"foo\"}`)\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\t// These should all fail because they modify existing keys\n\t\t\trequire.Error(t, reg.IdentityManager().UpdateTraits(t.Context(), original.ID, identity.Traits(`{\"email\":\"not-baz@ory.sh\",\"email_verify\":\"baz@ory.sh\",\"email_recovery\":\"baz@ory.sh\",\"email_creds\":\"baz@ory.sh\",\"unprotected\": \"foo\"}`)))\n\t\t\trequire.Error(t, reg.IdentityManager().UpdateTraits(t.Context(), original.ID, identity.Traits(`{\"email\":\"baz@ory.sh\",\"email_verify\":\"not-baz@ory.sh\",\"email_recovery\":\"not-baz@ory.sh\",\"email_creds\":\"baz@ory.sh\",\"unprotected\": \"foo\"}`)))\n\t\t\trequire.Error(t, reg.IdentityManager().UpdateTraits(t.Context(), original.ID, identity.Traits(`{\"email\":\"baz@ory.sh\",\"email_verify\":\"baz@ory.sh\",\"email_recovery\":\"baz@ory.sh\",\"email_creds\":\"not-baz@ory.sh\",\"unprotected\": \"foo\"}`)))\n\n\t\t\trequire.NoError(t, reg.IdentityManager().UpdateTraits(t.Context(), original.ID, identity.Traits(`{\"email\":\"baz@ory.sh\",\"email_verify\":\"baz@ory.sh\",\"email_recovery\":\"baz@ory.sh\",\"email_creds\":\"baz@ory.sh\",\"unprotected\": \"bar\"}`)))\n\t\t\tcheckExtensionFieldsForIdentities(t, \"baz@ory.sh\", original)\n\n\t\t\tactual, err := reg.IdentityPool().GetIdentity(t.Context(), original.ID, identity.ExpandNothing)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.JSONEq(t, `{\"email\":\"baz@ory.sh\",\"email_verify\":\"baz@ory.sh\",\"email_recovery\":\"baz@ory.sh\",\"email_creds\":\"baz@ory.sh\",\"unprotected\": \"bar\"}`, string(actual.Traits))\n\t\t})\n\n\t\tt.Run(\"case=should not update protected traits without option\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(\"email-updatetraits-1@ory.sh\", \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\terr := reg.IdentityManager().UpdateTraits(\n\t\t\t\tt.Context(), original.ID, newTraits(\"email-updatetraits-2@ory.sh\", \"\"))\n\t\t\trequire.Error(t, err)\n\t\t\tassert.Equal(t, identity.ErrProtectedFieldModified, errors.Cause(err))\n\n\t\t\tfromStore, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(t.Context(), original.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\t// As UpdateTraits takes only the ID as a parameter it cannot update the identity in place.\n\t\t\t// That is why we only check the identity in the store.\n\t\t\tcheckExtensionFields(fromStore, \"email-updatetraits-1@ory.sh\")(t)\n\t\t})\n\n\t\tt.Run(\"case=should always update updated_at field\", func(t *testing.T) {\n\t\t\toriginal := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\toriginal.Traits = newTraits(\"email-updatetraits-3@ory.sh\", \"\")\n\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\n\t\t\ttime.Sleep(time.Millisecond)\n\n\t\t\trequire.NoError(t, reg.IdentityManager().UpdateTraits(\n\t\t\t\tt.Context(), original.ID, newTraits(\"email-updatetraits-4@ory.sh\", \"\"),\n\t\t\t\tidentity.ManagerAllowWriteProtectedTraits))\n\n\t\t\tupdated, err := reg.IdentityPool().GetIdentity(t.Context(), original.ID, identity.ExpandNothing)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.NotEqual(t, original.UpdatedAt, updated.UpdatedAt, \"UpdatedAt field should be updated\")\n\t\t})\n\t})\n\n\tt.Run(\"method=RefreshAvailableAAL\", func(t *testing.T) {\n\t\tvar cases []struct {\n\t\t\tCredentials []identity.Credentials `json:\"credentials\"`\n\t\t\tDescription string `json:\"description\"`\n\t\t\tExpected string `json:\"expected\"`\n\t\t}\n\t\trequire.NoError(t, json.Unmarshal(refreshAALStubs, &cases))\n\n\t\tfor k, tc := range cases {\n\t\t\tt.Run(\"case=\"+tc.Description, func(t *testing.T) {\n\t\t\t\temail := x.NewUUID().String() + \"@ory.sh\"\n\t\t\t\tid := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\t\tid.Traits = identity.Traits(`{\"email\":\"` + email + `\"}`)\n\t\t\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), id))\n\t\t\t\tassert.EqualValues(t, identity.NoAuthenticatorAssuranceLevel, id.InternalAvailableAAL.String)\n\n\t\t\t\tfor _, c := range tc.Credentials {\n\t\t\t\t\tfor k := range c.Identifiers {\n\t\t\t\t\t\tswitch c.Identifiers[k] {\n\t\t\t\t\t\tcase \"{email}\":\n\t\t\t\t\t\t\tc.Identifiers[k] = email\n\t\t\t\t\t\tcase \"{id}\":\n\t\t\t\t\t\t\tc.Identifiers[k] = id.ID.String()\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tid.SetCredentials(c.Type, c)\n\t\t\t\t}\n\n\t\t\t\t// We use the privileged pool here because we don't want to refresh AAL here but in the code below.\n\t\t\t\trequire.NoError(t, reg.PrivilegedIdentityPool().UpdateIdentity(t.Context(), id))\n\n\t\t\t\texpand := identity.ExpandNothing\n\t\t\t\tif k%2 == 1 { // expand every other test case to test if RefreshAvailableAAL behaves correctly\n\t\t\t\t\texpand = identity.ExpandCredentials\n\t\t\t\t}\n\n\t\t\t\tactual, err := reg.IdentityPool().GetIdentity(t.Context(), id.ID, expand)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.NoError(t, reg.IdentityManager().RefreshAvailableAAL(t.Context(), actual))\n\t\t\t\tassert.NotEmpty(t, actual.Credentials)\n\t\t\t\tassert.EqualValues(t, tc.Expected, actual.InternalAvailableAAL.String)\n\t\t\t})\n\t\t}\n\t})\n\n\tt.Run(\"method=ConflictingIdentity\", func(t *testing.T) {\n\t\tconflicOnIdentifier := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\tconflicOnIdentifier.Traits = identity.Traits(`{\"email\":\"conflict-on-identifier@example.com\"}`)\n\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), conflicOnIdentifier))\n\n\t\tconflicOnVerifiableAddress := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\tconflicOnVerifiableAddress.Traits = identity.Traits(`{\"email\":\"user-va@example.com\", \"email_verify\":\"conflict-on-va@example.com\"}`)\n\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), conflicOnVerifiableAddress))\n\n\t\tconflicOnRecoveryAddress := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\tconflicOnRecoveryAddress.Traits = identity.Traits(`{\"email\":\"user-ra@example.com\", \"email_recovery\":\"conflict-on-ra@example.com\"}`)\n\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), conflicOnRecoveryAddress))\n\n\t\tt.Run(\"case=returns not found if no conflict\", func(t *testing.T) {\n\t\t\tfound, foundConflictAddress, addressType, err := reg.IdentityManager().ConflictingIdentity(t.Context(), &identity.Identity{\n\t\t\t\tCredentials: map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tidentity.CredentialsTypePassword: {Identifiers: []string{\"no-conflict@example.com\"}},\n\t\t\t\t},\n\t\t\t})\n\t\t\tassert.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\tassert.Nil(t, found)\n\t\t\tassert.Empty(t, foundConflictAddress)\n\t\t\tassert.Empty(t, addressType)\n\t\t})\n\n\t\tt.Run(\"case=conflict on identifier\", func(t *testing.T) {\n\t\t\tfound, foundConflictAddress, addressType, err := reg.IdentityManager().ConflictingIdentity(t.Context(), &identity.Identity{\n\t\t\t\tCredentials: map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tidentity.CredentialsTypePassword: {Identifiers: []string{\"conflict-on-identifier@example.com\"}},\n\t\t\t\t},\n\t\t\t})\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, conflicOnIdentifier.ID, found.ID)\n\t\t\tassert.Equal(t, \"conflict-on-identifier@example.com\", foundConflictAddress)\n\t\t\tassert.EqualValues(t, string(identity.CredentialsTypePassword), addressType)\n\t\t})\n\n\t\tt.Run(\"case=conflict on verifiable address\", func(t *testing.T) {\n\t\t\tfound, foundConflictAddress, addressType, err := reg.IdentityManager().ConflictingIdentity(t.Context(), &identity.Identity{\n\t\t\t\tVerifiableAddresses: []identity.VerifiableAddress{{\n\t\t\t\t\tValue: \"conflict-on-va@example.com\",\n\t\t\t\t\tVia: \"email\",\n\t\t\t\t}},\n\t\t\t})\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, conflicOnVerifiableAddress.ID, found.ID)\n\t\t\tassert.Equal(t, \"conflict-on-va@example.com\", foundConflictAddress)\n\t\t\tassert.Equal(t, \"email\", addressType)\n\t\t})\n\t\tt.Run(\"case=conflict on recovery address\", func(t *testing.T) {\n\t\t\tfound, foundConflictAddress, addressType, err := reg.IdentityManager().ConflictingIdentity(t.Context(), &identity.Identity{\n\t\t\t\tRecoveryAddresses: []identity.RecoveryAddress{{\n\t\t\t\t\tValue: \"conflict-on-ra@example.com\",\n\t\t\t\t\tVia: \"email\",\n\t\t\t\t}},\n\t\t\t})\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, conflicOnRecoveryAddress.ID, found.ID)\n\t\t\tassert.Equal(t, \"conflict-on-ra@example.com\", foundConflictAddress)\n\t\t\tassert.Equal(t, \"email\", addressType)\n\t\t})\n\t})\n}\n\nfunc TestManagerNoDefaultNamedSchema(t *testing.T) {\n\t_, reg := pkg.NewFastRegistryWithMocks(t, configx.WithValues(map[string]interface{}{\n\t\tconfig.ViperKeyDefaultIdentitySchemaID: \"user_v0\",\n\t\tconfig.ViperKeyIdentitySchemas: config.Schemas{\n\t\t\t{ID: \"user_v0\", URL: \"file://./stub/manager.schema.json\"},\n\t\t},\n\t\tconfig.ViperKeyPublicBaseURL: \"https://www.ory.sh/\",\n\t}))\n\n\tt.Run(\"case=should create identity with default schema\", func(t *testing.T) {\n\t\tstateChangedAt := sqlxx.NullTime(time.Now().UTC())\n\t\toriginal := &identity.Identity{\n\t\t\tSchemaID: \"\",\n\t\t\tTraits: []byte(identity.Traits(`{\"email\":\"foo@ory.sh\"}`)),\n\t\t\tState: identity.StateActive,\n\t\t\tStateChangedAt: &stateChangedAt,\n\t\t}\n\t\trequire.NoError(t, reg.IdentityManager().Create(t.Context(), original))\n\t})\n}\n" }, { "path": "identity/pool.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/crdbx\"\n\t\"github.com/ory/x/pagination/keysetpagination\"\n\t\"github.com/ory/x/sqlxx\"\n\n\t\"github.com/gofrs/uuid\"\n)\n\nfunc NewUpdateIdentityOptions(opts []UpdateIdentityModifier) UpdateIdentityOptions {\n\tvar o UpdateIdentityOptions\n\tfor _, opt := range opts {\n\t\topt(&o)\n\t}\n\treturn o\n}\n\n// DiffAgainst instructs UpdateIdentity to attempt a minimal update of the\n// identity's data in the database by computing a diff against `existing` and\n// only updating what is necessary, rather than bulk-replacing everything. Use\n// with caution. If `existing` is different from what is stored in the database\n// at the time of the update, the results are undefined. An error is returned if\n// `existing` has a mismatching IdentityID or NID.\nfunc DiffAgainst(existing *Identity) UpdateIdentityModifier {\n\treturn func(o *UpdateIdentityOptions) {\n\t\to.fromDatabase = existing\n\t}\n}\n\nfunc (o UpdateIdentityOptions) FromDatabase() *Identity {\n\treturn o.fromDatabase\n}\n\ntype (\n\tListIdentityParameters struct {\n\t\tExpand Expandables\n\t\tIdsFilter []uuid.UUID\n\t\tCredentialsIdentifier string\n\t\tCredentialsIdentifierSimilar string\n\t\tDeclassifyCredentials []CredentialsType\n\t\tKeySetPagination []keysetpagination.Option\n\t\tOrganizationID uuid.UUID\n\t\tConsistencyLevel crdbx.ConsistencyLevel\n\t\tStatementTransformer func(string) string\n\n\t\t// DEPRECATED\n\t\tPagePagination *x.Page\n\t}\n\n\tUpdateIdentityModifier func(*UpdateIdentityOptions)\n\tUpdateIdentityOptions struct {\n\t\tfromDatabase *Identity\n\t}\n\n\tPool interface {\n\t\t// ListIdentities lists all identities in the store given the page and itemsPerPage.\n\t\tListIdentities(ctx context.Context, params ListIdentityParameters) ([]Identity, *keysetpagination.Paginator, error)\n\n\t\t// CountIdentities counts the number of identities in the store.\n\t\tCountIdentities(ctx context.Context) (int64, error)\n\n\t\t// GetIdentity returns an identity by its id. Will return an error if the identity does not exist or backend\n\t\t// connectivity is broken.\n\t\tGetIdentity(context.Context, uuid.UUID, sqlxx.Expandables) (*Identity, error)\n\n\t\t// FindVerifiableAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.\n\t\tFindVerifiableAddressByValue(ctx context.Context, via, address string) (*VerifiableAddress, error)\n\n\t\t// FindRecoveryAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.\n\t\tFindRecoveryAddressByValue(ctx context.Context, via, address string) (*RecoveryAddress, error)\n\n\t\t// FindAllRecoveryAddressesForIdentityByRecoveryAddressValue finds all recovery addresses for an identity if at least one of its recovery addresses matches the provided value.\n\t\tFindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx context.Context, anyRecoveryAddress string) ([]RecoveryAddress, error)\n\t}\n\n\tPoolProvider interface {\n\t\tIdentityPool() Pool\n\t}\n\n\tPrivilegedPoolProvider interface {\n\t\tPrivilegedIdentityPool() PrivilegedPool\n\t}\n\n\tPrivilegedPool interface {\n\t\tPool\n\n\t\t// FindByCredentialsIdentifier returns an identity by querying for it's credential identifiers.\n\t\tFindByCredentialsIdentifier(ctx context.Context, ct CredentialsType, match string) (*Identity, *Credentials, error)\n\n\t\t// DeleteIdentity removes an identity by its id. Will return an error\n\t\t// if identity does not exists, or backend connectivity is broken.\n\t\tDeleteIdentity(context.Context, uuid.UUID) error\n\n\t\t// DeleteIdentities removes identities by its id. Will return an error\n\t\t// if any identity does not exists, or backend connectivity is broken.\n\t\tDeleteIdentities(context.Context, []uuid.UUID) error\n\n\t\t// UpdateVerifiableAddress updates an identity's verifiable address.\n\t\tUpdateVerifiableAddress(ctx context.Context, address *VerifiableAddress, updateColumns ...string) error\n\n\t\t// CreateIdentity creates an identity. It is capable of setting credentials without encoding. Will return an error\n\t\t// if identity exists, backend connectivity is broken, or trait validation fails.\n\t\tCreateIdentity(context.Context, *Identity) error\n\n\t\t// CreateIdentities creates multiple identities. It is capable of setting credentials without encoding. Will return an error\n\t\t// if identity exists, backend connectivity is broken, or trait validation fails.\n\t\tCreateIdentities(context.Context, ...*Identity) error\n\n\t\t// UpdateIdentity updates an identity including its confidential / privileged / protected data.\n\t\tUpdateIdentity(context.Context, *Identity, ...UpdateIdentityModifier) error\n\n\t\t// UpdateIdentityColumns updates targeted columns of an identity.\n\t\tUpdateIdentityColumns(ctx context.Context, i *Identity, columns ...string) error\n\n\t\t// GetIdentityConfidential returns the identity including it's raw credentials.\n\t\t//\n\t\t// This should only be used internally. Please be aware that this method uses HydrateIdentityAssociations\n\t\t// internally, which must not be executed as part of a transaction.\n\t\tGetIdentityConfidential(context.Context, uuid.UUID) (*Identity, error)\n\n\t\t// ListVerifiableAddresses lists all tracked verifiable addresses, regardless of whether they are already verified\n\t\t// or not.\n\t\tListVerifiableAddresses(ctx context.Context, page, itemsPerPage int) ([]VerifiableAddress, error)\n\n\t\t// ListRecoveryAddresses lists all tracked recovery addresses.\n\t\tListRecoveryAddresses(ctx context.Context, page, itemsPerPage int) ([]RecoveryAddress, error)\n\n\t\t// HydrateIdentityAssociations hydrates the associations of an identity.\n\t\t//\n\t\t// Please be aware that this method must not be called within a transaction if more than one element is expanded.\n\t\t// It may error with \"conn busy\" otherwise.\n\t\tHydrateIdentityAssociations(ctx context.Context, i *Identity, expandables Expandables) error\n\n\t\t// InjectTraitsSchemaURL sets the identity's traits JSON schema URL from the schema's ID.\n\t\tInjectTraitsSchemaURL(ctx context.Context, i *Identity) error\n\n\t\t// FindIdentityByCredentialIdentifier returns an identity by matching the identifier to any of the identity's credentials.\n\t\tFindIdentityByCredentialIdentifier(ctx context.Context, identifier string, caseSensitive bool, expandables Expandables) (*Identity, error)\n\n\t\t// FindIdentityByWebauthnUserHandle returns an identity matching a webauthn user handle.\n\t\tFindIdentityByWebauthnUserHandle(ctx context.Context, userHandle []byte) (*Identity, error)\n\n\t\t// FindIdentityByCredentialsIdentifier returns an identity by its external ID.\n\t\tFindIdentityByExternalID(ctx context.Context, externalID string, expand sqlxx.Expandables) (*Identity, error)\n\t}\n)\n\nfunc (p ListIdentityParameters) TransformStatement(statement string) string {\n\tif p.StatementTransformer != nil {\n\t\treturn p.StatementTransformer(statement)\n\t}\n\treturn statement\n}\n" }, { "path": "identity/registry.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"net/url\"\n)\n\ntype Registry interface {\n\tIdentityPool() Pool\n}\n\ntype Configuration interface {\n\tSelfAdminURL() *url.URL\n\tDefaultIdentityTraitsSchemaURL() *url.URL\n}\n" }, { "path": "identity/stub/aal.json", "content": "[\n {\n \"description\": \"password is available aal1\",\n \"expected\": \"aal1\",\n \"credentials\": [\n {\n \"type\": \"password\",\n \"identifiers\": [\n \"{email}\"\n ],\n \"config\": {\n \"hashed_password\": \"$2a$fake\"\n }\n }\n ]\n },\n {\n \"description\": \"password without identifier is no credential and ergo aal0\",\n \"expected\": \"aal0\",\n \"credentials\": [\n {\n \"type\": \"password\",\n \"config\": {\n \"hashed_password\": \"$2a$fake\"\n }\n }\n ]\n },\n {\n \"description\": \"second factor totp returns available aal2 even if no password is set\",\n \"expected\": \"aal2\",\n \"credentials\": [\n {\n \"type\": \"totp\",\n \"config\": {\n \"totp_url\": \"totp://\"\n }\n }\n ]\n },\n {\n \"description\": \"second factor totp returns aal0 if totp credentials is not set up\",\n \"expected\": \"aal0\",\n \"credentials\": [\n {\n \"type\": \"totp\",\n \"identifiers\": [\n \"{email}\"\n ],\n \"config\": {}\n }\n ]\n },\n {\n \"description\": \"password and totp is also available aal2\",\n \"expected\": \"aal1\",\n \"credentials\": [\n {\n \"type\": \"password\",\n \"identifiers\": [\n \"{email}\"\n ],\n \"config\": {\n \"hashed_password\": \"$2a$fake\"\n }\n },\n {\n \"type\": \"totp\",\n \"identifiers\": [\n \"{email}\"\n ],\n \"config\": {}\n }\n ]\n }\n]\n" }, { "path": "identity/stub/expand.schema.json", "content": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"additionalProperties\": false,\n \"properties\": {\n \"traits\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"email\": {\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"totp\": {\n \"account_name\": true\n }\n },\n \"recovery\": {\n \"via\": \"email\"\n },\n \"verification\": {\n \"via\": \"email\"\n }\n },\n \"title\": \"Email address\",\n \"type\": \"string\",\n \"maxLength\": 320\n },\n \"name\": {\n \"minLength\": 1,\n \"title\": \"Name\",\n \"type\": \"string\",\n \"maxLength\": 256\n }\n },\n \"required\": [\n \"email\",\n \"name\"\n ],\n \"type\": \"object\"\n }\n },\n \"title\": \"Person\",\n \"type\": \"object\"\n}\n" }, { "path": "identity/stub/extension/credentials/code-phone-email.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"email\"\n }\n }\n }\n },\n \"email2\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"email\"\n }\n }\n }\n },\n \"email3\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"email\"\n }\n }\n }\n },\n \"phone\": {\n \"type\": \"string\",\n \"format\": \"tel\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"sms\"\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/credentials/code.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"email\"\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/credentials/email.schema.json", "content": "{\n \"$id\": \"https://schemas.ory.sh/presets/kratos/identity.email.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"title\": \"E-Mail\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"totp\": {\n \"account_name\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"email\"\n },\n \"passkey\": {\n \"display_name\": true\n }\n },\n \"recovery\": {\n \"via\": \"email\"\n },\n \"verification\": {\n \"via\": \"email\"\n }\n },\n \"maxLength\": 320\n }\n },\n \"required\": [\n \"email\"\n ],\n \"additionalProperties\": false\n}\n" }, { "path": "identity/stub/extension/credentials/multi.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"emails\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n }\n }\n }\n }\n },\n \"username\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/credentials/schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n }\n }\n}" }, { "path": "identity/stub/extension/credentials/webauthn.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/recovery/email.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"emails\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n },\n \"username\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/recovery/schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"emails\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n },\n \"username\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/recovery/sms.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"telephoneNumber\": {\n \"type\": \"string\",\n \"format\": \"tel\",\n \"title\": \"Telephone Number\",\n \"minLength\": 3,\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"code\": {\n \"identifier\": true,\n \"via\": \"sms\"\n }\n },\n \"verification\": {\n \"via\": \"sms\"\n },\n \"recovery\": {\n \"via\": \"sms\"\n }\n }\n }\n },\n \"required\": [\n \"telephoneNumber\"\n ],\n \"additionalProperties\": false\n}\n" }, { "path": "identity/stub/extension/verify/email.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"emails\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"email\"\n }\n }\n }\n },\n \"username\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"email\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/verify/legacy-email-missing-format.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"email\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/verify/missing-format.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"phone\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"sms\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/verify/no-validate.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"phone\": {\n \"type\": \"string\",\n \"format\": \"noformat\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"sms\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension/verify/phone.schema.json", "content": "{\n \"type\": \"object\",\n \"properties\": {\n \"phones\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"tel\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"sms\"\n }\n }\n }\n },\n \"username\": {\n \"type\": \"string\",\n \"format\": \"tel\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"sms\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/extension.schema.json", "content": "{\n \"$id\": \"https://example.com/person.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n },\n \"names\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n }\n },\n \"age\": {\n \"description\": \"Age in years which must be equal to or greater than zero.\",\n \"type\": \"integer\",\n \"minimum\": 1\n }\n },\n \"required\": [\n \"email\"\n ]\n }\n },\n \"required\": [\n \"traits\"\n ],\n \"additionalProperties\": false\n}\n" }, { "path": "identity/stub/handler/customer.schema.json", "content": "{\n \"$id\": \"https://example.com/customer.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"address\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/handler/employee.schema.json", "content": "{\n \"$id\": \"https://example.com/employee.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"department\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/handler/multiple_emails.schema.json", "content": "{\n \"$id\": \"https://example.com/customer.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"emails\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n },\n \"username\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/identity-2.schema.json", "content": "{\n \"$id\": \"https://example.com/registration.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"bar\": {\n \"type\": \"string\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/identity.schema.json", "content": "{\n \"$id\": \"https://example.com/registration.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"bar\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/localhost-ref.schema.json", "content": "{\n \"$id\": \"https://example.com/registration.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"bar\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"$ref\": \"http://192.168.178.1:1234/\"\n }\n }\n }\n }\n}\n" }, { "path": "identity/stub/manager.schema.json", "content": "{\n \"$id\": \"https://example.com/person.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"email\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n },\n \"email_creds\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n },\n \"email_webauthn\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"webauthn\": {\n \"identifier\": true\n }\n }\n }\n },\n \"email_verify\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"verification\": {\n \"via\": \"email\"\n }\n }\n },\n \"email_recovery\": {\n \"type\": \"string\",\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n },\n \"unprotected\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n ]\n }\n },\n \"additionalProperties\": false\n}\n" }, { "path": "identity/stub/webauthn/v0.json", "content": "{\n \"credentials\": [\n {\n \"id\": \"HQ4LaIJ9NiqS1r0CQpWY+K0gMvhOq4yk5BHuO/YlitcurSpBK7weDXOvBcuN4lvn6DAmjGfmj/J/6bpOmtdT8Q==\",\n \"public_key\": \"pQECAyYgASFYILAYFLoH1T8bQMSbPrNBCMMS5U7OFWRwv2U+GkAoiBADIlggBv+8ni7XVZYBB8ufMbP/d9fDxbmOkVVHOgcJifnoOR4=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"AAAAAAAAAAAAAAAAAAAAAA==\",\n \"sign_count\": 4,\n \"clone_warning\": false\n },\n \"display_name\": \"asdf\",\n \"added_at\": \"2022-02-28T16:40:39Z\"\n },\n {\n \"id\": \"1Q4LaIJ9NiqS1r0CQpWY+K0gMvhOq4yk5BHuO/YlitcurSpBK7weDXOvBcuN4lvn6DAmjGfmj/J/6bpOmtdT8Q==\",\n \"public_key\": \"pQECAyYgASFYILAYFLoH1T8bQMSbPrNBCMMS5U7OFWRwv2U+GkAoiBADIlggBv+8ni7XVZYBB8ufMbP/d9fDxbmOkVVHOgcJifnoOR4=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"AAAAAAAAAAAAAAAAAAAAAA==\",\n \"sign_count\": 4,\n \"clone_warning\": false\n },\n \"display_name\": \"asdf\",\n \"added_at\": \"2022-02-28T16:40:39Z\"\n }\n ]\n}\n" }, { "path": "identity/stub/webauthn/v1.json", "content": "{\n \"credentials\": [\n {\n \"id\": \"HQ4LaIJ9NiqS1r0CQpWY+K0gMvhOq4yk5BHuO/YlitcurSpBK7weDXOvBcuN4lvn6DAmjGfmj/J/6bpOmtdT8Q==\",\n \"public_key\": \"pQECAyYgASFYILAYFLoH1T8bQMSbPrNBCMMS5U7OFWRwv2U+GkAoiBADIlggBv+8ni7XVZYBB8ufMbP/d9fDxbmOkVVHOgcJifnoOR4=\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"AAAAAAAAAAAAAAAAAAAAAA==\",\n \"sign_count\": 4,\n \"clone_warning\": false\n },\n \"display_name\": \"asdf\",\n \"added_at\": \"2022-02-28T16:40:39Z\",\n \"is_passwordless\": true\n }\n ],\n \"user_handle\":\"2gZaSs9fTEeGmsBlC4gfgg==\"\n}\n" }, { "path": "identity/test/pool.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage test\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"slices\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/go-faker/faker/v4\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence\"\n\tidpersistence \"github.com/ory/kratos/persistence/sql/identity\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/x/assertx\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/crdbx\"\n\t\"github.com/ory/x/pagination/keysetpagination\"\n\t\"github.com/ory/x/randx\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/sqlxx\"\n\t\"github.com/ory/x/urlx\"\n)\n\n// assertContainsValues is a test helper that checks if a slice contains expected values and doesn't contain unexpected values.\nfunc assertContainsValues(t *testing.T, actual []string, shouldContain, shouldNotContain []string) {\n\tt.Helper()\n\tfor _, expected := range shouldContain {\n\t\tassert.Contains(t, actual, expected)\n\t}\n\tfor _, notExpected := range shouldNotContain {\n\t\tassert.NotContains(t, actual, notExpected)\n\t}\n}\n\nfunc TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager, dbname string) func(t *testing.T) {\n\treturn func(t *testing.T) {\n\t\tnid, p := testhelpers.NewNetworkUnlessExisting(t, ctx, p)\n\n\t\texampleServerURL := urlx.ParseOrPanic(\"http://example.com\")\n\t\texpandSchema := schema.Schema{\n\t\t\tID: \"expandSchema\",\n\t\t\tURL: urlx.ParseOrPanic(\"file://./stub/expand.schema.json\"),\n\t\t\tRawURL: \"file://./stub/expand.schema.json\",\n\t\t}\n\t\tdefaultSchema := schema.Schema{\n\t\t\tID: config.DefaultIdentityTraitsSchemaID,\n\t\t\tURL: urlx.ParseOrPanic(\"file://./stub/identity.schema.json\"),\n\t\t\tRawURL: \"file://./stub/identity.schema.json\",\n\t\t}\n\t\taltSchema := schema.Schema{\n\t\t\tID: \"altSchema\",\n\t\t\tURL: urlx.ParseOrPanic(\"file://./stub/identity-2.schema.json\"),\n\t\t\tRawURL: \"file://./stub/identity-2.schema.json\",\n\t\t}\n\t\tmultipleEmailsSchema := schema.Schema{\n\t\t\tID: \"multiple_emails\",\n\t\t\tURL: urlx.ParseOrPanic(\"file://./stub/handler/multiple_emails.schema.json\"),\n\t\t\tRawURL: \"file://./stub/identity-2.schema.json\",\n\t\t}\n\t\tctx := contextx.WithConfigValues(ctx, map[string]any{\n\t\t\tconfig.ViperKeyPublicBaseURL: exampleServerURL.String(),\n\t\t\tconfig.ViperKeyIdentitySchemas: []config.Schema{\n\t\t\t\t{\n\t\t\t\t\tID: altSchema.ID,\n\t\t\t\t\tURL: altSchema.RawURL,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tID: defaultSchema.ID,\n\t\t\t\t\tURL: defaultSchema.RawURL,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tID: expandSchema.ID,\n\t\t\t\t\tURL: expandSchema.RawURL,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tID: multipleEmailsSchema.ID,\n\t\t\t\t\tURL: multipleEmailsSchema.RawURL,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\n\t\tt.Run(\"case=expand\", func(t *testing.T) {\n\t\t\trequire.NoError(t, p.GetConnection(ctx).RawQuery(\"DELETE FROM identities WHERE nid = ?\", nid).Exec())\n\t\t\tt.Cleanup(func() {\n\t\t\t\trequire.NoError(t, p.GetConnection(ctx).RawQuery(\"DELETE FROM identities WHERE nid = ?\", nid).Exec())\n\t\t\t})\n\n\t\t\texpected := identity.NewIdentity(expandSchema.ID)\n\t\t\texpected.Traits = identity.Traits(`{\"email\":\"` + uuid.Must(uuid.NewV4()).String() + \"@ory.sh\" + `\",\"name\":\"john doe\"}`)\n\t\t\trequire.NoError(t, m.ValidateIdentity(ctx, expected, new(identity.ManagerOptions)))\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\trequire.NoError(t, identity.UpgradeCredentials(expected))\n\n\t\t\tassert.NotEmpty(t, expected.RecoveryAddresses)\n\t\t\tassert.NotEmpty(t, expected.VerifiableAddresses)\n\t\t\tassert.NotEmpty(t, expected.Credentials)\n\t\t\tassert.NotEqual(t, uuid.Nil, expected.RecoveryAddresses[0].ID)\n\t\t\tassert.NotEqual(t, uuid.Nil, expected.VerifiableAddresses[0].ID)\n\n\t\t\trunner := func(t *testing.T, expand sqlxx.Expandables, cb func(*testing.T, *identity.Identity)) {\n\t\t\t\tassertion := func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected, actual, []string{\n\t\t\t\t\t\t\"verifiable_addresses\", \"recovery_addresses\", \"updated_at\", \"created_at\", \"credentials\", \"state_changed_at\",\n\t\t\t\t\t})\n\t\t\t\t\tcb(t, actual)\n\t\t\t\t}\n\n\t\t\t\tt.Run(\"find\", func(t *testing.T) {\n\t\t\t\t\tactual, err := p.GetIdentity(ctx, expected.ID, expand)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\tassertion(t, actual)\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"list/page-pagination\", func(t *testing.T) {\n\t\t\t\t\tactual, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{Expand: expand, PagePagination: &x.Page{Page: 0, ItemsPerPage: 10}})\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.Len(t, actual, 1)\n\t\t\t\t\tassertion(t, &actual[0])\n\t\t\t\t})\n\n\t\t\t\tt.Run(\"list/token-pagination\", func(t *testing.T) {\n\t\t\t\t\tactual, next, err := p.ListIdentities(ctx, identity.ListIdentityParameters{Expand: expand, KeySetPagination: []keysetpagination.Option{keysetpagination.WithSize(10)}})\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.Len(t, actual, 1)\n\t\t\t\t\trequire.True(t, next.IsLast())\n\t\t\t\t\tassertion(t, &actual[0])\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tt.Run(\"expand=nothing\", func(t *testing.T) {\n\t\t\t\trunner(t, identity.ExpandNothing, func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\tassert.Empty(t, actual.RecoveryAddresses)\n\t\t\t\t\tassert.Empty(t, actual.VerifiableAddresses)\n\t\t\t\t\tassert.Empty(t, actual.Credentials)\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"expand=credentials\", func(t *testing.T) {\n\t\t\t\trunner(t, identity.ExpandCredentials, func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\tassert.Empty(t, actual.RecoveryAddresses)\n\t\t\t\t\tassert.Empty(t, actual.VerifiableAddresses)\n\n\t\t\t\t\trequire.Len(t, actual.Credentials, 2)\n\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypePassword], actual.Credentials[identity.CredentialsTypePassword], []string{\"updated_at\", \"created_at\"})\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypeWebAuthn], actual.Credentials[identity.CredentialsTypeWebAuthn], []string{\"updated_at\", \"created_at\"})\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"expand=recovery address\", func(t *testing.T) {\n\t\t\t\trunner(t, sqlxx.Expandables{identity.ExpandFieldRecoveryAddresses}, func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\tassert.Empty(t, actual.Credentials)\n\t\t\t\t\tassert.Empty(t, actual.VerifiableAddresses)\n\n\t\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.RecoveryAddresses, actual.RecoveryAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"expand=verification address\", func(t *testing.T) {\n\t\t\t\trunner(t, sqlxx.Expandables{identity.ExpandFieldVerifiableAddresses}, func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\tassert.Empty(t, actual.Credentials)\n\t\t\t\t\tassert.Empty(t, actual.RecoveryAddresses)\n\n\t\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.VerifiableAddresses, actual.VerifiableAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"expand=default\", func(t *testing.T) {\n\t\t\t\trunner(t, identity.ExpandDefault, func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\tassert.Empty(t, actual.Credentials)\n\n\t\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.RecoveryAddresses, actual.RecoveryAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\n\t\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.VerifiableAddresses, actual.VerifiableAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"expand=everything\", func(t *testing.T) {\n\t\t\t\trunner(t, identity.ExpandEverything, func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\trequire.Len(t, actual.Credentials, 2)\n\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypePassword], actual.Credentials[identity.CredentialsTypePassword], []string{\"updated_at\", \"created_at\"})\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypeWebAuthn], actual.Credentials[identity.CredentialsTypeWebAuthn], []string{\"updated_at\", \"created_at\"})\n\n\t\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.RecoveryAddresses, actual.RecoveryAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\n\t\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.VerifiableAddresses, actual.VerifiableAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"expand=load\", func(t *testing.T) {\n\t\t\t\trunner(t, identity.ExpandNothing, func(t *testing.T, actual *identity.Identity) {\n\t\t\t\t\trequire.NoError(t, p.HydrateIdentityAssociations(ctx, actual, identity.ExpandEverything))\n\n\t\t\t\t\trequire.Len(t, actual.Credentials, 2)\n\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypePassword], actual.Credentials[identity.CredentialsTypePassword], []string{\"updated_at\", \"created_at\"})\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypeWebAuthn], actual.Credentials[identity.CredentialsTypeWebAuthn], []string{\"updated_at\", \"created_at\"})\n\n\t\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.RecoveryAddresses, actual.RecoveryAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\n\t\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.VerifiableAddresses, actual.VerifiableAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"confidential\", func(t *testing.T) {\n\t\t\t\t// confidential is like expand=all\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, expected.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassertx.EqualAsJSONExcept(t, expected, actual, []string{\n\t\t\t\t\t\"verifiable_addresses\", \"recovery_addresses\", \"updated_at\", \"created_at\", \"credentials\", \"state_changed_at\",\n\t\t\t\t})\n\t\t\t\trequire.Len(t, actual.Credentials, 2)\n\n\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypePassword], actual.Credentials[identity.CredentialsTypePassword], []string{\"updated_at\", \"created_at\"})\n\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[identity.CredentialsTypeWebAuthn], actual.Credentials[identity.CredentialsTypeWebAuthn], []string{\"updated_at\", \"created_at\"})\n\n\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 1)\n\t\t\t\tassertx.EqualAsJSONExcept(t, expected.RecoveryAddresses, actual.RecoveryAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\n\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\t\tassertx.EqualAsJSONExcept(t, expected.VerifiableAddresses, actual.VerifiableAddresses, []string{\"0.updated_at\", \"0.created_at\"})\n\t\t\t})\n\t\t})\n\n\t\tvar createdIDs []uuid.UUID\n\t\tpasswordIdentity := func(schemaID string, credentialsID string) *identity.Identity {\n\t\t\ti := identity.NewIdentity(schemaID)\n\t\t\ti.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypePassword, Identifiers: []string{credentialsID},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t})\n\t\t\treturn i\n\t\t}\n\n\t\toidcIdentity := func(schemaID string, credentialsID string) *identity.Identity {\n\t\t\ti := identity.NewIdentity(schemaID)\n\t\t\ti.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypeOIDC, Identifiers: []string{credentialsID},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t})\n\t\t\treturn i\n\t\t}\n\n\t\tassertEqual := func(t *testing.T, expected, actual *identity.Identity) {\n\t\t\tassert.Empty(t, actual.Credentials)\n\t\t\trequire.Equal(t, expected.Traits, actual.Traits)\n\t\t\trequire.Equal(t, expected.ID, actual.ID)\n\t\t}\n\n\t\tt.Run(\"case=should create and set missing ID\", func(t *testing.T) {\n\t\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\ti.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypeOIDC, Identifiers: []string{x.NewUUID().String()},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t})\n\t\t\ti.ID = uuid.Nil\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, i))\n\t\t\tassert.NotEqual(t, uuid.Nil, i.ID)\n\t\t\tassert.Equal(t, nid, i.NID)\n\t\t\tcreatedIDs = append(createdIDs, i.ID)\n\n\t\t\tcount, err := p.CountIdentities(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.EqualValues(t, int64(1), count)\n\n\t\t\tt.Run(\"different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\tcount, err := p.CountIdentities(ctx)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.EqualValues(t, int64(0), count)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=create with default values\", func(t *testing.T) {\n\t\t\texpected := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, err := p.GetIdentity(ctx, expected.ID, identity.ExpandDefault)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tassert.Equal(t, expected.ID, actual.ID)\n\t\t\tassert.Equal(t, config.DefaultIdentityTraitsSchemaID, actual.SchemaID)\n\t\t\tassert.Equal(t, defaultSchema.SchemaURL(exampleServerURL).String(), actual.SchemaURL)\n\t\t\tassertEqual(t, expected, actual)\n\n\t\t\tcount, err := p.CountIdentities(ctx)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.EqualValues(t, 2, count)\n\n\t\t\tt.Run(\"different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, err := p.GetIdentity(ctx, expected.ID, identity.ExpandDefault)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\t\tcount, err := p.CountIdentities(ctx)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.EqualValues(t, int64(0), count)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=should set external ID\", func(t *testing.T) {\n\t\t\ti := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\ti.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypeOIDC, Identifiers: []string{x.NewUUID().String()},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t})\n\t\t\ti.ID = uuid.Nil\n\t\t\texternalID := sqlxx.NullString(\"external-id-\" + randx.MustString(10, randx.AlphaNum))\n\t\t\ti.ExternalID = externalID\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, i))\n\t\t\tassert.NotEqual(t, uuid.Nil, i.ID)\n\t\t\tassert.Equal(t, nid, i.NID)\n\t\t\tassert.Equal(t, externalID, i.ExternalID)\n\t\t\tcreatedIDs = append(createdIDs, i.ID)\n\n\t\t\tt.Run(\"find by external ID\", func(t *testing.T) {\n\t\t\t\ti2, err := p.FindIdentityByExternalID(ctx, externalID.String(), identity.ExpandEverything)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, i.ID, i2.ID)\n\t\t\t})\n\n\t\t\tt.Run(\"must be unique\", func(t *testing.T) {\n\t\t\t\ti2 := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)\n\t\t\t\ti2.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC, Identifiers: []string{x.NewUUID().String()},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\t})\n\t\t\t\ti2.ExternalID = externalID\n\n\t\t\t\terr := new(herodot.DefaultError)\n\t\t\t\trequire.ErrorAs(t, p.CreateIdentity(ctx, i2), &err)\n\t\t\t\tassert.Equal(t, http.StatusConflict, err.CodeField)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=create with null AAL\", func(t *testing.T) {\n\t\t\texpected := passwordIdentity(\"\", \"id-\"+uuid.Must(uuid.NewV4()).String())\n\t\t\texpected.InternalAvailableAAL.Valid = false\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, err := p.GetIdentity(ctx, expected.ID, identity.ExpandDefault)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tassert.False(t, actual.InternalAvailableAAL.Valid)\n\t\t})\n\n\t\tt.Run(\"suite=create multiple identities\", func(t *testing.T) {\n\t\t\tt.Run(\"create multiple identities\", func(t *testing.T) {\n\t\t\t\tidentities := make([]*identity.Identity, 100)\n\t\t\t\tfor i := range identities {\n\t\t\t\t\tidentities[i] = NewTestIdentity(4, \"persister-create-multiple\", i)\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentities(ctx, identities...))\n\t\t\t\tcreatedAt := time.Now().UTC()\n\n\t\t\t\tfor _, id := range identities {\n\t\t\t\t\tidFromDB, err := p.GetIdentity(ctx, id.ID, identity.ExpandEverything)\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\tcredFromDB := idFromDB.Credentials[identity.CredentialsTypePassword]\n\t\t\t\t\tassert.Equal(t, id.ID, idFromDB.ID)\n\t\t\t\t\tassert.Equal(t, id.SchemaID, idFromDB.SchemaID)\n\t\t\t\t\tassert.Equal(t, id.SchemaURL, idFromDB.SchemaURL)\n\t\t\t\t\tassert.Equal(t, id.State, idFromDB.State)\n\n\t\t\t\t\t// We test that the values are plausible in the handler test already.\n\t\t\t\t\tassert.Equal(t, len(id.VerifiableAddresses), len(idFromDB.VerifiableAddresses))\n\t\t\t\t\tassert.Equal(t, len(id.RecoveryAddresses), len(idFromDB.RecoveryAddresses))\n\n\t\t\t\t\tassert.Equal(t, id.Credentials[\"password\"].Identifiers, credFromDB.Identifiers)\n\t\t\t\t\tassert.WithinDuration(t, createdAt, credFromDB.CreatedAt, time.Minute)\n\t\t\t\t\tassert.WithinDuration(t, createdAt, credFromDB.UpdatedAt, time.Minute)\n\t\t\t\t\t// because of mysql precision\n\t\t\t\t\tassert.WithinDuration(t, id.CreatedAt, idFromDB.CreatedAt, time.Second)\n\t\t\t\t\tassert.WithinDuration(t, id.UpdatedAt, idFromDB.UpdatedAt, time.Second)\n\n\t\t\t\t\trequire.NoError(t, p.DeleteIdentity(ctx, id.ID))\n\t\t\t\t}\n\t\t\t})\n\n\t\t\tt.Run(\"create exactly the non-conflicting ones\", func(t *testing.T) {\n\t\t\t\tidentities := make([]*identity.Identity, 100)\n\t\t\t\tfor i := range identities {\n\t\t\t\t\tidentities[i] = NewTestIdentity(4, \"persister-create-multiple-2\", i%60)\n\t\t\t\t}\n\t\t\t\terr := p.CreateIdentities(ctx, identities...)\n\t\t\t\tif dbname == \"mysql\" {\n\t\t\t\t\t// partial inserts are not supported on mysql\n\t\t\t\t\tassert.ErrorIs(t, err, sqlcon.ErrUniqueViolation)\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t\tcreatedAt := time.Now().UTC()\n\n\t\t\t\terrWithCtx := new(identity.CreateIdentitiesError)\n\t\t\t\trequire.ErrorAsf(t, err, &errWithCtx, \"%#v\", err)\n\n\t\t\t\tfor _, id := range identities[:60] {\n\t\t\t\t\trequire.NotZero(t, id.ID)\n\n\t\t\t\t\tidFromDB, err := p.GetIdentity(ctx, id.ID, identity.ExpandEverything)\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\tcredFromDB := idFromDB.Credentials[identity.CredentialsTypePassword]\n\t\t\t\t\tassert.Equal(t, id.ID, idFromDB.ID)\n\t\t\t\t\tassert.Equal(t, id.SchemaID, idFromDB.SchemaID)\n\t\t\t\t\tassert.Equal(t, id.SchemaURL, idFromDB.SchemaURL)\n\t\t\t\t\tassert.Equal(t, id.State, idFromDB.State)\n\n\t\t\t\t\t// We test that the values are plausible in the handler test already.\n\t\t\t\t\tassert.Equal(t, len(id.VerifiableAddresses), len(idFromDB.VerifiableAddresses))\n\t\t\t\t\tassert.Equal(t, len(id.RecoveryAddresses), len(idFromDB.RecoveryAddresses))\n\n\t\t\t\t\tassert.Equal(t, id.Credentials[\"password\"].Identifiers, credFromDB.Identifiers)\n\t\t\t\t\tassert.WithinDuration(t, createdAt, credFromDB.CreatedAt, time.Minute)\n\t\t\t\t\tassert.WithinDuration(t, createdAt, credFromDB.UpdatedAt, time.Minute)\n\t\t\t\t\t// because of mysql precision\n\t\t\t\t\tassert.WithinDuration(t, id.CreatedAt, idFromDB.CreatedAt, time.Second)\n\t\t\t\t\tassert.WithinDuration(t, id.UpdatedAt, idFromDB.UpdatedAt, time.Second)\n\n\t\t\t\t\trequire.NoError(t, p.DeleteIdentity(ctx, id.ID))\n\t\t\t\t}\n\n\t\t\t\tfor _, id := range identities[60:] {\n\t\t\t\t\tfailed := errWithCtx.Find(id)\n\t\t\t\t\tassert.NotNil(t, failed)\n\t\t\t\t}\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=external_id conflict in batch create returns partial error\", func(t *testing.T) {\n\t\t\t// Regression test for https://github.com/ory-corp/cloud/issues/10580\n\t\t\t// When all identities in a batch conflict on external_id, CreateIdentities\n\t\t\t// should return a CreateIdentitiesError, not a raw SQL error.\n\t\t\t// On Postgres, the bug causes: ERROR: syntax error at or near \")\" (SQLSTATE 42601)\n\t\t\t// because DeleteIdentities is called with an empty ID slice, generating IN ().\n\n\t\t\t// Step 1: Create two identities with external_ids.\n\t\t\tfirst := make([]*identity.Identity, 2)\n\t\t\tfor i := range first {\n\t\t\t\tfirst[i] = NewTestIdentity(1, \"ext-id-conflict-first\", i)\n\t\t\t\tfirst[i].ExternalID = sqlxx.NullString(fmt.Sprintf(\"ext-conflict-pool-%d\", i))\n\t\t\t}\n\t\t\trequire.NoError(t, p.CreateIdentities(ctx, first...))\n\t\t\tfor _, id := range first {\n\t\t\t\tcreatedIDs = append(createdIDs, id.ID)\n\t\t\t}\n\n\t\t\t// Step 2: Create new identities with different traits but same external_ids.\n\t\t\tsecond := make([]*identity.Identity, 2)\n\t\t\tfor i := range second {\n\t\t\t\tsecond[i] = NewTestIdentity(1, \"ext-id-conflict-second\", i)\n\t\t\t\tsecond[i].ExternalID = sqlxx.NullString(fmt.Sprintf(\"ext-conflict-pool-%d\", i))\n\t\t\t}\n\t\t\terr := p.CreateIdentities(ctx, second...)\n\t\t\tif dbname == \"mysql\" {\n\t\t\t\tassert.ErrorIs(t, err, sqlcon.ErrUniqueViolation)\n\t\t\t\treturn\n\t\t\t}\n\t\t\terrWithCtx := new(identity.CreateIdentitiesError)\n\t\t\trequire.ErrorAsf(t, err, &errWithCtx, \"expected CreateIdentitiesError, got: %#v\", err)\n\t\t\tfor _, id := range second {\n\t\t\t\tassert.NotNil(t, errWithCtx.Find(id), \"expected identity %s to be in the error\", id.ID)\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=should error when the identity ID does not exist\", func(t *testing.T) {\n\t\t\t_, err := p.GetIdentity(ctx, uuid.UUID{}, identity.ExpandNothing)\n\t\t\trequire.Error(t, err)\n\n\t\t\t_, err = p.GetIdentity(ctx, x.NewUUID(), identity.ExpandNothing)\n\t\t\trequire.Error(t, err)\n\n\t\t\t_, err = p.GetIdentityConfidential(ctx, x.NewUUID())\n\t\t\trequire.Error(t, err)\n\t\t})\n\n\t\tt.Run(\"case=run migrations when fetching credentials\", func(t *testing.T) {\n\t\t\texpected := func(schemaID string, credentialsID string) *identity.Identity {\n\t\t\t\ti := identity.NewIdentity(schemaID)\n\t\t\t\ti.SetCredentials(identity.CredentialsTypeWebAuthn, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeWebAuthn, Identifiers: []string{credentialsID},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"credentials\":[{}]}`),\n\t\t\t\t})\n\t\t\t\treturn i\n\t\t\t}(altSchema.ID, \"webauthn\")\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, err := p.GetIdentityConfidential(ctx, expected.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\tc := actual.GetCredentialsOr(identity.CredentialsTypeWebAuthn, &identity.Credentials{})\n\t\t\tassert.True(t, gjson.GetBytes(c.Config, \"credentials.0.is_passwordless\").Exists())\n\t\t\tassert.Equal(t, base64.StdEncoding.EncodeToString(expected.ID[:]), gjson.GetBytes(c.Config, \"user_handle\").String())\n\t\t})\n\n\t\tt.Run(\"case=create and keep set values\", func(t *testing.T) {\n\t\t\texpected := passwordIdentity(altSchema.ID, x.NewUUID().String())\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, err := p.GetIdentity(ctx, expected.ID, identity.ExpandDefault)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, altSchema.ID, actual.SchemaID)\n\t\t\tassert.Equal(t, altSchema.SchemaURL(exampleServerURL).String(), actual.SchemaURL)\n\t\t\tassertEqual(t, expected, actual)\n\n\t\t\tactual, err = p.GetIdentityConfidential(ctx, expected.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Equal(t, expected.Traits, actual.Traits)\n\t\t\trequire.Equal(t, expected.ID, actual.ID)\n\n\t\t\tassert.NotEmpty(t, actual.Credentials)\n\t\t\tassert.NotEmpty(t, expected.Credentials)\n\n\t\t\tfor m, expected := range expected.Credentials {\n\t\t\t\tassert.Equal(t, expected.ID, actual.Credentials[m].ID)\n\t\t\t\tassert.JSONEq(t, string(expected.Config), string(actual.Credentials[m].Config))\n\t\t\t\tassert.Equal(t, expected.Identifiers, actual.Credentials[m].Identifiers)\n\t\t\t\tassert.Equal(t, expected.Type, actual.Credentials[m].Type)\n\t\t\t}\n\n\t\t\tt.Run(\"different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, err := p.GetIdentity(ctx, expected.ID, identity.ExpandNothing)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\t\t_, err = p.GetIdentityConfidential(ctx, expected.ID)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=fail on duplicate credential identifiers if type is password\", func(t *testing.T) {\n\t\t\temail := randx.MustString(16, randx.AlphaLowerNum) + \"@bar.com\"\n\t\t\tinitial := passwordIdentity(\"\", email)\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\tfor _, transform := range []func(string) string{\n\t\t\t\tstrings.ToLower,\n\t\t\t\tfunc(s string) string { return s[:1] + strings.ToUpper(s[1:2]) + s[2:] },\n\t\t\t\tstrings.ToUpper,\n\t\t\t\tfunc(s string) string { left, right, _ := strings.Cut(s, \"@\"); return left + \"@\" + strings.Title(right) },\n\t\t\t} {\n\t\t\t\tids := transform(email)\n\t\t\t\texpected := passwordIdentity(\"\", ids)\n\t\t\t\terr := p.CreateIdentity(ctx, expected)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrUniqueViolation, \"%+v\", err)\n\n\t\t\t\t_, err = p.GetIdentity(ctx, expected.ID, identity.ExpandNothing)\n\t\t\t\trequire.Error(t, err)\n\n\t\t\t\tt.Run(\"succeeds on different network/id=\"+ids, func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\texpected := passwordIdentity(\"\", ids)\n\t\t\t\t\terr := p.CreateIdentity(ctx, expected)\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\t_, err = p.GetIdentity(ctx, expected.ID, identity.ExpandNothing)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=fail on duplicate credential identifiers if type is oidc\", func(t *testing.T) {\n\t\t\toidcID := randx.MustString(16, randx.AlphaLowerNum)\n\t\t\tinitial := oidcIdentity(\"\", oidcID)\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\texpected := oidcIdentity(\"\", oidcID)\n\t\t\trequire.Error(t, p.CreateIdentity(ctx, expected))\n\n\t\t\t_, err := p.GetIdentity(ctx, expected.ID, identity.ExpandNothing)\n\t\t\trequire.Error(t, err)\n\n\t\t\tsecond := oidcIdentity(\"\", strings.ToUpper(oidcID))\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, second), \"should work because oidc is not case-sensitive\")\n\t\t\tcreatedIDs = append(createdIDs, second.ID)\n\n\t\t\tt.Run(\"succeeds on different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\texpected := oidcIdentity(\"\", oidcID)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\n\t\t\t\t_, err = p.GetIdentity(ctx, expected.ID, identity.ExpandNothing)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=create with invalid traits data\", func(t *testing.T) {\n\t\t\texpected := oidcIdentity(\"\", x.NewUUID().String())\n\t\t\texpected.Traits = identity.Traits(`{\"bar\":123}`) // bar should be a string\n\t\t\terr := p.CreateIdentity(ctx, expected)\n\t\t\trequire.Error(t, err)\n\t\t\tassert.Contains(t, fmt.Sprintf(\"%+v\", err.Error()), \"malformed\")\n\t\t})\n\n\t\tt.Run(\"case=get classified credentials\", func(t *testing.T) {\n\t\t\tinitial := oidcIdentity(\"\", x.NewUUID().String())\n\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypeOIDC, Identifiers: []string{\"aylmao-oidc\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"ay\":\"lmao\"}`),\n\t\t\t})\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\tinitial, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.NotEqual(t, uuid.Nil, initial.ID)\n\t\t\trequire.NotEmpty(t, initial.Credentials)\n\n\t\t\tt.Run(\"fails on different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=update an identity and set credentials\", func(t *testing.T) {\n\t\t\tinitial := oidcIdentity(\"\", x.NewUUID().String())\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\tassert.Equal(t, config.DefaultIdentityTraitsSchemaID, initial.SchemaID)\n\t\t\tassert.Equal(t, defaultSchema.SchemaURL(exampleServerURL).String(), initial.SchemaURL)\n\n\t\t\texpected := initial.CopyWithoutCredentials()\n\t\t\texpected.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\tIdentifiers: []string{\"ignore-me\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"oh\":\"nono\"}`),\n\t\t\t})\n\t\t\texpected.Traits = identity.Traits(`{\"update\":\"me\"}`)\n\t\t\texpected.SchemaID = altSchema.ID\n\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, expected))\n\n\t\t\tactual, err := p.GetIdentityConfidential(ctx, expected.ID)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, altSchema.ID, actual.SchemaID)\n\t\t\tassert.Equal(t, altSchema.SchemaURL(exampleServerURL).String(), actual.SchemaURL)\n\t\t\tassert.NotEmpty(t, actual.Credentials[identity.CredentialsTypePassword])\n\t\t\tassert.Empty(t, actual.Credentials[identity.CredentialsTypeOIDC])\n\n\t\t\tassert.Equal(t, expected.Credentials[identity.CredentialsTypeOIDC], actual.Credentials[identity.CredentialsTypeOIDC])\n\n\t\t\tt.Run(\"fails on different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\trequire.ErrorIs(t, p.UpdateIdentity(ctx, expected), sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=fail to update because validation fails\", func(t *testing.T) {\n\t\t\tinitial := oidcIdentity(\"\", x.NewUUID().String())\n\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\tinitial.Traits = identity.Traits(`{\"bar\":123}`)\n\t\t\terr := p.UpdateIdentity(ctx, initial)\n\t\t\trequire.Error(t, err)\n\t\t\trequire.Contains(t, err.Error(), \"malformed\")\n\t\t})\n\n\t\tt.Run(\"case=update an identity column\", func(t *testing.T) {\n\t\t\tinitial := oidcIdentity(\"\", x.NewUUID().String())\n\t\t\tinitial.InternalAvailableAAL = identity.NewNullableAuthenticatorAssuranceLevel(identity.NoAuthenticatorAssuranceLevel)\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\tinitial.InternalAvailableAAL = identity.NewNullableAuthenticatorAssuranceLevel(identity.AuthenticatorAssuranceLevel1)\n\t\t\tinitial.State = identity.StateInactive\n\t\t\trequire.NoError(t, p.UpdateIdentityColumns(ctx, initial, \"available_aal\"))\n\n\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, string(identity.AuthenticatorAssuranceLevel1), actual.InternalAvailableAAL.String)\n\t\t\tassert.Equal(t, identity.StateActive, actual.State, \"the state remains unchanged\")\n\t\t})\n\n\t\tt.Run(\"case=should fail to insert identity because credentials from traits exist\", func(t *testing.T) {\n\t\t\temail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\tfirst := passwordIdentity(\"\", email)\n\t\t\tfirst.Traits = identity.Traits(`{}`)\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, first))\n\t\t\tcreatedIDs = append(createdIDs, first.ID)\n\n\t\t\tsecond := passwordIdentity(\"\", email)\n\t\t\trequire.Error(t, p.CreateIdentity(ctx, second))\n\n\t\t\tt.Run(\"passes on different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, second))\n\t\t\t})\n\n\t\t\tt.Run(\"case=should fail to update identity because credentials exist\", func(t *testing.T) {\n\t\t\t\tfirst := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tfirst.Traits = identity.Traits(`{}`)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, first))\n\t\t\t\tcreatedIDs = append(createdIDs, first.ID)\n\n\t\t\t\tc := first.Credentials[identity.CredentialsTypePassword]\n\t\t\t\tc.Identifiers = []string{email}\n\t\t\t\tfirst.Credentials[identity.CredentialsTypePassword] = c\n\t\t\t\trequire.Error(t, p.UpdateIdentity(ctx, first))\n\n\t\t\t\tt.Run(\"passes on different network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\tfirst := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\t\tfirst.Traits = identity.Traits(`{}`)\n\t\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, first))\n\n\t\t\t\t\tc := first.Credentials[identity.CredentialsTypePassword]\n\t\t\t\t\tc.Identifiers = []string{\"test-identity@ory.sh\"}\n\t\t\t\t\tfirst.Credentials[identity.CredentialsTypePassword] = c\n\t\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, first))\n\t\t\t\t})\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=should succeed to update credentials from traits\", func(t *testing.T) {\n\t\t\texpected := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\texpected.Traits = identity.Traits(`{\"email\":\"update-test-identity@ory.sh\"}`)\n\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, expected))\n\n\t\t\tactual, err := p.GetIdentityConfidential(ctx, expected.ID)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tassert.Equal(t, expected.Credentials[identity.CredentialsTypePassword].Identifiers, actual.Credentials[identity.CredentialsTypePassword].Identifiers)\n\t\t})\n\n\t\tt.Run(\"case=delete an identity\", func(t *testing.T) {\n\t\t\texpected := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\n\t\t\tt.Run(\"fails on different network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\trequire.ErrorIs(t, p.DeleteIdentity(ctx, expected.ID), sqlcon.ErrNoRows)\n\n\t\t\t\tp = testhelpers.ExistingNetwork(t, p, nid)\n\t\t\t\t_, err := p.GetIdentity(ctx, expected.ID, identity.ExpandNothing)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t})\n\n\t\t\trequire.NoError(t, p.DeleteIdentity(ctx, expected.ID))\n\n\t\t\t_, err := p.GetIdentity(ctx, expected.ID, identity.ExpandNothing)\n\t\t\trequire.Error(t, err)\n\t\t})\n\n\t\tt.Run(\"case=create with empty credentials config\", func(t *testing.T) {\n\t\t\t// This test covers a case where the config value of a credentials setting is empty. This causes\n\t\t\t// issues with postgres' json field.\n\t\t\texpected := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\texpected.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\tIdentifiers: []string{\"id-missing-creds-config\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(``),\n\t\t\t})\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\t\t})\n\n\t\tt.Run(\"case=list\", func(t *testing.T) {\n\t\t\tis, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{Expand: identity.ExpandDefault})\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.NotEmpty(t, is)\n\t\t\trequire.Len(t, is, len(createdIDs))\n\t\t\tfor _, id := range createdIDs {\n\t\t\t\tvar found bool\n\t\t\t\tfor _, i := range is {\n\t\t\t\t\tif i.ID == id {\n\t\t\t\t\t\texpected, err := p.GetIdentity(ctx, id, identity.ExpandDefault)\n\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\tassertx.EqualAsJSON(t, expected, i)\n\t\t\t\t\t\tfound = true\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\trequire.True(t, found, id)\n\t\t\t}\n\n\t\t\tt.Run(\"no results on other network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\tis, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{Expand: identity.ExpandDefault})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, is, 0)\n\t\t\t})\n\n\t\t\tt.Run(\"list some using ids filter\", func(t *testing.T) {\n\t\t\t\tfilterIds := createdIDs[:2]\n\n\t\t\t\tis, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{Expand: identity.ExpandDefault, IdsFilter: filterIds})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, is, len(filterIds))\n\t\t\t})\n\n\t\t\tt.Run(\"eventually consistent\", func(t *testing.T) {\n\t\t\t\tif dbname != \"cockroach\" {\n\t\t\t\t\tt.Skipf(\"Test only works with cockroachdb\")\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tid := x.NewUUID().String()\n\t\t\t\tanother := oidcIdentity(\"\", id)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, another))\n\t\t\t\tcreatedIDs = append(createdIDs, another.ID)\n\n\t\t\t\tis, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\tExpand: identity.ExpandDefault,\n\t\t\t\t\tKeySetPagination: []keysetpagination.Option{keysetpagination.WithSize(25)},\n\t\t\t\t\tConsistencyLevel: crdbx.ConsistencyLevelStrong,\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, is, len(createdIDs))\n\n\t\t\t\tvar results []identity.Identity\n\t\t\t\t// It takes about 4.8 seconds to replicate the data.\n\t\t\t\tfor i := 0; i < 8; i++ {\n\t\t\t\t\ttime.Sleep(time.Second)\n\n\t\t\t\t\t// The error here is explicitly ignored because the table / schema might not yet be replicated.\n\t\t\t\t\t// This can lead to \"ERROR: cached plan must not change result type (SQLSTATE 0A000)\" whih is caused\n\t\t\t\t\t// because the prepared query exist but the schema is not yet replicated.\n\t\t\t\t\tis, _, _ := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\t\tExpand: identity.ExpandEverything,\n\t\t\t\t\t\tKeySetPagination: []keysetpagination.Option{keysetpagination.WithSize(25)},\n\t\t\t\t\t\tConsistencyLevel: crdbx.ConsistencyLevelEventual,\n\t\t\t\t\t})\n\n\t\t\t\t\tif len(is) == len(createdIDs) {\n\t\t\t\t\t\tresults = is\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\trequire.NotZero(t, len(results))\n\t\t\t\trequire.Len(t, results, len(createdIDs), \"Could not find all identities after 8 seconds\")\n\n\t\t\t\tvar found bool\n\t\t\t\tfor _, i := range results {\n\t\t\t\t\tif i.ID == another.ID {\n\t\t\t\t\t\tfound = true\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\trequire.True(t, found, id, \"Unable to find created identity in eventually consistent results.\")\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=find identity by its credentials identifier\", func(t *testing.T) {\n\t\t\tvar expectedIdentifiers []string\n\t\t\tvar expectedIdentities []*identity.Identity\n\n\t\t\tfor _, c := range []identity.CredentialsType{\n\t\t\t\tidentity.CredentialsTypePassword,\n\t\t\t\tidentity.CredentialsTypeWebAuthn,\n\t\t\t\tidentity.CredentialsTypeOIDC,\n\t\t\t} {\n\t\t\t\tidentityIdentifier := fmt.Sprintf(\"find-identity-by-identifier-%s@ory.sh\", c)\n\t\t\t\texpected := identity.NewIdentity(\"\")\n\t\t\t\texpected.SetCredentials(c, identity.Credentials{Type: c, Identifiers: []string{identityIdentifier}, Config: sqlxx.JSONRawMessage(`{}`)})\n\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\t\t\t\texpectedIdentifiers = append(expectedIdentifiers, identityIdentifier)\n\t\t\t\texpectedIdentities = append(expectedIdentities, expected)\n\t\t\t}\n\n\t\t\tcreate := identity.NewIdentity(\"\")\n\t\t\tcreate.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{Type: identity.CredentialsTypePassword, Identifiers: []string{\"find-identity-by-identifier-common@ory.sh\"}, Config: sqlxx.JSONRawMessage(`{}`)})\n\t\t\tcreate.SetCredentials(identity.CredentialsTypeWebAuthn, identity.Credentials{Type: identity.CredentialsTypeWebAuthn, Identifiers: []string{\"find-identity-by-identifier-common@ory.sh\"}, Config: sqlxx.JSONRawMessage(`{}`)})\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, create))\n\n\t\t\tactual, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\tExpand: identity.ExpandEverything,\n\t\t\t})\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Greater(t, len(actual), 0)\n\n\t\t\tfor c, ct := range []identity.CredentialsType{\n\t\t\t\tidentity.CredentialsTypePassword,\n\t\t\t\tidentity.CredentialsTypeWebAuthn,\n\t\t\t} {\n\t\t\t\tt.Run(ct.String(), func(t *testing.T) {\n\t\t\t\t\tactual, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\t\t// Match is normalized\n\t\t\t\t\t\tCredentialsIdentifier: expectedIdentifiers[c],\n\t\t\t\t\t})\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\texpected := expectedIdentities[c]\n\t\t\t\t\trequire.Len(t, actual, 1)\n\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected, actual[0], []string{\"credentials.config\", \"created_at\", \"updated_at\", \"state_changed_at\"})\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tt.Run(\"similarity search\", func(t *testing.T) {\n\t\t\t\tactual, _, err := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\tCredentialsIdentifierSimilar: \"find-identity-by-identifier\",\n\t\t\t\t\tExpand: identity.ExpandCredentials,\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual, 4) // webauthn, common, password, oidc\n\n\t\t\touter:\n\t\t\t\tfor _, e := range append(expectedIdentities[:2], create) {\n\t\t\t\t\tfor _, a := range actual {\n\t\t\t\t\t\tif e.ID == a.ID {\n\t\t\t\t\t\t\tassertx.EqualAsJSONExcept(t, e, a, []string{\"credentials.config\", \"created_at\", \"updated_at\", \"state_changed_at\"})\n\t\t\t\t\t\t\tcontinue outer\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tactualCredentials := make([]map[identity.CredentialsType]identity.Credentials, len(actual))\n\t\t\t\t\tfor k, a := range actual {\n\t\t\t\t\t\tactualCredentials[k] = a.Credentials\n\t\t\t\t\t}\n\t\t\t\t\tt.Fatalf(\"expected identity %+v not found in actual result set %+v\", e.Credentials, actualCredentials)\n\t\t\t\t}\n\t\t\t})\n\n\t\t\tt.Run(\"find by OIDC identifier\", func(t *testing.T) {\n\t\t\t\tactual, next, err := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\tCredentialsIdentifier: \"find-identity-by-identifier-oidc@ory.sh\",\n\t\t\t\t\tExpand: identity.ExpandEverything,\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual, 1)\n\t\t\t\tassert.True(t, next.IsLast())\n\t\t\t})\n\n\t\t\tt.Run(\"one result set even if multiple matches\", func(t *testing.T) {\n\t\t\t\tactual, next, err := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\tCredentialsIdentifier: \"find-identity-by-identifier-common@ory.sh\",\n\t\t\t\t\tExpand: identity.ExpandEverything,\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual, 1)\n\t\t\t\tassert.True(t, next.IsLast())\n\t\t\t})\n\n\t\t\tt.Run(\"non existing identifier\", func(t *testing.T) {\n\t\t\t\tactual, next, err := p.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\tCredentialsIdentifier: \"find-identity-by-identifier-non-existing@ory.sh\",\n\t\t\t\t\tExpand: identity.ExpandEverything,\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual, 0)\n\t\t\t\tassert.True(t, next.IsLast())\n\t\t\t})\n\n\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t_, on := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\tactual, next, err := on.ListIdentities(ctx, identity.ListIdentityParameters{\n\t\t\t\t\tCredentialsIdentifier: expectedIdentifiers[0],\n\t\t\t\t\tExpand: identity.ExpandEverything,\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual, 0)\n\t\t\t\tassert.True(t, next.IsLast())\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=find identity by its credentials type and identifier\", func(t *testing.T) {\n\t\t\temail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\texpected := passwordIdentity(\"\", email)\n\t\t\texpected.Traits = identity.Traits(`{}`)\n\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, creds, err := p.FindByCredentialsIdentifier(ctx, identity.CredentialsTypePassword, email)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tassert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].ID, creds.ID)\n\t\t\tassert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].Identifiers, creds.Identifiers)\n\t\t\tassert.JSONEq(t, string(expected.Credentials[identity.CredentialsTypePassword].Config), string(creds.Config))\n\t\t\t// assert.EqualValues(t, expected.Credentials[CredentialsTypePassword].CreatedAt.Unix(), creds.CreatedAt.Unix())\n\t\t\t// assert.EqualValues(t, expected.Credentials[CredentialsTypePassword].UpdatedAt.Unix(), creds.UpdatedAt.Unix())\n\n\t\t\trequire.Equal(t, expected.Traits, actual.Traits)\n\t\t\trequire.Equal(t, expected.ID, actual.ID)\n\t\t\trequire.NotNil(t, actual.Credentials[identity.CredentialsTypePassword])\n\t\t\tassert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].ID, actual.Credentials[identity.CredentialsTypePassword].ID)\n\t\t\tassert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].Identifiers, actual.Credentials[identity.CredentialsTypePassword].Identifiers)\n\t\t\tassert.JSONEq(t, string(expected.Credentials[identity.CredentialsTypePassword].Config), string(actual.Credentials[identity.CredentialsTypePassword].Config))\n\n\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, _, err := p.FindByCredentialsIdentifier(ctx, identity.CredentialsTypePassword, email)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=find identity by its webauthn credential user handle\", func(t *testing.T) {\n\t\t\texpected := identity.NewIdentity(\"\")\n\t\t\texpected.SetCredentials(identity.CredentialsTypeWebAuthn, identity.Credentials{\n\t\t\t\tType: identity.CredentialsTypeWebAuthn,\n\t\t\t\tIdentifiers: []string{\"find-webauth-user-handle-identifier@ory.sh\"},\n\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\n \"credentials\": [\n {\n \"added_at\": \"2024-02-13T10:36:16Z\",\n \"attestation_type\": \"none\",\n \"authenticator\": {\n \"aaguid\": \"+/wwBxVOTsyMC24CBVfXvQ==\",\n \"clone_warning\": false,\n \"sign_count\": 0\n },\n \"display_name\": \"Yubikey\",\n \"id\": \"f2uGd/Bg1rGcGXtYp4MT4WcN+eA=\",\n \"is_passwordless\": true,\n \"public_key\": \"pQECAyYgASFYIBkNvUxvjdhuA36FworTmS/rxZR1I+NyRWBpoTYY/R+CIlggw+gFFrFoEi+rS82zq7+tDHAukBUJcFpQ7Z3NLBZH5vk=\"\n }\n ],\n \"user_handle\": \"51z80nYJTSGmr6UBe1VGLg==\"\n}`),\n\t\t\t})\n\t\t\texpected.Traits = identity.Traits(`{}`)\n\t\t\tuserHandle := x.Must(base64.StdEncoding.DecodeString(\"51z80nYJTSGmr6UBe1VGLg==\"))\n\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, err := p.FindIdentityByWebauthnUserHandle(ctx, userHandle)\n\t\t\trequire.NoError(t, err)\n\n\t\t\texpected.Credentials = nil\n\t\t\tassertEqual(t, expected, actual)\n\n\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, err = p.FindIdentityByWebauthnUserHandle(ctx, userHandle)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=find identity only by credentials identifier\", func(t *testing.T) {\n\t\t\temail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\texpected := passwordIdentity(\"\", email)\n\t\t\texpected.Traits = identity.Traits(`{}`)\n\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, err := p.FindIdentityByCredentialIdentifier(ctx, strings.ToUpper(email), false, identity.ExpandDefault)\n\t\t\trequire.NoError(t, err)\n\n\t\t\texpected.Credentials = nil\n\t\t\tassertEqual(t, expected, actual)\n\n\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, err := p.FindIdentityByCredentialIdentifier(ctx, strings.ToUpper(email), false, identity.ExpandDefault)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=find identity only by credentials identifier case sensitive\", func(t *testing.T) {\n\t\t\temail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\texpected := passwordIdentity(\"\", email)\n\t\t\texpected.Traits = identity.Traits(`{}`)\n\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\t_, err := p.FindIdentityByCredentialIdentifier(ctx, strings.ToUpper(email), true, identity.ExpandDefault)\n\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\tactual, err := p.FindIdentityByCredentialIdentifier(ctx, email, true, identity.ExpandDefault)\n\t\t\trequire.NoError(t, err)\n\n\t\t\texpected.Credentials = nil\n\t\t\tassertEqual(t, expected, actual)\n\n\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, err := p.FindIdentityByCredentialIdentifier(ctx, email, true, identity.ExpandDefault)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=find identity by its credentials respects cases\", func(t *testing.T) {\n\t\t\tbaseEmail := randx.MustString(16, randx.AlphaLowerNum)\n\t\t\tcaseSensitive := baseEmail + \"@ory.sh\"\n\t\t\tcaseInsensitiveWithSpaces := \" \" + strings.ToUpper(baseEmail) + \"@ORY.sh \"\n\n\t\t\texpected := identity.NewIdentity(\"\")\n\t\t\tfor _, c := range []identity.CredentialsType{\n\t\t\t\tidentity.CredentialsTypePassword,\n\t\t\t\tidentity.CredentialsTypeOIDC,\n\t\t\t\tidentity.CredentialsTypeTOTP,\n\t\t\t\tidentity.CredentialsTypeLookup,\n\t\t\t\tidentity.CredentialsTypeWebAuthn,\n\t\t\t} {\n\t\t\t\texpected.SetCredentials(c, identity.Credentials{Type: c, Identifiers: []string{caseSensitive}, Config: sqlxx.JSONRawMessage(`{}`)})\n\t\t\t}\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tt.Run(\"case sensitive\", func(t *testing.T) {\n\t\t\t\tfor _, ct := range []identity.CredentialsType{\n\t\t\t\t\tidentity.CredentialsTypeOIDC,\n\t\t\t\t\tidentity.CredentialsTypeTOTP,\n\t\t\t\t\tidentity.CredentialsTypeLookup,\n\t\t\t\t} {\n\t\t\t\t\tt.Run(ct.String(), func(t *testing.T) {\n\t\t\t\t\t\t_, _, err := p.FindByCredentialsIdentifier(ctx, ct, caseInsensitiveWithSpaces)\n\t\t\t\t\t\trequire.Error(t, err)\n\n\t\t\t\t\t\tactual, creds, err := p.FindByCredentialsIdentifier(ctx, ct, caseSensitive)\n\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected.Credentials[ct], creds, []string{\"created_at\", \"updated_at\", \"id\"})\n\t\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected, actual, []string{\"created_at\", \"state_changed_at\", \"updated_at\", \"id\"})\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\n\t\t\tt.Run(\"case insensitive\", func(t *testing.T) {\n\t\t\t\tfor _, ct := range []identity.CredentialsType{\n\t\t\t\t\tidentity.CredentialsTypePassword,\n\t\t\t\t\tidentity.CredentialsTypeWebAuthn,\n\t\t\t\t} {\n\t\t\t\t\tt.Run(ct.String(), func(t *testing.T) {\n\t\t\t\t\t\tfor _, cs := range []string{caseSensitive, caseInsensitiveWithSpaces} {\n\t\t\t\t\t\t\tactual, creds, err := p.FindByCredentialsIdentifier(ctx, ct, cs)\n\t\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\t\tec := expected.Credentials[ct]\n\t\t\t\t\t\t\tec.Identifiers = []string{strings.ToLower(caseSensitive)}\n\t\t\t\t\t\t\tassertx.EqualAsJSONExcept(t, ec, creds, []string{\"created_at\", \"updated_at\", \"id\", \"config.user_handle\", \"config.credentials\", \"version\"})\n\t\t\t\t\t\t\tassertx.EqualAsJSONExcept(t, expected, actual, []string{\"created_at\", \"state_changed_at\", \"updated_at\", \"id\"})\n\t\t\t\t\t\t}\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"case=find identity by its credentials case insensitive\", func(t *testing.T) {\n\t\t\tidentifier := x.NewUUID().String()\n\t\t\texpected := passwordIdentity(\"\", strings.ToUpper(identifier))\n\t\t\texpected.Traits = identity.Traits(`{}`)\n\n\t\t\trequire.NoError(t, p.CreateIdentity(ctx, expected))\n\t\t\tcreatedIDs = append(createdIDs, expected.ID)\n\n\t\t\tactual, creds, err := p.FindByCredentialsIdentifier(ctx, identity.CredentialsTypePassword, identifier)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tassert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].ID, creds.ID)\n\t\t\tassert.EqualValues(t, []string{strings.ToLower(identifier)}, creds.Identifiers)\n\t\t\tassert.JSONEq(t, string(expected.Credentials[identity.CredentialsTypePassword].Config), string(creds.Config))\n\n\t\t\trequire.Equal(t, expected.Traits, actual.Traits)\n\t\t\trequire.Equal(t, expected.ID, actual.ID)\n\t\t\trequire.NotNil(t, actual.Credentials[identity.CredentialsTypePassword])\n\t\t\tassert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].ID, actual.Credentials[identity.CredentialsTypePassword].ID)\n\t\t\tassert.EqualValues(t, []string{strings.ToLower(identifier)}, actual.Credentials[identity.CredentialsTypePassword].Identifiers)\n\t\t\tassert.JSONEq(t, string(expected.Credentials[identity.CredentialsTypePassword].Config), string(actual.Credentials[identity.CredentialsTypePassword].Config))\n\n\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t_, _, err := p.FindByCredentialsIdentifier(ctx, identity.CredentialsTypePassword, identifier)\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"suite=verifiable-address\", func(t *testing.T) {\n\t\t\tcreateIdentityWithAddresses := func(t *testing.T, email string) identity.VerifiableAddress {\n\t\t\t\tvar i identity.Identity\n\t\t\t\trequire.NoError(t, faker.FakeData(&i))\n\n\t\t\t\taddress := identity.NewVerifiableEmailAddress(email, i.ID)\n\t\t\t\ti.VerifiableAddresses = append(i.VerifiableAddresses, *address)\n\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, &i))\n\t\t\t\treturn i.VerifiableAddresses[0]\n\t\t\t}\n\n\t\t\tt.Run(\"case=not found\", func(t *testing.T) {\n\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"does-not-exist\")\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t})\n\n\t\t\ttransform := func(k int, value string) string {\n\t\t\t\tswitch k % 5 {\n\t\t\t\tcase 0:\n\t\t\t\t\tvalue = strings.ToLower(value)\n\t\t\t\tcase 1:\n\t\t\t\t\tvalue = strings.ToUpper(value)\n\t\t\t\tcase 2:\n\t\t\t\t\tvalue = \" \" + value\n\t\t\t\tcase 3:\n\t\t\t\t\tvalue = value + \" \"\n\t\t\t\t}\n\t\t\t\treturn value\n\t\t\t}\n\n\t\t\tt.Run(\"case=create and find\", func(t *testing.T) {\n\t\t\t\taddresses := make([]identity.VerifiableAddress, 15)\n\t\t\t\tfor k := range addresses {\n\t\t\t\t\tvalue := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\t\taddresses[k] = createIdentityWithAddresses(t, transform(k, value))\n\t\t\t\t\trequire.NotEmpty(t, addresses[k].ID)\n\t\t\t\t}\n\n\t\t\t\tcompare := func(t *testing.T, expected, actual identity.VerifiableAddress) {\n\t\t\t\t\tactual.CreatedAt = actual.CreatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\tactual.UpdatedAt = actual.UpdatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\texpected.CreatedAt = expected.CreatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\texpected.UpdatedAt = expected.UpdatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\texpected.Value = strings.TrimSpace(strings.ToLower(expected.Value))\n\t\t\t\t\tassert.EqualValues(t, expected, actual)\n\t\t\t\t}\n\n\t\t\t\tfor k, expected := range addresses {\n\t\t\t\t\tt.Run(\"method=FindVerifiableAddressByValue\", func(t *testing.T) {\n\t\t\t\t\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\t\t\t\t\tactual, err := p.FindVerifiableAddressByValue(ctx, expected.Via, transform(k+1, expected.Value))\n\t\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\t\tcompare(t, expected, *actual)\n\n\t\t\t\t\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, expected.Via, transform(k+1, expected.Value))\n\t\t\t\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t\t\t\t})\n\t\t\t\t\t\t})\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\n\t\t\tt.Run(\"case=update\", func(t *testing.T) {\n\t\t\t\taddress := createIdentityWithAddresses(t, \"verification.TestPersister.Update@ory.sh \")\n\n\t\t\t\taddress.Value = \"new-codE \"\n\t\t\t\trequire.NoError(t, p.UpdateVerifiableAddress(ctx, &address))\n\n\t\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\trequire.ErrorIs(t, p.UpdateVerifiableAddress(ctx, &address), sqlcon.ErrNoRows)\n\t\t\t\t})\n\n\t\t\t\tactual, err := p.FindVerifiableAddressByValue(ctx, address.Via, address.Value)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, \"new-code\", actual.Value)\n\t\t\t})\n\n\t\t\tt.Run(\"case=create and update and find\", func(t *testing.T) {\n\t\t\t\tvar i identity.Identity\n\t\t\t\trequire.NoError(t, faker.FakeData(&i))\n\n\t\t\t\taddress := identity.NewVerifiableEmailAddress(\"verification.TestPersister.Update-Identity@ory.sh\", i.ID)\n\t\t\t\ti.VerifiableAddresses = append(i.VerifiableAddresses, *address)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, &i))\n\n\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"verification.TestPersister.Update-Identity@ory.sh\")\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"verification.TestPersister.Update-Identity@ory.sh\")\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\n\t\t\t\taddress = identity.NewVerifiableEmailAddress(\"verification.TestPersister.Update-Identity-next@ory.sh\", i.ID)\n\t\t\t\ti.VerifiableAddresses = []identity.VerifiableAddress{*address}\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, &i))\n\n\t\t\t\t_, err = p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"verification.TestPersister.Update-Identity@ory.sh\")\n\t\t\t\trequire.EqualError(t, err, sqlcon.ErrNoRows.Error())\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"verification.TestPersister.Update-Identity@ory.sh\")\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\n\t\t\t\tactual, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"verification.TestPersister.Update-Identity-next@ory.sh\")\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, identity.AddressTypeEmail, actual.Via)\n\t\t\t\tassert.Equal(t, \"verification.testpersister.update-identity-next@ory.sh\", actual.Value)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"verification.TestPersister.Update-Identity-next@ory.sh\")\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"case=create and update and find case insensitive\", func(t *testing.T) {\n\t\t\t\tvar i identity.Identity\n\t\t\t\trequire.NoError(t, faker.FakeData(&i))\n\n\t\t\t\taddress := identity.NewVerifiableEmailAddress(\"verification.TestPersister.Update-Identity-case-insensitive@ory.sh\", i.ID)\n\t\t\t\ti.VerifiableAddresses = append(i.VerifiableAddresses, *address)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, &i))\n\n\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"verification.TestPersister.Update-Identity-case-insensitive@ory.sh\"))\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"verification.TestPersister.Update-Identity-case-insensitive@ory.sh\"))\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\n\t\t\t\taddress = identity.NewVerifiableEmailAddress(\"verification.TestPersister.Update-Identity-case-insensitive-next@ory.sh\", i.ID)\n\t\t\t\ti.VerifiableAddresses = []identity.VerifiableAddress{*address}\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, &i))\n\n\t\t\t\t_, err = p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"verification.TestPersister.Update-Identity-case-insensitive@ory.sh\"))\n\t\t\t\trequire.EqualError(t, err, sqlcon.ErrNoRows.Error())\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"verification.TestPersister.Update-Identity-case-insensitive@ory.sh\"))\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\n\t\t\t\tactual, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"verification.TestPersister.Update-Identity-case-insensitive-next@ory.sh\"))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, identity.AddressTypeEmail, actual.Via)\n\t\t\t\tassert.Equal(t, \"verification.testpersister.update-identity-case-insensitive-next@ory.sh\", actual.Value)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindVerifiableAddressByValue(ctx, identity.AddressTypeEmail, \"verification.TestPersister.Update-Identity-case-insensitive-next@ory.sh\")\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"suite=credential-types\", func(t *testing.T) {\n\t\t\tfor _, ct := range identity.AllCredentialTypes {\n\t\t\t\tt.Run(\"type=\"+ct.String(), func(t *testing.T) {\n\t\t\t\t\tid, err := idpersistence.FindIdentityCredentialsTypeByName(p.GetConnection(ctx), ct)\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\trequire.NotEqual(t, uuid.Nil, id)\n\t\t\t\t\tname, err := idpersistence.FindIdentityCredentialsTypeByID(p.GetConnection(ctx), id)\n\t\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t\tassert.Equal(t, ct, name)\n\t\t\t\t})\n\t\t\t}\n\n\t\t\t_, err := idpersistence.FindIdentityCredentialsTypeByName(p.GetConnection(ctx), \"unknown\")\n\t\t\trequire.Error(t, err)\n\n\t\t\t_, err = idpersistence.FindIdentityCredentialsTypeByID(p.GetConnection(ctx), x.NewUUID())\n\t\t\trequire.Error(t, err)\n\t\t})\n\n\t\tt.Run(\"suite=recovery-address\", func(t *testing.T) {\n\t\t\tsortAddresses := func(addresses []identity.RecoveryAddress) {\n\t\t\t\tslices.SortFunc(addresses, func(a, b identity.RecoveryAddress) int {\n\t\t\t\t\treturn strings.Compare(a.Value, b.Value)\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tcreateIdentityWithAddresses := func(t *testing.T, email string) *identity.Identity {\n\t\t\t\tvar i identity.Identity\n\t\t\t\trequire.NoError(t, faker.FakeData(&i))\n\t\t\t\ti.Traits = []byte(`{\"email\":\"` + email + `\"}`)\n\t\t\t\taddress := identity.NewRecoveryEmailAddress(email, i.ID)\n\t\t\t\ti.RecoveryAddresses = append(i.RecoveryAddresses, *address)\n\n\t\t\t\taddressOther := identity.NewRecoveryEmailAddress(email+\"_other\", i.ID)\n\t\t\t\ti.RecoveryAddresses = append(i.RecoveryAddresses, *addressOther)\n\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, &i))\n\t\t\t\treturn &i\n\t\t\t}\n\n\t\t\tt.Run(\"case=not found\", func(t *testing.T) {\n\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, \"does-not-exist\")\n\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\t\tallAddresses, err := p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, \"does-not-exist\")\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, allAddresses, 0)\n\t\t\t})\n\n\t\t\tt.Run(\"case=create and find\", func(t *testing.T) {\n\t\t\t\taddresses := make([]identity.RecoveryAddress, 15)\n\t\t\t\tfor k := range addresses {\n\t\t\t\t\taddresses[k] = createIdentityWithAddresses(t, randx.MustString(16, randx.AlphaLowerNum)+\"@ory.sh\").RecoveryAddresses[0]\n\t\t\t\t\trequire.NotEmpty(t, addresses[k].ID)\n\t\t\t\t}\n\n\t\t\t\tcompare := func(t *testing.T, expected, actual identity.RecoveryAddress) {\n\t\t\t\t\tactual.CreatedAt = actual.CreatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\tactual.UpdatedAt = actual.UpdatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\texpected.CreatedAt = expected.CreatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\texpected.UpdatedAt = expected.UpdatedAt.UTC().Truncate(time.Hour * 24)\n\t\t\t\t\tassert.EqualValues(t, expected, actual)\n\t\t\t\t}\n\n\t\t\t\tfor k, expected := range addresses {\n\t\t\t\t\tt.Run(\"method=FindVerifiableAddressByValue\", func(t *testing.T) {\n\t\t\t\t\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\t\t\t\t\tactual, err := p.FindRecoveryAddressByValue(ctx, expected.Via, expected.Value)\n\t\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\t\tcompare(t, expected, *actual)\n\n\t\t\t\t\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, expected.Via, expected.Value)\n\t\t\t\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t\t\t\t})\n\t\t\t\t\t\t})\n\t\t\t\t\t})\n\n\t\t\t\t\tt.Run(\"method=FindAllRecoveryAddressesForIdentityByRecoveryAddressValue\", func(t *testing.T) {\n\t\t\t\t\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\t\t\t\t\tallAddresses, err := p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, expected.Value)\n\t\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\t\trequire.Len(t, allAddresses, 2)\n\t\t\t\t\t\t\tsortAddresses(allAddresses)\n\t\t\t\t\t\t\trequire.Equal(t, expected.Value, allAddresses[0].Value)\n\t\t\t\t\t\t\trequire.Equal(t, expected.Value+\"_other\", allAddresses[1].Value)\n\t\t\t\t\t\t})\n\n\t\t\t\t\t\tt.Run(\"not if on another network\", func(t *testing.T) {\n\t\t\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t\t\tallAddresses, err := p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, expected.Value)\n\t\t\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\t\t\trequire.Len(t, allAddresses, 0)\n\t\t\t\t\t\t})\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t})\n\n\t\t\tt.Run(\"case=create and update and find\", func(t *testing.T) {\n\t\t\t\temail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\temailLower := strings.ToLower(email)\n\t\t\t\tid := createIdentityWithAddresses(t, email)\n\n\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, email)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tallAddresses, err := p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, emailLower)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, allAddresses, 2)\n\t\t\t\tsortAddresses(allAddresses)\n\t\t\t\trequire.Equal(t, allAddresses[0].Value, emailLower)\n\t\t\t\trequire.Equal(t, allAddresses[1].Value, emailLower+\"_other\")\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, email)\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\t\t\tallAddresses, err := p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, emailLower)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.Len(t, allAddresses, 0)\n\t\t\t\t})\n\n\t\t\t\temailNext := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\tid.RecoveryAddresses = []identity.RecoveryAddress{{Via: identity.AddressTypeEmail, Value: emailNext}, {Via: identity.AddressTypeEmail, Value: emailNext + \"_other\"}}\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, id))\n\n\t\t\t\t_, err = p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, email)\n\t\t\t\trequire.EqualError(t, err, sqlcon.ErrNoRows.Error())\n\n\t\t\t\tallAddresses, err = p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, emailLower)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, allAddresses, 0)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, email)\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\t\t\tallAddresses, err := p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, emailLower)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.Len(t, allAddresses, 0)\n\t\t\t\t})\n\n\t\t\t\temailNextLower := strings.ToLower(emailNext)\n\t\t\t\tactual, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, emailNext)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, identity.AddressTypeEmail, actual.Via)\n\t\t\t\tassert.Equal(t, emailNextLower, actual.Value)\n\n\t\t\t\tallAddresses, err = p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, emailNextLower)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, allAddresses, 2)\n\t\t\t\tsortAddresses(allAddresses)\n\t\t\t\tassert.Equal(t, identity.AddressTypeEmail, allAddresses[0].Via)\n\t\t\t\tassert.Equal(t, emailNextLower, allAddresses[0].Value)\n\t\t\t\tassert.Equal(t, identity.AddressTypeEmail, allAddresses[1].Via)\n\t\t\t\tassert.Equal(t, emailNextLower+\"_other\", allAddresses[1].Value)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, emailNext)\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\t\t\tallAddresses, err := p.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx, emailNextLower)\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.Len(t, allAddresses, 0)\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"case=create and update and find case insensitive\", func(t *testing.T) {\n\t\t\t\tid := createIdentityWithAddresses(t, \"recovery.TestPersister.Update-case-insensitive@ory.sh\")\n\n\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"recovery.TestPersister.Update-case-insensitive@ory.sh\"))\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"Recovery.TestPersister.Update-case-insensitive@ory.sh\"))\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\n\t\t\t\tid.RecoveryAddresses = []identity.RecoveryAddress{{Via: identity.AddressTypeEmail, Value: \"recovery.TestPersister.Update-case-insensitive-next@ory.sh\"}}\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, id))\n\n\t\t\t\t_, err = p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"recovery.TestPersister.Update-case-insensitive@ory.sh\"))\n\t\t\t\trequire.EqualError(t, err, sqlcon.ErrNoRows.Error())\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"recovery.TestPersister.Update-case-insensitive@ory.sh\"))\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\n\t\t\t\tactual, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"recovery.TestPersister.Update-case-insensitive-next@ory.sh\"))\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Equal(t, identity.AddressTypeEmail, actual.Via)\n\t\t\t\tassert.Equal(t, \"recovery.testpersister.update-case-insensitive-next@ory.sh\", actual.Value)\n\n\t\t\t\tt.Run(\"can not find if on another network\", func(t *testing.T) {\n\t\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\t\t\t_, err := p.FindRecoveryAddressByValue(ctx, identity.AddressTypeEmail, strings.ToUpper(\"recovery.TestPersister.Update-case-insensitive-next@ory.sh\"))\n\t\t\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t\t\t\t})\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"network reference isolation\", func(t *testing.T) {\n\t\t\tnid1, p := testhelpers.NewNetwork(t, ctx, p)\n\t\t\tnid2, _ := testhelpers.NewNetwork(t, ctx, p)\n\n\t\t\tvar m []identity.CredentialsTypeTable\n\t\t\trequire.NoError(t, p.GetConnection(ctx).All(&m))\n\n\t\t\tiid := x.NewUUID()\n\t\t\trequire.NoError(t, p.GetConnection(ctx).RawQuery(\"INSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at) VALUES (?, ?, 'default', '{}', ?, ?)\", iid, nid1, time.Now(), time.Now()).Exec())\n\n\t\t\tcid1, cid2 := x.NewUUID(), x.NewUUID()\n\t\t\trequire.NoError(t, p.GetConnection(ctx).RawQuery(\"INSERT INTO identity_credentials (id, identity_id, nid, identity_credential_type_id, created_at, updated_at, config) VALUES (?, ?, ?, ?, ?, ?, '{}')\", cid1, iid, nid1, m[0].ID, time.Now(), time.Now()).Exec())\n\t\t\trequire.NoError(t, p.GetConnection(ctx).RawQuery(\"INSERT INTO identity_credentials (id, identity_id, nid, identity_credential_type_id, created_at, updated_at, config) VALUES (?, ?, ?, ?, ?, ?, '{}')\", cid2, iid, nid2, m[0].ID, time.Now(), time.Now()).Exec())\n\n\t\t\tici1, ici2 := x.NewUUID(), x.NewUUID()\n\t\t\trequire.NoError(t, p.GetConnection(ctx).RawQuery(\"INSERT INTO identity_credential_identifiers (id, identity_id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)\", ici1, iid, cid1, nid1, \"nid1\", time.Now(), time.Now(), m[0].ID).Exec())\n\t\t\trequire.NoError(t, p.GetConnection(ctx).RawQuery(\"INSERT INTO identity_credential_identifiers (id, identity_id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)\", ici2, iid, cid2, nid2, \"nid2\", time.Now(), time.Now(), m[0].ID).Exec())\n\n\t\t\t_, err := p.GetIdentity(ctx, nid1, identity.ExpandNothing)\n\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\t_, err = p.GetIdentityConfidential(ctx, nid1)\n\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\ti, c, err := p.FindByCredentialsIdentifier(ctx, m[0].Name, \"nid1\")\n\t\t\trequire.NoError(t, err)\n\t\t\tassert.Equal(t, \"nid1\", c.Identifiers[0])\n\t\t\trequire.Len(t, i.Credentials, 1)\n\n\t\t\t_, _, err = p.FindByCredentialsIdentifier(ctx, m[0].Name, \"nid2\")\n\t\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\n\t\t\ti, err = p.GetIdentityConfidential(ctx, iid)\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.Len(t, i.Credentials, 1)\n\t\t\tassert.Equal(t, \"nid1\", i.Credentials[m[0].Name].Identifiers[0])\n\t\t})\n\n\t\tt.Run(\"suite=update-verifiable-addresses-edge-cases\", func(t *testing.T) {\n\t\t\tt.Run(\"case=add new verifiable addresses\", func(t *testing.T) {\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\toriginalEmail := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tnew1Email := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tnew2Email := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tinitial.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: originalEmail, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.VerifiableAddresses, 1)\n\n\t\t\t\t// Add two new addresses\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.VerifiableAddresses = append(updated.VerifiableAddresses,\n\t\t\t\t\tidentity.VerifiableAddress{Value: new1Email, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t\tidentity.VerifiableAddress{Value: new2Email, Via: identity.AddressTypeEmail, Verified: true, Status: identity.VerifiableAddressStatusCompleted},\n\t\t\t\t)\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 3)\n\n\t\t\t\tvalues := []string{actual.VerifiableAddresses[0].Value, actual.VerifiableAddresses[1].Value, actual.VerifiableAddresses[2].Value}\n\t\t\t\tassertContainsValues(t, values, []string{originalEmail, new1Email, new2Email}, nil)\n\n\t\t\t\t// Verify the new verified address has verified_at set\n\t\t\t\tfor _, addr := range actual.VerifiableAddresses {\n\t\t\t\t\tif addr.Value == new2Email {\n\t\t\t\t\t\tassert.True(t, addr.Verified)\n\t\t\t\t\t\tassert.NotNil(t, addr.VerifiedAt)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t})\n\n\t\t\tt.Run(\"case=remove all verifiable addresses\", func(t *testing.T) {\n\t\t\t\temail1 := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\temail2 := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: email1, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t\t{Value: email2, Via: identity.AddressTypeEmail, Verified: true, Status: identity.VerifiableAddressStatusCompleted},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.VerifiableAddresses, 2)\n\n\t\t\t\t// Remove all addresses\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.VerifiableAddresses = []identity.VerifiableAddress{}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual.VerifiableAddresses, 0)\n\t\t\t})\n\n\t\t\tt.Run(\"case=remove some and add some verifiable addresses\", func(t *testing.T) {\n\t\t\t\tkeepEmail := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tremoveEmail := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\taddEmail := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: keepEmail, Via: identity.AddressTypeEmail, Verified: true, Status: identity.VerifiableAddressStatusCompleted},\n\t\t\t\t\t{Value: removeEmail, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.VerifiableAddresses, 2)\n\n\t\t\t\t// Keep one, remove one, add one\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tvar keptAddress identity.VerifiableAddress\n\t\t\t\tfor _, addr := range updated.VerifiableAddresses {\n\t\t\t\t\tif addr.Value == keepEmail {\n\t\t\t\t\t\tkeptAddress = addr\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tupdated.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\tkeptAddress,\n\t\t\t\t\t{Value: addEmail, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusSent},\n\t\t\t\t}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 2)\n\n\t\t\t\tvalues := []string{actual.VerifiableAddresses[0].Value, actual.VerifiableAddresses[1].Value}\n\t\t\t\tassertContainsValues(t, values, []string{keepEmail, addEmail}, []string{removeEmail})\n\t\t\t})\n\n\t\t\tt.Run(\"case=update existing verifiable address properties\", func(t *testing.T) {\n\t\t\t\tchangeEmail := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: changeEmail, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\toldAddr := fromDB.VerifiableAddresses[0]\n\t\t\t\tassert.False(t, oldAddr.Verified)\n\t\t\t\tassert.Nil(t, oldAddr.VerifiedAt)\n\n\t\t\t\t// Change the address value - this should be treated as removal + addition\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: changeEmail, Via: identity.AddressTypeEmail, Verified: true, Status: identity.VerifiableAddressStatusCompleted},\n\t\t\t\t}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\t\tassert.Equal(t, changeEmail, actual.VerifiableAddresses[0].Value)\n\t\t\t\tassert.True(t, actual.VerifiableAddresses[0].Verified)\n\t\t\t\tassert.NotNil(t, actual.VerifiableAddresses[0].VerifiedAt)\n\t\t\t})\n\n\t\t\tt.Run(\"case=replace all verifiable addresses at once\", func(t *testing.T) {\n\t\t\t\told1Email := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\told2Email := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\told3Email := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: old1Email, Via: identity.AddressTypeEmail, Verified: true, Status: identity.VerifiableAddressStatusCompleted},\n\t\t\t\t\t{Value: old2Email, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t\t{Value: old3Email, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusSent},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.VerifiableAddresses, 3)\n\n\t\t\t\tnew1Email := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\tnew2Email := \"dev+\" + uuid.Must(uuid.NewV4()).String() + \"+@ory.com\"\n\t\t\t\t// Replace all addresses with new ones\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: new1Email, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t\t{Value: new2Email, Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 2)\n\n\t\t\t\tvalues := []string{actual.VerifiableAddresses[0].Value, actual.VerifiableAddresses[1].Value}\n\t\t\t\tassertContainsValues(t, values, []string{new1Email, new2Email}, []string{old1Email, old2Email, old3Email})\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"suite=update-recovery-addresses-edge-cases\", func(t *testing.T) {\n\t\t\tt.Run(\"case=add new recovery addresses\", func(t *testing.T) {\n\t\t\t\tinitialEmail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\trecovery1Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\trecovery2Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\t{Value: initialEmail, Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.RecoveryAddresses, 1)\n\n\t\t\t\t// Add two new addresses\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.RecoveryAddresses = append(updated.RecoveryAddresses,\n\t\t\t\t\tidentity.RecoveryAddress{Value: recovery1Email, Via: identity.AddressTypeEmail},\n\t\t\t\t\tidentity.RecoveryAddress{Value: recovery2Email, Via: identity.AddressTypeEmail},\n\t\t\t\t)\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 3)\n\n\t\t\t\tvalues := []string{actual.RecoveryAddresses[0].Value, actual.RecoveryAddresses[1].Value, actual.RecoveryAddresses[2].Value}\n\t\t\t\tassertContainsValues(t, values, []string{initialEmail, recovery1Email, recovery2Email}, nil)\n\t\t\t})\n\n\t\t\tt.Run(\"case=remove all recovery addresses\", func(t *testing.T) {\n\t\t\t\tremove1Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\tremove2Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\t{Value: remove1Email, Via: identity.AddressTypeEmail},\n\t\t\t\t\t{Value: remove2Email, Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.RecoveryAddresses, 2)\n\n\t\t\t\t// Remove all addresses\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.RecoveryAddresses = []identity.RecoveryAddress{}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual.RecoveryAddresses, 0)\n\t\t\t})\n\n\t\t\tt.Run(\"case=remove some and add some recovery addresses\", func(t *testing.T) {\n\t\t\t\tkeepEmail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\tremoveEmail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\taddEmail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\t{Value: keepEmail, Via: identity.AddressTypeEmail},\n\t\t\t\t\t{Value: removeEmail, Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.RecoveryAddresses, 2)\n\n\t\t\t\t// Keep one, remove one, add one\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tvar keptAddress identity.RecoveryAddress\n\t\t\t\tfor _, addr := range updated.RecoveryAddresses {\n\t\t\t\t\tif addr.Value == keepEmail {\n\t\t\t\t\t\tkeptAddress = addr\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tupdated.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\tkeptAddress,\n\t\t\t\t\t{Value: addEmail, Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 2)\n\n\t\t\t\tvalues := []string{actual.RecoveryAddresses[0].Value, actual.RecoveryAddresses[1].Value}\n\t\t\t\tassertContainsValues(t, values, []string{keepEmail, addEmail}, []string{removeEmail})\n\t\t\t})\n\n\t\t\tt.Run(\"case=replace all recovery addresses at once\", func(t *testing.T) {\n\t\t\t\told1Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\told2Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\told3Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\tnew1Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\tnew2Email := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\t{Value: old1Email, Via: identity.AddressTypeEmail},\n\t\t\t\t\t{Value: old2Email, Via: identity.AddressTypeEmail},\n\t\t\t\t\t{Value: old3Email, Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.RecoveryAddresses, 3)\n\n\t\t\t\t// Replace all addresses with new ones\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\t{Value: new1Email, Via: identity.AddressTypeEmail},\n\t\t\t\t\t{Value: new2Email, Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 2)\n\n\t\t\t\tvalues := []string{actual.RecoveryAddresses[0].Value, actual.RecoveryAddresses[1].Value}\n\t\t\t\tassertContainsValues(t, values, []string{new1Email, new2Email}, []string{old1Email, old2Email, old3Email})\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"suite=update-credentials-edge-cases\", func(t *testing.T) {\n\t\t\tt.Run(\"case=add new credential type\", func(t *testing.T) {\n\t\t\t\ttotpIdentifier := randx.MustString(16, randx.AlphaLowerNum)\n\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.Credentials, 1)\n\t\t\t\t_, hasPassword := fromDB.Credentials[identity.CredentialsTypePassword]\n\t\t\t\tassert.True(t, hasPassword)\n\t\t\t\toldPasswordCredID := fromDB.Credentials[identity.CredentialsTypePassword].ID\n\n\t\t\t\t// Add TOTP credential\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeTOTP, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\tIdentifiers: []string{totpIdentifier},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t})\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, initial, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.Credentials, 2)\n\t\t\t\t_, hasPassword = actual.Credentials[identity.CredentialsTypePassword]\n\t\t\t\t_, hasTOTP := actual.Credentials[identity.CredentialsTypeTOTP]\n\t\t\t\tassert.True(t, hasPassword)\n\t\t\t\tassert.True(t, hasTOTP)\n\t\t\t\tassert.Equal(t, []string{totpIdentifier}, actual.Credentials[identity.CredentialsTypeTOTP].Identifiers)\n\t\t\t\t// Verify that the password credential was not recreated (ID should remain the same)\n\t\t\t\tassert.Equal(t, oldPasswordCredID, actual.Credentials[identity.CredentialsTypePassword].ID, \"password credential should not be recreated when adding TOTP\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=remove all credentials\", func(t *testing.T) {\n\t\t\t\toidcIdentifier := randx.MustString(16, randx.AlphaLowerNum)\n\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\tIdentifiers: []string{oidcIdentifier},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.Credentials, 2)\n\n\t\t\t\t// Remove all credentials\n\t\t\t\tinitial.Credentials = map[identity.CredentialsType]identity.Credentials{}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, initial, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.Len(t, actual.Credentials, 0)\n\t\t\t})\n\n\t\t\tt.Run(\"case=remove one credential type and keep others\", func(t *testing.T) {\n\t\t\t\toidcIdentifier := randx.MustString(16, randx.AlphaLowerNum)\n\t\t\t\ttotpIdentifier := randx.MustString(16, randx.AlphaLowerNum)\n\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\tIdentifiers: []string{oidcIdentifier},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\t})\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeTOTP, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\tIdentifiers: []string{totpIdentifier},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.Credentials, 3)\n\t\t\t\toldOIDCCredID := fromDB.Credentials[identity.CredentialsTypeOIDC].ID\n\t\t\t\toldTOTPCredID := fromDB.Credentials[identity.CredentialsTypeTOTP].ID\n\n\t\t\t\t// Remove password credential, keep OIDC and TOTP\n\t\t\t\tdelete(initial.Credentials, identity.CredentialsTypePassword)\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, initial, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.Credentials, 2)\n\t\t\t\t_, hasPassword := actual.Credentials[identity.CredentialsTypePassword]\n\t\t\t\t_, hasOIDC := actual.Credentials[identity.CredentialsTypeOIDC]\n\t\t\t\t_, hasTOTP := actual.Credentials[identity.CredentialsTypeTOTP]\n\t\t\t\tassert.False(t, hasPassword)\n\t\t\t\tassert.True(t, hasOIDC)\n\t\t\t\tassert.True(t, hasTOTP)\n\t\t\t\t// Verify that OIDC and TOTP credentials were not recreated (IDs should remain the same)\n\t\t\t\tassert.Equal(t, oldOIDCCredID, actual.Credentials[identity.CredentialsTypeOIDC].ID, \"OIDC credential should not be recreated when removing password\")\n\t\t\t\tassert.Equal(t, oldTOTPCredID, actual.Credentials[identity.CredentialsTypeTOTP].ID, \"TOTP credential should not be recreated when removing password\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=update credential config and identifiers\", func(t *testing.T) {\n\t\t\t\toldEmail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\tnewEmail := randx.MustString(16, randx.AlphaLowerNum) + \"@ory.sh\"\n\t\t\t\tinitial := passwordIdentity(\"\", oldEmail)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\toldCred := fromDB.Credentials[identity.CredentialsTypePassword]\n\n\t\t\t\t// Update password credential with new identifier and config\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypePassword,\n\t\t\t\t\tIdentifiers: []string{newEmail},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"new\":\"config\"}`),\n\t\t\t\t})\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, initial, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tnewCred := actual.Credentials[identity.CredentialsTypePassword]\n\t\t\t\tassert.NotEqual(t, oldCred.ID, newCred.ID)\n\t\t\t\tassert.Equal(t, []string{newEmail}, newCred.Identifiers)\n\t\t\t\tassert.JSONEq(t, `{\"new\":\"config\"}`, string(newCred.Config))\n\t\t\t})\n\n\t\t\tt.Run(\"case=replace all credentials at once\", func(t *testing.T) {\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\tIdentifiers: []string{\"oidc-replace\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\t})\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeTOTP, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\tIdentifiers: []string{\"totp-replace\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.Credentials, 3)\n\n\t\t\t\t// Replace all credentials with webauthn\n\t\t\t\tinitial.Credentials = map[identity.CredentialsType]identity.Credentials{\n\t\t\t\t\tidentity.CredentialsTypeWebAuthn: {\n\t\t\t\t\t\tType: identity.CredentialsTypeWebAuthn,\n\t\t\t\t\t\tIdentifiers: []string{\"webauthn-new\"},\n\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"credentials\":[]}`),\n\t\t\t\t\t},\n\t\t\t\t}\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, initial, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.Credentials, 1)\n\t\t\t\t_, hasWebAuthn := actual.Credentials[identity.CredentialsTypeWebAuthn]\n\t\t\t\tassert.True(t, hasWebAuthn)\n\t\t\t\tassert.Equal(t, []string{\"webauthn-new\"}, actual.Credentials[identity.CredentialsTypeWebAuthn].Identifiers)\n\t\t\t})\n\n\t\t\tt.Run(\"case=update with no changes\", func(t *testing.T) {\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\tIdentifiers: []string{\"oidc-no-change\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\t})\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeTOTP, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\tIdentifiers: []string{\"totp-no-change\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.Credentials, 3)\n\t\t\t\toldPasswordCredID := fromDB.Credentials[identity.CredentialsTypePassword].ID\n\t\t\t\toldOIDCCredID := fromDB.Credentials[identity.CredentialsTypeOIDC].ID\n\t\t\t\toldTOTPCredID := fromDB.Credentials[identity.CredentialsTypeTOTP].ID\n\n\t\t\t\t// Update without changing anything\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, initial, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\t// Verify no credentials were added or removed\n\t\t\t\trequire.Len(t, actual.Credentials, 3, \"credential count should not change when nothing is modified\")\n\t\t\t\t// Verify all credential IDs remained the same (nothing was recreated)\n\t\t\t\tassert.Equal(t, oldPasswordCredID, actual.Credentials[identity.CredentialsTypePassword].ID, \"password credential should not be recreated when nothing changes\")\n\t\t\t\tassert.Equal(t, oldOIDCCredID, actual.Credentials[identity.CredentialsTypeOIDC].ID, \"OIDC credential should not be recreated when nothing changes\")\n\t\t\t\tassert.Equal(t, oldTOTPCredID, actual.Credentials[identity.CredentialsTypeTOTP].ID, \"TOTP credential should not be recreated when nothing changes\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=update with json whitespace differences\", func(t *testing.T) {\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\t// Create with compact JSON\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\tIdentifiers: []string{\"oidc-whitespace\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\",\"baz\":\"qux\"}`),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.Credentials, 2)\n\t\t\t\toldPasswordCredID := fromDB.Credentials[identity.CredentialsTypePassword].ID\n\t\t\t\toldOIDCCredID := fromDB.Credentials[identity.CredentialsTypeOIDC].ID\n\n\t\t\t\t// Update with same JSON but different whitespace formatting\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\tIdentifiers: []string{\"oidc-whitespace\"},\n\t\t\t\t\t// Same JSON content but with different whitespace\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\n\t\t\t\t\t\t\"foo\": \"bar\",\n\t\t\t\t\t\t\"baz\": \"qux\"\n\t\t\t\t\t}`),\n\t\t\t\t})\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, initial, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\t// Verify no credentials were added or removed\n\t\t\t\trequire.Len(t, actual.Credentials, 2, \"credential count should not change\")\n\t\t\t\t// Verify credential IDs remained the same (nothing was recreated despite JSON formatting difference)\n\t\t\t\tassert.Equal(t, oldPasswordCredID, actual.Credentials[identity.CredentialsTypePassword].ID, \"password credential should not be recreated\")\n\t\t\t\tassert.Equal(t, oldOIDCCredID, actual.Credentials[identity.CredentialsTypeOIDC].ID, \"OIDC credential should not be recreated when JSON has different whitespace\")\n\t\t\t})\n\n\t\t\tt.Run(\"case=update traits with fromDatabase parameter\", func(t *testing.T) {\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.Traits = identity.Traits(`{\"email\":\"initial@ory.sh\",\"name\":\"Initial Name\"}`)\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t// Update traits using DiffAgainst\n\t\t\t\tupdated := fromDB.CopyWithoutCredentials()\n\t\t\t\tupdated.Traits = identity.Traits(`{\"email\":\"updated@ory.sh\",\"name\":\"Updated Name\"}`)\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentity(ctx, initial.ID, identity.ExpandDefault)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tassert.JSONEq(t, `{\"email\":\"updated@ory.sh\",\"name\":\"Updated Name\"}`, string(actual.Traits))\n\t\t\t})\n\n\t\t\tt.Run(\"case=update without fromDatabase parameter\", func(t *testing.T) {\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.SetCredentials(identity.CredentialsTypeOIDC, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeOIDC,\n\t\t\t\t\tIdentifiers: []string{\"oidc-no-from-db\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t\t\t\t})\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, fromDB.Credentials, 2)\n\t\t\t\toldPasswordCredID := fromDB.Credentials[identity.CredentialsTypePassword].ID\n\t\t\t\toldOIDCCredID := fromDB.Credentials[identity.CredentialsTypeOIDC].ID\n\n\t\t\t\t// Update without providing fromDatabase - should fetch from DB internally\n\t\t\t\tupdated := *fromDB\n\t\t\t\tupdated.SetCredentials(identity.CredentialsTypeTOTP, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\tIdentifiers: []string{\"totp-no-from-db\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t})\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, &updated))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.Credentials, 3)\n\t\t\t\t_, hasTOTP := actual.Credentials[identity.CredentialsTypeTOTP]\n\t\t\t\tassert.True(t, hasTOTP)\n\t\t\t\t// Verify that password and OIDC credentials were not recreated (IDs should remain the same)\n\t\t\t\tassert.Equal(t, oldPasswordCredID, actual.Credentials[identity.CredentialsTypePassword].ID, \"password credential should not be recreated when adding TOTP without fromDatabase\")\n\t\t\t\tassert.Equal(t, oldOIDCCredID, actual.Credentials[identity.CredentialsTypeOIDC].ID, \"OIDC credential should not be recreated when adding TOTP without fromDatabase\")\n\t\t\t})\n\t\t})\n\n\t\tt.Run(\"suite=update-combined-changes\", func(t *testing.T) {\n\t\t\tt.Run(\"case=update addresses and credentials simultaneously\", func(t *testing.T) {\n\t\t\t\tinitial := passwordIdentity(\"\", x.NewUUID().String())\n\t\t\t\tinitial.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: \"combined-verify@ory.sh\", Via: identity.AddressTypeEmail, Verified: false, Status: identity.VerifiableAddressStatusPending},\n\t\t\t\t}\n\t\t\t\tinitial.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\t{Value: \"combined-recovery@ory.sh\", Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\t\t\t\trequire.NoError(t, p.CreateIdentity(ctx, initial))\n\t\t\t\tcreatedIDs = append(createdIDs, initial.ID)\n\n\t\t\t\tfromDB, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\t// Change everything at once\n\t\t\t\tupdated := *fromDB\n\t\t\t\tupdated.VerifiableAddresses = []identity.VerifiableAddress{\n\t\t\t\t\t{Value: \"combined-verify-new@ory.sh\", Via: identity.AddressTypeEmail, Verified: true, Status: identity.VerifiableAddressStatusCompleted},\n\t\t\t\t}\n\t\t\t\tupdated.RecoveryAddresses = []identity.RecoveryAddress{\n\t\t\t\t\t{Value: \"combined-recovery-new@ory.sh\", Via: identity.AddressTypeEmail},\n\t\t\t\t}\n\t\t\t\tupdated.SetCredentials(identity.CredentialsTypeTOTP, identity.Credentials{\n\t\t\t\t\tType: identity.CredentialsTypeTOTP,\n\t\t\t\t\tIdentifiers: []string{\"combined-totp\"},\n\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"totp_url\":\"otpauth://totp/test\"}`),\n\t\t\t\t})\n\n\t\t\t\trequire.NoError(t, p.UpdateIdentity(ctx, &updated, identity.DiffAgainst(fromDB)))\n\n\t\t\t\tactual, err := p.GetIdentityConfidential(ctx, initial.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\trequire.Len(t, actual.VerifiableAddresses, 1)\n\t\t\t\trequire.Len(t, actual.RecoveryAddresses, 1)\n\t\t\t\trequire.Len(t, actual.Credentials, 2)\n\n\t\t\t\tassert.Equal(t, \"combined-verify-new@ory.sh\", actual.VerifiableAddresses[0].Value)\n\t\t\t\tassert.Equal(t, \"combined-recovery-new@ory.sh\", actual.RecoveryAddresses[0].Value)\n\t\t\t\t_, hasTOTP := actual.Credentials[identity.CredentialsTypeTOTP]\n\t\t\t\tassert.True(t, hasTOTP)\n\t\t\t})\n\t\t})\n\t}\n}\n\nfunc NewTestIdentity(numAddresses int, prefix string, i int) *identity.Identity {\n\tvar (\n\t\tverifiableAddresses []identity.VerifiableAddress\n\t\trecoveryAddresses []identity.RecoveryAddress\n\t)\n\ttraits := struct {\n\t\tEmails []string `json:\"emails\"`\n\t\tUsername string `json:\"username\"`\n\t}{}\n\n\tverificationStates := []identity.VerifiableAddressStatus{\n\t\tidentity.VerifiableAddressStatusPending,\n\t\tidentity.VerifiableAddressStatusSent,\n\t\tidentity.VerifiableAddressStatusCompleted,\n\t}\n\n\tfor j := 0; j < numAddresses; j++ {\n\t\temail := fmt.Sprintf(\"%s-%d-%d@ory.sh\", prefix, i, j)\n\t\ttraits.Emails = append(traits.Emails, email)\n\t\tverifiableAddresses = append(verifiableAddresses, identity.VerifiableAddress{\n\t\t\tValue: email,\n\t\t\tVia: identity.AddressTypeEmail,\n\t\t\tVerified: j%2 == 0,\n\t\t\tStatus: verificationStates[j%len(verificationStates)],\n\t\t})\n\t\trecoveryAddresses = append(recoveryAddresses, identity.RecoveryAddress{\n\t\t\tValue: email,\n\t\t\tVia: identity.AddressTypeEmail,\n\t\t})\n\t}\n\ttraits.Username = traits.Emails[0]\n\trawTraits, _ := json.Marshal(traits)\n\n\tid := &identity.Identity{\n\t\tSchemaID: \"multiple_emails\",\n\t\tTraits: rawTraits,\n\t\tVerifiableAddresses: verifiableAddresses,\n\t\tRecoveryAddresses: recoveryAddresses,\n\t\tState: \"active\",\n\t}\n\tid.SetCredentials(identity.CredentialsTypePassword, identity.Credentials{\n\t\tType: identity.CredentialsTypePassword,\n\t\tIdentifiers: []string{traits.Username},\n\t\tConfig: sqlxx.JSONRawMessage(`{}`),\n\t})\n\n\treturn id\n}\n" }, { "path": "identity/validator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"context\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\n\t\"github.com/tidwall/sjson\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/x/otelx\"\n)\n\ntype (\n\tvalidatorDependencies interface {\n\t\tschema.IdentitySchemaProvider\n\t\tconfig.Provider\n\t}\n\tValidator struct {\n\t\tv *schema.Validator\n\t\td validatorDependencies\n\t}\n\tValidationProvider interface {\n\t\tIdentityValidator() *Validator\n\t}\n)\n\nfunc NewValidator(d validatorDependencies) *Validator {\n\treturn &Validator{v: schema.NewValidator(), d: d}\n}\n\nfunc (v *Validator) ValidateWithRunner(ctx context.Context, i *Identity, runners ...schema.ValidateExtension) error {\n\trunner, err := schema.NewExtensionRunner(ctx, schema.WithValidateRunners(runners...))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tss, err := v.d.IdentityTraitsSchemas(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\ts, err := ss.GetByID(i.SchemaID)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif len(i.Traits) == 0 {\n\t\ti.Traits = []byte(`{}`)\n\t}\n\n\ttraits, err := sjson.SetRawBytes([]byte(`{}`), \"traits\", i.Traits)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithError(err.Error()))\n\t}\n\n\treturn v.v.Validate(ctx, s.URL.String(), traits, schema.WithExtensionRunner(runner))\n}\n\nfunc (v *Validator) Validate(ctx context.Context, i *Identity) error {\n\treturn otelx.WithSpan(ctx, \"identity.Validator.Validate\", func(ctx context.Context) error {\n\t\treturn v.ValidateWithRunner(ctx, i,\n\t\t\tNewSchemaExtensionCredentials(i),\n\t\t\tNewSchemaExtensionVerification(i, v.d.Config().SelfServiceFlowVerificationRequestLifespan(ctx)),\n\t\t\tNewSchemaExtensionRecovery(i),\n\t\t)\n\t})\n}\n" }, { "path": "identity/validator_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity_test\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"testing\"\n\n\t\"github.com/golang/mock/gomock\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/jsonschema/v3/httploader\"\n\t\"github.com/ory/kratos/driver/config\"\n\t. \"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/httpx\"\n)\n\nfunc TestSchemaValidatorDisallowsInternalNetworkRequests(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t,\n\t\tconfigx.WithValues(testhelpers.IdentitySchemasConfig(map[string]string{\n\t\t\t\"localhost\": \"https://localhost/schema/whatever\",\n\t\t\t\"privateRef\": \"file://stub/localhost-ref.schema.json\",\n\t\t\t\"inlineRef\": \"base64://\" + base64.StdEncoding.EncodeToString([]byte(`{\"traits\": {}}`)),\n\t\t})),\n\t\tconfigx.WithValue(config.ViperKeyClientHTTPNoPrivateIPRanges, true),\n\t)\n\n\tv := NewValidator(reg)\n\n\tfor id, expectedErr := range map[string]string{\n\t\t\"localhost\": \"is not a permitted destination\",\n\t\t\"privateRef\": \"is not a permitted destination\",\n\t\t\"inlineRef\": \"\",\n\t} {\n\t\tt.Run(id, func(t *testing.T) {\n\t\t\tt.Parallel()\n\n\t\t\ti := &Identity{\n\t\t\t\tSchemaID: id,\n\t\t\t\tTraits: Traits(`{ \"firstName\": \"first-name\", \"lastName\": \"last-name\", \"age\": 1 }`),\n\t\t\t}\n\t\t\tctx := context.WithValue(t.Context(), httploader.ContextKey, reg.HTTPClient(t.Context()))\n\t\t\terr := v.Validate(ctx, i)\n\t\t\tif expectedErr == \"\" {\n\t\t\t\tassert.NoError(t, err)\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\tvar hErr *herodot.DefaultError\n\t\t\trequire.ErrorAs(t, err, &hErr)\n\t\t\tassert.Contains(t, hErr.Debug(), expectedErr)\n\t\t})\n\t}\n}\n\nfunc TestSchemaValidator(t *testing.T) {\n\tt.Parallel()\n\n\tctrl := gomock.NewController(t)\n\tdefer ctrl.Finish()\n\n\trouter := http.NewServeMux()\n\trouter.HandleFunc(\"GET /schema/{name}\", func(w http.ResponseWriter, r *http.Request) {\n\t\t_, _ = w.Write([]byte(`{\n \"$id\": \"https://example.com/person.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n\t\"traits\": {\n\t \"type\": \"object\",\n\t \"properties\": {\n \"` + r.PathValue(\"name\") + `\": {\n \"type\": \"string\",\n \"description\": \"The person's first name.\"\n },\n \"lastName\": {\n \"type\": \"string\",\n \"description\": \"The person's last name.\"\n },\n \"age\": {\n \"description\": \"Age in years which must be equal to or greater than zero.\",\n \"type\": \"integer\",\n \"minimum\": 1\n }\n\t },\n\t \"additionalProperties\": false\n\t}\n },\n \"additionalProperties\": false\n}`))\n\t})\n\n\tts := httptest.NewServer(router)\n\tdefer ts.Close()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t,\n\t\tconfigx.WithValues(testhelpers.IdentitySchemasConfig(map[string]string{\n\t\t\t\"default\": ts.URL + \"/schema/firstName\",\n\t\t\t\"whatever\": ts.URL + \"/schema/whatever\",\n\t\t\t\"unreachable-url\": ts.URL + \"/404-not-found\",\n\t\t})),\n\t)\n\tv := NewValidator(reg)\n\n\tfor k, tc := range []struct {\n\t\ti *Identity\n\t\terr string\n\t}{\n\t\t{\n\t\t\ti: &Identity{\n\t\t\t\tTraits: Traits(`{ \"firstName\": \"first-name\", \"lastName\": \"last-name\", \"age\": 1 }`),\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{\n\t\t\t\tTraits: Traits(`{ \"firstName\": \"first-name\", \"lastName\": \"last-name\", \"age\": -1 }`),\n\t\t\t},\n\t\t\terr: \"I[#/traits/age] S[#/properties/traits/properties/age/minimum] must be >= 1 but found -1\",\n\t\t},\n\t\t{\n\t\t\ti: &Identity{\n\t\t\t\tTraits: Traits(`{ \"whatever\": \"first-name\", \"lastName\": \"last-name\", \"age\": 1 }`),\n\t\t\t},\n\t\t\terr: `I[#/traits] S[#/properties/traits/additionalProperties] additionalProperties \"whatever\" not allowed`,\n\t\t},\n\t\t{\n\t\t\ti: &Identity{\n\t\t\t\tSchemaID: \"whatever\",\n\t\t\t\tTraits: Traits(`{ \"whatever\": \"first-name\", \"lastName\": \"last-name\", \"age\": 1 }`),\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\ti: &Identity{\n\t\t\t\tSchemaID: \"whatever\",\n\t\t\t\tTraits: Traits(`{ \"firstName\": \"first-name\", \"lastName\": \"last-name\", \"age\": 1 }`),\n\t\t\t},\n\t\t\terr: `I[#/traits] S[#/properties/traits/additionalProperties] additionalProperties \"firstName\" not allowed`,\n\t\t},\n\t\t{\n\t\t\ti: &Identity{\n\t\t\t\tSchemaID: \"unreachable-url\",\n\t\t\t\tTraits: Traits(`{ \"firstName\": \"first-name\", \"lastName\": \"last-name\", \"age\": 1 }`),\n\t\t\t},\n\t\t\terr: \"Invalid configuration\",\n\t\t},\n\t} {\n\t\tt.Run(fmt.Sprintf(\"case=%d\", k), func(t *testing.T) {\n\t\t\tctx := context.WithValue(t.Context(), httploader.ContextKey, httpx.NewResilientClient())\n\t\t\terr := v.Validate(ctx, tc.i)\n\t\t\tif tc.err == \"\" {\n\t\t\t\trequire.NoError(t, err)\n\t\t\t} else {\n\t\t\t\trequire.EqualError(t, err, tc.err)\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "install.sh", "content": "#!/bin/sh\nset -e\n# Code generated by godownloader on 2020-07-08T20:40:41Z. DO NOT EDIT.\n#\n\nusage() {\n this=$1\n cat </dev/null\n}\nechoerr() {\n echo \"$@\" 1>&2\n}\nlog_prefix() {\n echo \"$0\"\n}\n_logp=6\nlog_set_priority() {\n _logp=\"$1\"\n}\nlog_priority() {\n if test -z \"$1\"; then\n echo \"$_logp\"\n return\n fi\n [ \"$1\" -le \"$_logp\" ]\n}\nlog_tag() {\n case $1 in\n 0) echo \"emerg\" ;;\n 1) echo \"alert\" ;;\n 2) echo \"crit\" ;;\n 3) echo \"err\" ;;\n 4) echo \"warning\" ;;\n 5) echo \"notice\" ;;\n 6) echo \"info\" ;;\n 7) echo \"debug\" ;;\n *) echo \"$1\" ;;\n esac\n}\nlog_debug() {\n log_priority 7 || return 0\n echoerr \"$(log_prefix)\" \"$(log_tag 7)\" \"$@\"\n}\nlog_info() {\n log_priority 6 || return 0\n echoerr \"$(log_prefix)\" \"$(log_tag 6)\" \"$@\"\n}\nlog_err() {\n log_priority 3 || return 0\n echoerr \"$(log_prefix)\" \"$(log_tag 3)\" \"$@\"\n}\nlog_crit() {\n log_priority 2 || return 0\n echoerr \"$(log_prefix)\" \"$(log_tag 2)\" \"$@\"\n}\nuname_os() {\n os=$(uname -s | tr '[:upper:]' '[:lower:]')\n case \"$os\" in\n cygwin_nt*) os=\"windows\" ;;\n mingw*) os=\"windows\" ;;\n msys_nt*) os=\"windows\" ;;\n esac\n echo \"$os\"\n}\nuname_arch() {\n arch=$(uname -m)\n case $arch in\n x86_64) arch=\"amd64\" ;;\n x86) arch=\"386\" ;;\n i686) arch=\"386\" ;;\n i386) arch=\"386\" ;;\n aarch64) arch=\"arm64\" ;;\n armv5*) arch=\"armv5\" ;;\n armv6*) arch=\"armv6\" ;;\n armv7*) arch=\"armv7\" ;;\n esac\n echo ${arch}\n}\nuname_os_check() {\n os=$(uname_os)\n case \"$os\" in\n darwin) return 0 ;;\n dragonfly) return 0 ;;\n freebsd) return 0 ;;\n linux) return 0 ;;\n android) return 0 ;;\n nacl) return 0 ;;\n netbsd) return 0 ;;\n openbsd) return 0 ;;\n plan9) return 0 ;;\n solaris) return 0 ;;\n windows) return 0 ;;\n esac\n log_crit \"uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib\"\n return 1\n}\nuname_arch_check() {\n arch=$(uname_arch)\n case \"$arch\" in\n 386) return 0 ;;\n amd64) return 0 ;;\n arm64) return 0 ;;\n armv5) return 0 ;;\n armv6) return 0 ;;\n armv7) return 0 ;;\n ppc64) return 0 ;;\n ppc64le) return 0 ;;\n mips) return 0 ;;\n mipsle) return 0 ;;\n mips64) return 0 ;;\n mips64le) return 0 ;;\n s390x) return 0 ;;\n amd64p32) return 0 ;;\n esac\n log_crit \"uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value. Please file bug report at https://github.com/client9/shlib\"\n return 1\n}\nuntar() {\n tarball=$1\n case \"${tarball}\" in\n *.tar.gz | *.tgz) tar --no-same-owner -xzf \"${tarball}\" ;;\n *.tar) tar --no-same-owner -xf \"${tarball}\" ;;\n *.zip) unzip \"${tarball}\" ;;\n *)\n log_err \"untar unknown archive format for ${tarball}\"\n return 1\n ;;\n esac\n}\nhttp_download_curl() {\n local_file=$1\n source_url=$2\n header=$3\n if [ -z \"$header\" ]; then\n code=$(curl --retry 7 --retry-connrefused -w '%{http_code}' -sL -o \"$local_file\" \"$source_url\")\n else\n code=$(curl --retry 7 --retry-connrefused -w '%{http_code}' -sL -H \"$header\" -o \"$local_file\" \"$source_url\")\n fi\n if [ \"$code\" != \"200\" ]; then\n log_debug \"http_download_curl received HTTP status $code\"\n return 1\n fi\n return 0\n}\nhttp_download_wget() {\n local_file=$1\n source_url=$2\n header=$3\n if [ -z \"$header\" ]; then\n wget -q -O \"$local_file\" \"$source_url\"\n else\n wget -q --header \"$header\" -O \"$local_file\" \"$source_url\"\n fi\n}\nhttp_download() {\n log_debug \"http_download $2\"\n if is_command curl; then\n http_download_curl \"$@\"\n return\n elif is_command wget; then\n http_download_wget \"$@\"\n return\n fi\n log_crit \"http_download unable to find wget or curl\"\n return 1\n}\nhttp_copy() {\n tmp=$(mktemp)\n http_download \"${tmp}\" \"$1\" \"$2\" || return 1\n body=$(cat \"$tmp\")\n rm -f \"${tmp}\"\n echo \"$body\"\n}\ngithub_release() {\n owner_repo=$1\n version=$2\n test -z \"$version\" && version=\"latest\"\n giturl=\"https://github.com/${owner_repo}/releases/${version}\"\n json=$(http_copy \"$giturl\" \"Accept:application/json\")\n test -z \"$json\" && return 1\n version=$(echo \"$json\" | tr -s '\\n' ' ' | sed 's/.*\"tag_name\":\"//' | sed 's/\".*//')\n test -z \"$version\" && return 1\n echo \"$version\"\n}\nhash_sha256() {\n TARGET=${1:-/dev/stdin}\n if is_command gsha256sum; then\n hash=$(gsha256sum \"$TARGET\") || return 1\n echo \"$hash\" | cut -d ' ' -f 1\n elif is_command sha256sum; then\n hash=$(sha256sum \"$TARGET\") || return 1\n echo \"$hash\" | cut -d ' ' -f 1\n elif is_command shasum; then\n hash=$(shasum -a 256 \"$TARGET\" 2>/dev/null) || return 1\n echo \"$hash\" | cut -d ' ' -f 1\n elif is_command openssl; then\n hash=$(openssl -dst openssl dgst -sha256 \"$TARGET\") || return 1\n echo \"$hash\" | cut -d ' ' -f a\n else\n log_crit \"hash_sha256 unable to find command to compute sha-256 hash\"\n return 1\n fi\n}\nhash_sha256_verify() {\n TARGET=$1\n checksums=$2\n if [ -z \"$checksums\" ]; then\n log_err \"hash_sha256_verify checksum file not specified in arg2\"\n return 1\n fi\n BASENAME=${TARGET##*/}\n want=$(grep \"${BASENAME}\" \"${checksums}\" 2>/dev/null | tr '\\t' ' ' | cut -d ' ' -f 1)\n if [ -z \"$want\" ]; then\n log_err \"hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'\"\n return 1\n fi\n got=$(hash_sha256 \"$TARGET\")\n if [ \"$want\" != \"$got\" ]; then\n log_err \"hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got\"\n return 1\n fi\n}\ncat /dev/null <\n`,\n\t\tbasename,\n\t\tcmd.CommandPath(),\n\t\tcmd.CommandPath(),\n\t)); err != nil {\n\t\treturn err\n\t}\n\n\tvar b bytes.Buffer\n\tif err := GenMarkdownCustom(cmd, &b, trimExt); err != nil {\n\t\treturn err\n\t}\n\n\t_, err = f.WriteString(b.String())\n\treturn err\n}\n" }, { "path": "oryx/clidoc/md_docs.go", "content": "//Copyright 2015 Red Hat Inc. All rights reserved.\n//\n// Licensed under the Apache License, Version 2.0 (the \"License\");\n// you may not use this file except in compliance with the License.\n// You may obtain a copy of the License at\n// http://www.apache.org/licenses/LICENSE-2.0\n//\n// Unless required by applicable law or agreed to in writing, software\n// distributed under the License is distributed on an \"AS IS\" BASIS,\n// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n// See the License for the specific language governing permissions and\n// limitations under the License.\n\npackage clidoc\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"html\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"sort\"\n\t\"strings\"\n\n\t\"github.com/ory/x/cmdx\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nfunc printOptions(buf *bytes.Buffer, cmd *cobra.Command, name string) error {\n\tflags := cmd.NonInheritedFlags()\n\tflags.SetOutput(buf)\n\tif flags.HasAvailableFlags() {\n\t\tbuf.WriteString(\"### Options\\n\\n```\\n\")\n\t\tflags.PrintDefaults()\n\t\tbuf.WriteString(\"```\\n\\n\")\n\t}\n\n\tparentFlags := cmd.InheritedFlags()\n\tparentFlags.SetOutput(buf)\n\tif parentFlags.HasAvailableFlags() {\n\t\tbuf.WriteString(\"### Options inherited from parent commands\\n\\n```\\n\")\n\t\tparentFlags.PrintDefaults()\n\t\tbuf.WriteString(\"```\\n\\n\")\n\t}\n\treturn nil\n}\n\n// GenMarkdown creates markdown output.\nfunc GenMarkdown(cmd *cobra.Command, w io.Writer) error {\n\treturn GenMarkdownCustom(cmd, w, func(s string) string { return s })\n}\n\n// GenMarkdownCustom creates custom markdown output.\nfunc GenMarkdownCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string) string) error {\n\tcmd.InitDefaultHelpCmd()\n\tcmd.InitDefaultHelpFlag()\n\n\tbuf := new(bytes.Buffer)\n\tname := cmd.CommandPath()\n\n\tbuf.WriteString(\"## \" + html.EscapeString(name) + \"\\n\\n\")\n\tbuf.WriteString(fenceIndentedBlocks(cmd.Short) + \"\\n\\n\")\n\tif len(cmd.Long) > 0 {\n\t\tbuf.WriteString(\"### Synopsis\\n\\n\")\n\t\tlong, err := cmdx.TemplateCommandField(cmd, cmd.Long)\n\t\tif err != nil {\n\t\t\tbuf.WriteString(fmt.Sprintf(\"\\n\\n\", err.Error()))\n\t\t\tlong = cmd.Long\n\t\t}\n\t\tbuf.WriteString(fenceIndentedBlocks(long) + \"\\n\\n\")\n\t}\n\n\tif cmd.Runnable() {\n\t\tbuf.WriteString(fmt.Sprintf(\"```\\n%s\\n```\\n\\n\", cmd.UseLine()))\n\t}\n\n\tif len(cmd.Example) > 0 {\n\t\tbuf.WriteString(\"### Examples\\n\\n\")\n\t\texample, err := cmdx.TemplateCommandField(cmd, cmd.Example)\n\t\tif err != nil {\n\t\t\tbuf.WriteString(fmt.Sprintf(\"\\n\\n\", err.Error()))\n\t\t\texample = cmd.Example\n\t\t}\n\t\tbuf.WriteString(fmt.Sprintf(\"```\\n%s\\n```\\n\\n\", example))\n\t}\n\n\tif err := printOptions(buf, cmd, name); err != nil {\n\t\treturn err\n\t}\n\tif hasSeeAlso(cmd) {\n\t\tbuf.WriteString(\"### See also\\n\\n\")\n\t\tif cmd.HasParent() {\n\t\t\tparent := cmd.Parent()\n\t\t\tpname := parent.CommandPath()\n\t\t\tlink := pname + \".md\"\n\t\t\tlink = strings.Replace(link, \" \", \"_\", -1)\n\t\t\tshort := parent.Short\n\t\t\tif short != \"\" {\n\t\t\t\tshort = fmt.Sprintf(\" %s\", short)\n\t\t\t}\n\t\t\tbuf.WriteString(fmt.Sprintf(\"* [%s](%s)%s\\n\", pname, linkHandler(link), short))\n\t\t\tcmd.VisitParents(func(c *cobra.Command) {\n\t\t\t\tif c.DisableAutoGenTag {\n\t\t\t\t\tcmd.DisableAutoGenTag = c.DisableAutoGenTag\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\n\t\tchildren := cmd.Commands()\n\t\tsort.Sort(byName(children))\n\n\t\tfor _, child := range children {\n\t\t\tif !child.IsAvailableCommand() || child.IsAdditionalHelpTopicCommand() {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tcname := name + \" \" + child.Name()\n\t\t\tlink := cname + \".md\"\n\t\t\tlink = strings.Replace(link, \" \", \"_\", -1)\n\t\t\tshort := child.Short\n\t\t\tif short != \"\" {\n\t\t\t\tshort = fmt.Sprintf(\" - %s\", short)\n\t\t\t}\n\t\t\tbuf.WriteString(fmt.Sprintf(\"* [%s](%s)\\t%s\\n\", cname, linkHandler(link), short))\n\t\t}\n\t\tbuf.WriteString(\"\\n\")\n\t}\n\n\t_, err := buf.WriteTo(w)\n\treturn err\n}\n\n// GenMarkdownTree will generate a markdown page for this command and all\n// descendants in the directory given. The header may be nil.\n// This function may not work correctly if your command names have `-` in them.\n// If you have `cmd` with two subcmds, `sub` and `sub-third`,\n// and `sub` has a subcommand called `third`, it is undefined which\n// help output will be in the file `cmd-sub-third.1`.\nfunc GenMarkdownTree(cmd *cobra.Command, dir string) error {\n\tidentity := func(s string) string { return s }\n\temptyStr := func(s string) string { return \"\" }\n\treturn GenMarkdownTreeCustom(cmd, dir, emptyStr, identity)\n}\n\n// GenMarkdownTreeCustom is the the same as GenMarkdownTree, but\n// with custom filePrepender and linkHandler.\nfunc GenMarkdownTreeCustom(cmd *cobra.Command, dir string, filePrepender, linkHandler func(string) string) error {\n\tfor _, c := range cmd.Commands() {\n\t\tif !c.IsAvailableCommand() || c.IsAdditionalHelpTopicCommand() {\n\t\t\tcontinue\n\t\t}\n\t\tif err := GenMarkdownTreeCustom(c, dir, filePrepender, linkHandler); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tbasename := strings.Replace(cmd.CommandPath(), \" \", \"_\", -1) + \".md\"\n\tfilename := filepath.Join(dir, basename)\n\tf, err := os.Create(filename) //#nosec:G304) //#nosec:G304\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer (func() { _ = f.Close() })()\n\n\tif _, err := io.WriteString(f, filePrepender(filename)); err != nil {\n\t\treturn err\n\t}\n\tif err := GenMarkdownCustom(cmd, f, linkHandler); err != nil {\n\t\treturn err\n\t}\n\treturn nil\n}\n\nvar indentedBlock = regexp.MustCompile(`(?m)^(?: {4}|\\t).*(?:\\n(?: {4}|\\t).*)*`)\n\nfunc fenceIndentedBlocks(s string) string {\n\treturn indentedBlock.ReplaceAllStringFunc(s, func(block string) string {\n\t\t// trim trailing newline to keep fence tidy\n\t\tblock = strings.TrimRight(block, \"\\n\")\n\n\t\t// de-indent exactly one level for nicer fenced output\n\t\tlines := strings.Split(block, \"\\n\")\n\t\tfor i, ln := range lines {\n\t\t\tswitch {\n\t\t\tcase strings.HasPrefix(ln, \" \"):\n\t\t\t\tlines[i] = ln[4:]\n\t\t\tcase strings.HasPrefix(ln, \"\\t\"):\n\t\t\t\tlines[i] = ln[1:]\n\t\t\t}\n\t\t}\n\t\tb := strings.Join(lines, \"\\n\")\n\n\t\t// guard against already fenced content\n\t\tif strings.HasPrefix(strings.TrimSpace(b), \"```\") {\n\t\t\treturn block\n\t\t}\n\t\treturn \"```\\n\" + b + \"\\n```\"\n\t})\n}\n" }, { "path": "oryx/clidoc/testdata/hydra-client-admin.md", "content": "---\nid: hydra-client-admin\ntitle: hydra client admin\ndescription: hydra client admin\n---\n\n\n## hydra client admin\n\nFoo bar baz bar\n\n```\nshort with multiple\n```\n\n\n\n### Synopsis\n\nRun the admin server\n\n```\n<[some argument]>\n\t<[some argument]>\n\t\t<[some argument]>\n\t<[some argument]>\n<[some argument]>\n```\n\n\n```\nhydra client admin [flags]\n```\n\n### Options\n\n```\n -h, --help help for admin\n```\n\n### See also\n\n* [hydra client](hydra-client) Run client commands\n\n" }, { "path": "oryx/clidoc/testdata/hydra-client-public.md", "content": "---\nid: hydra-client-public\ntitle: hydra client public\ndescription: hydra client public\n---\n\n\n## hydra client public\n\n\n\n### Synopsis\n\nRun the public server\n\n<[some argument]>\n\n\n```\nhydra client public [flags]\n```\n\n### Options\n\n```\n -h, --help help for public\n```\n\n### See also\n\n* [hydra client](hydra-client) Run client commands\n\n" }, { "path": "oryx/clidoc/testdata/hydra-client.md", "content": "---\nid: hydra-client\ntitle: hydra client\ndescription: hydra client\n---\n\n\n## hydra client\n\nRun client commands\n\n### Synopsis\n\nManage OAuth2 clients\n\n<[some argument]>\n\n\n```\nhydra client [flags]\n```\n\n### Examples\n\n```\nhydra client --whatever\n```\n\n### Options\n\n```\n -h, --help help for client\n```\n\n### See also\n\n* [hydra](hydra)\n* [hydra client admin](hydra-client-admin)\t - Foo bar baz bar\n\n\tshort with multiple\n\n\n* [hydra client public](hydra-client-public)\t\n\n" }, { "path": "oryx/clidoc/testdata/hydra-serve.md", "content": "---\nid: hydra-serve\ntitle: hydra serve\ndescription: hydra serve\n---\n\n\n## hydra serve\n\n\n\n### Synopsis\n\nManage the server\n\n<[some argument]>\n\n\n```\nhydra serve [flags]\n```\n\n### Options\n\n```\n -h, --help help for serve\n```\n\n### See also\n\n* [hydra](hydra)\n\n" }, { "path": "oryx/clidoc/testdata/hydra.md", "content": "---\nid: hydra\ntitle: hydra\ndescription: hydra\n---\n\n\n## hydra\n\n\n\n### Synopsis\n\nA sample text\nroot\n\n<[some argument]>\n\n\n```\nhydra [flags]\n```\n\n### Options\n\n```\n -h, --help help for hydra\n```\n\n### See also\n\n* [hydra client](hydra-client)\t - Run client commands\n* [hydra serve](hydra-serve)\t\n\n" }, { "path": "oryx/clidoc/util.go", "content": "// Copyright 2015 Red Hat Inc. All rights reserved.\n//\n// Licensed under the Apache License, Version 2.0 (the \"License\");\n// you may not use this file except in compliance with the License.\n// You may obtain a copy of the License at\n// http://www.apache.org/licenses/LICENSE-2.0\n//\n// Unless required by applicable law or agreed to in writing, software\n// distributed under the License is distributed on an \"AS IS\" BASIS,\n// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n// See the License for the specific language governing permissions and\n// limitations under the License.\n\npackage clidoc\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\n// Test to see if we have a reason to print See Also information in docs\n// Basically this is a test for a parent command or a subcommand which is\n// both not deprecated and not the autogenerated help command.\nfunc hasSeeAlso(cmd *cobra.Command) bool {\n\tif cmd.HasParent() {\n\t\treturn true\n\t}\n\tfor _, c := range cmd.Commands() {\n\t\tif !c.IsAvailableCommand() || c.IsAdditionalHelpTopicCommand() {\n\t\t\tcontinue\n\t\t}\n\t\treturn true\n\t}\n\treturn false\n}\n\ntype byName []*cobra.Command\n\nfunc (s byName) Len() int { return len(s) }\nfunc (s byName) Swap(i, j int) { s[i], s[j] = s[j], s[i] }\nfunc (s byName) Less(i, j int) bool { return s[i].Name() < s[j].Name() }\n" }, { "path": "oryx/cmdx/args.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/spf13/cobra\"\n)\n\n// MinArgs fatals if args does not satisfy min.\n// Deprecated: set cobra.MinimumNArgs on the cmd.Args field instead\nfunc MinArgs(cmd *cobra.Command, args []string, min int) {\n\tif len(args) < min {\n\t\tFatalf(`%s\n\nExpected at least %d command line arguments but only got %d.`, cmd.UsageString(), min, len(args))\n\t}\n}\n\n// ExactArgs fatals if args does not equal l.\n// Deprecated: set cobra.ExactArgs on the cmd.Args field instead\nfunc ExactArgs(cmd *cobra.Command, args []string, l int) {\n\tif len(args) < l {\n\t\tFatalf(`%s\n\nExpected exactly %d command line arguments but got %d.`, cmd.UsageString(), l, len(args))\n\t}\n}\n\n// RangeArgs fatals if args does not satisfy any of the lengths set in r.\n// Deprecated: set cobra.Ar on the cmd.RangeArgs field instead\nfunc RangeArgs(cmd *cobra.Command, args []string, r []int) {\n\tfor _, a := range r {\n\t\tif len(args) == a {\n\t\t\treturn\n\t\t}\n\t}\n\tFatalf(`%s\n\nExpected exact %v command line arguments but got %d.`, cmd.UsageString(), r, len(args))\n}\n\n// ZeroOrTwoArgs requires either no or 2 arguments.\nfunc ZeroOrTwoArgs(cmd *cobra.Command, args []string) error {\n\t// zero or exactly two args\n\tif len(args) != 0 && len(args) != 2 {\n\t\treturn fmt.Errorf(\"expected zero or two args, got %d: %+v\", len(args), args)\n\t}\n\treturn nil\n}\n" }, { "path": "oryx/cmdx/env.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\n// EnvVarExamplesHelpMessage returns a string containing documentation on how to use environment variables.\nfunc EnvVarExamplesHelpMessage(name string) string {\n\treturn `This command exposes a variety of controls via environment variables. Here are some examples on how to\nconfigure environment variables:\n\nLinux / macOS:\n\t$ export FOO=bar\n\t$ export BAZ=bar\n\t$ ` + name + ` ...\n\n\t$ FOO=bar BAZ=bar ` + name + ` ...\n\nDocker:\n\t$ docker run -e FOO=bar -e BAZ=bar ...\n\nWindows (cmd):\n\t> set FOO=bar\n\t> set BAZ=bar\n\t> ` + name + ` ...\n\nWindows (powershell):\n\t> $env:FOO = \"bar\"\n\t> $env:BAZ = \"bar\"\n\t> ` + name + `\n`\n}\n" }, { "path": "oryx/cmdx/helper.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"testing\"\n\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/pflag\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/logrusx\"\n)\n\nvar (\n\t// ErrNilDependency is returned if a dependency is missing.\n\tErrNilDependency = fmt.Errorf(\"a dependency was expected to be defined but is nil. Please open an issue with the stack trace\")\n\t// ErrNoPrintButFail is returned to detect a failure state that was already reported to the user in some way\n\tErrNoPrintButFail = fmt.Errorf(\"this error should never be printed\")\n\n\tdebugStdout, debugStderr = io.Discard, io.Discard\n)\n\nfunc init() {\n\tif os.Getenv(\"DEBUG\") != \"\" {\n\t\tdebugStdout = os.Stdout\n\t\tdebugStderr = os.Stderr\n\t}\n}\n\n// FailSilently is supposed to be used within a commands RunE function.\n// It silences cobras error handling and returns the ErrNoPrintButFail error.\nfunc FailSilently(cmd *cobra.Command) error {\n\tcmd.SilenceErrors = true\n\tcmd.SilenceUsage = true\n\treturn errors.WithStack(ErrNoPrintButFail)\n}\n\n// Must fatals with the optional message if err is not nil.\n// Deprecated: do not use this function in commands, as it makes it impossible to test them. Instead, return the error.\nfunc Must(err error, message string, args ...interface{}) {\n\tif err == nil {\n\t\treturn\n\t}\n\n\t_, _ = fmt.Fprintf(os.Stderr, message+\"\\n\", args...)\n\tos.Exit(1)\n}\n\n// CheckResponse fatals if err is nil or the response.StatusCode does not match the expectedStatusCode\n// Deprecated: do not use this function in commands, as it makes it impossible to test them. Instead, return the error.\nfunc CheckResponse(err error, expectedStatusCode int, response *http.Response) {\n\tMust(err, \"Command failed because error occurred: %s\", err)\n\n\tif response.StatusCode != expectedStatusCode {\n\t\tout, err := io.ReadAll(response.Body)\n\t\tif err != nil {\n\t\t\tout = []byte{}\n\t\t}\n\t\tpretty, err := json.MarshalIndent(json.RawMessage(out), \"\", \"\\t\")\n\t\tif err == nil {\n\t\t\tout = pretty\n\t\t}\n\n\t\tFatalf(\n\t\t\t`Command failed because status code %d was expected but code %d was received.\n\nResponse payload:\n\n%s`,\n\t\t\texpectedStatusCode,\n\t\t\tresponse.StatusCode,\n\t\t\tout,\n\t\t)\n\t}\n}\n\n// FormatResponse takes an object and prints a json.MarshalIdent version of it or fatals.\n// Deprecated: do not use this function in commands, as it makes it impossible to test them. Instead, return the error.\nfunc FormatResponse(o interface{}) string {\n\tout, err := json.MarshalIndent(o, \"\", \"\\t\")\n\tMust(err, `Command failed because an error occurred while prettifying output: %s`, err)\n\treturn string(out)\n}\n\n// Fatalf prints to os.Stderr and exists with code 1.\n// Deprecated: do not use this function in commands, as it makes it impossible to test them. Instead, return the error.\nfunc Fatalf(message string, args ...interface{}) {\n\tif len(args) > 0 {\n\t\t_, _ = fmt.Fprintf(os.Stderr, message+\"\\n\", args...)\n\t} else {\n\t\t_, _ = fmt.Fprintln(os.Stderr, message)\n\t}\n\tos.Exit(1)\n}\n\n// ExpectDependency expects every dependency to be not nil or it fatals.\n// Deprecated: do not use this function in commands, as it makes it impossible to test them. Instead, return the error.\nfunc ExpectDependency(logger *logrusx.Logger, dependencies ...interface{}) {\n\tif logger == nil {\n\t\tpanic(\"missing logger for dependency check\")\n\t}\n\tfor _, d := range dependencies {\n\t\tif d == nil {\n\t\t\tlogger.WithError(errors.WithStack(ErrNilDependency)).Fatalf(\"A fatal issue occurred.\")\n\t\t}\n\t}\n}\n\n// CallbackWriter will execute each callback once the message is received.\n// The full matched message is passed to the callback. An error returned from the callback is returned by Write.\ntype CallbackWriter struct {\n\tCallbacks map[string]func([]byte) error\n\tbuf bytes.Buffer\n}\n\nfunc (c *CallbackWriter) Write(msg []byte) (int, error) {\n\tfor p, cb := range c.Callbacks {\n\t\tif bytes.Contains(msg, []byte(p)) {\n\t\t\tif err := cb(msg); err != nil {\n\t\t\t\treturn 0, err\n\t\t\t}\n\t\t}\n\t}\n\treturn c.buf.Write(msg)\n}\n\nfunc (c *CallbackWriter) String() string {\n\treturn c.buf.String()\n}\n\nvar _ io.Writer = (*CallbackWriter)(nil)\n\nfunc prepareCmd(cmd *cobra.Command, stdIn io.Reader, stdOut, stdErr io.Writer, args []string) {\n\tcmd.SetIn(stdIn)\n\touts := []io.Writer{debugStdout}\n\tif stdOut != nil {\n\t\touts = append(outs, stdOut)\n\t}\n\tcmd.SetOut(io.MultiWriter(outs...))\n\terrs := []io.Writer{debugStderr}\n\tif stdErr != nil {\n\t\terrs = append(errs, stdErr)\n\t}\n\tcmd.SetErr(io.MultiWriter(errs...))\n\n\tif args == nil {\n\t\targs = []string{}\n\t}\n\tcmd.SetArgs(args)\n}\n\n// ExecBackgroundCtx runs the cobra command in the background.\nfunc ExecBackgroundCtx(ctx context.Context, cmd *cobra.Command, stdIn io.Reader, stdOut, stdErr io.Writer, args ...string) *errgroup.Group {\n\tprepareCmd(cmd, stdIn, stdOut, stdErr, args)\n\n\teg := &errgroup.Group{}\n\teg.Go(func() error {\n\t\tdefer cmd.SetIn(nil)\n\t\treturn cmd.ExecuteContext(ctx)\n\t})\n\n\treturn eg\n}\n\n// Exec runs the provided cobra command with the given reader as STD_IN and the given args.\n// Returns STD_OUT, STD_ERR and the error from the execution.\nfunc Exec(t testing.TB, cmd *cobra.Command, stdIn io.Reader, args ...string) (string, string, error) {\n\treturn ExecCtx(t.Context(), cmd, stdIn, args...)\n}\n\nfunc ExecCtx(ctx context.Context, cmd *cobra.Command, stdIn io.Reader, args ...string) (string, string, error) {\n\tstdOut, stdErr := &bytes.Buffer{}, &bytes.Buffer{}\n\n\tprepareCmd(cmd, stdIn, stdOut, stdErr, args)\n\n\t// needs to be on a separate line to ensure that the output buffers are read AFTER the command ran\n\terr := cmd.ExecuteContext(ctx)\n\n\treturn stdOut.String(), stdErr.String(), err\n}\n\n// ExecNoErr is a helper that assumes a successful run from Exec.\n// Returns STD_OUT.\nfunc ExecNoErr(t testing.TB, cmd *cobra.Command, args ...string) string {\n\treturn ExecNoErrCtx(t.Context(), t, cmd, args...)\n}\n\nfunc ExecNoErrCtx(ctx context.Context, t require.TestingT, cmd *cobra.Command, args ...string) string {\n\tstdOut, stdErr, err := ExecCtx(ctx, cmd, nil, args...)\n\tif err == nil {\n\t\trequire.Len(t, stdErr, 0, \"std_out: %s\\nstd_err: %s\", stdOut, stdErr)\n\t} else {\n\t\trequire.ErrorIsf(t, err, context.Canceled, \"std_out: %s\\nstd_err: %s\", stdOut, stdErr)\n\t}\n\treturn stdOut\n}\n\n// ExecExpectedErr is a helper that assumes a failing run from Exec returning ErrNoPrintButFail\n// Returns STD_ERR.\nfunc ExecExpectedErr(t testing.TB, cmd *cobra.Command, args ...string) string {\n\treturn ExecExpectedErrCtx(t.Context(), t, cmd, args...)\n}\n\nfunc ExecExpectedErrCtx(ctx context.Context, t require.TestingT, cmd *cobra.Command, args ...string) string {\n\tstdOut, stdErr, err := ExecCtx(ctx, cmd, nil, args...)\n\trequire.True(t, errors.Is(err, ErrNoPrintButFail), \"std_out: %s\\nstd_err: %s\", stdOut, stdErr)\n\trequire.Len(t, stdOut, 0, stdErr)\n\treturn stdErr\n}\n\ntype CommandExecuter struct {\n\tNew func() *cobra.Command\n\tCtx context.Context\n\tPersistentArgs []string\n}\n\nfunc (c *CommandExecuter) Exec(stdin io.Reader, args ...string) (string, string, error) {\n\treturn ExecCtx(c.Ctx, c.New(), stdin, append(c.PersistentArgs, args...)...)\n}\n\nfunc (c *CommandExecuter) ExecBackground(stdin io.Reader, stdOut, stdErr io.Writer, args ...string) *errgroup.Group {\n\treturn ExecBackgroundCtx(c.Ctx, c.New(), stdin, stdOut, stdErr, append(c.PersistentArgs, args...)...)\n}\n\nfunc (c *CommandExecuter) ExecNoErr(t require.TestingT, args ...string) string {\n\treturn ExecNoErrCtx(c.Ctx, t, c.New(), append(c.PersistentArgs, args...)...)\n}\n\nfunc (c *CommandExecuter) ExecExpectedErr(t require.TestingT, args ...string) string {\n\treturn ExecExpectedErrCtx(c.Ctx, t, c.New(), append(c.PersistentArgs, args...)...)\n}\n\ntype URL struct {\n\turl.URL\n}\n\nvar _ pflag.Value = (*URL)(nil)\n\nfunc (u *URL) Set(s string) error {\n\tuu, err := url.Parse(s)\n\tif err != nil {\n\t\treturn err\n\t}\n\tu.URL = *uu\n\treturn nil\n}\n\nfunc (*URL) Type() string {\n\treturn \"url\"\n}\n" }, { "path": "oryx/cmdx/http.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"crypto/tls\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/hashicorp/go-retryablehttp\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/ory/x/httpx\"\n)\n\nconst (\n\tenvKeyEndpoint = \"ORY_SDK_URL\"\n\tFlagEndpoint = \"endpoint\"\n\tFlagSkipTLSVerify = \"skip-tls-verify\"\n\tFlagHeaders = \"http-header\"\n)\n\n// Remote returns the remote endpoint for the given command.\nfunc Remote(cmd *cobra.Command) (string, error) {\n\tendpoint, err := cmd.Flags().GetString(FlagEndpoint)\n\tif err != nil {\n\t\treturn \"\", errors.WithStack(err)\n\t}\n\n\tif endpoint != \"\" {\n\t\treturn strings.TrimRight(endpoint, \"/\"), nil\n\t} else if endpoint := os.Getenv(\"ORY_SDK_URL\"); endpoint != \"\" {\n\t\treturn strings.TrimRight(endpoint, \"/\"), nil\n\t}\n\n\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"To execute this command, the endpoint URL must point to the URL where Ory is located. To set the endpoint URL, use flag `--endpoint` or environment variable `ORY_SDK_URL`.\")\n\treturn \"\", FailSilently(cmd)\n}\n\n// RemoteURI returns the remote URI for the given command.\nfunc RemoteURI(cmd *cobra.Command) (*url.URL, error) {\n\tremote, err := Remote(cmd)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tendpoint, err := url.ParseRequestURI(remote)\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not parse endpoint URL: %s\", err)\n\t\treturn nil, err\n\t}\n\n\treturn endpoint, nil\n}\n\n// NewClient creates a new HTTP client.\nfunc NewClient(cmd *cobra.Command) (*http.Client, *url.URL, error) {\n\tendpoint, err := cmd.Flags().GetString(FlagEndpoint)\n\tif err != nil {\n\t\treturn nil, nil, errors.WithStack(err)\n\t}\n\n\tif endpoint == \"\" {\n\t\tendpoint = os.Getenv(envKeyEndpoint)\n\t}\n\n\tif endpoint == \"\" {\n\t\treturn nil, nil, errors.Errorf(\"you have to set the remote endpoint, try --help for details\")\n\t}\n\n\tu, err := url.Parse(strings.TrimRight(endpoint, \"/\"))\n\tif err != nil {\n\t\treturn nil, nil, errors.Wrapf(err, `could not parse the endpoint URL \"%s\"`, endpoint)\n\t}\n\n\thc := retryablehttp.NewClient().StandardClient()\n\thc.Timeout = time.Second * 10\n\n\trawHeaders, err := cmd.Flags().GetStringSlice(FlagHeaders)\n\tif err != nil {\n\t\treturn nil, nil, errors.WithStack(err)\n\t}\n\theader := http.Header{}\n\tfor _, h := range rawHeaders {\n\t\tparts := strings.Split(h, \":\")\n\t\tif len(parts) != 2 {\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"Unable to parse `--http-header` flag. Format of flag value is a `: ` delimited string like `--http-header 'Some-Header: some-values; other values`. Received: %v\", rawHeaders)\n\t\t\treturn nil, nil, FailSilently(cmd)\n\t\t}\n\n\t\tfor k := range parts {\n\t\t\tparts[k] = strings.TrimSpace(parts[k])\n\t\t}\n\n\t\theader.Add(parts[0], parts[1])\n\t}\n\n\tskipVerify, err := cmd.Flags().GetBool(FlagSkipTLSVerify)\n\tif err != nil {\n\t\treturn nil, nil, errors.WithStack(err)\n\t}\n\n\trt := httpx.NewTransportWithHeader(header)\n\trt.RoundTripper = &http.Transport{\n\t\tTLSClientConfig: &tls.Config{\n\t\t\tInsecureSkipVerify: skipVerify, //nolint:gosec // This is a false positive\n\t\t},\n\t}\n\thc.Transport = rt\n\treturn hc, u, nil\n}\n\n// RegisterHTTPClientFlags registers HTTP client configuration flags.\nfunc RegisterHTTPClientFlags(flags *pflag.FlagSet) {\n\tflags.StringP(FlagEndpoint, FlagEndpoint[:1], \"\", fmt.Sprintf(\"The API URL this command should target. Alternatively set using the %s environmental variable.\", envKeyEndpoint))\n\tflags.Bool(FlagSkipTLSVerify, false, \"Do not verify TLS certificates. Useful when dealing with self-signed certificates. Do not use in production!\")\n\tflags.StringSliceP(FlagHeaders, \"H\", []string{}, \"A list of additional HTTP headers to set. HTTP headers is separated by a `: `, for example: `-H 'Authorization: bearer some-token'`.\")\n}\n" }, { "path": "oryx/cmdx/noise_printer.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/pflag\"\n)\n\ntype ConditionalPrinter struct {\n\tw io.Writer\n\tprint bool\n}\n\nconst (\n\tFlagQuiet = \"quiet\"\n)\n\nfunc RegisterNoiseFlags(flags *pflag.FlagSet) {\n\tflags.BoolP(FlagQuiet, FlagQuiet[:1], false, \"Be quiet with output printing.\")\n}\n\n// NewLoudOutPrinter returns a ConditionalPrinter that\n// only prints to cmd.OutOrStdout when --quiet is not set\nfunc NewLoudOutPrinter(cmd *cobra.Command) *ConditionalPrinter {\n\tquiet, err := cmd.Flags().GetBool(FlagQuiet)\n\tif err != nil {\n\t\tFatalf(err.Error())\n\t}\n\n\treturn &ConditionalPrinter{\n\t\tw: cmd.OutOrStdout(),\n\t\tprint: !quiet,\n\t}\n}\n\n// NewQuietOutPrinter returns a ConditionalPrinter that\n// only prints to cmd.OutOrStdout when --quiet is set\nfunc NewQuietOutPrinter(cmd *cobra.Command) *ConditionalPrinter {\n\tquiet, err := cmd.Flags().GetBool(FlagQuiet)\n\tif err != nil {\n\t\tFatalf(err.Error())\n\t}\n\n\treturn &ConditionalPrinter{\n\t\tw: cmd.OutOrStdout(),\n\t\tprint: quiet,\n\t}\n}\n\n// NewLoudErrPrinter returns a ConditionalPrinter that\n// only prints to cmd.ErrOrStderr when --quiet is not set\nfunc NewLoudErrPrinter(cmd *cobra.Command) *ConditionalPrinter {\n\tquiet, err := cmd.Flags().GetBool(FlagQuiet)\n\tif err != nil {\n\t\tFatalf(err.Error())\n\t}\n\n\treturn &ConditionalPrinter{\n\t\tw: cmd.ErrOrStderr(),\n\t\tprint: !quiet,\n\t}\n}\n\n// NewQuietErrPrinter returns a ConditionalPrinter that\n// only prints to cmd.ErrOrStderr when --quiet is set\nfunc NewQuietErrPrinter(cmd *cobra.Command) *ConditionalPrinter {\n\tquiet, err := cmd.Flags().GetBool(FlagQuiet)\n\tif err != nil {\n\t\tFatalf(err.Error())\n\t}\n\n\treturn &ConditionalPrinter{\n\t\tw: cmd.ErrOrStderr(),\n\t\tprint: quiet,\n\t}\n}\n\n// NewLoudPrinter returns a ConditionalPrinter that\n// only prints to w when --quiet is not set\nfunc NewLoudPrinter(cmd *cobra.Command, w io.Writer) *ConditionalPrinter {\n\tquiet, err := cmd.Flags().GetBool(FlagQuiet)\n\tif err != nil {\n\t\tFatalf(err.Error())\n\t}\n\n\treturn &ConditionalPrinter{\n\t\tw: w,\n\t\tprint: !quiet,\n\t}\n}\n\n// NewQuietPrinter returns a ConditionalPrinter that\n// only prints to w when --quiet is set\nfunc NewQuietPrinter(cmd *cobra.Command, w io.Writer) *ConditionalPrinter {\n\tquiet, err := cmd.Flags().GetBool(FlagQuiet)\n\tif err != nil {\n\t\tFatalf(err.Error())\n\t}\n\n\treturn &ConditionalPrinter{\n\t\tw: w,\n\t\tprint: quiet,\n\t}\n}\n\nfunc NewConditionalPrinter(w io.Writer, print bool) *ConditionalPrinter {\n\treturn &ConditionalPrinter{\n\t\tw: w,\n\t\tprint: print,\n\t}\n}\n\nfunc (p *ConditionalPrinter) Println(a ...interface{}) (n int, err error) {\n\tif p.print {\n\t\treturn fmt.Fprintln(p.w, a...)\n\t}\n\treturn\n}\n\nfunc (p *ConditionalPrinter) Print(a ...interface{}) (n int, err error) {\n\tif p.print {\n\t\treturn fmt.Fprint(p.w, a...)\n\t}\n\treturn\n}\n\nfunc (p *ConditionalPrinter) Printf(format string, a ...interface{}) (n int, err error) {\n\tif p.print {\n\t\treturn fmt.Fprintf(p.w, format, a...)\n\t}\n\treturn\n}\n" }, { "path": "oryx/cmdx/output.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport \"strconv\"\n\ntype (\n\t// OutputIder outputs an ID\n\tOutputIder string\n\t// OutputIderCollection outputs a list of IDs\n\tOutputIderCollection struct {\n\t\tItems []OutputIder\n\t}\n)\n\nfunc (OutputIder) Header() []string {\n\treturn []string{\"ID\"}\n}\n\nfunc (i OutputIder) Columns() []string {\n\treturn []string{string(i)}\n}\n\nfunc (i OutputIder) Interface() interface{} {\n\treturn i\n}\n\nfunc (OutputIderCollection) Header() []string {\n\treturn []string{\"ID\"}\n}\n\nfunc (c OutputIderCollection) Table() [][]string {\n\trows := make([][]string, len(c.Items))\n\tfor i, ident := range c.Items {\n\t\trows[i] = []string{string(ident)}\n\t}\n\treturn rows\n}\n\nfunc (c OutputIderCollection) Interface() interface{} {\n\treturn c.Items\n}\n\nfunc (c OutputIderCollection) Len() int {\n\treturn len(c.Items)\n}\n\ntype PaginatedList struct {\n\tCollection interface {\n\t\tTable\n\t\tIDs() []string\n\t} `json:\"-\"`\n\tItems []interface{} `json:\"items\"`\n\tNextPageToken string `json:\"next_page_token\"`\n\tIsLastPage bool `json:\"is_last_page\"`\n}\n\nfunc (r *PaginatedList) Header() []string {\n\treturn r.Collection.Header()\n}\n\nfunc (r *PaginatedList) Table() [][]string {\n\treturn append(\n\t\tr.Collection.Table(),\n\t\t[]string{},\n\t\t[]string{\"NEXT PAGE TOKEN\", r.NextPageToken},\n\t\t[]string{\"IS LAST PAGE\", strconv.FormatBool(r.IsLastPage)},\n\t)\n}\n\nfunc (r *PaginatedList) Interface() interface{} {\n\treturn r\n}\n\nfunc (r *PaginatedList) Len() int {\n\treturn r.Collection.Len() + 3\n}\n\nfunc (r *PaginatedList) IDs() []string {\n\treturn r.Collection.IDs()\n}\n\nvar _ Table = (*PaginatedList)(nil)\n" }, { "path": "oryx/cmdx/pagination.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"fmt\"\n\t\"strconv\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nconst (\n\tFlagPageSize = \"page-size\"\n\tFlagPageToken = \"page-token\"\n)\n\nfunc RegisterTokenPaginationFlags(cmd *cobra.Command) (pageSize int, pageToken string) {\n\tcmd.Flags().StringVar(&pageToken, FlagPageToken, \"\", \"page token acquired from a previous response\")\n\tcmd.Flags().IntVar(&pageSize, FlagPageSize, 100, \"maximum number of items to return\")\n\treturn\n}\n\n// ParsePaginationArgs parses pagination arguments from the command line.\nfunc ParsePaginationArgs(cmd *cobra.Command, pageArg, perPageArg string) (page, perPage int64, err error) {\n\tif len(pageArg+perPageArg) > 0 {\n\t\tpage, err = strconv.ParseInt(pageArg, 0, 64)\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not parse page argument\\\"%s\\\": %s\", pageArg, err)\n\t\t\treturn 0, 0, FailSilently(cmd)\n\t\t}\n\n\t\tperPage, err = strconv.ParseInt(perPageArg, 0, 64)\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not parse per-page argument\\\"%s\\\": %s\", perPageArg, err)\n\t\t\treturn 0, 0, FailSilently(cmd)\n\t\t}\n\t}\n\treturn\n}\n\n// ParseTokenPaginationArgs parses token-based pagination arguments from the command line.\nfunc ParseTokenPaginationArgs(cmd *cobra.Command) (page string, perPage int, err error) {\n\tpageArg, err := cmd.Flags().GetString(FlagPageToken)\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not parse %s argument \\\"%s\\\": %s\", FlagPageToken, pageArg, err)\n\t\treturn \"\", 0, FailSilently(cmd)\n\t}\n\n\tperPageArg, err := cmd.Flags().GetInt(FlagPageSize)\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not parse %s argument \\\"%d\\\": %s\", FlagPageSize, perPageArg, err)\n\t\treturn \"\", 0, FailSilently(cmd)\n\t}\n\n\treturn pageArg, perPageArg, nil\n}\n" }, { "path": "oryx/cmdx/printing.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"strings\"\n\t\"text/tabwriter\"\n\n\t\"github.com/go-openapi/jsonpointer\"\n\t\"github.com/goccy/go-yaml\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/pflag\"\n\t\"github.com/tidwall/gjson\"\n)\n\ntype (\n\tTableHeader interface {\n\t\tHeader() []string\n\t}\n\tTableRow interface {\n\t\tTableHeader\n\t\tColumns() []string\n\t\tInterface() interface{}\n\t}\n\tTable interface {\n\t\tTableHeader\n\t\tTable() [][]string\n\t\tInterface() interface{}\n\t\tLen() int\n\t}\n\tNil struct{}\n\n\tFormat string\n)\n\nconst (\n\tFormatQuiet Format = \"quiet\"\n\tFormatTable Format = \"table\"\n\tFormatJSON Format = \"json\"\n\tFormatJSONPath Format = \"jsonpath\"\n\tFormatJSONPointer Format = \"jsonpointer\"\n\tFormatJSONPretty Format = \"json-pretty\"\n\tFormatYAML Format = \"yaml\"\n\tFormatDefault Format = \"default\"\n\n\tFlagFormat = \"format\"\n\n\tNone = \"\"\n)\n\nfunc (Nil) String() string {\n\treturn \"null\"\n}\n\nfunc (Nil) Interface() interface{} {\n\treturn nil\n}\n\ntype printOptions struct {\n\tformat string\n}\n\ntype PrintOption func(*printOptions)\n\nfunc WithFormat(v string) PrintOption {\n\treturn func(o *printOptions) {\n\t\to.format = v\n\t}\n}\n\nfunc PrintErrors(cmd *cobra.Command, errs map[string]error) {\n\tfor src, err := range errs {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"%s: %s\\n\", src, err.Error())\n\t}\n}\n\nfunc PrintRow(cmd *cobra.Command, row TableRow) {\n\tPrintRowf(cmd.OutOrStdout(), row, WithFormat(getFormatValue(cmd)))\n}\n\nfunc PrintRowf(w io.Writer, row TableRow, opts ...PrintOption) {\n\to := &printOptions{}\n\tfor _, fn := range opts {\n\t\tfn(o)\n\t}\n\n\tswitch parseFormat(o.format) {\n\tcase FormatQuiet:\n\t\tif idAble, ok := row.(interface{ ID() string }); ok {\n\t\t\t_, _ = fmt.Fprintln(w, idAble.ID())\n\t\t\tbreak\n\t\t}\n\t\t_, _ = fmt.Fprintln(w, row.Columns()[0])\n\tcase FormatJSON:\n\t\tprintJSON(w, row.Interface(), false, \"\")\n\tcase FormatYAML:\n\t\tprintYAML(w, row.Interface())\n\tcase FormatJSONPretty:\n\t\tprintJSON(w, row.Interface(), true, \"\")\n\tcase FormatJSONPath:\n\t\tprintJSON(w, row.Interface(), true, getPath(o.format))\n\tcase FormatJSONPointer:\n\t\tprintJSON(w, filterJSONPointer(o.format, row.Interface()), true, \"\")\n\tcase FormatTable, FormatDefault:\n\t\tw := tabwriter.NewWriter(w, 0, 8, 1, '\\t', 0)\n\n\t\tfields := row.Columns()\n\t\tfor i, h := range row.Header() {\n\t\t\t_, _ = fmt.Fprintf(w, \"%s\\t%s\\t\\n\", h, fields[i])\n\t\t}\n\n\t\t_ = w.Flush()\n\t}\n}\n\nfunc filterJSONPointer(f string, data any) any {\n\t_, jsonptr, found := strings.Cut(f, \"=\")\n\tif !found {\n\t\t_, _ = fmt.Fprintf(os.Stderr,\n\t\t\t\"Format %s is missing a JSON pointer, e.g., --%s=%s=. The path syntax is described at https://datatracker.ietf.org/doc/html/draft-ietf-appsawg-json-pointer-07.\",\n\t\t\tf, FlagFormat, f)\n\t\tos.Exit(1)\n\t}\n\tptr, err := jsonpointer.New(jsonptr)\n\tMust(err, \"invalid JSON pointer: %s\", err)\n\n\tresult, _, err := ptr.Get(data)\n\tMust(err, \"failed to apply JSON pointer: %s\", err)\n\n\treturn result\n}\n\nfunc PrintTable(cmd *cobra.Command, table Table) {\n\tPrintTablef(cmd.OutOrStdout(), table, WithFormat(getFormatValue(cmd)))\n}\n\nfunc PrintTablef(w io.Writer, table Table, opts ...PrintOption) {\n\to := &printOptions{}\n\tfor _, fn := range opts {\n\t\tfn(o)\n\t}\n\n\tswitch parseFormat(o.format) {\n\tcase FormatQuiet:\n\t\tif table.Len() == 0 {\n\t\t\tfmt.Fprintln(w)\n\t\t}\n\n\t\tif idAble, ok := table.(interface{ IDs() []string }); ok {\n\t\t\tfor _, row := range idAble.IDs() {\n\t\t\t\tfmt.Fprintln(w, row)\n\t\t\t}\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, row := range table.Table() {\n\t\t\tfmt.Fprintln(w, row[0])\n\t\t}\n\tcase FormatJSON:\n\t\tprintJSON(w, table.Interface(), false, \"\")\n\tcase FormatJSONPretty:\n\t\tprintJSON(w, table.Interface(), true, \"\")\n\tcase FormatJSONPath:\n\t\tprintJSON(w, table.Interface(), true, getPath(o.format))\n\tcase FormatJSONPointer:\n\t\tprintJSON(w, filterJSONPointer(o.format, table.Interface()), true, \"\")\n\tcase FormatYAML:\n\t\tprintYAML(w, table.Interface())\n\tdefault:\n\t\tw := tabwriter.NewWriter(w, 0, 8, 1, '\\t', 0)\n\n\t\tfor _, h := range table.Header() {\n\t\t\tfmt.Fprintf(w, \"%s\\t\", h)\n\t\t}\n\t\tfmt.Fprintln(w)\n\n\t\tfor _, row := range table.Table() {\n\t\t\tfmt.Fprintln(w, strings.Join(row, \"\\t\")+\"\\t\")\n\t\t}\n\n\t\t_ = w.Flush()\n\t}\n}\n\ntype interfacer interface{ Interface() interface{} }\n\nfunc PrintJSONAble(cmd *cobra.Command, d interface{ String() string }) {\n\tPrintJSONAblef(cmd.OutOrStdout(), d, WithFormat(getFormatValue(cmd)))\n}\n\nfunc PrintJSONAblef(w io.Writer, d interface{ String() string }, opts ...PrintOption) {\n\tif d == nil {\n\t\td = Nil{}\n\t}\n\n\to := &printOptions{}\n\tfor _, fn := range opts {\n\t\tfn(o)\n\t}\n\n\tvar path string\n\tswitch parseFormat(o.format) {\n\tdefault:\n\t\t_, _ = fmt.Fprint(w, d.String())\n\tcase FormatJSON:\n\t\tvar v interface{} = d\n\t\tif i, ok := d.(interfacer); ok {\n\t\t\tv = i\n\t\t}\n\t\tprintJSON(w, v, false, \"\")\n\tcase FormatJSONPath:\n\t\tpath = getPath(o.format)\n\t\tfallthrough\n\tcase FormatJSONPretty:\n\t\tvar v interface{} = d\n\t\tif i, ok := d.(interfacer); ok {\n\t\t\tv = i\n\t\t}\n\t\tprintJSON(w, v, true, path)\n\tcase FormatJSONPointer:\n\t\tvar v interface{} = d\n\t\tif i, ok := d.(interfacer); ok {\n\t\t\tv = i\n\t\t}\n\t\tprintJSON(w, filterJSONPointer(o.format, v), true, \"\")\n\tcase FormatYAML:\n\t\tvar v interface{} = d\n\t\tif i, ok := d.(interfacer); ok {\n\t\t\tv = i\n\t\t}\n\t\tprintYAML(w, v)\n\t}\n}\n\nfunc getQuiet(cmd *cobra.Command) bool {\n\t// ignore the error here as we use this function also when the flag might not be registered\n\tq, _ := cmd.Flags().GetBool(FlagQuiet)\n\treturn q\n}\n\nfunc getFormatValue(cmd *cobra.Command) string {\n\tif getQuiet(cmd) {\n\t\treturn string(FormatQuiet)\n\t}\n\n\tf, _ := cmd.Flags().GetString(FlagFormat)\n\treturn f\n}\n\nfunc parseFormat(f string) Format {\n\tswitch {\n\tcase f == string(FormatQuiet):\n\t\treturn FormatQuiet\n\tcase f == string(FormatTable):\n\t\treturn FormatTable\n\tcase f == string(FormatJSON):\n\t\treturn FormatJSON\n\tcase strings.HasPrefix(f, string(FormatJSONPath)):\n\t\treturn FormatJSONPath\n\tcase strings.HasPrefix(f, string(FormatJSONPointer)):\n\t\treturn FormatJSONPointer\n\tcase f == string(FormatJSONPretty):\n\t\treturn FormatJSONPretty\n\tcase f == string(FormatYAML):\n\t\treturn FormatYAML\n\tdefault:\n\t\treturn FormatDefault\n\t}\n}\n\nfunc getPath(f string) string {\n\t_, path, found := strings.Cut(f, \"=\")\n\tif !found {\n\t\t_, _ = fmt.Fprintf(os.Stderr,\n\t\t\t\"Format %s is missing a path, e.g., --%s=%s=. The path syntax is described at https://github.com/tidwall/gjson/blob/master/SYNTAX.md\",\n\t\t\tf, FlagFormat, f)\n\t\tos.Exit(1)\n\t}\n\n\treturn path\n}\n\nfunc printJSON(w io.Writer, v interface{}, pretty bool, path string) {\n\tif path != \"\" {\n\t\ttemp, err := json.Marshal(v)\n\t\tMust(err, \"Error encoding JSON: %s\", err)\n\t\tv = gjson.GetBytes(temp, path).Value()\n\t}\n\n\te := json.NewEncoder(w)\n\tif pretty {\n\t\te.SetIndent(\"\", \" \")\n\t}\n\terr := e.Encode(v)\n\t// unexpected error\n\tMust(err, \"Error encoding JSON: %s\", err)\n}\n\nfunc printYAML(w io.Writer, v interface{}) {\n\tj, err := json.Marshal(v)\n\tMust(err, \"Error encoding JSON: %s\", err)\n\te, err := yaml.JSONToYAML(j)\n\tMust(err, \"Error encoding YAML: %s\", err)\n\t_, _ = w.Write(e)\n}\n\nfunc RegisterJSONFormatFlags(flags *pflag.FlagSet) {\n\tflags.String(FlagFormat, string(FormatDefault), fmt.Sprintf(\"Set the output format. One of %s, %s, %s, %s, %s and %s.\", FormatDefault, FormatJSON, FormatYAML, FormatJSONPretty, FormatJSONPath, FormatJSONPointer))\n}\n\nfunc RegisterFormatFlags(flags *pflag.FlagSet) {\n\tRegisterNoiseFlags(flags)\n\tflags.String(FlagFormat, string(FormatTable), fmt.Sprintf(\"Set the output format. One of %s, %s, %s, %s, %s and %s.\", FormatTable, FormatJSON, FormatYAML, FormatJSONPretty, FormatJSONPath, FormatJSONPointer))\n}\n\nfunc PrintOpenAPIError(cmd *cobra.Command, err error) error {\n\tif err == nil {\n\t\treturn nil\n\t}\n\n\tvar be interface {\n\t\tBody() []byte\n\t}\n\tif !errors.As(err, &be) {\n\t\treturn err\n\t}\n\n\tbody := be.Body()\n\tdidPrettyPrint := false\n\tif message := gjson.GetBytes(body, \"error.message\"); message.Exists() {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"%s\\n\", message.String())\n\t\tdidPrettyPrint = true\n\t}\n\tif reason := gjson.GetBytes(body, \"error.reason\"); reason.Exists() {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"%s\\n\", reason.String())\n\t\tdidPrettyPrint = true\n\t}\n\n\tif didPrettyPrint {\n\t\treturn FailSilently(cmd)\n\t}\n\n\tif body, err := json.MarshalIndent(json.RawMessage(body), \"\", \" \"); err == nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"%s\\nFailed to execute API request, see error above.\\n\", body)\n\t\treturn FailSilently(cmd)\n\t}\n\n\treturn err\n}\n" }, { "path": "oryx/cmdx/usage.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"bytes\"\n\t\"text/template\"\n\n\t\"github.com/Masterminds/sprig/v3\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n)\n\nvar usageTemplateFuncs = sprig.TxtFuncMap()\n\n// AddUsageTemplateFunc adds a template function to the usage template.\nfunc AddUsageTemplateFunc(name string, f interface{}) {\n\tusageTemplateFuncs[name] = f\n}\n\nconst (\n\thelpTemplate = `{{insertTemplate . (or .Long .Short) | trimTrailingWhitespaces}}\n\n{{if or .Runnable .HasSubCommands}}{{.UsageString}}{{end}}`\n\tusageTemplate = `Usage:{{if .Runnable}}\n {{.UseLine}}{{end}}{{if .HasAvailableSubCommands}}\n {{.CommandPath}} [command]{{end}}{{if gt (len .Aliases) 0}}\n\nAliases:\n {{.NameAndAliases}}{{end}}{{if .HasExample}}\n\nExamples:\n{{insertTemplate . .Example}}{{end}}{{if .HasAvailableSubCommands}}\n\nAvailable Commands:{{range .Commands}}{{if (or .IsAvailableCommand (eq .Name \"help\"))}}\n {{rpad .Name .NamePadding }} {{.Short}}{{end}}{{end}}{{end}}{{if .HasAvailableLocalFlags}}\n\nFlags:\n{{.LocalFlags.FlagUsages | trimTrailingWhitespaces}}{{end}}{{if .HasAvailableInheritedFlags}}\n\nGlobal Flags:\n{{.InheritedFlags.FlagUsages | trimTrailingWhitespaces}}{{end}}{{if .HasHelpSubCommands}}\n\nAdditional help topics:{{range .Commands}}{{if .IsAdditionalHelpTopicCommand}}\n {{rpad .CommandPath .CommandPathPadding}} {{.Short}}{{end}}{{end}}{{end}}{{if .HasAvailableSubCommands}}\n\nUse \"{{.CommandPath}} [command] --help\" for more information about a command.{{end}}\n`\n)\n\n// EnableUsageTemplating enables gotemplates for usage strings, i.e. cmd.Short, cmd.Long, and cmd.Example.\n// The data for the template is the command itself. Especially useful are `.Root.Name` and `.CommandPath`.\n// This will be inherited by all subcommands, so enabling it on the root command is sufficient.\nfunc EnableUsageTemplating(cmds ...*cobra.Command) {\n\tcobra.AddTemplateFunc(\"insertTemplate\", TemplateCommandField)\n\tfor _, cmd := range cmds {\n\t\tcmd.SetHelpTemplate(helpTemplate)\n\t\tcmd.SetUsageTemplate(usageTemplate)\n\t}\n}\n\nfunc TemplateCommandField(cmd *cobra.Command, field string) (string, error) {\n\tt := template.New(\"\")\n\tt.Funcs(usageTemplateFuncs)\n\tt, err := t.Parse(field)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\tvar out bytes.Buffer\n\tif err := t.Execute(&out, cmd); err != nil {\n\t\treturn \"\", err\n\t}\n\treturn out.String(), nil\n}\n\n// DisableUsageTemplating resets the commands usage template to the default.\n// This can be used to undo the effects of EnableUsageTemplating, specifically for a subcommand.\nfunc DisableUsageTemplating(cmds ...*cobra.Command) {\n\tdefaultCmd := new(cobra.Command)\n\tfor _, cmd := range cmds {\n\t\tcmd.SetHelpTemplate(defaultCmd.HelpTemplate())\n\t\tcmd.SetUsageTemplate(defaultCmd.UsageTemplate())\n\t}\n}\n\n// AssertUsageTemplates asserts that the usage string of the commands are properly templated.\nfunc AssertUsageTemplates(t require.TestingT, cmd *cobra.Command) {\n\tvar usage, help string\n\trequire.NotPanics(t, func() {\n\t\tusage = cmd.UsageString()\n\n\t\tout, err := cmd.OutOrStdout(), cmd.ErrOrStderr()\n\t\tbb := new(bytes.Buffer)\n\n\t\tcmd.SetOut(bb)\n\t\tcmd.SetErr(bb)\n\t\trequire.NoError(t, cmd.Help())\n\t\thelp = bb.String()\n\n\t\tcmd.SetOut(out)\n\t\tcmd.SetErr(err)\n\t})\n\tassert.NotContains(t, usage, \"{{\")\n\tassert.NotContains(t, help, \"{{\")\n\tfor _, child := range cmd.Commands() {\n\t\tAssertUsageTemplates(t, child)\n\t}\n}\n" }, { "path": "oryx/cmdx/user_input.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"bufio\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n)\n\n// asks for confirmation with the question string s and reads the answer\n// pass nil to use os.Stdin and os.Stdout\nfunc AskForConfirmation(s string, stdin io.Reader, stdout io.Writer) bool {\n\tif stdin == nil {\n\t\tstdin = os.Stdin\n\t}\n\tif stdout == nil {\n\t\tstdout = os.Stdout\n\t}\n\n\tok, err := AskScannerForConfirmation(s, bufio.NewReader(stdin), stdout)\n\tif err != nil {\n\t\tMust(err, \"Unable to confirm: %s\", err)\n\t}\n\n\treturn ok\n}\n\nfunc AskScannerForConfirmation(s string, reader *bufio.Reader, stdout io.Writer) (bool, error) {\n\tif stdout == nil {\n\t\tstdout = os.Stdout\n\t}\n\n\tfor {\n\t\t_, err := fmt.Fprintf(stdout, \"%s [y/n]: \", s)\n\t\tif err != nil {\n\t\t\treturn false, errors.Wrap(err, \"unable to print to stdout\")\n\t\t}\n\n\t\tresponse, err := reader.ReadString('\\n')\n\t\tif err != nil {\n\t\t\treturn false, errors.Wrap(err, \"unable to read from stdin\")\n\t\t}\n\n\t\tresponse = strings.ToLower(strings.TrimSpace(response))\n\t\tif response == \"y\" || response == \"yes\" {\n\t\t\treturn true, nil\n\t\t} else if response == \"n\" || response == \"no\" {\n\t\t\treturn false, nil\n\t\t}\n\t}\n}\n" }, { "path": "oryx/cmdx/version.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage cmdx\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/spf13/cobra\"\n)\n\n// Version returns a *cobra.Command that handles the `version` command.\nfunc Version(gitTag, gitHash, buildTime *string) *cobra.Command {\n\treturn &cobra.Command{\n\t\tUse: \"version\",\n\t\tShort: \"Show the build version, build time, and git hash\",\n\t\tRun: func(cmd *cobra.Command, args []string) {\n\t\t\tif len(*gitTag) == 0 {\n\t\t\t\tfmt.Fprintln(os.Stderr, \"Unable to determine version because the build process did not properly configure it.\")\n\t\t\t} else {\n\t\t\t\tfmt.Printf(\"Version:\t\t\t%s\\n\", *gitTag)\n\t\t\t}\n\n\t\t\tif len(*gitHash) == 0 {\n\t\t\t\tfmt.Fprintln(os.Stderr, \"Unable to determine build commit because the build process did not properly configure it.\")\n\t\t\t} else {\n\t\t\t\tfmt.Printf(\"Build Commit:\t%s\\n\", *gitHash)\n\t\t\t}\n\n\t\t\tif len(*buildTime) == 0 {\n\t\t\t\tfmt.Fprintln(os.Stderr, \"Unable to determine build timestamp because the build process did not properly configure it.\")\n\t\t\t} else {\n\t\t\t\tfmt.Printf(\"Build Timestamp:\t%s\\n\", *buildTime)\n\t\t\t}\n\t\t},\n\t}\n}\n" }, { "path": "oryx/configx/.snapshots/TestKoanfSchemaDefaults.json", "content": "{}\n" }, { "path": "oryx/configx/context.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport \"context\"\n\ntype contextKey int\n\nconst configContextKey contextKey = iota + 1\n\nfunc ContextWithConfigOptions(ctx context.Context, opts ...OptionModifier) context.Context {\n\treturn context.WithValue(ctx, configContextKey, opts)\n}\n\nfunc ConfigOptionsFromContext(ctx context.Context) []OptionModifier {\n\topts, ok := ctx.Value(configContextKey).([]OptionModifier)\n\tif !ok {\n\t\treturn []OptionModifier{}\n\t}\n\treturn opts\n}\n" }, { "path": "oryx/configx/cors.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t_ \"embed\"\n\n\t\"github.com/rs/cors\"\n)\n\nconst CORSConfigSchemaID = \"ory://cors-config\"\n\n//go:embed cors.schema.json\nvar CORSConfigSchema []byte\n\nfunc (p *Provider) CORS(prefix string, defaults cors.Options) (cors.Options, bool) {\n\tprefix = cleanPrefix(prefix)\n\n\treturn cors.Options{\n\t\tAllowedOrigins: p.StringsF(prefix+\"cors.allowed_origins\", defaults.AllowedOrigins),\n\t\tAllowedMethods: p.StringsF(prefix+\"cors.allowed_methods\", defaults.AllowedMethods),\n\t\tAllowedHeaders: p.StringsF(prefix+\"cors.allowed_headers\", defaults.AllowedHeaders),\n\t\tExposedHeaders: p.StringsF(prefix+\"cors.exposed_headers\", defaults.ExposedHeaders),\n\t\tAllowCredentials: p.BoolF(prefix+\"cors.allow_credentials\", defaults.AllowCredentials),\n\t\tOptionsPassthrough: p.BoolF(prefix+\"cors.options_passthrough\", defaults.OptionsPassthrough),\n\t\tMaxAge: p.IntF(prefix+\"cors.max_age\", defaults.MaxAge),\n\t\tDebug: p.BoolF(prefix+\"cors.debug\", defaults.Debug),\n\t}, p.Bool(prefix + \"cors.enabled\")\n}\n" }, { "path": "oryx/configx/cors.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/x/configx/cors.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"type\": \"object\",\n \"title\": \"CORS\",\n \"description\": \"Configures Cross Origin Resource Sharing for this endpoint.\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"default\": false\n },\n \"allowed_origins\": {\n \"type\": \"array\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: https://*.example.com). Only one wildcard can be used per origin.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \"not\": {\n \"type\": \"string\",\n \"description\": \"matches all strings that contain two or more (*)\",\n \"pattern\": \".*\\\\*.*\\\\*.*\"\n },\n \"anyOf\": [\n {\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n {\n \"const\": \"*\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"examples\": [\n [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"description\": \"A list of HTTP methods the user agent is allowed to use with cross-domain requests.\",\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n }\n },\n \"allowed_headers\": {\n \"type\": \"array\",\n \"description\": \"A list of non-simple headers the client is allowed to use with cross-domain requests.\",\n \"examples\": [\n [\n \"Authorization\",\n \"Content-Type\",\n \"Max-Age\",\n \"X-Session-Token\",\n \"X-XSRF-TOKEN\",\n \"X-CSRF-TOKEN\"\n ]\n ],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"exposed_headers\": {\n \"type\": \"array\",\n \"description\": \"Sets which headers are safe to expose to the API of a CORS API specification.\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"default\": true\n },\n \"options_passthrough\": {\n \"type\": \"boolean\",\n \"description\": \"TODO\",\n \"default\": false\n },\n \"max_age\": {\n \"type\": \"integer\",\n \"description\": \"Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.\",\n \"default\": 0,\n \"minimum\": 0\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"description\": \"Adds additional log output to debug CORS issues.\",\n \"default\": false\n }\n }\n}\n" }, { "path": "oryx/configx/error.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pkg/errors\"\n)\n\ntype ImmutableError struct {\n\tFrom interface{}\n\tTo interface{}\n\tKey string\n\terror\n}\n\nfunc NewImmutableError(key string, from, to interface{}) error {\n\treturn &ImmutableError{\n\t\tFrom: from,\n\t\tTo: to,\n\t\tKey: key,\n\t\terror: errors.Errorf(\"immutable configuration key \\\"%s\\\" was changed from \\\"%v\\\" to \\\"%v\\\"\", key, from, to),\n\t}\n}\n\nfunc (e *ImmutableError) Error() string {\n\treturn fmt.Sprintf(\"immutable configuration key \\\"%s\\\" was changed from \\\"%v\\\" to \\\"%v\\\"\", e.Key, e.From, e.To)\n}\n" }, { "path": "oryx/configx/helpers.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"io\"\n\t\"strings\"\n\n\t\"github.com/spf13/pflag\"\n)\n\n// RegisterFlags registers the config file flag.\nfunc RegisterFlags(flags *pflag.FlagSet) {\n\tflags.StringSliceP(\"config\", \"c\", []string{}, \"Path to one or more .json, .yaml, .yml, .toml config files. Values are loaded in the order provided, meaning that the last config file overwrites values from the previous config file.\")\n}\n\n// host = unix:/path/to/socket => port is discarded, otherwise format as host:port\nfunc GetAddress(host string, port int) string {\n\tif strings.HasPrefix(host, \"unix:\") {\n\t\treturn host\n\t}\n\treturn fmt.Sprintf(\"%s:%d\", host, port)\n}\n\nfunc (s *Serve) GetAddress() string {\n\treturn GetAddress(s.Host, s.Port)\n}\n\n// AddSchemaResources adds the config schema partials to the compiler.\n// The interface is specified instead of `jsonschema.Compiler` to allow the use of any jsonschema library fork or version.\nfunc AddSchemaResources(c interface {\n\tAddResource(url string, r io.Reader) error\n}) error {\n\tif err := c.AddResource(TLSConfigSchemaID, bytes.NewReader(TLSConfigSchema)); err != nil {\n\t\treturn err\n\t}\n\tif err := c.AddResource(ServeConfigSchemaID, bytes.NewReader(ServeConfigSchema)); err != nil {\n\t\treturn err\n\t}\n\treturn c.AddResource(CORSConfigSchemaID, bytes.NewReader(CORSConfigSchema))\n}\n\nfunc cleanPrefix(prefix string) string {\n\tif len(prefix) > 0 {\n\t\tprefix = strings.TrimRight(prefix, \".\") + \".\"\n\t}\n\treturn prefix\n}\n" }, { "path": "oryx/configx/koanf_confmap.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"errors\"\n\n\t\"github.com/knadh/koanf/maps\"\n\t\"github.com/tidwall/gjson\"\n)\n\n// KoanfConfmap implements a raw map[string]interface{} provider.\ntype KoanfConfmap struct {\n\ttuples []tuple\n}\n\n// Provider returns a confmap Provider that takes a flat or nested\n// map[string]interface{}. If a delim is provided, it indicates that the\n// keys are flat and the map needs to be unflatted by delim.\nfunc NewKoanfConfmap(tuples []tuple) *KoanfConfmap {\n\treturn &KoanfConfmap{tuples: jsonify(tuples)}\n}\n\nfunc jsonify(tuples []tuple) []tuple {\n\tfor k, t := range tuples {\n\t\tvar parsed interface{}\n\t\tswitch vt := t.Value.(type) {\n\t\tcase string:\n\t\t\tif gjson.Valid(vt) && json.NewDecoder(bytes.NewBufferString(vt)).Decode(&parsed) == nil {\n\t\t\t\ttuples[k].Value = parsed\n\t\t\t}\n\t\t\tcontinue\n\t\tcase []byte:\n\t\t\tif gjson.ValidBytes(vt) && json.NewDecoder(bytes.NewBuffer(vt)).Decode(&parsed) == nil {\n\t\t\t\ttuples[k].Value = parsed\n\t\t\t}\n\t\t\tcontinue\n\t\tcase json.RawMessage:\n\t\t\tif gjson.ValidBytes(vt) && json.NewDecoder(bytes.NewBuffer(vt)).Decode(&parsed) == nil {\n\t\t\t\ttuples[k].Value = parsed\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\t}\n\treturn tuples\n}\n\n// ReadBytes is not supported by the env provider.\nfunc (e *KoanfConfmap) ReadBytes() ([]byte, error) {\n\treturn nil, errors.New(\"confmap provider does not support this method\")\n}\n\n// Read returns the loaded map[string]interface{}.\nfunc (e *KoanfConfmap) Read() (map[string]interface{}, error) {\n\tvalues := map[string]interface{}{}\n\tfor _, t := range e.tuples {\n\t\tvalues[t.Key] = t.Value\n\t}\n\n\t// Ensure any nested values are properly converted as well\n\tcp := maps.Copy(values)\n\tmaps.IntfaceKeysToStrings(cp)\n\tcp = maps.Unflatten(cp, Delimiter)\n\n\treturn cp, nil\n}\n" }, { "path": "oryx/configx/koanf_env.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"encoding/json\"\n\t\"os\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/tidwall/sjson\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\n\t\"github.com/spf13/cast\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/x/castx\"\n\t\"github.com/ory/x/jsonschemax\"\n)\n\nvar isNumRegex = regexp.MustCompile(\"^[0-9]+$\")\n\nfunc NewKoanfEnv(prefix string, rawSchema []byte, schema *jsonschema.Schema) (*Env, error) {\n\tpaths, err := getSchemaPaths(rawSchema, schema)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Env{\n\t\tpaths: paths,\n\t\tprefix: prefix,\n\t}, nil\n}\n\n// Env implements an environment variables provider.\ntype Env struct {\n\tprefix string\n\tpaths []jsonschemax.Path\n}\n\n// ReadBytes is not supported by the env provider.\nfunc (e *Env) ReadBytes() ([]byte, error) {\n\treturn nil, errors.New(\"env provider does not support this method\")\n}\n\n// Read reads all available environment variables into a key:value map\n// and returns it.\nfunc (e *Env) Read() (map[string]interface{}, error) {\n\t// Collect the environment variable keys.\n\tvar keys []string\n\tfor _, k := range os.Environ() {\n\t\tif e.prefix != \"\" {\n\t\t\tif strings.HasPrefix(k, e.prefix) {\n\t\t\t\tkeys = append(keys, k)\n\t\t\t}\n\t\t} else {\n\t\t\tkeys = append(keys, k)\n\t\t}\n\t}\n\n\traw := \"{}\"\n\tvar err error\n\tfor _, k := range keys {\n\t\tparts := strings.SplitN(k, \"=\", 2)\n\n\t\tkey, value := e.extract(parts[0], parts[1])\n\t\t// If the callback blanked the key, it should be omitted\n\t\tif key == \"\" {\n\t\t\tcontinue\n\t\t}\n\n\t\traw, err = sjson.Set(raw, key, value)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t}\n\n\tvar m map[string]interface{}\n\tif err := json.Unmarshal([]byte(raw), &m); err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\treturn m, nil\n}\n\n// Watch is not supported.\nfunc (e *Env) Watch(cb func(event interface{}, err error)) error {\n\treturn errors.New(\"env provider does not support this method\")\n}\n\nfunc (e *Env) extract(key string, value string) (string, interface{}) {\n\tkey = strings.Replace(strings.ToLower(strings.TrimPrefix(key, e.prefix)), \"_\", \".\", -1)\n\n\tfor _, path := range e.paths {\n\t\tnormalized := strings.Replace(path.Name, \"_\", \".\", -1)\n\t\tname := path.Name\n\n\t\t// Crazy hack to get arrays working.\n\t\tvar indices []string\n\t\tsearchParts := strings.Split(normalized, \".\")\n\t\tkeyParts := strings.Split(key, \".\")\n\t\tif len(searchParts) == len(keyParts) {\n\t\t\tfor k, search := range searchParts {\n\t\t\t\tif search != keyParts[k] {\n\t\t\t\t\tindices = nil\n\t\t\t\t}\n\n\t\t\t\tif search != \"#\" {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tif !isNumRegex.MatchString(keyParts[k]) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tsearchParts[k] = keyParts[k]\n\t\t\t\tindices = append(indices, keyParts[k])\n\t\t\t}\n\t\t}\n\n\t\tif len(indices) > 0 {\n\t\t\tnormalized = strings.Join(searchParts, \".\")\n\t\t\tfor _, index := range indices {\n\t\t\t\tname = strings.Replace(name, \"#\", index, 1)\n\t\t\t}\n\t\t}\n\n\t\tif normalized == key {\n\t\t\tswitch path.TypeHint {\n\t\t\tcase jsonschemax.String:\n\t\t\t\treturn name, cast.ToString(value)\n\t\t\tcase jsonschemax.Float:\n\t\t\t\treturn name, cast.ToFloat64(value)\n\t\t\tcase jsonschemax.Int:\n\t\t\t\treturn name, cast.ToInt64(value)\n\t\t\tcase jsonschemax.Bool:\n\t\t\t\treturn name, cast.ToBool(value)\n\t\t\tcase jsonschemax.Nil:\n\t\t\t\treturn name, nil\n\t\t\tcase jsonschemax.BoolSlice:\n\t\t\t\tif !gjson.Valid(value) {\n\t\t\t\t\treturn name, cast.ToBoolSlice(value)\n\t\t\t\t}\n\t\t\t\tfallthrough\n\t\t\tcase jsonschemax.StringSlice:\n\t\t\t\tif !gjson.Valid(value) {\n\t\t\t\t\treturn name, castx.ToStringSlice(value)\n\t\t\t\t}\n\t\t\t\tfallthrough\n\t\t\tcase jsonschemax.IntSlice:\n\t\t\t\tif !gjson.Valid(value) {\n\t\t\t\t\treturn name, cast.ToIntSlice(value)\n\t\t\t\t}\n\t\t\t\tfallthrough\n\t\t\tcase jsonschemax.FloatSlice:\n\t\t\t\tif !gjson.Valid(value) {\n\t\t\t\t\treturn name, castx.ToFloatSlice(value)\n\t\t\t\t}\n\t\t\t\tfallthrough\n\t\t\tcase jsonschemax.JSON:\n\t\t\t\treturn name, decode(value)\n\t\t\tdefault:\n\t\t\t\treturn name, value\n\t\t\t}\n\t\t}\n\t}\n\n\treturn \"\", nil\n}\n\nfunc decode(value string) (v interface{}) {\n\tb := []byte(value)\n\tvar arr []interface{}\n\tif err := json.Unmarshal(b, &arr); err == nil {\n\t\treturn &arr\n\t}\n\th := map[string]interface{}{}\n\tif err := json.Unmarshal(b, &h); err == nil {\n\t\treturn &h\n\t}\n\treturn nil\n}\n" }, { "path": "oryx/configx/koanf_file.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"context\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/knadh/koanf/parsers/json\"\n\t\"github.com/knadh/koanf/parsers/toml\"\n\t\"github.com/knadh/koanf/parsers/yaml\"\n\t\"github.com/knadh/koanf/v2\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/watcherx\"\n)\n\n// KoanfFile implements a KoanfFile provider.\ntype KoanfFile struct {\n\tsubKey string\n\tpath string\n\tparser koanf.Parser\n}\n\n// NewKoanfFile returns a file provider.\nfunc NewKoanfFile(path string) (*KoanfFile, error) {\n\treturn NewKoanfFileSubKey(path, \"\")\n}\n\nfunc NewKoanfFileSubKey(path, subKey string) (*KoanfFile, error) {\n\tkf := &KoanfFile{\n\t\tpath: filepath.Clean(path),\n\t\tsubKey: subKey,\n\t}\n\n\tswitch e := filepath.Ext(path); e {\n\tcase \".toml\":\n\t\tkf.parser = toml.Parser()\n\tcase \".json\":\n\t\tkf.parser = json.Parser()\n\tcase \".yaml\", \".yml\":\n\t\tkf.parser = yaml.Parser()\n\tdefault:\n\t\treturn nil, errors.Errorf(\"unknown config file extension: %s\", e)\n\t}\n\n\treturn kf, nil\n}\n\n// ReadBytes is not supported by KoanfFile.\nfunc (f *KoanfFile) ReadBytes() ([]byte, error) {\n\treturn nil, errors.New(\"file provider does not support this method\")\n}\n\n// Read reads the file and returns the parsed configuration.\nfunc (f *KoanfFile) Read() (map[string]interface{}, error) {\n\t//#nosec G304 -- false positive\n\tfc, err := os.ReadFile(f.path)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\tv, err := f.parser.Unmarshal(fc)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\tif f.subKey == \"\" {\n\t\treturn v, nil\n\t}\n\n\tpath := strings.Split(f.subKey, Delimiter)\n\tfor i := range path {\n\t\tv = map[string]interface{}{\n\t\t\tpath[len(path)-1-i]: v,\n\t\t}\n\t}\n\n\treturn v, nil\n}\n\n// WatchChannel watches the file and triggers a callback when it changes. It is a\n// blocking function that internally spawns a goroutine to watch for changes.\nfunc (f *KoanfFile) WatchChannel(ctx context.Context, c watcherx.EventChannel) (watcherx.Watcher, error) {\n\treturn watcherx.WatchFile(ctx, f.path, c)\n}\n" }, { "path": "oryx/configx/koanf_full_merge.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/tidwall/sjson\"\n\n\t\"github.com/ory/x/jsonx\"\n)\n\nfunc MergeAllTypes(src, dst map[string]interface{}) error {\n\trawSrc, err := json.Marshal(src)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tdstSrc, err := json.Marshal(dst)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tkeys := jsonx.Flatten(rawSrc)\n\tfor key, value := range keys {\n\t\tdstSrc, err = sjson.SetBytes(dstSrc, key, value)\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t}\n\n\treturn errors.WithStack(json.Unmarshal(dstSrc, &dst))\n}\n" }, { "path": "oryx/configx/koanf_memory.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"context\"\n\n\t\"github.com/knadh/koanf/parsers/json\"\n\t\"github.com/knadh/koanf/v2\"\n\n\t\"github.com/pkg/errors\"\n\n\tstdjson \"encoding/json\"\n)\n\n// KoanfMemory implements a KoanfMemory provider.\ntype KoanfMemory struct {\n\tdoc stdjson.RawMessage\n\n\tctx context.Context\n\tparser koanf.Parser\n}\n\n// NewKoanfMemory returns a file provider.\nfunc NewKoanfMemory(ctx context.Context, doc stdjson.RawMessage) *KoanfMemory {\n\treturn &KoanfMemory{\n\t\tctx: ctx,\n\t\tdoc: doc,\n\t\tparser: json.Parser(),\n\t}\n}\n\nfunc (f *KoanfMemory) SetDoc(doc stdjson.RawMessage) {\n\tf.doc = doc\n}\n\n// ReadBytes reads the contents of a file on disk and returns the bytes.\nfunc (f *KoanfMemory) ReadBytes() ([]byte, error) {\n\treturn nil, errors.New(\"file provider does not support this method\")\n}\n\n// Read is not supported by the file provider.\nfunc (f *KoanfMemory) Read() (map[string]interface{}, error) {\n\tv, err := f.parser.Unmarshal(f.doc)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\treturn v, nil\n}\n" }, { "path": "oryx/configx/koanf_schema_defaults.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"strings\"\n\n\t\"github.com/knadh/koanf/maps\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/x/jsonschemax\"\n)\n\ntype KoanfSchemaDefaults struct {\n\tkeys []jsonschemax.Path\n}\n\nfunc NewKoanfSchemaDefaults(rawSchema []byte, schema *jsonschema.Schema) (*KoanfSchemaDefaults, error) {\n\tkeys, err := getSchemaPaths(rawSchema, schema)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &KoanfSchemaDefaults{keys: keys}, nil\n}\n\nfunc (k *KoanfSchemaDefaults) ReadBytes() ([]byte, error) {\n\treturn nil, errors.New(\"schema defaults provider does not support this method\")\n}\n\nfunc (k *KoanfSchemaDefaults) Read() (map[string]interface{}, error) {\n\tvalues := map[string]interface{}{}\n\tfor _, key := range k.keys {\n\t\t// It's an array!\n\t\tif strings.Contains(key.Name, \"#\") {\n\t\t\tcontinue\n\t\t}\n\n\t\tif key.Default != nil {\n\t\t\tvalues[key.Name] = key.Default\n\t\t}\n\t}\n\n\treturn maps.Unflatten(values, \".\"), nil\n}\n" }, { "path": "oryx/configx/options.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/x/logrusx\"\n\n\t\"github.com/knadh/koanf/v2\"\n\n\t\"github.com/ory/x/watcherx\"\n)\n\ntype (\n\tOptionModifier func(p *Provider)\n)\n\nfunc WithContext(ctx context.Context) OptionModifier {\n\treturn func(p *Provider) {\n\t\tfor _, o := range ConfigOptionsFromContext(ctx) {\n\t\t\to(p)\n\t\t}\n\t}\n}\n\nfunc WithConfigFiles(files ...string) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.files = append(p.files, files...)\n\t}\n}\n\nfunc WithImmutables(immutables ...string) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.immutables = append(p.immutables, immutables...)\n\t}\n}\n\nfunc WithExceptImmutables(exceptImmutables ...string) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.exceptImmutables = append(p.exceptImmutables, exceptImmutables...)\n\t}\n}\n\nfunc WithFlags(flags *pflag.FlagSet) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.flags = flags\n\t}\n}\n\nfunc WithLogger(l *logrusx.Logger) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.logger = l\n\t}\n}\n\nfunc SkipValidation() OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.skipValidation = true\n\t}\n}\n\nfunc DisableEnvLoading() OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.disableEnvLoading = true\n\t}\n}\n\nfunc WithValue(key string, value interface{}) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.forcedValues = append(p.forcedValues, tuple{Key: key, Value: value})\n\t}\n}\n\nfunc WithValues(values map[string]interface{}) OptionModifier {\n\treturn func(p *Provider) {\n\t\tfor key, value := range values {\n\t\t\tp.forcedValues = append(p.forcedValues, tuple{Key: key, Value: value})\n\t\t}\n\t}\n}\n\nfunc WithBaseValues(values map[string]interface{}) OptionModifier {\n\treturn func(p *Provider) {\n\t\tfor key, value := range values {\n\t\t\tp.baseValues = append(p.baseValues, tuple{Key: key, Value: value})\n\t\t}\n\t}\n}\n\nfunc WithUserProviders(providers ...koanf.Provider) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.userProviders = providers\n\t}\n}\n\n// DEPRECATED without replacement. This option is a no-op.\nfunc OmitKeysFromTracing(keys ...string) OptionModifier {\n\treturn func(*Provider) {}\n}\n\nfunc AttachWatcher(watcher func(event watcherx.Event, err error)) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.onChanges = append(p.onChanges, watcher)\n\t}\n}\n\nfunc WithLogrusWatcher(l *logrusx.Logger) OptionModifier {\n\treturn AttachWatcher(LogrusWatcher(l))\n}\n\nfunc LogrusWatcher(l *logrusx.Logger) func(e watcherx.Event, err error) {\n\treturn func(e watcherx.Event, err error) {\n\t\tl.WithField(\"file\", e.Source()).\n\t\t\tWithField(\"event_type\", fmt.Sprintf(\"%T\", e)).\n\t\t\tInfo(\"A change to a configuration file was detected.\")\n\n\t\tif et := new(jsonschema.ValidationError); errors.As(err, &et) {\n\t\t\tl.WithField(\"event\", fmt.Sprintf(\"%#v\", et)).\n\t\t\t\tErrorf(\"The changed configuration is invalid and could not be loaded. Rolling back to the last working configuration revision. Please address the validation errors before restarting the process.\")\n\t\t} else if et := new(ImmutableError); errors.As(err, &et) {\n\t\t\tl.WithError(err).\n\t\t\t\tWithField(\"key\", et.Key).\n\t\t\t\tWithField(\"old_value\", fmt.Sprintf(\"%v\", et.From)).\n\t\t\t\tWithField(\"new_value\", fmt.Sprintf(\"%v\", et.To)).\n\t\t\t\tErrorf(\"A configuration value marked as immutable has changed. Rolling back to the last working configuration revision. To reload the values please restart the process.\")\n\t\t} else if err != nil {\n\t\t\tl.WithError(err).Errorf(\"An error occurred while watching config file %s\", e.Source())\n\t\t} else {\n\t\t\tl.WithField(\"file\", e.Source()).\n\t\t\t\tWithField(\"event_type\", fmt.Sprintf(\"%T\", e)).\n\t\t\t\tInfo(\"Configuration change processed successfully.\")\n\t\t}\n\t}\n}\n\nfunc WithStderrValidationReporter() OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.onValidationError = func(k *koanf.Koanf, err error) {\n\t\t\tp.printHumanReadableValidationErrors(k, os.Stderr, err)\n\t\t}\n\t}\n}\n\nfunc WithStandardValidationReporter(w io.Writer) OptionModifier {\n\treturn func(p *Provider) {\n\t\tp.onValidationError = func(k *koanf.Koanf, err error) {\n\t\t\tp.printHumanReadableValidationErrors(k, w, err)\n\t\t}\n\t}\n}\n" }, { "path": "oryx/configx/permission.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"os\"\n\t\"os/user\"\n\t\"strconv\"\n)\n\ntype UnixPermission struct {\n\tOwner string\n\tGroup string\n\tMode os.FileMode\n}\n\nfunc (p *UnixPermission) SetPermission(file string) error {\n\tvar e error\n\te = os.Chmod(file, p.Mode)\n\tif e != nil {\n\t\treturn e\n\t}\n\n\tgid := -1\n\tuid := -1\n\n\tif p.Owner != \"\" {\n\t\tvar userObj *user.User\n\t\tuserObj, e = user.Lookup(p.Owner)\n\t\tif e != nil {\n\t\t\treturn e\n\t\t}\n\t\tuid, e = strconv.Atoi(userObj.Uid)\n\t\tif e != nil {\n\t\t\treturn e\n\t\t}\n\t}\n\tif p.Group != \"\" {\n\t\tvar group *user.Group\n\t\tgroup, e := user.LookupGroup(p.Group)\n\t\tif e != nil {\n\t\t\treturn e\n\t\t}\n\t\tgid, e = strconv.Atoi(group.Gid)\n\t\tif e != nil {\n\t\t\treturn e\n\t\t}\n\t}\n\n\te = os.Chown(file, uid, gid)\n\tif e != nil {\n\t\treturn e\n\t}\n\treturn nil\n}\n" }, { "path": "oryx/configx/pflag.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"strings\"\n\n\t\"github.com/knadh/koanf/providers/posflag\"\n\t\"github.com/knadh/koanf/v2\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/x/jsonschemax\"\n)\n\ntype PFlagProvider struct {\n\tp *posflag.Posflag\n\tpaths []jsonschemax.Path\n}\n\nfunc NewPFlagProvider(rawSchema []byte, schema *jsonschema.Schema, f *pflag.FlagSet, k *koanf.Koanf) (*PFlagProvider, error) {\n\tpaths, err := getSchemaPaths(rawSchema, schema)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn &PFlagProvider{\n\t\tp: posflag.Provider(f, \".\", k),\n\t\tpaths: paths,\n\t}, nil\n}\n\nfunc (p *PFlagProvider) ReadBytes() ([]byte, error) {\n\treturn nil, errors.New(\"pflag provider does not support this method\")\n}\n\nfunc (p *PFlagProvider) Read() (map[string]interface{}, error) {\n\tall, err := p.p.Read()\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\tknownFlags := make(map[string]interface{}, len(all))\n\tfor k, v := range all {\n\t\tk = strings.ReplaceAll(k, \".\", \"-\")\n\t\tfor _, path := range p.paths {\n\t\t\tnormalized := strings.ReplaceAll(path.Name, \".\", \"-\")\n\t\t\tif k == normalized {\n\t\t\t\tknownFlags[k] = v\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t}\n\treturn knownFlags, nil\n}\n\nvar _ koanf.Provider = (*PFlagProvider)(nil)\n" }, { "path": "oryx/configx/provider.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/url\"\n\t\"os\"\n\t\"reflect\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/inhies/go-bytesize\"\n\t\"github.com/knadh/koanf/parsers/json\"\n\t\"github.com/knadh/koanf/providers/posflag\"\n\t\"github.com/knadh/koanf/v2\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/x/jsonschemax\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/watcherx\"\n)\n\ntype tuple struct {\n\tKey string\n\tValue interface{}\n}\n\ntype Provider struct {\n\tl sync.RWMutex\n\t*koanf.Koanf\n\timmutables, exceptImmutables []string\n\n\tschema []byte\n\tflags *pflag.FlagSet\n\tvalidator *jsonschema.Schema\n\tonChanges []func(watcherx.Event, error)\n\tonValidationError func(k *koanf.Koanf, err error)\n\n\tforcedValues []tuple\n\tbaseValues []tuple\n\tfiles []string\n\n\tskipValidation bool\n\tdisableEnvLoading bool\n\n\tlogger *logrusx.Logger\n\n\tproviders []koanf.Provider\n\tuserProviders []koanf.Provider\n}\n\nconst (\n\tFlagConfig = \"config\"\n\tDelimiter = \".\"\n)\n\n// RegisterConfigFlag registers the \"--config\" flag on pflag.FlagSet.\nfunc RegisterConfigFlag(flags *pflag.FlagSet, fallback []string) {\n\tflags.StringSliceP(FlagConfig, \"c\", fallback, \"Config files to load, overwriting in the order specified.\")\n}\n\n// New creates a new provider instance or errors.\n// Configuration values are loaded in the following order:\n//\n// 1. Defaults from the JSON Schema\n// 2. Config files (yaml, yml, toml, json)\n// 3. Command line flags\n// 4. Environment variables\n//\n// There will also be file-watchers started for all config files. To cancel the\n// watchers, cancel the context.\nfunc New(ctx context.Context, schema []byte, modifiers ...OptionModifier) (*Provider, error) {\n\tvalidator, err := getSchema(ctx, schema)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tl := logrus.New()\n\tl.Out = io.Discard\n\n\tp := &Provider{\n\t\tschema: schema,\n\t\tvalidator: validator,\n\t\tonValidationError: func(k *koanf.Koanf, err error) {},\n\t\tlogger: logrusx.New(\"discarding config logger\", \"\", logrusx.UseLogger(l)),\n\t\tKoanf: koanf.NewWithConf(koanf.Conf{Delim: Delimiter, StrictMerge: true}),\n\t}\n\n\tfor _, m := range modifiers {\n\t\tm(p)\n\t}\n\n\tproviders, err := p.createProviders(ctx)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tp.providers = providers\n\n\tk, err := p.newKoanf()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tp.replaceKoanf(k)\n\treturn p, nil\n}\n\nfunc (p *Provider) SkipValidation() bool {\n\treturn p.skipValidation\n}\n\nfunc (p *Provider) createProviders(ctx context.Context) (providers []koanf.Provider, err error) {\n\tdefaultsProvider, err := NewKoanfSchemaDefaults(p.schema, p.validator)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tproviders = append(providers, defaultsProvider)\n\n\t// Workaround for https://github.com/knadh/koanf/pull/47\n\tfor _, t := range p.baseValues {\n\t\tproviders = append(providers, NewKoanfConfmap([]tuple{t}))\n\t}\n\n\tpaths := p.files\n\tif p.flags != nil {\n\t\tp, _ := p.flags.GetStringSlice(FlagConfig)\n\t\tpaths = append(paths, p...)\n\t}\n\n\tp.logger.WithField(\"files\", paths).Debug(\"Adding config files.\")\n\n\tc := make(watcherx.EventChannel)\n\n\tdefer func() {\n\t\tif err == nil && len(paths) > 0 {\n\t\t\tgo p.watchForFileChanges(ctx, c)\n\t\t}\n\t}()\n\tfor _, path := range paths {\n\t\tfp, err := NewKoanfFile(path)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif _, err := fp.WatchChannel(ctx, c); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tproviders = append(providers, fp)\n\t}\n\n\tproviders = append(providers, p.userProviders...)\n\n\tif p.flags != nil {\n\t\tpp, err := NewPFlagProvider(p.schema, p.validator, p.flags, p.Koanf)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tproviders = append(providers, pp)\n\t}\n\n\tif !p.disableEnvLoading {\n\t\tenvProvider, err := NewKoanfEnv(\"\", p.schema, p.validator)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tproviders = append(providers, envProvider)\n\t}\n\n\t// Workaround for https://github.com/knadh/koanf/pull/47\n\tfor _, t := range p.forcedValues {\n\t\tproviders = append(providers, NewKoanfConfmap([]tuple{t}))\n\t}\n\n\treturn providers, nil\n}\n\nfunc (p *Provider) replaceKoanf(k *koanf.Koanf) {\n\tp.Koanf = k\n}\n\nfunc (p *Provider) validate(k *koanf.Koanf) error {\n\tif p.skipValidation {\n\t\treturn nil\n\t}\n\n\tout, err := k.Marshal(json.Parser())\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\tif err := p.validator.Validate(bytes.NewReader(out)); err != nil {\n\t\tp.onValidationError(k, err)\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\n// newKoanf creates a new koanf instance with all the updated config\n//\n// This is unfortunately required due to several limitations / bugs in koanf:\n//\n// - https://github.com/knadh/koanf/issues/77\n// - https://github.com/knadh/koanf/pull/47\nfunc (p *Provider) newKoanf() (_ *koanf.Koanf, err error) {\n\tk := koanf.New(Delimiter)\n\n\tfor _, provider := range p.providers {\n\t\t// posflag.Posflag requires access to Koanf instance so we recreate the provider here which is a workaround\n\t\t// for posflag.Provider's API.\n\t\tif _, ok := provider.(*posflag.Posflag); ok {\n\t\t\tprovider = posflag.Provider(p.flags, \".\", k)\n\t\t}\n\n\t\tvar opts []koanf.Option\n\t\tif _, ok := provider.(*Env); ok {\n\t\t\topts = append(opts, koanf.WithMergeFunc(MergeAllTypes))\n\t\t}\n\n\t\tif err := k.Load(provider, nil, opts...); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tif err := p.validate(k); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn k, nil\n}\n\n// SetTracer does nothing. DEPRECATED without replacement.\nfunc (p *Provider) SetTracer(_ context.Context, _ *otelx.Tracer) {\n}\n\nfunc (p *Provider) runOnChanges(e watcherx.Event, err error) {\n\tfor k := range p.onChanges {\n\t\tp.onChanges[k](e, err)\n\t}\n}\n\nfunc deleteOtherKeys(k *koanf.Koanf, keys []string) {\nouter:\n\tfor _, key := range k.Keys() {\n\t\tfor _, ik := range keys {\n\t\t\tif key == ik {\n\t\t\t\tcontinue outer\n\t\t\t}\n\t\t}\n\t\tk.Delete(key)\n\t}\n}\n\nfunc (p *Provider) reload(e watcherx.Event) {\n\tp.l.Lock()\n\n\tvar err error\n\tdefer func() {\n\t\t// we first want to unlock and then runOnChanges, so that the callbacks can actually use the Provider\n\t\tp.l.Unlock()\n\t\tp.runOnChanges(e, err)\n\t}()\n\n\tnk, err := p.newKoanf()\n\tif err != nil {\n\t\treturn // unlocks & runs changes in defer\n\t}\n\n\toldImmutables, newImmutables := p.Koanf.Copy(), nk.Copy()\n\tdeleteOtherKeys(oldImmutables, p.immutables)\n\tdeleteOtherKeys(newImmutables, p.immutables)\n\n\tfor _, key := range p.exceptImmutables {\n\t\toldImmutables.Delete(key)\n\t\tnewImmutables.Delete(key)\n\t}\n\tif !reflect.DeepEqual(oldImmutables.Raw(), newImmutables.Raw()) {\n\t\tfor _, key := range p.immutables {\n\t\t\tif !reflect.DeepEqual(oldImmutables.Get(key), newImmutables.Get(key)) {\n\t\t\t\terr = NewImmutableError(key, fmt.Sprintf(\"%v\", p.Koanf.Get(key)), fmt.Sprintf(\"%v\", nk.Get(key)))\n\t\t\t\treturn // unlocks & runs changes in defer\n\t\t\t}\n\t\t}\n\t}\n\n\tp.replaceKoanf(nk)\n\n\t// unlocks & runs changes in defer\n}\n\nfunc (p *Provider) watchForFileChanges(ctx context.Context, c watcherx.EventChannel) {\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tcase e := <-c:\n\t\t\tswitch et := e.(type) {\n\t\t\tcase *watcherx.ErrorEvent:\n\t\t\t\tp.runOnChanges(e, et)\n\t\t\tdefault:\n\t\t\t\tp.reload(e)\n\t\t\t}\n\t\t}\n\t}\n}\n\n// DirtyPatch patches individual config keys without reloading the full config\n//\n// WARNING! This method is only useful to override existing keys in string or number\n// format. DO NOT use this method to override arrays, maps, or other complex types.\n//\n// This method DOES NOT validate the config against the config JSON schema. If you\n// need to validate the config, use the Set method instead.\n//\n// This method can not be used to remove keys from the config as that is not\n// possible without reloading the full config.\nfunc (p *Provider) DirtyPatch(key string, value any) error {\n\tp.l.Lock()\n\tdefer p.l.Unlock()\n\n\tt := tuple{Key: key, Value: value}\n\tkc := NewKoanfConfmap([]tuple{t})\n\n\tp.forcedValues = append(p.forcedValues, t)\n\tp.providers = append(p.providers, kc)\n\n\tif err := p.Koanf.Load(kc, nil, []koanf.Option{}...); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (p *Provider) Set(key string, value interface{}) error {\n\tp.l.Lock()\n\tdefer p.l.Unlock()\n\n\tp.forcedValues = append(p.forcedValues, tuple{Key: key, Value: value})\n\tp.providers = append(p.providers, NewKoanfConfmap([]tuple{{Key: key, Value: value}}))\n\n\tk, err := p.newKoanf()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tp.replaceKoanf(k)\n\treturn nil\n}\n\nfunc (p *Provider) BoolF(key string, fallback bool) bool {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Koanf.Exists(key) {\n\t\treturn fallback\n\t}\n\n\treturn p.Bool(key)\n}\n\nfunc (p *Provider) StringF(key string, fallback string) string {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Koanf.Exists(key) {\n\t\treturn fallback\n\t}\n\n\treturn p.String(key)\n}\n\nfunc (p *Provider) StringsF(key string, fallback []string) (val []string) {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Koanf.Exists(key) {\n\t\treturn fallback\n\t}\n\n\treturn p.Strings(key)\n}\n\nfunc (p *Provider) IntF(key string, fallback int) (val int) {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Koanf.Exists(key) {\n\t\treturn fallback\n\t}\n\n\treturn p.Int(key)\n}\n\nfunc (p *Provider) Float64F(key string, fallback float64) (val float64) {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Koanf.Exists(key) {\n\t\treturn fallback\n\t}\n\n\treturn p.Float64(key)\n}\n\nfunc (p *Provider) DurationF(key string, fallback time.Duration) (val time.Duration) {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Koanf.Exists(key) {\n\t\treturn fallback\n\t}\n\n\treturn p.Duration(key)\n}\n\nfunc (p *Provider) ByteSizeF(key string, fallback bytesize.ByteSize) bytesize.ByteSize {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Koanf.Exists(key) {\n\t\treturn fallback\n\t}\n\n\tswitch v := p.Koanf.Get(key).(type) {\n\tcase string:\n\t\t// this type usually comes from user input\n\t\tdec, err := bytesize.Parse(v)\n\t\tif err != nil {\n\t\t\tp.logger.WithField(\"key\", key).WithField(\"raw_value\", v).WithError(err).Warnf(\"error parsing byte size value, using fallback of %s\", fallback)\n\t\t\treturn fallback\n\t\t}\n\t\treturn dec\n\tcase float64:\n\t\t// this type comes from json.Unmarshal\n\t\treturn bytesize.ByteSize(v)\n\tcase bytesize.ByteSize:\n\t\treturn v\n\tdefault:\n\t\tp.logger.WithField(\"key\", key).WithField(\"raw_type\", fmt.Sprintf(\"%T\", v)).WithField(\"raw_value\", fmt.Sprintf(\"%+v\", v)).Errorf(\"error converting byte size value because of unknown type, using fallback of %s\", fallback)\n\t\treturn fallback\n\t}\n}\n\nfunc (p *Provider) GetF(key string, fallback interface{}) (val interface{}) {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tif !p.Exists(key) {\n\t\treturn fallback\n\t}\n\n\treturn p.Get(key)\n}\n\nfunc (p *Provider) TracingConfig(serviceName string) *otelx.Config {\n\treturn &otelx.Config{\n\t\tServiceName: p.StringF(\"tracing.service_name\", serviceName),\n\t\tDeploymentEnvironment: p.StringF(\"tracing.deployment_environment\", \"\"),\n\t\tProvider: p.String(\"tracing.provider\"),\n\t\tProviders: otelx.ProvidersConfig{\n\t\t\tJaeger: otelx.JaegerConfig{\n\t\t\t\tSampling: otelx.JaegerSampling{\n\t\t\t\t\tServerURL: p.String(\"tracing.providers.jaeger.sampling.server_url\"),\n\t\t\t\t\tTraceIDRatio: p.Float64F(\"tracing.providers.jaeger.sampling.trace_id_ratio\", 1),\n\t\t\t\t},\n\t\t\t\tLocalAgentAddress: p.String(\"tracing.providers.jaeger.local_agent_address\"),\n\t\t\t},\n\t\t\tZipkin: otelx.ZipkinConfig{\n\t\t\t\tServerURL: p.String(\"tracing.providers.zipkin.server_url\"),\n\t\t\t\tSampling: otelx.ZipkinSampling{\n\t\t\t\t\tSamplingRatio: p.Float64(\"tracing.providers.zipkin.sampling.sampling_ratio\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOTLP: otelx.OTLPConfig{\n\t\t\t\tServerURL: p.String(\"tracing.providers.otlp.server_url\"),\n\t\t\t\tInsecure: p.Bool(\"tracing.providers.otlp.insecure\"),\n\t\t\t\tSampling: otelx.OTLPSampling{\n\t\t\t\t\tSamplingRatio: p.Float64F(\"tracing.providers.otlp.sampling.sampling_ratio\", 1),\n\t\t\t\t},\n\t\t\t\tAuthorizationHeader: p.String(\"tracing.providers.otlp.authorization_header\"),\n\t\t\t},\n\t\t},\n\t}\n}\n\nfunc (p *Provider) RequestURIF(path string, fallback *url.URL) *url.URL {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tswitch t := p.Get(path).(type) {\n\tcase *url.URL:\n\t\treturn t\n\tcase url.URL:\n\t\treturn &t\n\tcase string:\n\t\tif parsed, err := url.ParseRequestURI(t); err == nil {\n\t\t\treturn parsed\n\t\t}\n\t}\n\n\treturn fallback\n}\n\nfunc (p *Provider) URIF(path string, fallback *url.URL) *url.URL {\n\tp.l.RLock()\n\tdefer p.l.RUnlock()\n\n\tswitch t := p.Get(path).(type) {\n\tcase *url.URL:\n\t\treturn t\n\tcase url.URL:\n\t\treturn &t\n\tcase string:\n\t\tif parsed, err := url.Parse(t); err == nil {\n\t\t\treturn parsed\n\t\t}\n\t}\n\n\treturn fallback\n}\n\n// PrintHumanReadableValidationErrors prints human readable validation errors. Duh.\nfunc (p *Provider) PrintHumanReadableValidationErrors(w io.Writer, err error) {\n\tp.printHumanReadableValidationErrors(p.Koanf, w, err)\n}\n\nfunc (p *Provider) printHumanReadableValidationErrors(k *koanf.Koanf, w io.Writer, err error) {\n\tif err == nil {\n\t\treturn\n\t}\n\n\t_, _ = fmt.Fprintln(os.Stderr, \"\")\n\tconf, innerErr := k.Marshal(json.Parser())\n\tif innerErr != nil {\n\t\t_, _ = fmt.Fprintf(w, \"Unable to unmarshal configuration: %+v\", innerErr)\n\t}\n\n\tjsonschemax.FormatValidationErrorForCLI(w, conf, err)\n}\n" }, { "path": "oryx/configx/schema.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/jsonschema/v3\"\n)\n\nfunc newCompiler(schema []byte) (string, *jsonschema.Compiler, error) {\n\tid := gjson.GetBytes(schema, \"$id\").String()\n\tif id == \"\" {\n\t\tid = fmt.Sprintf(\"%s.json\", uuid.Must(uuid.NewV4()).String())\n\t}\n\n\tcompiler := jsonschema.NewCompiler()\n\tif err := compiler.AddResource(id, bytes.NewReader(schema)); err != nil {\n\t\treturn \"\", nil, errors.WithStack(err)\n\t}\n\n\t// DO NOT REMOVE THIS\n\tcompiler.ExtractAnnotations = true\n\n\tif err := otelx.AddConfigSchema(compiler); err != nil {\n\t\treturn \"\", nil, err\n\t}\n\tif err := logrusx.AddConfigSchema(compiler); err != nil {\n\t\treturn \"\", nil, err\n\t}\n\tif err := AddSchemaResources(compiler); err != nil {\n\t\treturn \"\", nil, err\n\t}\n\n\treturn id, compiler, nil\n}\n" }, { "path": "oryx/configx/schema_cache.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"context\"\n\t\"crypto/sha256\"\n\n\t\"github.com/dgraph-io/ristretto/v2\"\n\n\t\"github.com/ory/jsonschema/v3\"\n)\n\nvar schemaCacheConfig = &ristretto.Config[[]byte, *jsonschema.Schema]{\n\t// Hold up to 25 schemas in cache. Usually we only need one.\n\tMaxCost: 25,\n\tNumCounters: 250,\n\tBufferItems: 64,\n\tMetrics: false,\n\tIgnoreInternalCost: true,\n\tCost: func(*jsonschema.Schema) int64 {\n\t\treturn 1\n\t},\n}\n\nvar schemaCache, _ = ristretto.NewCache(schemaCacheConfig)\n\nfunc getSchema(ctx context.Context, schema []byte) (*jsonschema.Schema, error) {\n\tkey := sha256.Sum256(schema)\n\tif val, found := schemaCache.Get(key[:]); found {\n\t\treturn val, nil\n\t}\n\n\tschemaID, comp, err := newCompiler(schema)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvalidator, err := comp.Compile(ctx, schemaID)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tschemaCache.Set(key[:], validator, 1)\n\tschemaCache.Wait()\n\treturn validator, nil\n}\n" }, { "path": "oryx/configx/schema_path_cache.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"crypto/sha256\"\n\n\t\"github.com/ory/x/jsonschemax\"\n\n\t\"github.com/dgraph-io/ristretto/v2\"\n\n\t\"github.com/ory/jsonschema/v3\"\n)\n\nvar schemaPathCacheConfig = &ristretto.Config[[]byte, []jsonschemax.Path]{\n\t// Hold up to 25 schemas in cache. Usually we only need one.\n\tMaxCost: 250,\n\tNumCounters: 2500,\n\tBufferItems: 64,\n\tMetrics: false,\n\tIgnoreInternalCost: true,\n}\n\nvar schemaPathCache, _ = ristretto.NewCache[[]byte, []jsonschemax.Path](schemaPathCacheConfig)\n\nfunc getSchemaPaths(rawSchema []byte, schema *jsonschema.Schema) ([]jsonschemax.Path, error) {\n\tkey := sha256.Sum256(rawSchema)\n\tif val, found := schemaPathCache.Get(key[:]); found {\n\t\treturn val, nil\n\t}\n\n\tkeys, err := jsonschemax.ListPathsWithInitializedSchemaAndArraysIncluded(schema)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tschemaPathCache.Set(key[:], keys, 1)\n\tschemaPathCache.Wait()\n\treturn keys, nil\n}\n" }, { "path": "oryx/configx/serve.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nimport (\n\t\"cmp\"\n\t\"context\"\n\t\"crypto/tls\"\n\t_ \"embed\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"os\"\n\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/tlsx\"\n)\n\nconst (\n\tServeConfigSchemaID = \"ory://serve-config\"\n\tTLSConfigSchemaID = \"ory://tls-config\"\n)\n\n//go:embed serve.schema.json\nvar ServeConfigSchema []byte\n\n//go:embed tls.schema.json\nvar TLSConfigSchema []byte\n\ntype (\n\tServe struct {\n\t\tHost, WriteListenFile string\n\t\tPort int\n\t\tBaseURL *url.URL\n\t\tSocket UnixPermission\n\t\tTLS TLS\n\t\tRequestLog ServeRequestLog\n\t}\n\tTLS struct {\n\t\tEnabled bool\n\t\tAllowTerminationFrom []string\n\t\tCertBase64, KeyBase64, CertPath, KeyPath string\n\t}\n\tServeRequestLog struct {\n\t\tDisableHealth bool\n\t}\n)\n\nfunc (p *Provider) Serve(prefix string, isDev bool, defaults Serve) *Serve {\n\tprefix = cleanPrefix(prefix)\n\n\tdefaults.Socket.Mode = cmp.Or(defaults.Socket.Mode, 0o755)\n\n\tserve := Serve{\n\t\tHost: p.StringF(prefix+\"host\", defaults.Host),\n\t\tPort: p.IntF(prefix+\"port\", defaults.Port),\n\t\tWriteListenFile: p.StringF(prefix+\"write_listen_file\", defaults.WriteListenFile),\n\t\tBaseURL: p.URIF(prefix+\"base_url\", defaults.BaseURL),\n\t\tSocket: UnixPermission{\n\t\t\tOwner: p.StringF(prefix+\"socket.owner\", defaults.Socket.Owner),\n\t\t\tGroup: p.StringF(prefix+\"socket.group\", defaults.Socket.Group),\n\t\t\tMode: os.FileMode(p.IntF(prefix+\"socket.mode\", int(defaults.Socket.Mode))),\n\t\t},\n\t\tTLS: p.TLS(prefix+\"tls\", defaults.TLS),\n\t\tRequestLog: ServeRequestLog{\n\t\t\tDisableHealth: p.BoolF(prefix+\"request_log.disable_for_health\", defaults.RequestLog.DisableHealth),\n\t\t},\n\t}\n\n\tif serve.BaseURL == nil {\n\t\tserve.BaseURL = &url.URL{\n\t\t\tScheme: \"http\",\n\t\t\tPath: \"/\",\n\t\t}\n\t\tif !isDev || serve.TLS.Enabled {\n\t\t\tserve.BaseURL.Scheme = \"https\"\n\t\t}\n\t\thost := serve.Host\n\t\tif host == \"0.0.0.0\" || host == \"\" {\n\t\t\tvar err error\n\t\t\thost, err = os.Hostname()\n\t\t\tif err != nil {\n\t\t\t\tp.logger.WithError(err).Warn(\"Unable to get hostname from system, falling back to 127.0.0.1.\")\n\t\t\t\thost = \"127.0.0.1\"\n\t\t\t}\n\t\t}\n\t\tserve.BaseURL.Host = fmt.Sprintf(\"%s:%d\", host, serve.Port)\n\t}\n\n\treturn &serve\n}\n\nfunc (p *Provider) TLS(prefix string, defaults TLS) TLS {\n\tprefix = cleanPrefix(prefix)\n\n\treturn TLS{\n\t\tEnabled: p.BoolF(prefix+\"enabled\", defaults.Enabled),\n\t\tAllowTerminationFrom: p.StringsF(prefix+\"allow_termination_from\", defaults.AllowTerminationFrom),\n\t\tCertBase64: p.StringF(prefix+\"cert.base64\", defaults.CertBase64),\n\t\tKeyBase64: p.StringF(prefix+\"key.base64\", defaults.KeyBase64),\n\t\tCertPath: p.StringF(prefix+\"cert.path\", defaults.CertPath),\n\t\tKeyPath: p.StringF(prefix+\"key.path\", defaults.KeyPath),\n\t}\n}\n\nfunc (t *TLS) GetCertFunc(ctx context.Context, l *logrusx.Logger, ifaceName string) (tlsx.CertFunc, error) {\n\tswitch {\n\tcase t.CertBase64 != \"\" && t.KeyBase64 != \"\":\n\t\tcert, err := tlsx.CertificateFromBase64(t.CertBase64, t.KeyBase64)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"unable to load TLS certificate for interface %s: %w\", ifaceName, err)\n\t\t}\n\t\tl.Infof(\"Setting up HTTPS for %s\", ifaceName)\n\t\treturn func(*tls.ClientHelloInfo) (*tls.Certificate, error) { return &cert, nil }, nil\n\tcase t.CertPath != \"\" && t.KeyPath != \"\":\n\t\terrs := make(chan error, 1)\n\t\tgetCert, err := tlsx.GetCertificate(ctx, t.CertPath, t.KeyPath, errs)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"unable to load TLS certificate for interface %s: %w\", ifaceName, err)\n\t\t}\n\t\tgo func() {\n\t\t\tfor {\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn\n\t\t\t\tcase err := <-errs:\n\t\t\t\t\tl.WithError(err).Error(\"Failed to reload TLS certificates, using previous certificates\")\n\t\t\t\t}\n\t\t\t}\n\t\t}()\n\t\tl.Infof(\"Setting up HTTPS for %s (automatic certificate reloading active)\", ifaceName)\n\t\treturn getCert, nil\n\tdefault:\n\t\tl.Infof(\"TLS has not been configured for %s, skipping\", ifaceName)\n\t}\n\treturn nil, nil\n}\n" }, { "path": "oryx/configx/serve.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/x/configx/serve.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"type\": \"object\",\n \"properties\": {\n \"request_log\": {\n \"type\": \"object\",\n \"properties\": {\n \"disable_for_health\": {\n \"title\": \"Disable health endpoints request logging\",\n \"description\": \"Disable request logging for /health/alive and /health/ready endpoints\",\n \"type\": \"boolean\",\n \"default\": false\n }\n },\n \"additionalProperties\": false\n },\n \"base_url\": {\n \"title\": \"Base URL\",\n \"description\": \"The URL where the endpoint is exposed at. This domain is used to generate redirects, form URLs, and more.\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\n \"https://my-app.com/\",\n \"https://my-app.com/.ory/kratos/public\",\n \"https://auth.my-app.com/hydra\"\n ]\n },\n \"host\": {\n \"title\": \"Host\",\n \"description\": \"The host (interface) that the endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Port\",\n \"description\": \"The port that the endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535\n },\n \"socket\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Sets the permissions of the unix socket\",\n \"properties\": {\n \"owner\": {\n \"type\": \"string\",\n \"description\": \"Owner of unix socket. If empty, the owner will be the user running the service.\",\n \"default\": \"\"\n },\n \"group\": {\n \"type\": \"string\",\n \"description\": \"Group of unix socket. If empty, the group will be the primary group of the user running the service.\",\n \"default\": \"\"\n },\n \"mode\": {\n \"type\": \"integer\",\n \"description\": \"Mode of unix socket in numeric form\",\n \"default\": 493,\n \"minimum\": 0,\n \"maximum\": 511\n }\n }\n },\n \"tls\": {\n \"$ref\": \"ory://tls-config\"\n }\n }\n}\n" }, { "path": "oryx/configx/span.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage configx\n\nconst (\n\tLoadSpanOpName = \"config-load\"\n\tUpdatedSpanOpName = \"config-update\"\n\tSnapshotSpanOpName = \"config-snapshot\"\n)\n" }, { "path": "oryx/configx/stub/benchmark/benchmark.yaml", "content": "# Please find the documentation for this file at\n# https://www.ory.sh/oathkeeper/docs/configuration\n\nlog:\n level: debug\n format: json\n\nprofiling: cpu\n\nserve:\n proxy:\n port: 1234\n host: 127.0.0.1\n\n timeout:\n read: 1s\n write: 2s\n idle: 3s\n\n cors:\n enabled: true\n allowed_origins:\n - https://example.com\n - https://*.example.com\n allowed_methods:\n - POST\n - GET\n - PUT\n - PATCH\n - DELETE\n allowed_headers:\n - Authorization\n - Content-Type\n exposed_headers:\n - Content-Type\n allow_credentials: true\n max_age: 10\n debug: true\n tls:\n key:\n path: /path/to/key.pem\n base64: LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3...\n cert:\n path: /path/to/cert.pem\n base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\n\n api:\n port: 1235\n host: 127.0.0.2\n\n timeout:\n read: 1s\n write: 2s\n idle: 3s\n\n cors:\n enabled: true\n allowed_origins:\n - https://example.org\n - https://*.example.org\n allowed_methods:\n - GET\n - PUT\n - PATCH\n - DELETE\n allowed_headers:\n - Authorization\n - Content-Type\n exposed_headers:\n - Content-Type\n allow_credentials: true\n max_age: 10\n debug: true\n tls:\n key:\n path: /path/to/key.pem\n base64: LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3...\n cert:\n path: /path/to/cert.pem\n base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\n\n prometheus:\n port: 9000\n host: localhost\n metrics_path: /metrics\n collapse_request_paths: true\n\n# Configures Access Rules\naccess_rules:\n # Locations (list of URLs) where access rules should be fetched from on boot.\n # It is expected that the documents at those locations return a JSON or YAML Array containing ORY Oathkeeper Access Rules.\n repositories:\n # If the URL Scheme is `file://`, the access rules (an array of access rules is expected) will be\n # fetched from the local file system.\n - file://path/to/rules.json\n # If the URL Scheme is `inline://`, the access rules (an array of access rules is expected)\n # are expected to be a base64 encoded (with padding!) JSON/YAML string (base64_encode(`[{\"id\":\"foo-rule\",\"authenticators\":[....]}]`)):\n - inline://W3siaWQiOiJmb28tcnVsZSIsImF1dGhlbnRpY2F0b3JzIjpbXX1d\n # If the URL Scheme is `http://` or `https://`, the access rules (an array of access rules is expected) will be\n # fetched from the provided HTTP(s) location.\n - https://path-to-my-rules/rules.json\n # Optional fields describing matching strategy, defaults to \"regexp\".\n matching_strategy: glob\n\nerrors:\n fallback:\n - json\n handlers:\n redirect:\n enabled: true\n config:\n to: http://path-to/redirect\n json:\n enabled: true\n config:\n verbose: true\n when:\n - error:\n - unauthorized\n - forbidden\n - internal_server_error\n request:\n header:\n content_type:\n - application/json\n accept:\n - application/json\n cidr:\n - 127.0.0.0/24\n\n# All authenticators can be configured under this configuration key\nauthenticators:\n # Configures the anonymous authenticator\n anonymous:\n # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.\n enabled: true\n\n config:\n # Sets the anonymous username. Defaults to \"anonymous\". Common names include \"guest\", \"anon\", \"anonymous\", \"unknown\".\n subject: guest\n\n # Configures the cookie session authenticator\n cookie_session:\n # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.\n enabled: true\n\n config:\n # Sets the origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`\n # The request will pass the subject through successfully, otherwise it will be marked as unauthorized\n check_session_url: https://session-store-host\n\n # Sets a list of possible cookies to look for on incoming requests, and will fallthrough to the next authenticator if\n # none of the passed cookies are set on the request\n only:\n - sessionid\n\n # Configures the jwt authenticator\n jwt:\n # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.\n enabled: true\n\n config:\n # REQUIRED IF ENABLED - The URL where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web\n # Token. Usually something like \"https://my-keys.com/.well-known/jwks.json\". The response of that endpoint must\n # return a JSON Web Key Set (JWKS).\n jwks_urls:\n - https://my-website.com/.well-known/jwks.json\n - https://my-other-website.com/.well-known/jwks.json\n - file://path/to/local/jwks.json\n\n # Sets the strategy to be used to validate/match the scope. Supports \"hierarchic\", \"exact\", \"wildcard\", \"none\". Defaults\n # to \"none\".\n scope_strategy: wildcard\n\n # Configures the noop authenticator\n noop:\n # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.\n enabled: true\n\n # Configures the oauth2_client_credentials authenticator\n oauth2_client_credentials:\n # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.\n enabled: true\n\n config:\n # REQUIRED IF ENABLED - The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\n token_url: https://my-website.com/oauth2/token\n\n # Configures the oauth2_introspection authenticator\n oauth2_introspection:\n # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.\n enabled: true\n\n config:\n # REQUIRED IF ENABLED - The OAuth 2.0 Token Introspection endpoint.\n introspection_url: https://my-website.com/oauth2/introspection\n\n # Sets the strategy to be used to validate/match the token scope. Supports \"hierarchic\", \"exact\", \"wildcard\", \"none\". Defaults\n # to \"none\".\n scope_strategy: exact\n\n # Enable pre-authorization in cases where the OAuth 2.0 Token Introspection endpoint is protected by OAuth 2.0 Bearer\n # Tokens that can be retrieved using the OAuth 2.0 Client Credentials grant.\n pre_authorization:\n # Enable pre-authorization. Defaults to false.\n enabled: true\n\n # REQUIRED IF ENABLED - The OAuth 2.0 Client ID to be used for the OAuth 2.0 Client Credentials Grant.\n client_id: some_id\n\n # REQUIRED IF ENABLED - The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.\n client_secret: some_secret\n\n # The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.\n scope:\n - foo\n - bar\n\n # REQUIRED IF ENABLED - The OAuth 2.0 Token Endpoint where the OAuth 2.0 Client Credentials Grant will be performed.\n token_url: https://my-website.com/oauth2/token\n\n # Configures the unauthorized authenticator\n unauthorized:\n # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.\n enabled: true\n\n# All authorizers can be configured under this configuration key\nauthorizers:\n # Configures the allow authorizer\n allow:\n # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.\n enabled: true\n\n # Configures the deny authorizer\n deny:\n # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.\n enabled: true\n\n # Configures the keto_engine_acp_ory authorizer\n keto_engine_acp_ory:\n # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.\n enabled: true\n\n config:\n # REQUIRED IF ENABLED - The base URL of ORY Keto, typically something like http(s)://[:]/\n base_url: http://my-keto/\n required_action: unknown\n required_resource: unknown\n\n # Configures the remote authorizer\n remote:\n # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.\n enabled: true\n\n config:\n remote: https://host/path\n headers: {}\n\n # Configures the remote_json authorizer\n remote_json:\n # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.\n enabled: true\n\n config:\n remote: https://host/path\n payload: \"{}\"\n\n# All mutators can be configured under this configuration key\nmutators:\n header:\n enabled: true\n config:\n headers:\n foo: bar\n\n # Configures the cookie mutator\n cookie:\n # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.\n enabled: true\n config:\n cookies:\n foo: bar\n\n # Configures the hydrator mutator\n hydrator:\n # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.\n enabled: true\n\n config:\n api:\n url: https://some-url/\n\n # Configures the id_token mutator\n id_token:\n # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.\n enabled: true\n config:\n # REQUIRED IF ENABLED - Sets the \"iss\" value of the ID Token.\n issuer_url: https://my-oathkeeper/\n # REQUIRED IF ENABLED - Sets the URL where keys should be fetched from. Supports remote locations (http, https) as\n # well as local filesystem paths.\n jwks_url: https://fetch-keys/from/this/location.json\n # jwks_url: file:///from/this/absolute/location.json\n # jwks_url: file://../from/this/relative/location.json\n\n # Sets the time-to-live of the ID token. Defaults to one minute. Valid time units are: s (second), m (minute), h (hour).\n ttl: 1h\n\n # Configures the noop mutator\n noop:\n # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.\n enabled: true\n" }, { "path": "oryx/configx/stub/benchmark/schema.config.json", "content": "{\n \"log\": {\n \"level\": \"debug\",\n \"format\": \"json\"\n },\n \"profiling\": \"cpu\",\n \"serve\": {\n \"proxy\": {\n \"port\": 1234,\n \"host\": \"127.0.0.1\",\n \"timeout\": {\n \"read\": \"1s\",\n \"write\": \"2s\",\n \"idle\": \"3s\"\n },\n \"cors\": {\n \"enabled\": true,\n \"allowed_origins\": [\"https://example.com\", \"https://*.example.com\"],\n \"allowed_methods\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"allowed_headers\": [\"Authorization\", \"Content-Type\"],\n \"exposed_headers\": [\"Content-Type\"],\n \"allow_credentials\": true,\n \"max_age\": 10,\n \"debug\": true\n },\n \"tls\": {\n \"key\": {\n \"path\": \"/path/to/key.pem\",\n \"base64\": \"LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3...\"\n },\n \"cert\": {\n \"path\": \"/path/to/cert.pem\",\n \"base64\": \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n }\n }\n },\n \"api\": {\n \"port\": 1235,\n \"host\": \"127.0.0.2\",\n \"cors\": {\n \"enabled\": true,\n \"allowed_origins\": [\"https://example.org\", \"https://*.example.org\"],\n \"allowed_methods\": [\"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"allowed_headers\": [\"Authorization\", \"Content-Type\"],\n \"exposed_headers\": [\"Content-Type\"],\n \"allow_credentials\": true,\n \"max_age\": 10,\n \"debug\": true\n },\n \"tls\": {\n \"key\": {\n \"path\": \"/path/to/key.pem\",\n \"base64\": \"LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3...\"\n },\n \"cert\": {\n \"path\": \"/path/to/cert.pem\",\n \"base64\": \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n }\n }\n }\n },\n \"access_rules\": {\n \"repositories\": [\n \"file://path/to/rules.json\",\n \"inline://W3siaWQiOiJmb28tcnVsZSIsImF1dGhlbnRpY2F0b3JzIjpbXX1d\",\n \"https://path-to-my-rules/rules.json\"\n ],\n \"matching_strategy\": \"glob\"\n },\n \"errors\": {\n \"fallback\": [\"json\"],\n \"handlers\": {\n \"redirect\": {\n \"enabled\": true,\n \"config\": {\n \"to\": \"http://path-to/redirect\"\n }\n },\n \"json\": {\n \"enabled\": true,\n \"config\": {\n \"verbose\": true,\n \"when\": [\n {\n \"error\": [\"unauthorized\", \"forbidden\", \"internal_server_error\"],\n \"request\": {\n \"header\": {\n \"content_type\": [\"application/json\"],\n \"accept\": [\"application/json\"]\n },\n \"cidr\": [\"127.0.0.0/24\"]\n }\n }\n ]\n }\n }\n }\n },\n \"authenticators\": {\n \"anonymous\": {\n \"enabled\": true,\n \"config\": {\n \"subject\": \"guest\"\n }\n },\n \"cookie_session\": {\n \"enabled\": true,\n \"config\": {\n \"check_session_url\": \"https://session-store-host\",\n \"only\": [\"sessionid\"]\n }\n },\n \"jwt\": {\n \"enabled\": true,\n \"config\": {\n \"jwks_urls\": [\n \"https://my-website.com/.well-known/jwks.json\",\n \"https://my-other-website.com/.well-known/jwks.json\",\n \"file://path/to/local/jwks.json\"\n ],\n \"scope_strategy\": \"wildcard\"\n }\n },\n \"noop\": {\n \"enabled\": true\n },\n \"oauth2_client_credentials\": {\n \"enabled\": true,\n \"config\": {\n \"token_url\": \"https://my-website.com/oauth2/token\"\n }\n },\n \"oauth2_introspection\": {\n \"enabled\": true,\n \"config\": {\n \"introspection_url\": \"https://my-website.com/oauth2/introspection\",\n \"scope_strategy\": \"exact\",\n \"pre_authorization\": {\n \"enabled\": true,\n \"client_id\": \"some_id\",\n \"client_secret\": \"some_secret\",\n \"scope\": [\"foo\", \"bar\"],\n \"token_url\": \"https://my-website.com/oauth2/token\"\n }\n }\n },\n \"unauthorized\": {\n \"enabled\": true\n }\n },\n \"authorizers\": {\n \"allow\": {\n \"enabled\": true\n },\n \"deny\": {\n \"enabled\": true\n },\n \"keto_engine_acp_ory\": {\n \"enabled\": true,\n \"config\": {\n \"base_url\": \"http://my-keto/\",\n \"required_action\": \"unknown\",\n \"required_resource\": \"unknown\"\n }\n }\n },\n \"mutators\": {\n \"header\": {\n \"enabled\": false,\n \"config\": {\n \"headers\": {\n \"foo\": \"bar\"\n }\n }\n },\n \"cookie\": {\n \"enabled\": true,\n \"config\": {\n \"cookies\": {\n \"foo\": \"bar\"\n }\n }\n },\n \"hydrator\": {\n \"enabled\": true,\n \"config\": {\n \"api\": {\n \"url\": \"https://some-url/\"\n }\n }\n },\n \"id_token\": {\n \"enabled\": true,\n \"config\": {\n \"issuer_url\": \"https://my-oathkeeper/\",\n \"jwks_url\": \"https://fetch-keys/from/this/location.json\",\n \"ttl\": \"1h\"\n }\n },\n \"noop\": {\n \"enabled\": true\n }\n }\n}\n" }, { "path": "oryx/configx/stub/domain-aliases/config.schema.json", "content": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"properties\": {\n \"domain_aliases\": {\n \"title\": \"Domain Aliases\",\n \"description\": \"Adds an alias domain. If a request with the hostname (FQDN) matching the hostname in the alias is found, that URL is used as the base URL.\",\n \"type\": \"array\",\n \"items\": [\n {\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"required\": [\"match_domain\", \"base_path\", \"scheme\"],\n \"properties\": {\n \"match_domain\": {\n \"minLength\": 1,\n \"title\": \"Matching Domain\",\n \"description\": \"Sets the matching domain. If the domain matches with this entry, the accompanying base_url will be used.\",\n \"type\": \"string\",\n \"examples\": [\"localhost\", \"my-domain.com\"]\n },\n \"scheme\": {\n \"title\": \"Scheme\",\n \"description\": \"Sets the scheme, for example https or http.\",\n \"type\": \"string\",\n \"enum\": [\"http\", \"https\"]\n },\n \"base_path\": {\n \"minLength\": 1,\n \"title\": \"Base Path\",\n \"description\": \"Sets the base path for the matched domain.\",\n \"type\": \"string\",\n \"default\": \"/\",\n \"pattern\": \"^/.*$\",\n \"examples\": [\"/\", \"/.ory/kratos\"]\n }\n }\n }\n ]\n }\n }\n}\n" }, { "path": "oryx/configx/stub/from-files/a.yaml", "content": "version: v0.5.3-alpha.1\n\ndsn: memory\n\nserve:\n public:\n base_url: http://127.0.0.1:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://127.0.0.1:4455/\n whitelisted_return_urls:\n - http://127.0.0.1:4455\n\n methods:\n password:\n enabled: true\n\n flows:\n error:\n ui_url: http://127.0.0.1:4455/error\n\n settings:\n ui_url: http://127.0.0.1:4455/settings\n" }, { "path": "oryx/configx/stub/from-files/b.yaml", "content": "selfservice:\n flows:\n settings:\n privileged_session_max_age: 15m\n\n recovery:\n enabled: true\n ui_url: http://127.0.0.1:4455/recovery\n\n verification:\n enabled: true\n ui_url: http://127.0.0.1:4455/verify\n after:\n default_browser_return_url: http://127.0.0.1:4455/\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/auth/login\n\n login:\n ui_url: http://127.0.0.1:4455/auth/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://127.0.0.1:4455/auth/registration\n after:\n password:\n hooks:\n - hook: session\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n\nhashers:\n argon2:\n parallelism: 1\n memory: 131072\n iterations: 2\n salt_length: 16\n key_length: 16\n\nidentity:\n default_schema_url: file:///etc/config/kratos/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "oryx/configx/stub/from-files/config.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/kratos/.schema/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"ORY Kratos Configuration\",\n \"type\": \"object\",\n \"definitions\": {\n \"defaultReturnTo\": {\n \"title\": \"Redirect browsers to set URL per default\",\n \"description\": \"ORY Kratos redirects to this URL per default on completion of self-service flows and other browser interaction. Read this [article for more information on browser redirects](https://www.ory.sh/kratos/docs/concepts/browser-redirect-flow-completion).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"minLength\": 1,\n \"examples\": [\"https://my-app.com/dashboard\", \"/dashboard\"]\n },\n \"selfServiceSessionRevokerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"revoke_active_sessions\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceVerifyHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"verify\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceSessionIssuerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"session\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"OIDCClaims\": {\n \"title\": \"OpenID Connect claims\",\n \"description\": \"The OpenID Connect claims and optionally their properties which should be included in the id_token or returned from the UserInfo Endpoint.\",\n \"type\": \"object\",\n \"examples\": [\n {\n \"id_token\": {\n \"email\": null,\n \"email_verified\": null\n }\n },\n {\n \"userinfo\": {\n \"given_name\": {\n \"essential\": true\n },\n \"nickname\": null,\n \"email\": {\n \"essential\": true\n },\n \"email_verified\": {\n \"essential\": true\n },\n \"picture\": null,\n \"http://example.info/claims/groups\": null\n },\n \"id_token\": {\n \"auth_time\": {\n \"essential\": true\n },\n \"acr\": {\n \"values\": [\"urn:mace:incommon:iap:silver\"]\n }\n }\n }\n ],\n \"patternProperties\": {\n \"^userinfo$|^id_token$\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"patternProperties\": {\n \".*\": {\n \"oneOf\": [\n {\n \"const\": null,\n \"description\": \"Indicates that this Claim is being requested in the default manner.\"\n },\n {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"essential\": {\n \"description\": \"Indicates whether the Claim being requested is an Essential Claim.\",\n \"type\": \"boolean\"\n },\n \"value\": {\n \"description\": \"Requests that the Claim be returned with a particular value.\",\n \"$comment\": \"There seem to be no constrains on value\"\n },\n \"values\": {\n \"description\": \"Requests that the Claim be returned with one of a set of values, with the values appearing in order of preference.\",\n \"type\": \"array\",\n \"items\": {\n \"$comment\": \"There seem to be no constrains on individual items\"\n }\n }\n }\n }\n ]\n }\n }\n }\n }\n },\n \"selfServiceOIDCProvider\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"examples\": [\"google\"]\n },\n \"provider\": {\n \"title\": \"Provider\",\n \"description\": \"Can be one of github, gitlab, generic, google, microsoft, discord.\",\n \"type\": \"string\",\n \"enum\": [\n \"github\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\"\n ],\n \"examples\": [\"google\"]\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"client_secret\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com/o/oauth2/v2/auth\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://www.googleapis.com/oauth2/v4/token\"]\n },\n \"mapper_url\": {\n \"title\": \"Jsonnet Mapper URL\",\n \"description\": \"The URL where the jsonnet source is located for mapping the provider's data to ORY Kratos data.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ]\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"offline_access\", \"profile\"]\n }\n },\n \"tenant\": {\n \"title\": \"Azure AD Tenant\",\n \"description\": \"The Azure AD Tenant to use for authentication.\",\n \"type\": \"string\",\n \"examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ]\n },\n \"requested_claims\": {\n \"$ref\": \"#/definitions/OIDCClaims\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\n \"id\",\n \"provider\",\n \"client_id\",\n \"client_secret\",\n \"mapper_url\"\n ],\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"microsoft\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"required\": [\"tenant\"]\n },\n \"else\": {\n \"not\": {\n \"properties\": {\n \"tenant\": {}\n },\n \"required\": [\"tenant\"]\n }\n }\n },\n \"selfServiceAfterSettingsMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceVerifyHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterLoginMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterRegistrationMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionIssuerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterSettings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsMethod\"\n },\n \"profile\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsMethod\"\n }\n }\n },\n \"selfServiceAfterLogin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterLoginMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterLoginMethod\"\n }\n }\n },\n \"selfServiceAfterRegistration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n }\n }\n }\n },\n \"properties\": {\n \"selfservice\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"default_browser_return_url\"],\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"whitelisted_return_urls\": {\n \"title\": \"Whitelisted Return To URLs\",\n \"description\": \"List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri-reference\"\n },\n \"examples\": [\n [\n \"https://app.my-app.com/dashboard\",\n \"/dashboard\",\n \"https://www.my-app.com/\"\n ]\n ],\n \"uniqueItems\": true\n },\n \"flows\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"settings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"URL of the Settings page.\",\n \"description\": \"URL where the Settings UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/user/settings\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/settings\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"privileged_session_max_age\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettings\"\n }\n }\n },\n \"logout\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"after\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n }\n }\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Registration UI URL\",\n \"description\": \"URL where the Registration UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/signup\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/registration\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistration\"\n }\n }\n },\n \"login\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Login UI URL\",\n \"description\": \"URL where the Login UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/login\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/login\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterLogin\"\n }\n }\n },\n \"verification\": {\n \"title\": \"Email and Phone Verification and Account Activation Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Email/Phone Verification\",\n \"description\": \"If set to true will enable [Email and Phone Verification and Account Activation](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Verify UI URL\",\n \"description\": \"URL where the ORY Verify UI is hosted. This is the page where users activate and / or verify their email or telephone number. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/verification\"\n },\n \"after\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Self-Service Verification Request Lifespan\",\n \"description\": \"Sets how long the verification request (for the UI interaction) is valid.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"recovery\": {\n \"title\": \"Account Recovery Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Account Recovery\",\n \"description\": \"If set to true will enable [Account Recovery](https://www.ory.sh/kratos/docs/self-service/flows/password-reset-account-recovery/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Recovery UI URL\",\n \"description\": \"URL where the ORY Recovery UI is hosted. This is the page where users request and complete account recovery. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/recovery\"\n },\n \"after\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Self-Service Recovery Request Lifespan\",\n \"description\": \"Sets how long the recovery request is valid. If expired, the user has to redo the flow.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"error\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"ORY Kratos Error UI URL\",\n \"description\": \"URL where the ORY Kratos Error UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/kratos-error\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/error\"\n }\n }\n }\n }\n },\n \"methods\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"profile\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Profile Management Method\",\n \"default\": true\n }\n }\n },\n \"link\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Link Method\",\n \"default\": true\n }\n }\n },\n \"password\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Username/Email and Password Method\",\n \"default\": true\n }\n }\n },\n \"oidc\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables OpenID Connect Method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"providers\": {\n \"title\": \"OpenID Connect and OAuth2 Providers\",\n \"description\": \"A list and configuration of OAuth2 and OpenID Connect providers ORY Kratos should integrate with.\",\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/selfServiceOIDCProvider\"\n }\n }\n }\n }\n }\n }\n }\n }\n }\n },\n \"dsn\": {\n \"type\": \"string\",\n \"title\": \"Data Source Name\",\n \"description\": \"DSN is used to specify the database credentials as a connection URI.\",\n \"examples\": [\n \"postgres://user: password@postgresd:5432/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"mysql://user:secret@tcp(mysqld:3306)/database?max_conns=20&max_idle_conns=4\",\n \"cockroach://user@cockroachdb:26257/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc\"\n ]\n },\n \"courier\": {\n \"type\": \"object\",\n \"title\": \"Courier configuration\",\n \"description\": \"The courier is responsible for sending and delivering messages over email, sms, and other means.\",\n \"properties\": {\n \"template_override_path\": {\n \"type\": \"string\",\n \"title\": \"Override message templates\",\n \"description\": \"You can override certain or all message templates by pointing this key to the path where the templates are located.\",\n \"examples\": [\"/conf/courier-templates\"]\n },\n \"smtp\": {\n \"title\": \"SMTP Configuration\",\n \"description\": \"Configures outgoing emails using the SMTP protocol.\",\n \"type\": \"object\",\n \"properties\": {\n \"connection_uri\": {\n \"title\": \"SMTP connection string\",\n \"description\": \"This URI will be used to connect to the SMTP server. Use the query parameter to allow (`?skip_ssl_verify=true`) or disallow (`?skip_ssl_verify=false`) self-signed TLS certificates. Please keep in mind that any host other than localhost / 127.0.0.1 must use smtp over TLS (smtps) or the connection will not be possible.\",\n \"examples\": [\n \"smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=false\"\n ],\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n \"from_address\": {\n \"title\": \"SMTP Sender Address\",\n \"description\": \"The recipient of an email will see this as the sender address.\",\n \"type\": \"string\",\n \"format\": \"email\",\n \"default\": \"no-reply@ory.kratos.sh\"\n }\n },\n \"required\": [\"connection_uri\"],\n \"additionalProperties\": false\n }\n },\n \"required\": [\"smtp\"],\n \"additionalProperties\": false\n },\n \"serve\": {\n \"type\": \"object\",\n \"properties\": {\n \"admin\": {\n \"type\": \"object\",\n \"properties\": {\n \"base_url\": {\n \"title\": \"Admin Base URL\",\n \"description\": \"The URL where the admin endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://kratos.private-network:4434/\"]\n },\n \"host\": {\n \"title\": \"Admin Host\",\n \"description\": \"The host (interface) kratos' admin endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Admin Port\",\n \"description\": \"The port kratos' admin endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4434],\n \"default\": 4434\n }\n },\n \"additionalProperties\": false\n },\n \"public\": {\n \"type\": \"object\",\n \"properties\": {\n \"cors\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures Cross Origin Resource Sharing for public endpoints.\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether CORS is enabled.\",\n \"default\": false\n },\n \"allowed_origins\": {\n \"type\": \"array\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \"not\": {\n \"type\": \"string\",\n \"description\": \"does match all strings that contain two or more (*)\",\n \"pattern\": \".*\\\\*.*\\\\*.*\"\n },\n \"anyOf\": [\n {\n \"format\": \"uri\"\n },\n {\n \"const\": \"*\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"default\": [\"*\"],\n \"examples\": [\n [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"description\": \"A list of HTTP methods the user agent is allowed to use with cross-domain requests.\",\n \"default\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n }\n },\n \"allowed_headers\": {\n \"type\": \"array\",\n \"description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"default\": [\n \"Authorization\",\n \"Content-Type\",\n \"X-Session-Token\"\n ],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"exposed_headers\": {\n \"type\": \"array\",\n \"description\": \"Sets which headers are safe to expose to the API of a CORS API specification.\",\n \"default\": [\"Content-Type\"],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"default\": true\n },\n \"options_passthrough\": {\n \"type\": \"boolean\",\n \"description\": \"TODO\",\n \"default\": false\n },\n \"max_age\": {\n \"type\": \"integer\",\n \"description\": \"Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.\",\n \"default\": 0,\n \"minimum\": 0\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"description\": \"Adds additional log output to debug server side CORS issues.\",\n \"default\": false\n }\n }\n },\n \"base_url\": {\n \"title\": \"Public Base URL\",\n \"description\": \"The URL where the public endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\n \"https://my-app.com/.ory/kratos/public\",\n \"/.ory/kratos/public/\"\n ]\n },\n \"host\": {\n \"title\": \"Public Host\",\n \"description\": \"The host (interface) kratos' public endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Public Port\",\n \"description\": \"The port kratos' public endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4433],\n \"default\": 4433\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"log\": {\n \"type\": \"object\",\n \"properties\": {\n \"level\": {\n \"type\": \"string\",\n \"enum\": [\n \"trace\",\n \"debug\",\n \"info\",\n \"warning\",\n \"error\",\n \"fatal\",\n \"panic\"\n ]\n },\n \"leak_sensitive_values\": {\n \"type\": \"boolean\",\n \"title\": \"Leak Sensitive Log Values\",\n \"description\": \"If set will leak sensitive values (e.g. emails) in the logs.\"\n },\n \"redaction_text\": {\n \"type\": \"string\",\n \"title\": \"Sensitive log value redaction text\",\n \"description\": \"Text to use, when redacting sensitive log value.\"\n },\n \"format\": {\n \"type\": \"string\",\n \"enum\": [\"json\", \"text\"]\n }\n },\n \"additionalProperties\": false\n },\n \"identity\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_schema_url\": {\n \"title\": \"JSON Schema URL for default identity traits\",\n \"description\": \"Path to the JSON Schema which describes a default identity's traits.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\"\n ]\n },\n \"schemas\": {\n \"type\": \"array\",\n \"title\": \"Additional JSON Schemas for Identity Traits\",\n \"examples\": [\n [\n {\n \"id\": \"customer\",\n \"url\": \"https://foo.bar.com/path/to/customer.traits.schema.json\"\n },\n {\n \"id\": \"employee\",\n \"url\": \"https://foo.bar.com/path/to/employee.traits.schema.json\"\n },\n {\n \"id\": \"employee-v2\",\n \"url\": \"https://foo.bar.com/path/to/employee.v2.traits.schema.json\"\n }\n ]\n ],\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"title\": \"The schema's ID.\",\n \"type\": \"string\",\n \"examples\": [\"employee\"]\n },\n \"url\": {\n \"type\": \"string\",\n \"title\": \"Path to the JSON Schema\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\"\n ]\n }\n },\n \"required\": [\"id\", \"url\"],\n \"not\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"const\": \"default\"\n }\n },\n \"additionalProperties\": true\n }\n }\n }\n },\n \"required\": [\"default_schema_url\"],\n \"additionalProperties\": false\n },\n \"secrets\": {\n \"type\": \"object\",\n \"properties\": {\n \"default\": {\n \"type\": \"array\",\n \"title\": \"Default Encryption Signing Secrets\",\n \"description\": \"The first secret in the array is used for singing and encrypting things while all other keys are used to verify and decrypt older things that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n },\n \"cookie\": {\n \"type\": \"array\",\n \"title\": \"Singing Keys for Cookies\",\n \"description\": \"The first secret in the array is used for encrypting cookies while all other keys are used to decrypt older cookies that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n }\n },\n \"additionalProperties\": false\n },\n \"hashers\": {\n \"title\": \"Hashing Algorithm Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"argon2\": {\n \"title\": \"Configuration for the Argon2id hasher.\",\n \"type\": \"object\",\n \"properties\": {\n \"memory\": {\n \"type\": \"integer\",\n \"minimum\": 16384\n },\n \"iterations\": {\n \"type\": \"integer\",\n \"minimum\": 1\n },\n \"parallelism\": {\n \"type\": \"integer\",\n \"minimum\": 1\n },\n \"salt_length\": {\n \"type\": \"integer\",\n \"minimum\": 16\n },\n \"key_length\": {\n \"type\": \"integer\",\n \"minimum\": 16\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"session\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"lifespan\": {\n \"title\": \"Session Lifespan\",\n \"description\": \"Defines how long a session is active. Once that lifespan has been reached, the user needs to sign in again.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"24h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"cookie\": {\n \"type\": \"object\",\n \"properties\": {\n \"domain\": {\n \"title\": \"Session Cookie Domain\",\n \"description\": \"Sets the session cookie domain. Useful when dealing with subdomains. Use with care!\",\n \"type\": \"string\"\n },\n \"persistent\": {\n \"title\": \"Make Session Cookie Persistent\",\n \"description\": \"If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4).\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"path\": {\n \"title\": \"Session Cookie Path\",\n \"description\": \"Sets the session cookie path. Use with care!\",\n \"type\": \"string\",\n \"default\": \"/\"\n },\n \"same_site\": {\n \"title\": \"Cookie Same Site Configuration\",\n \"type\": \"string\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"],\n \"default\": \"Lax\"\n }\n },\n \"additionalProperties\": false\n }\n }\n },\n \"version\": {\n \"title\": \"The kratos version this config is written for.\",\n \"description\": \"SemVer according to https://semver.org/ prefixed with `v` as in our releases.\",\n \"type\": \"string\",\n \"pattern\": \"^v(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)(?:-((?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\\\.(?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\\+([0-9a-zA-Z-]+(?:\\\\.[0-9a-zA-Z-]+)*))?$\",\n \"examples\": [\"v0.5.0-alpha.1\"]\n }\n },\n \"allOf\": [\n {\n \"if\": {\n \"properties\": {\n \"selfservice\": {\n \"properties\": {\n \"flows\": {\n \"oneOf\": [\n {\n \"properties\": {\n \"verification\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"verification\"]\n },\n {\n \"properties\": {\n \"recovery\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"recovery\"]\n }\n ]\n }\n },\n \"required\": [\"flows\"]\n }\n },\n \"required\": [\"selfservice\"]\n },\n \"then\": {\n \"required\": [\"courier\"]\n }\n }\n ],\n \"required\": [\"identity\", \"dsn\", \"selfservice\"]\n}\n" }, { "path": "oryx/configx/stub/from-files/expected.json", "content": "{\n \"courier\": {\n \"smtp\": {\n \"connection_uri\": \"smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\",\n \"from_address\": \"no-reply@ory.kratos.sh\"\n }\n },\n \"dsn\": \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true\",\n \"hashers\": {\n \"argon2\": {\n \"iterations\": 2,\n \"key_length\": 16,\n \"memory\": 131072,\n \"parallelism\": 1,\n \"salt_length\": 16\n }\n },\n \"identity\": {\n \"default_schema_url\": \"file:///etc/config/kratos/identity.schema.json\"\n },\n \"log\": {\n \"format\": \"text\",\n \"leak_sensitive_values\": true,\n \"level\": \"debug\"\n },\n \"secrets\": {\n \"cookie\": [\"PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\"]\n },\n \"selfservice\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/\",\n \"flows\": {\n \"error\": {\n \"ui_url\": \"http://127.0.0.1:4455/error\"\n },\n \"login\": {\n \"lifespan\": \"10m\",\n \"ui_url\": \"http://127.0.0.1:4455/auth/login\"\n },\n \"logout\": {\n \"after\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/auth/login\"\n }\n },\n \"recovery\": {\n \"enabled\": true,\n \"lifespan\": \"1h\",\n \"ui_url\": \"http://127.0.0.1:4455/recovery\"\n },\n \"registration\": {\n \"after\": {\n \"password\": {\n \"hooks\": [\n {\n \"hook\": \"session\"\n }\n ]\n }\n },\n \"lifespan\": \"10m\",\n \"ui_url\": \"http://127.0.0.1:4455/auth/registration\"\n },\n \"settings\": {\n \"lifespan\": \"1h\",\n \"privileged_session_max_age\": \"15m\",\n \"ui_url\": \"http://127.0.0.1:4455/settings\"\n },\n \"verification\": {\n \"after\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/\"\n },\n \"enabled\": true,\n \"lifespan\": \"1h\",\n \"ui_url\": \"http://127.0.0.1:4455/verify\"\n }\n },\n \"methods\": {\n \"link\": {\n \"enabled\": true\n },\n \"oidc\": {\n \"enabled\": false\n },\n \"password\": {\n \"enabled\": true\n },\n \"profile\": {\n \"enabled\": true\n }\n },\n \"whitelisted_return_urls\": [\"http://127.0.0.1:4455\"]\n },\n \"serve\": {\n \"admin\": {\n \"base_url\": \"http://kratos:4434/\",\n \"host\": \"0.0.0.0\",\n \"port\": 4434\n },\n \"public\": {\n \"base_url\": \"http://127.0.0.1:4433/\",\n \"cors\": {\n \"allow_credentials\": true,\n \"allowed_headers\": [\"Authorization\", \"Content-Type\", \"X-Session-Token\"],\n \"allowed_methods\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"allowed_origins\": [\"*\"],\n \"debug\": false,\n \"enabled\": true,\n \"exposed_headers\": [\"Content-Type\"],\n \"max_age\": 0,\n \"options_passthrough\": false\n },\n \"host\": \"0.0.0.0\",\n \"port\": 4433\n }\n },\n \"session\": {\n \"cookie\": {\n \"path\": \"/\",\n \"persistent\": true,\n \"same_site\": \"Lax\"\n },\n \"lifespan\": \"24h\"\n },\n \"version\": \"v0.5.3-alpha.1\"\n}\n" }, { "path": "oryx/configx/stub/hydra/config.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/hydra/docs/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"ORY Hydra Configuration\",\n \"type\": \"object\",\n \"definitions\": {\n \"http_method\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n },\n \"port_number\": {\n \"type\": \"integer\",\n \"description\": \"The port to listen on.\",\n \"minimum\": 1,\n \"maximum\": 65535\n },\n \"socket\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Sets the permissions of the unix socket\",\n \"properties\": {\n \"owner\": {\n \"type\": \"string\",\n \"description\": \"Owner of unix socket. If empty, the owner will be the user running hydra.\",\n \"default\": \"\"\n },\n \"group\": {\n \"type\": \"string\",\n \"description\": \"Group of unix socket. If empty, the group will be the primary group of the user running hydra.\",\n \"default\": \"\"\n },\n \"mode\": {\n \"type\": \"integer\",\n \"description\": \"Mode of unix socket in numeric form\",\n \"default\": 493,\n \"minimum\": 0,\n \"maximum\": 511\n }\n }\n },\n \"cors\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures Cross Origin Resource Sharing for public endpoints.\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether CORS is enabled.\",\n \"default\": false\n },\n \"allowed_origins\": {\n \"type\": \"array\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \"not\": {\n \"type\": \"string\",\n \"description\": \"does match all strings that contain two or more (*)\",\n \"pattern\": \".*\\\\*.*\\\\*.*\"\n },\n \"anyOf\": [\n {\n \"format\": \"uri\"\n },\n {\n \"const\": \"*\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"default\": [\"*\"],\n \"examples\": [\n [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"description\": \"A list of HTTP methods the user agent is allowed to use with cross-domain requests.\",\n \"default\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n }\n },\n \"allowed_headers\": {\n \"type\": \"array\",\n \"description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"default\": [\"Authorization\", \"Content-Type\"],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"exposed_headers\": {\n \"type\": \"array\",\n \"description\": \"Sets which headers are safe to expose to the API of a CORS API specification.\",\n \"default\": [\"Content-Type\"],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"default\": true\n },\n \"options_passthrough\": {\n \"type\": \"boolean\",\n \"description\": \"TODO\",\n \"default\": false\n },\n \"max_age\": {\n \"type\": \"integer\",\n \"description\": \"Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.\",\n \"default\": 0,\n \"minimum\": 0\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"description\": \"Adds additional log output to debug server side CORS issues.\",\n \"default\": false\n }\n }\n },\n \"pem_file\": {\n \"type\": \"object\",\n \"oneOf\": [\n {\n \"properties\": {\n \"path\": {\n \"type\": \"string\",\n \"description\": \"The path to the pem file.\",\n \"examples\": [\"/path/to/file.pem\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"path\"]\n },\n {\n \"properties\": {\n \"base64\": {\n \"type\": \"string\",\n \"description\": \"The base64 encoded string (without padding).\",\n \"contentEncoding\": \"base64\",\n \"contentMediaType\": \"application/x-pem-file\",\n \"examples\": [\"b3J5IGh5ZHJhIGlzIGF3ZXNvbWUK\"]\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"base64\"]\n }\n ]\n },\n \"duration\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"examples\": [\"1h\"]\n }\n },\n \"properties\": {\n \"log\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the logger\",\n \"properties\": {\n \"level\": {\n \"type\": \"string\",\n \"description\": \"Sets the log level.\",\n \"enum\": [\"panic\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\", \"trace\"],\n \"default\": \"info\"\n },\n \"leak_sensitive_values\": {\n \"type\": \"boolean\",\n \"description\": \"Logs sensitive values such as cookie and URL parameter.\",\n \"default\": false\n },\n \"redaction_text\": {\n \"type\": \"string\",\n \"title\": \"Sensitive log value redaction text\",\n \"description\": \"Text to use, when redacting sensitive log value.\"\n },\n \"format\": {\n \"type\": \"string\",\n \"description\": \"Sets the log format.\",\n \"enum\": [\"json\", \"json_pretty\", \"text\"],\n \"default\": \"text\"\n }\n }\n },\n \"serve\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Controls the configuration for the http(s) daemon(s).\",\n \"properties\": {\n \"public\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Controls the public daemon serving public API endpoints like /oauth2/auth, /oauth2/token, /.well-known/jwks.json\",\n \"properties\": {\n \"port\": {\n \"default\": 4444,\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/port_number\"\n }\n ]\n },\n \"host\": {\n \"type\": \"string\",\n \"description\": \"The interface or unix socket ORY Hydra should listen and handle public API requests on. Use the prefix \\\"unix:\\\" to specify a path to a unix socket. Leave empty to listen on all interfaces.\",\n \"default\": \"\",\n \"examples\": [\"localhost\"]\n },\n \"cors\": {\n \"$ref\": \"#/definitions/cors\"\n },\n \"socket\": {\n \"$ref\": \"#/definitions/socket\"\n },\n \"access_log\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Access Log configuration for public server.\",\n \"properties\": {\n \"disable_for_health\": {\n \"type\": \"boolean\",\n \"description\": \"Disable access log for health endpoints.\",\n \"default\": false\n }\n }\n }\n }\n },\n \"admin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"port\": {\n \"default\": 4445,\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/port_number\"\n }\n ]\n },\n \"host\": {\n \"type\": \"string\",\n \"description\": \"The interface or unix socket ORY Hydra should listen and handle administrative API requests on. Use the prefix \\\"unix:\\\" to specify a path to a unix socket. Leave empty to listen on all interfaces.\",\n \"default\": \"\",\n \"examples\": [\"localhost\"]\n },\n \"cors\": {\n \"$ref\": \"#/definitions/cors\"\n },\n \"socket\": {\n \"$ref\": \"#/definitions/socket\"\n },\n \"access_log\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Access Log configuration for admin server.\",\n \"properties\": {\n \"disable_for_health\": {\n \"type\": \"boolean\",\n \"description\": \"Disable access log for health endpoints.\",\n \"default\": false\n }\n }\n }\n }\n },\n \"tls\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures HTTPS (HTTP over TLS). If configured, the server automatically supports HTTP/2.\",\n \"properties\": {\n \"key\": {\n \"description\": \"Configures the private key (pem encoded).\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/pem_file\"\n }\n ]\n },\n \"cert\": {\n \"description\": \"Configures the private key (pem encoded).\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/pem_file\"\n }\n ]\n },\n \"allow_termination_from\": {\n \"type\": \"array\",\n \"description\": \"Whitelist one or multiple CIDR address ranges and allow them to terminate TLS connections. Be aware that the X-Forwarded-Proto header must be set and must never be modifiable by anyone but your proxy / gateway / load balancer. Supports ipv4 and ipv6. Hydra serves http instead of https when this option is set.\",\n \"items\": {\n \"type\": \"string\",\n \"oneOf\": [\n {\n \"pattern\": \"^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$\"\n },\n {\n \"pattern\": \"^([0-9]{1,3}\\\\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])$\"\n }\n ],\n \"examples\": [\"127.0.0.1/32\"]\n }\n }\n }\n },\n \"cookies\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"same_site_mode\": {\n \"type\": \"string\",\n \"description\": \"Specify the SameSite mode that cookies should be sent with.\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"],\n \"default\": \"None\"\n },\n \"same_site_legacy_workaround\": {\n \"type\": \"boolean\",\n \"description\": \"Some older browser versions don’t work with SameSite=None. This option enables the workaround defined in https://web.dev/samesite-cookie-recipes/ which essentially stores a second cookie without SameSite as a fallback.\",\n \"default\": false,\n \"examples\": [true]\n }\n }\n }\n }\n },\n \"dsn\": {\n \"type\": \"string\",\n \"description\": \"Sets the data source name. This configures the backend where ORY Hydra persists data. If dsn is \\\"memory\\\", data will be written to memory and is lost when you restart this instance. ORY Hydra supports popular SQL databases. For more detailed configuration information go to: https://www.ory.sh/docs/hydra/dependencies-environment#sql\"\n },\n \"webfinger\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures ./well-known/ settings.\",\n \"properties\": {\n \"jwks\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the /.well-known/jwks.json endpoint.\",\n \"properties\": {\n \"broadcast_keys\": {\n \"type\": \"array\",\n \"description\": \"A list of JSON Web Keys that should be exposed at that endpoint. This is usually the public key for verifying OpenID Connect ID Tokens. However, you might want to add additional keys here as well.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"default\": [\"hydra.openid.id-token\"],\n \"examples\": [\"hydra.jwt.access-token\"]\n }\n }\n },\n \"oidc_discovery\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures OpenID Connect Discovery (/.well-known/openid-configuration).\",\n \"properties\": {\n \"jwks_url\": {\n \"type\": \"string\",\n \"description\": \"Overwrites the JWKS URL\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-service.com/.well-known/jwks.json\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"description\": \"Overwrites the OAuth2 Token URL\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-service.com/oauth2/token\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"description\": \"Overwrites the OAuth2 Auth URL\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-service.com/oauth2/auth\"]\n },\n \"client_registration_url\": {\n \"description\": \"Sets the OpenID Connect Dynamic Client Registration Endpoint\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-service.com/clients\"]\n },\n \"supported_claims\": {\n \"type\": \"array\",\n \"description\": \"A list of supported claims to be broadcasted. Claim \\\"sub\\\" is always included.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"examples\": [[\"email\", \"username\"]]\n },\n \"supported_scope\": {\n \"type\": \"array\",\n \"description\": \"The scope OAuth 2.0 Clients may request. Scope `offline`, `offline_access`, and `openid` are always included.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"examples\": [[\"email\", \"whatever\", \"read.photos\"]]\n },\n \"userinfo_url\": {\n \"type\": \"string\",\n \"description\": \"A URL of the userinfo endpoint to be advertised at the OpenID Connect Discovery endpoint /.well-known/openid-configuration. Defaults to ORY Hydra's userinfo endpoint at /userinfo. Set this value if you want to handle this endpoint yourself.\",\n \"format\": \"uri\",\n \"examples\": [\"https://example.org/my-custom-userinfo-endpoint\"]\n }\n }\n }\n }\n },\n \"oidc\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures OpenID Connect features.\",\n \"properties\": {\n \"subject_identifiers\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the Subject Identifier algorithm. For more information please head over to the documentation: https://www.ory.sh/docs/hydra/advanced#subject-identifier-algorithms\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"array\",\n \"description\": \"A list of algorithms to enable.\",\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\"public\", \"pairwise\"]\n }\n },\n \"pairwise\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the pairwise algorithm.\",\n \"properties\": {\n \"salt\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"salt\"]\n }\n },\n \"if\": {\n \"properties\": {\n \"enabled\": {\n \"contains\": {\n \"const\": \"pairwise\"\n }\n }\n }\n },\n \"then\": {\n \"required\": [\"pairwise\"]\n },\n \"else\": {\n \"properties\": {\n \"pairwise\": {\n \"$comment\": \"This enforces pairwise to not be set if 'enabled' does not contain 'pairwise'\",\n \"not\": {}\n }\n }\n },\n \"examples\": [\n {\n \"enabled\": [\"public\", \"pairwise\"],\n \"pairwise\": {\n \"salt\": \"some-random-salt\"\n }\n }\n ]\n },\n \"dynamic_client_registration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures OpenID Connect Dynamic Client Registration (exposed as admin endpoints /clients/...).\",\n \"properties\": {\n \"default_scope\": {\n \"type\": \"array\",\n \"description\": \"The OpenID Connect Dynamic Client Registration specification has no concept of whitelisting OAuth 2.0 Scope. If you want to expose Dynamic Client Registration, you should set the default scope enabled for newly registered clients. Keep in mind that users can overwrite this default by setting the \\\"scope\\\" key in the registration payload, effectively disabling the concept of whitelisted scopes.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"examples\": [[\"openid\", \"offline\", \"offline_access\"]]\n }\n }\n }\n }\n },\n \"urls\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"self\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"issuer\": {\n \"type\": \"string\",\n \"description\": \"This value will be used as the \\\"issuer\\\" in access and ID tokens. It must be specified and using HTTPS protocol, unless --dangerous-force-http is set. This should typically be equal to the public value.\",\n \"format\": \"uri\",\n \"examples\": [\"https://localhost:4444/\"]\n },\n \"public\": {\n \"type\": \"string\",\n \"description\": \"This is the base location of the public endpoints of your ORY Hydra installation. This should typically be equal to the issuer value. If left unspecified, it falls back to the issuer value.\",\n \"format\": \"uri\",\n \"examples\": [\"https://localhost:4444/\"]\n }\n }\n },\n \"login\": {\n \"type\": \"string\",\n \"description\": \"Sets the login endpoint of the User Login & Consent flow. Defaults to an internal fallback URL showing an error.\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-login.app/login\"]\n },\n \"consent\": {\n \"type\": \"string\",\n \"description\": \"Sets the consent endpoint of the User Login & Consent flow. Defaults to an internal fallback URL showing an error.\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-consent.app/consent\"]\n },\n \"logout\": {\n \"type\": \"string\",\n \"description\": \"Sets the logout endpoint. Defaults to an internal fallback URL showing an error.\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-logout.app/logout\"]\n },\n \"error\": {\n \"type\": \"string\",\n \"description\": \"Sets the error endpoint. The error ui will be shown when an OAuth2 error occurs that which can not be sent back to the client. Defaults to an internal fallback URL showing an error.\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-error.app/error\"]\n },\n \"post_logout_redirect\": {\n \"type\": \"string\",\n \"description\": \"When a user agent requests to logout, it will be redirected to this url afterwards per default.\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-example.app/logout-successful\"]\n }\n }\n },\n \"strategies\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"scope\": {\n \"type\": \"string\",\n \"description\": \"Defines how scopes are matched. For more details have a look at https://github.com/ory/fosite#scopes\",\n \"enum\": [\n \"exact\",\n \"wildcard\",\n \"DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY\"\n ],\n \"default\": \"wildcard\"\n },\n \"access_token\": {\n \"type\": \"string\",\n \"description\": \"Defines access token type. jwt is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens\",\n \"enum\": [\"opaque\", \"jwt\"]\n }\n }\n },\n \"ttl\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures time to live.\",\n \"properties\": {\n \"login_consent_request\": {\n \"description\": \"Configures how long a user login and consent flow may take.\",\n \"default\": \"1h\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/duration\"\n }\n ]\n },\n \"access_token\": {\n \"description\": \"Configures how long access tokens are valid.\",\n \"default\": \"1h\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/duration\"\n }\n ]\n },\n \"refresh_token\": {\n \"description\": \"Configures how long refresh tokens are valid. Set to -1 for refresh tokens to never expire.\",\n \"default\": \"720h\",\n \"oneOf\": [\n {\n \"$ref\": \"#/definitions/duration\"\n },\n {\n \"enum\": [\"-1\", -1]\n }\n ]\n },\n \"id_token\": {\n \"description\": \"Configures how long id tokens are valid.\",\n \"default\": \"1h\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/duration\"\n }\n ]\n },\n \"auth_code\": {\n \"description\": \"Configures how long auth codes are valid.\",\n \"default\": \"10m\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/duration\"\n }\n ]\n }\n }\n },\n \"oauth2\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"expose_internal_errors\": {\n \"type\": \"boolean\",\n \"description\": \"Set this to true if you want to share error debugging information with your OAuth 2.0 clients. Keep in mind that debug information is very valuable when dealing with errors, but might also expose database error codes and similar errors.\",\n \"default\": false,\n \"examples\": [true]\n },\n \"session\": {\n \"type\": \"object\",\n \"properties\": {\n \"encrypt_at_rest\": {\n \"type\": \"boolean\",\n \"default\": true,\n \"title\": \"Encrypt OAuth2 Session\",\n \"description\": \"If set to true (default) ORY Hydra encrypt OAuth2 and OpenID Connect session data using AES-GCM and the system secret before persisting it in the database.\"\n }\n }\n },\n \"include_legacy_error_fields\": {\n \"type\": \"boolean\",\n \"description\": \"Set this to true if you want to include the `error_hint` and `error_debug` legacy fields in error responses. We recommend to set this to `false` unless you have clients using these fields.\",\n \"default\": false,\n \"examples\": [true]\n },\n \"hashers\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures hashing algorithms. Supports only BCrypt at the moment.\",\n \"properties\": {\n \"bcrypt\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the BCrypt hashing algorithm used for hashing Client Secrets.\",\n \"properties\": {\n \"cost\": {\n \"type\": \"integer\",\n \"description\": \"Sets the BCrypt cost. The higher the value, the more CPU time is being used to generate hashes.\",\n \"default\": 10,\n \"minimum\": 4,\n \"maximum\": 31\n }\n }\n }\n }\n },\n \"pkce\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enforced\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether PKCE should be enforced for all clients.\",\n \"examples\": [true]\n },\n \"enforced_for_public_clients\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether PKCE should be enforced for public clients.\",\n \"examples\": [true]\n }\n }\n },\n \"client_credentials\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_grant_allowed_scope\": {\n \"type\": \"boolean\",\n \"description\": \"Defines how scopes are added if the request doesn't contains any scope\",\n \"examples\": [false]\n }\n }\n }\n }\n },\n \"secrets\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"The secrets section configures secrets used for encryption and signing of several systems. All secrets can be rotated, for more information on this topic go to: https://www.ory.sh/docs/hydra/advanced#rotation-of-hmac-token-signing-and-database-and-cookie-encryption-keys\",\n \"properties\": {\n \"system\": {\n \"description\": \"The system secret must be at least 16 characters long. If none is provided, one will be generated. They key is used to encrypt sensitive data using AES-GCM (256 bit) and validate HMAC signatures. The first item in the list is used for signing and encryption. The whole list is used for verifying signatures and decryption.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"examples\": [\n [\n \"this-is-the-primary-secret\",\n \"this-is-an-old-secret\",\n \"this-is-another-old-secret\"\n ]\n ]\n },\n \"cookie\": {\n \"type\": \"array\",\n \"description\": \"A secret that is used to encrypt cookie sessions. Defaults to secrets.system. It is recommended to use a separate secret in production. The first item in the list is used for signing and encryption. The whole list is used for verifying signatures and decryption.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"examples\": [\n [\n \"this-is-the-primary-secret\",\n \"this-is-an-old-secret\",\n \"this-is-another-old-secret\"\n ]\n ]\n }\n }\n },\n \"profiling\": {\n \"type\": \"string\",\n \"description\": \"Enables profiling if set. For more details on profiling, head over to: https://blog.golang.org/profiling-go-programs\",\n \"enum\": [\"cpu\", \"mem\"],\n \"examples\": [\"cpu\"]\n },\n \"tracing\": {\n \"$ref\": \"ory://tracing-config\"\n },\n \"version\": {\n \"type\": \"string\",\n \"title\": \"The Hydra version this config is written for.\",\n \"description\": \"SemVer according to https://semver.org/ prefixed with `v` as in our releases.\",\n \"pattern\": \"^v(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)(?:-((?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\\\.(?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\\+([0-9a-zA-Z-]+(?:\\\\.[0-9a-zA-Z-]+)*))?$\"\n },\n \"cgroups\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"ORY Hydra can respect Linux container CPU quota\",\n \"properties\": {\n \"v1\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures parameters using cgroups v1 hierarchy\",\n \"properties\": {\n \"auto_max_procs_enabled\": {\n \"type\": \"boolean\",\n \"description\": \"Set GOMAXPROCS automatically according to cgroups limits\",\n \"default\": false,\n \"examples\": [true]\n }\n }\n }\n }\n }\n },\n \"required\": [\"dsn\"]\n}\n" }, { "path": "oryx/configx/stub/hydra/expected.json", "content": "{\n \"cgroups\": {\n \"v1\": {\n \"auto_max_procs_enabled\": false\n }\n },\n \"dsn\": \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true\",\n \"log\": {\n \"format\": \"text\",\n \"leak_sensitive_values\": false,\n \"level\": \"info\"\n },\n \"oauth2\": {\n \"expose_internal_errors\": false,\n \"hashers\": {\n \"bcrypt\": {\n \"cost\": 10\n }\n },\n \"include_legacy_error_fields\": false,\n \"session\": {\n \"encrypt_at_rest\": true\n }\n },\n \"oidc\": {\n \"subject_identifiers\": {\n \"enabled\": [\"pairwise\", \"public\"],\n \"pairwise\": {\n \"salt\": \"youReallyNeedToChangeThis\"\n }\n }\n },\n \"secrets\": {\n \"system\": [\"youReallyNeedToChangeThis\"]\n },\n \"serve\": {\n \"admin\": {\n \"access_log\": {\n \"disable_for_health\": false\n },\n \"cors\": {\n \"allow_credentials\": true,\n \"allowed_headers\": [\"Authorization\", \"Content-Type\"],\n \"allowed_methods\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"allowed_origins\": [\"*\"],\n \"debug\": false,\n \"enabled\": false,\n \"exposed_headers\": [\"Content-Type\"],\n \"max_age\": 0,\n \"options_passthrough\": false\n },\n \"host\": \"\",\n \"port\": 4445,\n \"socket\": {\n \"group\": \"\",\n \"mode\": 493,\n \"owner\": \"\"\n }\n },\n \"cookies\": {\n \"same_site_legacy_workaround\": false,\n \"same_site_mode\": \"Lax\"\n },\n \"public\": {\n \"access_log\": {\n \"disable_for_health\": false\n },\n \"cors\": {\n \"allow_credentials\": true,\n \"allowed_headers\": [\"Authorization\", \"Content-Type\"],\n \"allowed_methods\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"allowed_origins\": [\"*\"],\n \"debug\": false,\n \"enabled\": false,\n \"exposed_headers\": [\"Content-Type\"],\n \"max_age\": 0,\n \"options_passthrough\": false\n },\n \"host\": \"\",\n \"port\": 4444,\n \"socket\": {\n \"group\": \"\",\n \"mode\": 493,\n \"owner\": \"\"\n }\n }\n },\n \"strategies\": {\n \"scope\": \"wildcard\"\n },\n \"tracing\": {\n \"provider\": \"jaeger\",\n \"providers\": {\n \"jaeger\": {\n \"local_agent_address\": \"jaeger:6831\",\n \"sampling\": {\n \"server_url\": \"http://jaeger:5778/sampling\"\n }\n }\n }\n },\n \"ttl\": {\n \"access_token\": \"1h\",\n \"auth_code\": \"10m\",\n \"id_token\": \"1h\",\n \"login_consent_request\": \"1h\",\n \"refresh_token\": \"720h\"\n },\n \"urls\": {\n \"consent\": \"http://127.0.0.1:3000/consent\",\n \"login\": \"http://127.0.0.1:3000/login\",\n \"logout\": \"http://127.0.0.1:3000/logout\",\n \"self\": {\n \"issuer\": \"http://127.0.0.1:4444\"\n }\n },\n \"webfinger\": {\n \"jwks\": {\n \"broadcast_keys\": [\"hydra.openid.id-token\"]\n }\n }\n}\n" }, { "path": "oryx/configx/stub/hydra/hydra.yaml", "content": "serve:\n cookies:\n same_site_mode: Lax\n\nurls:\n self:\n issuer: http://127.0.0.1:4444\n consent: http://127.0.0.1:3000/consent\n login: http://127.0.0.1:3000/login\n logout: http://127.0.0.1:3000/logout\n\nsecrets:\n system:\n - youReallyNeedToChangeThis\n\noidc:\n subject_identifiers:\n enabled:\n - pairwise\n - public\n pairwise:\n salt: youReallyNeedToChangeThis\n" }, { "path": "oryx/configx/stub/kratos/config.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/kratos/.schema/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"ORY Kratos Configuration\",\n \"type\": \"object\",\n \"definitions\": {\n \"defaultReturnTo\": {\n \"title\": \"Redirect browsers to set URL per default\",\n \"description\": \"ORY Kratos redirects to this URL per default on completion of self-service flows and other browser interaction. Read this [article for more information on browser redirects](https://www.ory.sh/kratos/docs/concepts/browser-redirect-flow-completion).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"minLength\": 1,\n \"examples\": [\"https://my-app.com/dashboard\", \"/dashboard\"]\n },\n \"selfServiceSessionRevokerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"revoke_active_sessions\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceVerifyHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"verify\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceSessionIssuerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"session\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"OIDCClaims\": {\n \"title\": \"OpenID Connect claims\",\n \"description\": \"The OpenID Connect claims and optionally their properties which should be included in the id_token or returned from the UserInfo Endpoint.\",\n \"type\": \"object\",\n \"examples\": [\n {\n \"id_token\": {\n \"email\": null,\n \"email_verified\": null\n }\n },\n {\n \"userinfo\": {\n \"given_name\": {\n \"essential\": true\n },\n \"nickname\": null,\n \"email\": {\n \"essential\": true\n },\n \"email_verified\": {\n \"essential\": true\n },\n \"picture\": null,\n \"http://example.info/claims/groups\": null\n },\n \"id_token\": {\n \"auth_time\": {\n \"essential\": true\n },\n \"acr\": {\n \"values\": [\"urn:mace:incommon:iap:silver\"]\n }\n }\n }\n ],\n \"patternProperties\": {\n \"^userinfo$|^id_token$\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"patternProperties\": {\n \".*\": {\n \"oneOf\": [\n {\n \"const\": null,\n \"description\": \"Indicates that this Claim is being requested in the default manner.\"\n },\n {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"essential\": {\n \"description\": \"Indicates whether the Claim being requested is an Essential Claim.\",\n \"type\": \"boolean\"\n },\n \"value\": {\n \"description\": \"Requests that the Claim be returned with a particular value.\",\n \"$comment\": \"There seem to be no constrains on value\"\n },\n \"values\": {\n \"description\": \"Requests that the Claim be returned with one of a set of values, with the values appearing in order of preference.\",\n \"type\": \"array\",\n \"items\": {\n \"$comment\": \"There seem to be no constrains on individual items\"\n }\n }\n }\n }\n ]\n }\n }\n }\n }\n },\n \"selfServiceOIDCProvider\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"examples\": [\"google\"]\n },\n \"provider\": {\n \"title\": \"Provider\",\n \"description\": \"Can be one of github, gitlab, generic, google, microsoft, discord.\",\n \"type\": \"string\",\n \"enum\": [\n \"github\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\"\n ],\n \"examples\": [\"google\"]\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"client_secret\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com/o/oauth2/v2/auth\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://www.googleapis.com/oauth2/v4/token\"]\n },\n \"mapper_url\": {\n \"title\": \"Jsonnet Mapper URL\",\n \"description\": \"The URL where the jsonnet source is located for mapping the provider's data to ORY Kratos data.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ]\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"offline_access\", \"profile\"]\n }\n },\n \"tenant\": {\n \"title\": \"Azure AD Tenant\",\n \"description\": \"The Azure AD Tenant to use for authentication.\",\n \"type\": \"string\",\n \"examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ]\n },\n \"requested_claims\": {\n \"$ref\": \"#/definitions/OIDCClaims\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\n \"id\",\n \"provider\",\n \"client_id\",\n \"client_secret\",\n \"mapper_url\"\n ],\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"microsoft\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"required\": [\"tenant\"]\n },\n \"else\": {\n \"not\": {\n \"properties\": {\n \"tenant\": {}\n },\n \"required\": [\"tenant\"]\n }\n }\n },\n \"selfServiceAfterSettingsMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceVerifyHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterLoginMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterRegistrationMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionIssuerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterSettings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsMethod\"\n },\n \"profile\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsMethod\"\n }\n }\n },\n \"selfServiceAfterLogin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterLoginMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterLoginMethod\"\n }\n }\n },\n \"selfServiceAfterRegistration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n }\n }\n }\n },\n \"properties\": {\n \"selfservice\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"default_browser_return_url\"],\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"whitelisted_return_urls\": {\n \"title\": \"Whitelisted Return To URLs\",\n \"description\": \"List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri-reference\"\n },\n \"examples\": [\n [\n \"https://app.my-app.com/dashboard\",\n \"/dashboard\",\n \"https://www.my-app.com/\"\n ]\n ],\n \"uniqueItems\": true\n },\n \"flows\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"settings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"URL of the Settings page.\",\n \"description\": \"URL where the Settings UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/user/settings\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/settings\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"privileged_session_max_age\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettings\"\n }\n }\n },\n \"logout\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"after\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n }\n }\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Registration UI URL\",\n \"description\": \"URL where the Registration UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/signup\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/registration\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistration\"\n }\n }\n },\n \"login\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Login UI URL\",\n \"description\": \"URL where the Login UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/login\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/login\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterLogin\"\n }\n }\n },\n \"verification\": {\n \"title\": \"Email and Phone Verification and Account Activation Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Email/Phone Verification\",\n \"description\": \"If set to true will enable [Email and Phone Verification and Account Activation](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Verify UI URL\",\n \"description\": \"URL where the ORY Verify UI is hosted. This is the page where users activate and / or verify their email or telephone number. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/verification\"\n },\n \"after\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Self-Service Verification Request Lifespan\",\n \"description\": \"Sets how long the verification request (for the UI interaction) is valid.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"recovery\": {\n \"title\": \"Account Recovery Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Account Recovery\",\n \"description\": \"If set to true will enable [Account Recovery](https://www.ory.sh/kratos/docs/self-service/flows/password-reset-account-recovery/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Recovery UI URL\",\n \"description\": \"URL where the ORY Recovery UI is hosted. This is the page where users request and complete account recovery. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/recovery\"\n },\n \"after\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Self-Service Recovery Request Lifespan\",\n \"description\": \"Sets how long the recovery request is valid. If expired, the user has to redo the flow.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"error\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"ORY Kratos Error UI URL\",\n \"description\": \"URL where the ORY Kratos Error UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/kratos-error\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/error\"\n }\n }\n }\n }\n },\n \"methods\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"profile\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Profile Management Method\",\n \"default\": true\n }\n }\n },\n \"link\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Link Method\",\n \"default\": true\n }\n }\n },\n \"password\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Username/Email and Password Method\",\n \"default\": true\n }\n }\n },\n \"oidc\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables OpenID Connect Method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"providers\": {\n \"title\": \"OpenID Connect and OAuth2 Providers\",\n \"description\": \"A list and configuration of OAuth2 and OpenID Connect providers ORY Kratos should integrate with.\",\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/selfServiceOIDCProvider\"\n }\n }\n }\n }\n }\n }\n }\n }\n }\n },\n \"dsn\": {\n \"type\": \"string\",\n \"title\": \"Data Source Name\",\n \"description\": \"DSN is used to specify the database credentials as a connection URI.\",\n \"examples\": [\n \"postgres://user: password@postgresd:5432/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"mysql://user:secret@tcp(mysqld:3306)/database?max_conns=20&max_idle_conns=4\",\n \"cockroach://user@cockroachdb:26257/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc\"\n ]\n },\n \"courier\": {\n \"type\": \"object\",\n \"title\": \"Courier configuration\",\n \"description\": \"The courier is responsible for sending and delivering messages over email, sms, and other means.\",\n \"properties\": {\n \"template_override_path\": {\n \"type\": \"string\",\n \"title\": \"Override message templates\",\n \"description\": \"You can override certain or all message templates by pointing this key to the path where the templates are located.\",\n \"examples\": [\"/conf/courier-templates\"]\n },\n \"smtp\": {\n \"title\": \"SMTP Configuration\",\n \"description\": \"Configures outgoing emails using the SMTP protocol.\",\n \"type\": \"object\",\n \"properties\": {\n \"connection_uri\": {\n \"title\": \"SMTP connection string\",\n \"description\": \"This URI will be used to connect to the SMTP server. Use the query parameter to allow (`?skip_ssl_verify=true`) or disallow (`?skip_ssl_verify=false`) self-signed TLS certificates. Please keep in mind that any host other than localhost / 127.0.0.1 must use smtp over TLS (smtps) or the connection will not be possible.\",\n \"examples\": [\n \"smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=false\"\n ],\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n \"from_address\": {\n \"title\": \"SMTP Sender Address\",\n \"description\": \"The recipient of an email will see this as the sender address.\",\n \"type\": \"string\",\n \"format\": \"email\",\n \"default\": \"no-reply@ory.kratos.sh\"\n }\n },\n \"required\": [\"connection_uri\"],\n \"additionalProperties\": false\n }\n },\n \"required\": [\"smtp\"],\n \"additionalProperties\": false\n },\n \"serve\": {\n \"type\": \"object\",\n \"properties\": {\n \"admin\": {\n \"type\": \"object\",\n \"properties\": {\n \"base_url\": {\n \"title\": \"Admin Base URL\",\n \"description\": \"The URL where the admin endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://kratos.private-network:4434/\"]\n },\n \"host\": {\n \"title\": \"Admin Host\",\n \"description\": \"The host (interface) kratos' admin endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Admin Port\",\n \"description\": \"The port kratos' admin endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4434],\n \"default\": 4434\n }\n },\n \"additionalProperties\": false\n },\n \"public\": {\n \"type\": \"object\",\n \"properties\": {\n \"cors\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures Cross Origin Resource Sharing for public endpoints.\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether CORS is enabled.\",\n \"default\": false\n },\n \"allowed_origins\": {\n \"type\": \"array\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \"not\": {\n \"type\": \"string\",\n \"description\": \"does match all strings that contain two or more (*)\",\n \"pattern\": \".*\\\\*.*\\\\*.*\"\n },\n \"anyOf\": [\n {\n \"format\": \"uri\"\n },\n {\n \"const\": \"*\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"default\": [\"*\"],\n \"examples\": [\n [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"description\": \"A list of HTTP methods the user agent is allowed to use with cross-domain requests.\",\n \"default\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n }\n },\n \"allowed_headers\": {\n \"type\": \"array\",\n \"description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"default\": [\n \"Authorization\",\n \"Content-Type\",\n \"X-Session-Token\"\n ],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"exposed_headers\": {\n \"type\": \"array\",\n \"description\": \"Sets which headers are safe to expose to the API of a CORS API specification.\",\n \"default\": [\"Content-Type\"],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"default\": true\n },\n \"options_passthrough\": {\n \"type\": \"boolean\",\n \"description\": \"TODO\",\n \"default\": false\n },\n \"max_age\": {\n \"type\": \"integer\",\n \"description\": \"Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.\",\n \"default\": 0,\n \"minimum\": 0\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"description\": \"Adds additional log output to debug server side CORS issues.\",\n \"default\": false\n }\n }\n },\n \"base_url\": {\n \"title\": \"Public Base URL\",\n \"description\": \"The URL where the public endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\n \"https://my-app.com/.ory/kratos/public\",\n \"/.ory/kratos/public/\"\n ]\n },\n \"host\": {\n \"title\": \"Public Host\",\n \"description\": \"The host (interface) kratos' public endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Public Port\",\n \"description\": \"The port kratos' public endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4433],\n \"default\": 4433\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"log\": {\n \"type\": \"object\",\n \"properties\": {\n \"level\": {\n \"type\": \"string\",\n \"enum\": [\n \"trace\",\n \"debug\",\n \"info\",\n \"warning\",\n \"error\",\n \"fatal\",\n \"panic\"\n ]\n },\n \"leak_sensitive_values\": {\n \"type\": \"boolean\",\n \"title\": \"Leak Sensitive Log Values\",\n \"description\": \"If set will leak sensitive values (e.g. emails) in the logs.\"\n },\n \"redaction_text\": {\n \"type\": \"string\",\n \"title\": \"Sensitive log value redaction text\",\n \"description\": \"Text to use, when redacting sensitive log value.\"\n },\n \"format\": {\n \"type\": \"string\",\n \"enum\": [\"json\", \"text\"]\n }\n },\n \"additionalProperties\": false\n },\n \"identity\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_schema_url\": {\n \"title\": \"JSON Schema URL for default identity traits\",\n \"description\": \"Path to the JSON Schema which describes a default identity's traits.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\"\n ]\n },\n \"schemas\": {\n \"type\": \"array\",\n \"title\": \"Additional JSON Schemas for Identity Traits\",\n \"examples\": [\n [\n {\n \"id\": \"customer\",\n \"url\": \"https://foo.bar.com/path/to/customer.traits.schema.json\"\n },\n {\n \"id\": \"employee\",\n \"url\": \"https://foo.bar.com/path/to/employee.traits.schema.json\"\n },\n {\n \"id\": \"employee-v2\",\n \"url\": \"https://foo.bar.com/path/to/employee.v2.traits.schema.json\"\n }\n ]\n ],\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"title\": \"The schema's ID.\",\n \"type\": \"string\",\n \"examples\": [\"employee\"]\n },\n \"url\": {\n \"type\": \"string\",\n \"title\": \"Path to the JSON Schema\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\"\n ]\n }\n },\n \"required\": [\"id\", \"url\"],\n \"not\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"const\": \"default\"\n }\n },\n \"additionalProperties\": true\n }\n }\n }\n },\n \"required\": [\"default_schema_url\"],\n \"additionalProperties\": false\n },\n \"secrets\": {\n \"type\": \"object\",\n \"properties\": {\n \"default\": {\n \"type\": \"array\",\n \"title\": \"Default Encryption Signing Secrets\",\n \"description\": \"The first secret in the array is used for singing and encrypting things while all other keys are used to verify and decrypt older things that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n },\n \"cookie\": {\n \"type\": \"array\",\n \"title\": \"Singing Keys for Cookies\",\n \"description\": \"The first secret in the array is used for encrypting cookies while all other keys are used to decrypt older cookies that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n }\n },\n \"additionalProperties\": false\n },\n \"hashers\": {\n \"title\": \"Hashing Algorithm Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"argon2\": {\n \"title\": \"Configuration for the Argon2id hasher.\",\n \"type\": \"object\",\n \"properties\": {\n \"memory\": {\n \"type\": \"integer\",\n \"minimum\": 16384\n },\n \"iterations\": {\n \"type\": \"integer\",\n \"minimum\": 1\n },\n \"parallelism\": {\n \"type\": \"integer\",\n \"minimum\": 1\n },\n \"salt_length\": {\n \"type\": \"integer\",\n \"minimum\": 16\n },\n \"key_length\": {\n \"type\": \"integer\",\n \"minimum\": 16\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"session\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"lifespan\": {\n \"title\": \"Session Lifespan\",\n \"description\": \"Defines how long a session is active. Once that lifespan has been reached, the user needs to sign in again.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"24h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"cookie\": {\n \"type\": \"object\",\n \"properties\": {\n \"domain\": {\n \"title\": \"Session Cookie Domain\",\n \"description\": \"Sets the session cookie domain. Useful when dealing with subdomains. Use with care!\",\n \"type\": \"string\"\n },\n \"persistent\": {\n \"title\": \"Make Session Cookie Persistent\",\n \"description\": \"If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4).\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"path\": {\n \"title\": \"Session Cookie Path\",\n \"description\": \"Sets the session cookie path. Use with care!\",\n \"type\": \"string\",\n \"default\": \"/\"\n },\n \"same_site\": {\n \"title\": \"Cookie Same Site Configuration\",\n \"type\": \"string\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"],\n \"default\": \"Lax\"\n }\n },\n \"additionalProperties\": false\n }\n }\n },\n \"version\": {\n \"title\": \"The kratos version this config is written for.\",\n \"description\": \"SemVer according to https://semver.org/ prefixed with `v` as in our releases.\",\n \"type\": \"string\",\n \"pattern\": \"^v(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)(?:-((?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\\\.(?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\\+([0-9a-zA-Z-]+(?:\\\\.[0-9a-zA-Z-]+)*))?$\",\n \"examples\": [\"v0.5.0-alpha.1\"]\n }\n },\n \"allOf\": [\n {\n \"if\": {\n \"properties\": {\n \"selfservice\": {\n \"properties\": {\n \"flows\": {\n \"oneOf\": [\n {\n \"properties\": {\n \"verification\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"verification\"]\n },\n {\n \"properties\": {\n \"recovery\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"recovery\"]\n }\n ]\n }\n },\n \"required\": [\"flows\"]\n }\n },\n \"required\": [\"selfservice\"]\n },\n \"then\": {\n \"required\": [\"courier\"]\n }\n }\n ],\n \"required\": [\"identity\", \"dsn\", \"selfservice\"]\n}\n" }, { "path": "oryx/configx/stub/kratos/expected.json", "content": "{\n \"courier\": {\n \"smtp\": {\n \"connection_uri\": \"smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\",\n \"from_address\": \"no-reply@ory.kratos.sh\"\n }\n },\n \"dsn\": \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true\",\n \"hashers\": {\n \"argon2\": {\n \"iterations\": 2,\n \"key_length\": 16,\n \"memory\": 131072,\n \"parallelism\": 1,\n \"salt_length\": 16\n }\n },\n \"identity\": {\n \"default_schema_url\": \"file:///etc/config/kratos/identity.schema.json\"\n },\n \"log\": {\n \"format\": \"text\",\n \"leak_sensitive_values\": true,\n \"level\": \"debug\"\n },\n \"secrets\": {\n \"cookie\": [\"PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\"]\n },\n \"selfservice\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/\",\n \"flows\": {\n \"error\": {\n \"ui_url\": \"http://127.0.0.1:4455/error\"\n },\n \"login\": {\n \"lifespan\": \"10m\",\n \"ui_url\": \"http://127.0.0.1:4455/auth/login\"\n },\n \"logout\": {\n \"after\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/auth/login\"\n }\n },\n \"recovery\": {\n \"enabled\": true,\n \"lifespan\": \"1h\",\n \"ui_url\": \"http://127.0.0.1:4455/recovery\"\n },\n \"registration\": {\n \"after\": {\n \"password\": {\n \"hooks\": [\n {\n \"hook\": \"session\"\n }\n ]\n }\n },\n \"lifespan\": \"10m\",\n \"ui_url\": \"http://127.0.0.1:4455/auth/registration\"\n },\n \"settings\": {\n \"lifespan\": \"1h\",\n \"privileged_session_max_age\": \"15m\",\n \"ui_url\": \"http://127.0.0.1:4455/settings\"\n },\n \"verification\": {\n \"after\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/\"\n },\n \"enabled\": true,\n \"lifespan\": \"1h\",\n \"ui_url\": \"http://127.0.0.1:4455/verify\"\n }\n },\n \"methods\": {\n \"link\": {\n \"enabled\": true\n },\n \"oidc\": {\n \"enabled\": true,\n \"config\": {\n \"providers\": [\n {\n \"id\": \"google\",\n \"provider\": \"google\",\n \"mapper_url\": \"file:///etc/config/kratos/oidc.google.jsonnet\",\n \"client_id\": \"client@example.com\",\n \"client_secret\": \"secret\"\n }\n ]\n }\n },\n \"password\": {\n \"enabled\": true\n },\n \"profile\": {\n \"enabled\": true\n }\n },\n \"whitelisted_return_urls\": [\"http://127.0.0.1:4455\"]\n },\n \"serve\": {\n \"admin\": {\n \"base_url\": \"http://kratos:4434/\",\n \"host\": \"0.0.0.0\",\n \"port\": 4434\n },\n \"public\": {\n \"base_url\": \"http://127.0.0.1:4433/\",\n \"cors\": {\n \"allow_credentials\": true,\n \"allowed_headers\": [\"Authorization\", \"Content-Type\", \"X-Session-Token\"],\n \"allowed_methods\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"allowed_origins\": [\"*\"],\n \"debug\": false,\n \"enabled\": true,\n \"exposed_headers\": [\"Content-Type\"],\n \"max_age\": 0,\n \"options_passthrough\": false\n },\n \"host\": \"0.0.0.0\",\n \"port\": 4433\n }\n },\n \"session\": {\n \"cookie\": {\n \"path\": \"/\",\n \"persistent\": true,\n \"same_site\": \"Lax\"\n },\n \"lifespan\": \"24h\"\n },\n \"version\": \"v0.5.3-alpha.1\"\n}\n" }, { "path": "oryx/configx/stub/kratos/kratos.yaml", "content": "version: v0.5.3-alpha.1\n\ndsn: memory\n\nserve:\n public:\n base_url: http://127.0.0.1:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://127.0.0.1:4455/\n whitelisted_return_urls:\n - http://127.0.0.1:4455\n\n methods:\n password:\n enabled: true\n oidc:\n enabled: true\n\n flows:\n error:\n ui_url: http://127.0.0.1:4455/error\n\n settings:\n ui_url: http://127.0.0.1:4455/settings\n privileged_session_max_age: 15m\n\n recovery:\n enabled: true\n ui_url: http://127.0.0.1:4455/recovery\n\n verification:\n enabled: true\n ui_url: http://127.0.0.1:4455/verify\n after:\n default_browser_return_url: http://127.0.0.1:4455/\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/auth/login\n\n login:\n ui_url: http://127.0.0.1:4455/auth/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://127.0.0.1:4455/auth/registration\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n\nhashers:\n argon2:\n parallelism: 1\n memory: 131072\n iterations: 2\n salt_length: 16\n key_length: 16\n\nidentity:\n default_schema_url: file:///etc/config/kratos/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "oryx/configx/stub/multi/a.yaml", "content": "version: v0.5.3-alpha.1\n\ndsn: memory\n\nserve:\n public:\n base_url: http://127.0.0.1:4433/\n cors:\n enabled: true\n admin:\n base_url: http://kratos:4434/\n\nselfservice:\n default_browser_return_url: http://127.0.0.1:4455/\n whitelisted_return_urls:\n - http://127.0.0.1:4455\n\n methods:\n password:\n enabled: true\n\n flows:\n error:\n ui_url: http://127.0.0.1:4455/error\n\n settings:\n ui_url: http://127.0.0.1:4455/settings\n" }, { "path": "oryx/configx/stub/multi/b.yaml", "content": "selfservice:\n flows:\n settings:\n privileged_session_max_age: 15m\n\n recovery:\n enabled: true\n ui_url: http://127.0.0.1:4455/recovery\n\n verification:\n enabled: true\n ui_url: http://127.0.0.1:4455/verify\n after:\n default_browser_return_url: http://127.0.0.1:4455/\n\n logout:\n after:\n default_browser_return_url: http://127.0.0.1:4455/auth/login\n\n login:\n ui_url: http://127.0.0.1:4455/auth/login\n lifespan: 10m\n\n registration:\n lifespan: 10m\n ui_url: http://127.0.0.1:4455/auth/registration\n after:\n password:\n hooks:\n - hook: session\n\nlog:\n level: debug\n format: text\n leak_sensitive_values: true\n\nsecrets:\n cookie:\n - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\n\nhashers:\n argon2:\n parallelism: 1\n memory: 131072\n iterations: 2\n salt_length: 16\n key_length: 16\n\nidentity:\n default_schema_url: file:///etc/config/kratos/identity.schema.json\n\ncourier:\n smtp:\n connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\n" }, { "path": "oryx/configx/stub/multi/config.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/kratos/.schema/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"ORY Kratos Configuration\",\n \"type\": \"object\",\n \"definitions\": {\n \"defaultReturnTo\": {\n \"title\": \"Redirect browsers to set URL per default\",\n \"description\": \"ORY Kratos redirects to this URL per default on completion of self-service flows and other browser interaction. Read this [article for more information on browser redirects](https://www.ory.sh/kratos/docs/concepts/browser-redirect-flow-completion).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"minLength\": 1,\n \"examples\": [\"https://my-app.com/dashboard\", \"/dashboard\"]\n },\n \"selfServiceSessionRevokerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"revoke_active_sessions\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceVerifyHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"verify\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"selfServiceSessionIssuerHook\": {\n \"type\": \"object\",\n \"properties\": {\n \"hook\": {\n \"const\": \"session\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"hook\"]\n },\n \"OIDCClaims\": {\n \"title\": \"OpenID Connect claims\",\n \"description\": \"The OpenID Connect claims and optionally their properties which should be included in the id_token or returned from the UserInfo Endpoint.\",\n \"type\": \"object\",\n \"examples\": [\n {\n \"id_token\": {\n \"email\": null,\n \"email_verified\": null\n }\n },\n {\n \"userinfo\": {\n \"given_name\": {\n \"essential\": true\n },\n \"nickname\": null,\n \"email\": {\n \"essential\": true\n },\n \"email_verified\": {\n \"essential\": true\n },\n \"picture\": null,\n \"http://example.info/claims/groups\": null\n },\n \"id_token\": {\n \"auth_time\": {\n \"essential\": true\n },\n \"acr\": {\n \"values\": [\"urn:mace:incommon:iap:silver\"]\n }\n }\n }\n ],\n \"patternProperties\": {\n \"^userinfo$|^id_token$\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"patternProperties\": {\n \".*\": {\n \"oneOf\": [\n {\n \"const\": null,\n \"description\": \"Indicates that this Claim is being requested in the default manner.\"\n },\n {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"essential\": {\n \"description\": \"Indicates whether the Claim being requested is an Essential Claim.\",\n \"type\": \"boolean\"\n },\n \"value\": {\n \"description\": \"Requests that the Claim be returned with a particular value.\",\n \"$comment\": \"There seem to be no constrains on value\"\n },\n \"values\": {\n \"description\": \"Requests that the Claim be returned with one of a set of values, with the values appearing in order of preference.\",\n \"type\": \"array\",\n \"items\": {\n \"$comment\": \"There seem to be no constrains on individual items\"\n }\n }\n }\n }\n ]\n }\n }\n }\n }\n },\n \"selfServiceOIDCProvider\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"examples\": [\"google\"]\n },\n \"provider\": {\n \"title\": \"Provider\",\n \"description\": \"Can be one of github, gitlab, generic, google, microsoft, discord.\",\n \"type\": \"string\",\n \"enum\": [\n \"github\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\"\n ],\n \"examples\": [\"google\"]\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"client_secret\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com/o/oauth2/v2/auth\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://www.googleapis.com/oauth2/v4/token\"]\n },\n \"mapper_url\": {\n \"title\": \"Jsonnet Mapper URL\",\n \"description\": \"The URL where the jsonnet source is located for mapping the provider's data to ORY Kratos data.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ]\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"offline_access\", \"profile\"]\n }\n },\n \"tenant\": {\n \"title\": \"Azure AD Tenant\",\n \"description\": \"The Azure AD Tenant to use for authentication.\",\n \"type\": \"string\",\n \"examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ]\n },\n \"requested_claims\": {\n \"$ref\": \"#/definitions/OIDCClaims\"\n }\n },\n \"additionalProperties\": false,\n \"required\": [\n \"id\",\n \"provider\",\n \"client_id\",\n \"client_secret\",\n \"mapper_url\"\n ],\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"microsoft\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"required\": [\"tenant\"]\n },\n \"else\": {\n \"not\": {\n \"properties\": {\n \"tenant\": {}\n },\n \"required\": [\"tenant\"]\n }\n }\n },\n \"selfServiceAfterSettingsMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceVerifyHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterLoginMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionRevokerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterRegistrationMethod\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"hooks\": {\n \"type\": \"array\",\n \"items\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/definitions/selfServiceSessionIssuerHook\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"additionalItems\": false\n }\n }\n },\n \"selfServiceAfterSettings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsMethod\"\n },\n \"profile\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettingsMethod\"\n }\n }\n },\n \"selfServiceAfterLogin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterLoginMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterLoginMethod\"\n }\n }\n },\n \"selfServiceAfterRegistration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"password\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n },\n \"oidc\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistrationMethod\"\n }\n }\n }\n },\n \"properties\": {\n \"selfservice\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"default_browser_return_url\"],\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n },\n \"whitelisted_return_urls\": {\n \"title\": \"Whitelisted Return To URLs\",\n \"description\": \"List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri-reference\"\n },\n \"examples\": [\n [\n \"https://app.my-app.com/dashboard\",\n \"/dashboard\",\n \"https://www.my-app.com/\"\n ]\n ],\n \"uniqueItems\": true\n },\n \"flows\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"settings\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"URL of the Settings page.\",\n \"description\": \"URL where the Settings UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/user/settings\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/settings\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"privileged_session_max_age\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterSettings\"\n }\n }\n },\n \"logout\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"after\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n }\n }\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Registration UI URL\",\n \"description\": \"URL where the Registration UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/signup\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/registration\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterRegistration\"\n }\n }\n },\n \"login\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"Login UI URL\",\n \"description\": \"URL where the Login UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/login\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/login\"\n },\n \"lifespan\": {\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"after\": {\n \"$ref\": \"#/definitions/selfServiceAfterLogin\"\n }\n }\n },\n \"verification\": {\n \"title\": \"Email and Phone Verification and Account Activation Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Email/Phone Verification\",\n \"description\": \"If set to true will enable [Email and Phone Verification and Account Activation](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Verify UI URL\",\n \"description\": \"URL where the ORY Verify UI is hosted. This is the page where users activate and / or verify their email or telephone number. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/verification\"\n },\n \"after\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Self-Service Verification Request Lifespan\",\n \"description\": \"Sets how long the verification request (for the UI interaction) is valid.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"recovery\": {\n \"title\": \"Account Recovery Configuration\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enable Account Recovery\",\n \"description\": \"If set to true will enable [Account Recovery](https://www.ory.sh/kratos/docs/self-service/flows/password-reset-account-recovery/).\",\n \"default\": false\n },\n \"ui_url\": {\n \"title\": \"Recovery UI URL\",\n \"description\": \"URL where the ORY Recovery UI is hosted. This is the page where users request and complete account recovery. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/verify\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/recovery\"\n },\n \"after\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_browser_return_url\": {\n \"$ref\": \"#/definitions/defaultReturnTo\"\n }\n },\n \"additionalProperties\": false\n },\n \"lifespan\": {\n \"title\": \"Self-Service Recovery Request Lifespan\",\n \"description\": \"Sets how long the recovery request is valid. If expired, the user has to redo the flow.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n }\n }\n },\n \"error\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ui_url\": {\n \"title\": \"ORY Kratos Error UI URL\",\n \"description\": \"URL where the ORY Kratos Error UI is hosted. Check the [reference implementation](https://github.com/ory/kratos-selfservice-ui-node).\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\"https://my-app.com/kratos-error\"],\n \"default\": \"https://www.ory.sh/kratos/docs/fallback/error\"\n }\n }\n }\n }\n },\n \"methods\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"profile\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Profile Management Method\",\n \"default\": true\n }\n }\n },\n \"link\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Link Method\",\n \"default\": true\n }\n }\n },\n \"password\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables Username/Email and Password Method\",\n \"default\": true\n }\n }\n },\n \"oidc\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"title\": \"Enables OpenID Connect Method\",\n \"default\": false\n },\n \"config\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"providers\": {\n \"title\": \"OpenID Connect and OAuth2 Providers\",\n \"description\": \"A list and configuration of OAuth2 and OpenID Connect providers ORY Kratos should integrate with.\",\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/selfServiceOIDCProvider\"\n }\n }\n }\n }\n }\n }\n }\n }\n }\n },\n \"dsn\": {\n \"type\": \"string\",\n \"title\": \"Data Source Name\",\n \"description\": \"DSN is used to specify the database credentials as a connection URI.\",\n \"examples\": [\n \"postgres://user: password@postgresd:5432/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"mysql://user:secret@tcp(mysqld:3306)/database?max_conns=20&max_idle_conns=4\",\n \"cockroach://user@cockroachdb:26257/database?sslmode=disable&max_conns=20&max_idle_conns=4\",\n \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc\"\n ]\n },\n \"courier\": {\n \"type\": \"object\",\n \"title\": \"Courier configuration\",\n \"description\": \"The courier is responsible for sending and delivering messages over email, sms, and other means.\",\n \"properties\": {\n \"template_override_path\": {\n \"type\": \"string\",\n \"title\": \"Override message templates\",\n \"description\": \"You can override certain or all message templates by pointing this key to the path where the templates are located.\",\n \"examples\": [\"/conf/courier-templates\"]\n },\n \"smtp\": {\n \"title\": \"SMTP Configuration\",\n \"description\": \"Configures outgoing emails using the SMTP protocol.\",\n \"type\": \"object\",\n \"properties\": {\n \"connection_uri\": {\n \"title\": \"SMTP connection string\",\n \"description\": \"This URI will be used to connect to the SMTP server. Use the query parameter to allow (`?skip_ssl_verify=true`) or disallow (`?skip_ssl_verify=false`) self-signed TLS certificates. Please keep in mind that any host other than localhost / 127.0.0.1 must use smtp over TLS (smtps) or the connection will not be possible.\",\n \"examples\": [\n \"smtps://foo:bar@my-mailserver:1234/?skip_ssl_verify=false\"\n ],\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n \"from_address\": {\n \"title\": \"SMTP Sender Address\",\n \"description\": \"The recipient of an email will see this as the sender address.\",\n \"type\": \"string\",\n \"format\": \"email\",\n \"default\": \"no-reply@ory.kratos.sh\"\n }\n },\n \"required\": [\"connection_uri\"],\n \"additionalProperties\": false\n }\n },\n \"required\": [\"smtp\"],\n \"additionalProperties\": false\n },\n \"serve\": {\n \"type\": \"object\",\n \"properties\": {\n \"admin\": {\n \"type\": \"object\",\n \"properties\": {\n \"base_url\": {\n \"title\": \"Admin Base URL\",\n \"description\": \"The URL where the admin endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://kratos.private-network:4434/\"]\n },\n \"host\": {\n \"title\": \"Admin Host\",\n \"description\": \"The host (interface) kratos' admin endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Admin Port\",\n \"description\": \"The port kratos' admin endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4434],\n \"default\": 4434\n }\n },\n \"additionalProperties\": false\n },\n \"public\": {\n \"type\": \"object\",\n \"properties\": {\n \"cors\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures Cross Origin Resource Sharing for public endpoints.\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether CORS is enabled.\",\n \"default\": false\n },\n \"allowed_origins\": {\n \"type\": \"array\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \"not\": {\n \"type\": \"string\",\n \"description\": \"does match all strings that contain two or more (*)\",\n \"pattern\": \".*\\\\*.*\\\\*.*\"\n },\n \"anyOf\": [\n {\n \"format\": \"uri\"\n },\n {\n \"const\": \"*\"\n }\n ]\n },\n \"uniqueItems\": true,\n \"default\": [\"*\"],\n \"examples\": [\n [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"description\": \"A list of HTTP methods the user agent is allowed to use with cross-domain requests.\",\n \"default\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"POST\",\n \"GET\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\",\n \"CONNECT\",\n \"HEAD\",\n \"OPTIONS\",\n \"TRACE\"\n ]\n }\n },\n \"allowed_headers\": {\n \"type\": \"array\",\n \"description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"default\": [\n \"Authorization\",\n \"Content-Type\",\n \"X-Session-Token\"\n ],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"exposed_headers\": {\n \"type\": \"array\",\n \"description\": \"Sets which headers are safe to expose to the API of a CORS API specification.\",\n \"default\": [\"Content-Type\"],\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"description\": \"Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"default\": true\n },\n \"options_passthrough\": {\n \"type\": \"boolean\",\n \"description\": \"TODO\",\n \"default\": false\n },\n \"max_age\": {\n \"type\": \"integer\",\n \"description\": \"Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.\",\n \"default\": 0,\n \"minimum\": 0\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"description\": \"Adds additional log output to debug server side CORS issues.\",\n \"default\": false\n }\n }\n },\n \"base_url\": {\n \"title\": \"Public Base URL\",\n \"description\": \"The URL where the public endpoint is exposed at.\",\n \"type\": \"string\",\n \"format\": \"uri-reference\",\n \"examples\": [\n \"https://my-app.com/.ory/kratos/public\",\n \"/.ory/kratos/public/\"\n ]\n },\n \"host\": {\n \"title\": \"Public Host\",\n \"description\": \"The host (interface) kratos' public endpoint listens on.\",\n \"type\": \"string\",\n \"default\": \"0.0.0.0\"\n },\n \"port\": {\n \"title\": \"Public Port\",\n \"description\": \"The port kratos' public endpoint listens on.\",\n \"type\": \"integer\",\n \"minimum\": 1,\n \"maximum\": 65535,\n \"examples\": [4433],\n \"default\": 4433\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"log\": {\n \"type\": \"object\",\n \"properties\": {\n \"level\": {\n \"type\": \"string\",\n \"enum\": [\n \"trace\",\n \"debug\",\n \"info\",\n \"warning\",\n \"error\",\n \"fatal\",\n \"panic\"\n ]\n },\n \"leak_sensitive_values\": {\n \"type\": \"boolean\",\n \"title\": \"Leak Sensitive Log Values\",\n \"description\": \"If set will leak sensitive values (e.g. emails) in the logs.\"\n },\n \"redaction_text\": {\n \"type\": \"string\",\n \"title\": \"Sensitive log value redaction text\",\n \"description\": \"Text to use, when redacting sensitive log value.\"\n },\n \"format\": {\n \"type\": \"string\",\n \"enum\": [\"json\", \"text\"]\n }\n },\n \"additionalProperties\": false\n },\n \"identity\": {\n \"type\": \"object\",\n \"properties\": {\n \"default_schema_url\": {\n \"title\": \"JSON Schema URL for default identity traits\",\n \"description\": \"Path to the JSON Schema which describes a default identity's traits.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\"\n ]\n },\n \"schemas\": {\n \"type\": \"array\",\n \"title\": \"Additional JSON Schemas for Identity Traits\",\n \"examples\": [\n [\n {\n \"id\": \"customer\",\n \"url\": \"https://foo.bar.com/path/to/customer.traits.schema.json\"\n },\n {\n \"id\": \"employee\",\n \"url\": \"https://foo.bar.com/path/to/employee.traits.schema.json\"\n },\n {\n \"id\": \"employee-v2\",\n \"url\": \"https://foo.bar.com/path/to/employee.v2.traits.schema.json\"\n }\n ]\n ],\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"title\": \"The schema's ID.\",\n \"type\": \"string\",\n \"examples\": [\"employee\"]\n },\n \"url\": {\n \"type\": \"string\",\n \"title\": \"Path to the JSON Schema\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/identity.traits.schema.json\",\n \"https://foo.bar.com/path/to/identity.traits.schema.json\"\n ]\n }\n },\n \"required\": [\"id\", \"url\"],\n \"not\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"const\": \"default\"\n }\n },\n \"additionalProperties\": true\n }\n }\n }\n },\n \"required\": [\"default_schema_url\"],\n \"additionalProperties\": false\n },\n \"secrets\": {\n \"type\": \"object\",\n \"properties\": {\n \"default\": {\n \"type\": \"array\",\n \"title\": \"Default Encryption Signing Secrets\",\n \"description\": \"The first secret in the array is used for singing and encrypting things while all other keys are used to verify and decrypt older things that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n },\n \"cookie\": {\n \"type\": \"array\",\n \"title\": \"Singing Keys for Cookies\",\n \"description\": \"The first secret in the array is used for encrypting cookies while all other keys are used to decrypt older cookies that were signed with that old secret.\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 16\n },\n \"uniqueItems\": true\n }\n },\n \"additionalProperties\": false\n },\n \"hashers\": {\n \"title\": \"Hashing Algorithm Configuration\",\n \"type\": \"object\",\n \"properties\": {\n \"argon2\": {\n \"title\": \"Configuration for the Argon2id hasher.\",\n \"type\": \"object\",\n \"properties\": {\n \"memory\": {\n \"type\": \"integer\",\n \"minimum\": 16384\n },\n \"iterations\": {\n \"type\": \"integer\",\n \"minimum\": 1\n },\n \"parallelism\": {\n \"type\": \"integer\",\n \"minimum\": 1\n },\n \"salt_length\": {\n \"type\": \"integer\",\n \"minimum\": 16\n },\n \"key_length\": {\n \"type\": \"integer\",\n \"minimum\": 16\n }\n },\n \"additionalProperties\": false\n }\n },\n \"additionalProperties\": false\n },\n \"session\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"lifespan\": {\n \"title\": \"Session Lifespan\",\n \"description\": \"Defines how long a session is active. Once that lifespan has been reached, the user needs to sign in again.\",\n \"type\": \"string\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"24h\",\n \"examples\": [\"1h\", \"1m\", \"1s\"]\n },\n \"cookie\": {\n \"type\": \"object\",\n \"properties\": {\n \"domain\": {\n \"title\": \"Session Cookie Domain\",\n \"description\": \"Sets the session cookie domain. Useful when dealing with subdomains. Use with care!\",\n \"type\": \"string\"\n },\n \"persistent\": {\n \"title\": \"Make Session Cookie Persistent\",\n \"description\": \"If set to true will persist the cookie in the end-user's browser using the `max-age` parameter which is set to the `session.lifespan` value. Persistent cookies are not deleted when the browser is closed (e.g. on reboot or alt+f4).\",\n \"type\": \"boolean\",\n \"default\": true\n },\n \"path\": {\n \"title\": \"Session Cookie Path\",\n \"description\": \"Sets the session cookie path. Use with care!\",\n \"type\": \"string\",\n \"default\": \"/\"\n },\n \"same_site\": {\n \"title\": \"Cookie Same Site Configuration\",\n \"type\": \"string\",\n \"enum\": [\"Strict\", \"Lax\", \"None\"],\n \"default\": \"Lax\"\n }\n },\n \"additionalProperties\": false\n }\n }\n },\n \"version\": {\n \"title\": \"The kratos version this config is written for.\",\n \"description\": \"SemVer according to https://semver.org/ prefixed with `v` as in our releases.\",\n \"type\": \"string\",\n \"pattern\": \"^v(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)(?:-((?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\\\.(?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\\+([0-9a-zA-Z-]+(?:\\\\.[0-9a-zA-Z-]+)*))?$\",\n \"examples\": [\"v0.5.0-alpha.1\"]\n }\n },\n \"allOf\": [\n {\n \"if\": {\n \"properties\": {\n \"selfservice\": {\n \"properties\": {\n \"flows\": {\n \"oneOf\": [\n {\n \"properties\": {\n \"verification\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"verification\"]\n },\n {\n \"properties\": {\n \"recovery\": {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"enabled\"]\n }\n },\n \"required\": [\"recovery\"]\n }\n ]\n }\n },\n \"required\": [\"flows\"]\n }\n },\n \"required\": [\"selfservice\"]\n },\n \"then\": {\n \"required\": [\"courier\"]\n }\n }\n ],\n \"required\": [\"identity\", \"dsn\", \"selfservice\"]\n}\n" }, { "path": "oryx/configx/stub/multi/expected.json", "content": "{\n \"courier\": {\n \"smtp\": {\n \"connection_uri\": \"smtps://test:test@mailslurper:1025/?skip_ssl_verify=true\",\n \"from_address\": \"no-reply@ory.kratos.sh\"\n }\n },\n \"dsn\": \"sqlite:///var/lib/sqlite/db.sqlite?_fk=true\",\n \"hashers\": {\n \"argon2\": {\n \"iterations\": 2,\n \"key_length\": 16,\n \"memory\": 131072,\n \"parallelism\": 1,\n \"salt_length\": 16\n }\n },\n \"identity\": {\n \"default_schema_url\": \"file:///etc/config/kratos/identity.schema.json\"\n },\n \"log\": {\n \"format\": \"text\",\n \"leak_sensitive_values\": true,\n \"level\": \"debug\"\n },\n \"secrets\": {\n \"cookie\": [\"PLEASE-CHANGE-ME-I-AM-VERY-INSECURE\"]\n },\n \"selfservice\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/\",\n \"flows\": {\n \"error\": {\n \"ui_url\": \"http://127.0.0.1:4455/error\"\n },\n \"login\": {\n \"lifespan\": \"10m\",\n \"ui_url\": \"http://127.0.0.1:4455/auth/login\"\n },\n \"logout\": {\n \"after\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/auth/login\"\n }\n },\n \"recovery\": {\n \"enabled\": true,\n \"lifespan\": \"1h\",\n \"ui_url\": \"http://127.0.0.1:4455/recovery\"\n },\n \"registration\": {\n \"after\": {\n \"password\": {\n \"hooks\": [\n {\n \"hook\": \"session\"\n }\n ]\n }\n },\n \"lifespan\": \"10m\",\n \"ui_url\": \"http://127.0.0.1:4455/auth/registration\"\n },\n \"settings\": {\n \"lifespan\": \"1h\",\n \"privileged_session_max_age\": \"15m\",\n \"ui_url\": \"http://127.0.0.1:4455/settings\"\n },\n \"verification\": {\n \"after\": {\n \"default_browser_return_url\": \"http://127.0.0.1:4455/\"\n },\n \"enabled\": true,\n \"lifespan\": \"1h\",\n \"ui_url\": \"http://127.0.0.1:4455/verify\"\n }\n },\n \"methods\": {\n \"link\": {\n \"enabled\": true\n },\n \"oidc\": {\n \"enabled\": false\n },\n \"password\": {\n \"enabled\": true\n },\n \"profile\": {\n \"enabled\": true\n }\n },\n \"whitelisted_return_urls\": [\"http://127.0.0.1:4455\"]\n },\n \"serve\": {\n \"admin\": {\n \"base_url\": \"http://kratos:4434/\",\n \"host\": \"0.0.0.0\",\n \"port\": 4434\n },\n \"public\": {\n \"base_url\": \"http://127.0.0.1:4433/\",\n \"cors\": {\n \"allow_credentials\": true,\n \"allowed_headers\": [\"Authorization\", \"Content-Type\", \"X-Session-Token\"],\n \"allowed_methods\": [\"POST\", \"GET\", \"PUT\", \"PATCH\", \"DELETE\"],\n \"allowed_origins\": [\"*\"],\n \"debug\": false,\n \"enabled\": true,\n \"exposed_headers\": [\"Content-Type\"],\n \"max_age\": 0,\n \"options_passthrough\": false\n },\n \"host\": \"0.0.0.0\",\n \"port\": 4433\n }\n },\n \"session\": {\n \"cookie\": {\n \"path\": \"/\",\n \"persistent\": true,\n \"same_site\": \"Lax\"\n },\n \"lifespan\": \"24h\"\n },\n \"version\": \"v0.5.3-alpha.1\"\n}\n" }, { "path": "oryx/configx/stub/nested-array/config.schema.json", "content": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"properties\": {\n \"providers\": {\n \"title\": \"OpenID Connect and OAuth2 Providers\",\n \"description\": \"A list and configuration of OAuth2 and OpenID Connect providers ORY Kratos should integrate with.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"examples\": [\"google\"]\n },\n \"provider\": {\n \"title\": \"Provider\",\n \"description\": \"Can be one of github, gitlab, generic, google, microsoft, discord.\",\n \"type\": \"string\",\n \"enum\": [\n \"github\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\"\n ],\n \"examples\": [\"google\"]\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"client_secret\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com/o/oauth2/v2/auth\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://www.googleapis.com/oauth2/v4/token\"]\n },\n \"mapper_url\": {\n \"title\": \"Jsonnet Mapper URL\",\n \"description\": \"The URL where the jsonnet source is located for mapping the provider's data to ORY Kratos data.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ]\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"offline_access\", \"profile\"]\n }\n },\n \"tenant\": {\n \"title\": \"Azure AD Tenant\",\n \"description\": \"The Azure AD Tenant to use for authentication.\",\n \"type\": \"string\",\n \"examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ]\n }\n },\n \"additionalProperties\": false,\n \"required\": [],\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"microsoft\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"required\": [\"tenant\"]\n },\n \"else\": {\n \"not\": {\n \"properties\": {\n \"tenant\": {}\n },\n \"required\": [\"tenant\"]\n }\n }\n }\n }\n }\n}\n" }, { "path": "oryx/configx/stub/nested-array/expected.json", "content": "{\n \"providers\": [\n {\n \"id\": \"google\",\n \"client_id\": \"client@example.com\"\n },\n {\n \"client_id\": \"some@example.com\"\n }\n ]\n}\n" }, { "path": "oryx/configx/stub/nested-array/kratos.yaml", "content": "providers:\n - id: google\n" }, { "path": "oryx/configx/stub/watch/config.schema.json", "content": "{\n \"$id\": \"https://example.com/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"config\",\n \"type\": \"object\",\n \"properties\": {\n \"dsn\": {\n \"type\": \"string\"\n },\n \"foo\": {\n \"const\": \"bar\"\n },\n \"bar\": {\n \"type\": \"string\",\n \"enum\": [\"foo\", \"bar\", \"baz\"]\n }\n },\n \"required\": [\"dsn\"]\n}\n" }, { "path": "oryx/configx/tls.schema.json", "content": "{\n \"$id\": \"https://github.com/ory/x/tlsx/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"HTTPS\",\n \"description\": \"Configure HTTP over TLS (HTTPS).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\"\n },\n \"key\": {\n \"title\": \"Private Key (PEM)\",\n \"$ref\": \"#/definitions/source\"\n },\n \"cert\": {\n \"title\": \"TLS Certificate (PEM)\",\n \"$ref\": \"#/definitions/source\"\n },\n \"allow_termination_from\": {\n \"type\": \"array\",\n \"description\": \"Allow-list one or multiple CIDR address ranges and allow them to terminate TLS connections. Be aware that the X-Forwarded-Proto header must be set and must never be modifiable by anyone but your proxy / gateway / load balancer. Supports ipv4 and ipv6. The service serves http instead of https when this option is set.\",\n \"items\": {\n \"description\": \"CIDR address range.\",\n \"type\": \"string\",\n \"oneOf\": [\n {\n \"pattern\": \"^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$\"\n },\n {\n \"pattern\": \"^([0-9]{1,3}\\\\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])$\"\n }\n ],\n \"examples\": [\"127.0.0.1/32\"]\n }\n }\n },\n \"definitions\": {\n \"source\": {\n \"type\": \"object\",\n \"oneOf\": [\n {\n \"properties\": {\n \"path\": {\n \"title\": \"Path to PEM-encoded File\",\n \"type\": \"string\",\n \"examples\": [\"path/to/file.pem\"]\n }\n },\n \"additionalProperties\": false\n },\n {\n \"properties\": {\n \"base64\": {\n \"title\": \"Base64 Encoded Inline\",\n \"description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"type\": \"string\",\n \"examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ]\n }\n },\n \"additionalProperties\": false\n }\n ]\n }\n }\n}\n" }, { "path": "oryx/contextx/contextual.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage contextx\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/gofrs/uuid\"\n)\n\ntype (\n\tContextualizer interface {\n\t\t// Network returns the network id for the given context.\n\t\tNetwork(ctx context.Context, network uuid.UUID) uuid.UUID\n\n\t\t// Config returns the config for the given context.\n\t\tConfig(ctx context.Context, config *configx.Provider) *configx.Provider\n\t}\n\tProvider interface {\n\t\tContextualizer() Contextualizer\n\t}\n\tStatic struct {\n\t\tNID uuid.UUID\n\t\tC *configx.Provider\n\t}\n)\n\nfunc (d *Static) Network(_ context.Context, nid uuid.UUID) uuid.UUID {\n\tif d.NID == uuid.Nil {\n\t\treturn nid\n\t}\n\treturn d.NID\n}\n\nfunc (d *Static) Config(_ context.Context, c *configx.Provider) *configx.Provider {\n\tif d.C == nil {\n\t\treturn c\n\t}\n\treturn d.C\n}\n" }, { "path": "oryx/contextx/contextual_mock.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage contextx\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/x/configx\"\n\n\t\"github.com/gofrs/uuid\"\n)\n\n// TestContextualizer is a mock implementation of the Contextualizer interface.\ntype TestContextualizer struct{}\n\ntype contextKeyFake int\n\n// fakeNIDContext is a test key for NID.\nconst fakeNIDContext contextKeyFake = 1\n\n// SetNIDContext sets the nid for the given context.\nfunc SetNIDContext(ctx context.Context, nid uuid.UUID) context.Context {\n\treturn context.WithValue(ctx, fakeNIDContext, nid) //nolint:staticcheck\n}\n\n// Network returns the network id for the given context.\nfunc (d *TestContextualizer) Network(ctx context.Context, network uuid.UUID) uuid.UUID {\n\tnid, ok := ctx.Value(fakeNIDContext).(uuid.UUID)\n\tif !ok {\n\t\treturn network\n\t}\n\treturn nid\n}\n\n// Config returns the config for the given context.\nfunc (d *TestContextualizer) Config(ctx context.Context, config *configx.Provider) *configx.Provider {\n\treturn config\n}\n" }, { "path": "oryx/contextx/default.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage contextx\n\nimport (\n\t\"context\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/configx\"\n)\n\ntype Default struct{}\n\nvar _ Contextualizer = (*Default)(nil)\n\nfunc (d *Default) Network(_ context.Context, network uuid.UUID) uuid.UUID {\n\tif network == uuid.Nil {\n\t\tpanic(\"nid must be not nil\")\n\t}\n\treturn network\n}\n\nfunc (d *Default) Config(_ context.Context, config *configx.Provider) *configx.Provider {\n\treturn config\n}\n" }, { "path": "oryx/contextx/testhelpers.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage contextx\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/configx\"\n)\n\ntype (\n\tTestConfigProvider struct {\n\t\tConfigSchema []byte\n\t\tOptions []configx.OptionModifier\n\t}\n\tcontextKey int\n)\n\nfunc NewTestConfigProvider(schema []byte, opts ...configx.OptionModifier) *TestConfigProvider {\n\treturn &TestConfigProvider{\n\t\tConfigSchema: schema,\n\t\tOptions: opts,\n\t}\n}\n\nfunc (t *TestConfigProvider) Network(ctx context.Context, network uuid.UUID) uuid.UUID {\n\treturn (&Default{}).Network(ctx, network)\n}\n\nfunc (t *TestConfigProvider) Config(ctx context.Context, config *configx.Provider) *configx.Provider {\n\tvalues, ok := ctx.Value(contextConfigKey).([]map[string]any)\n\tif !ok {\n\t\treturn config\n\t}\n\n\topts := make([]configx.OptionModifier, 1, 1+len(values))\n\topts[0] = configx.WithValues(config.All())\n\tfor _, v := range values {\n\t\topts = append(opts, configx.WithValues(v))\n\t}\n\tconfig, err := configx.New(ctx, t.ConfigSchema, append(t.Options, opts...)...)\n\tif err != nil {\n\t\t// This is not production code. The provider is only used in tests.\n\t\tpanic(err)\n\t}\n\treturn config\n}\n\nconst contextConfigKey contextKey = 1\n\nvar (\n\t_ Contextualizer = (*TestConfigProvider)(nil)\n)\n\nfunc WithConfigValue(ctx context.Context, key string, value any) context.Context {\n\treturn WithConfigValues(ctx, map[string]any{key: value})\n}\n\nfunc WithConfigValues(ctx context.Context, setValues ...map[string]any) context.Context {\n\tvalues, ok := ctx.Value(contextConfigKey).([]map[string]any)\n\tif !ok {\n\t\tvalues = make([]map[string]any, 0)\n\t}\n\tnewValues := make([]map[string]any, len(values), len(values)+len(setValues))\n\tcopy(newValues, values)\n\tnewValues = append(newValues, setValues...)\n\n\treturn context.WithValue(ctx, contextConfigKey, newValues)\n}\n\ntype ConfigurableTestHandler struct {\n\tconfigs map[uuid.UUID][]map[string]any\n\thandler http.Handler\n}\n\nfunc NewConfigurableTestHandler(h http.Handler) *ConfigurableTestHandler {\n\treturn &ConfigurableTestHandler{\n\t\tconfigs: make(map[uuid.UUID][]map[string]any),\n\t\thandler: h,\n\t}\n}\n\nfunc (t *ConfigurableTestHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {\n\tcID := r.Header.Get(\"Test-Config-Id\")\n\tif config, ok := t.configs[uuid.FromStringOrNil(cID)]; ok {\n\t\tr = r.WithContext(WithConfigValues(r.Context(), config...))\n\t}\n\tt.handler.ServeHTTP(w, r)\n}\n\nfunc (t *ConfigurableTestHandler) RegisterConfig(config ...map[string]any) uuid.UUID {\n\tid := uuid.Must(uuid.NewV4())\n\tt.configs[id] = config\n\treturn id\n}\n\nfunc (t *ConfigurableTestHandler) UseConfig(r *http.Request, id uuid.UUID) *http.Request {\n\tr.Header.Set(\"Test-Config-Id\", id.String())\n\treturn r\n}\n\nfunc (t *ConfigurableTestHandler) UseConfigValues(r *http.Request, values ...map[string]any) *http.Request {\n\treturn t.UseConfig(r, t.RegisterConfig(values...))\n}\n\ntype ConfigurableTestServer struct {\n\t*httptest.Server\n\thandler *ConfigurableTestHandler\n\ttransport http.RoundTripper\n}\n\nfunc NewConfigurableTestServer(h http.Handler) *ConfigurableTestServer {\n\thandler := NewConfigurableTestHandler(h)\n\tserver := httptest.NewServer(handler)\n\n\tt := server.Client().Transport\n\tcts := &ConfigurableTestServer{\n\t\thandler: handler,\n\t\tServer: server,\n\t\ttransport: t,\n\t}\n\tserver.Client().Transport = cts\n\treturn cts\n}\n\nfunc (t *ConfigurableTestServer) RoundTrip(r *http.Request) (*http.Response, error) {\n\tconfig, ok := r.Context().Value(contextConfigKey).([]map[string]any)\n\tif ok && config != nil {\n\t\tr = t.handler.UseConfigValues(r, config...)\n\t}\n\treturn t.transport.RoundTrip(r)\n}\n\ntype AutoContextClient struct {\n\t*http.Client\n\ttransport http.RoundTripper\n\tctx context.Context\n}\n\nfunc (t *ConfigurableTestServer) Client(ctx context.Context) *AutoContextClient {\n\tbaseClient := *t.Server.Client()\n\tautoClient := &AutoContextClient{\n\t\tClient: &baseClient,\n\t\ttransport: t,\n\t\tctx: ctx,\n\t}\n\tbaseClient.Transport = autoClient\n\treturn autoClient\n}\n\nfunc (c *AutoContextClient) RoundTrip(r *http.Request) (*http.Response, error) {\n\treturn c.transport.RoundTrip(r.WithContext(c.ctx))\n}\n" }, { "path": "oryx/contextx/tree.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage contextx\n\nimport (\n\t\"context\"\n\t\"testing\"\n)\n\ntype ContextKey int\n\nconst (\n\tValidContextKey ContextKey = iota + 1\n)\n\nvar RootContext = context.WithValue(context.Background(), ValidContextKey, true)\n\nfunc TestRootContext(t testing.TB) context.Context {\n\treturn context.WithValue(t.Context(), ValidContextKey, true)\n}\n\nfunc IsRootContext(ctx context.Context) bool {\n\tis, ok := ctx.Value(ValidContextKey).(bool)\n\treturn is && ok\n}\n" }, { "path": "oryx/corsx/check_origin.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage corsx\n\nimport \"strings\"\n\n// CheckOrigin is a function that can be used well with cors.Options.AllowOriginRequestFunc.\n// It checks whether the origin is allowed following the same behavior as github.com/rs/cors.\n//\n// Recommended usage for hot-reloadable origins:\n//\n//\tfunc (p *Config) cors(ctx context.Context, prefix string) (cors.Options, bool) {\n//\t\topts, enabled := p.GetProvider(ctx).CORS(prefix, cors.Options{\n//\t\t\tAllowedMethods: []string{\"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\"},\n//\t\t\tAllowedHeaders: []string{\"Authorization\", \"Content-Type\", \"Cookie\"},\n//\t\t\tExposedHeaders: []string{\"Content-Type\", \"Set-Cookie\"},\n//\t\t\tAllowCredentials: true,\n//\t\t})\n//\t\topts.AllowOriginRequestFunc = func(r *http.Request, origin string) bool {\n//\t\t\t// load the origins from the config on every request to allow hot-reloading\n//\t\t\tallowedOrigins := p.GetProvider(r.Context()).Strings(prefix + \".cors.allowed_origins\")\n//\t\t\treturn corsx.CheckOrigin(allowedOrigins, origin)\n//\t\t}\n//\t\treturn opts, enabled\n//\t}\nfunc CheckOrigin(allowedOrigins []string, origin string) bool {\n\tif len(allowedOrigins) == 0 {\n\t\treturn true\n\t}\n\tfor _, o := range allowedOrigins {\n\t\tif o == \"*\" {\n\t\t\t// allow all origins\n\t\t\treturn true\n\t\t}\n\t\t// Note: for origins and methods matching, the spec requires a case-sensitive matching.\n\t\t// As it may be error-prone, we chose to ignore the spec here.\n\t\t// https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/cors.go#L132-L133\n\t\to = strings.ToLower(o)\n\t\tprefix, suffix, found := strings.Cut(o, \"*\")\n\t\tif !found {\n\t\t\t// not a pattern, check for equality\n\t\t\tif o == origin {\n\t\t\t\treturn true\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\t\t// inspired by https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/utils.go#L15\n\t\tif len(origin) >= len(prefix)+len(suffix) && strings.HasPrefix(origin, prefix) && strings.HasSuffix(origin, suffix) {\n\t\t\treturn true\n\t\t}\n\t}\n\treturn false\n}\n" }, { "path": "oryx/corsx/cmd.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage corsx\n\n// HelpMessage returns a string containing information on setting up this CORS middleware.\nfunc HelpMessage() string {\n\treturn `- CORS_ENABLED: Switch CORS support on (true) or off (false). Default is off (false).\n\n\tExample: CORS_ENABLED=true\n\n- CORS_ALLOWED_ORIGINS: A list of origins (comma separated values) a cross-domain request can be executed from.\n\tIf the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*)\n\tto replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality.\n\tOnly one wildcard can be used per origin. The default value is *.\n\n\tExample: CORS_ALLOWED_ORIGINS=http://*.domain.com,http://*.domain2.com\n\n- CORS_ALLOWED_METHODS: A list of methods (comma separated values) the client is allowed to use with cross-domain\n\trequests. Default value is simple methods (GET and POST).\n\n\tExample: CORS_ALLOWED_METHODS=POST,GET,PUT\n\n- CORS_ALLOWED_CREDENTIALS: Indicates whether the request can include user credentials like cookies, HTTP authentication\n\tor client side SSL certificates.\n\n\tDefault: CORS_ALLOWED_CREDENTIALS=false\n\tExample: CORS_ALLOWED_CREDENTIALS=true\n\n- CORS_DEBUG: Debugging flag adds additional output to debug server side CORS issues.\n\n\tDefault: CORS_DEBUG=false\n\tExample: CORS_DEBUG=true\n\n- CORS_MAX_AGE: Indicates how long (in seconds) the results of a preflight request can be cached. The default is 0\n\twhich stands for no max age.\n\n\tDefault: CORS_MAX_AGE=0\n\tExample: CORS_MAX_AGE=10\n\n- CORS_ALLOWED_HEADERS: A list of non simple headers (comma separated values) the client is allowed to use with\n\tcross-domain requests.\n\n- CORS_EXPOSED_HEADERS: Indicates which headers (comma separated values) are safe to expose to the API of a\n\tCORS API specification.`\n}\n" }, { "path": "oryx/corsx/defaults.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage corsx\n\n// CORSRequestHeadersSafelist We add the safe list cors accept headers\n// https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header\nvar CORSRequestHeadersSafelist = []string{\"Accept\", \"Content-Type\", \"Content-Length\", \"Accept-Language\", \"Content-Language\"}\n\n// CORSResponseHeadersSafelist We add the safe list cors expose headers\n// https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header\nvar CORSResponseHeadersSafelist = []string{\"Set-Cookie\", \"Cache-Control\", \"Expires\", \"Last-Modified\", \"Pragma\", \"Content-Length\", \"Content-Language\", \"Content-Type\"}\n\n// CORSDefaultAllowedMethods Default allowed methods\nvar CORSDefaultAllowedMethods = []string{\"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\"}\n\n// CORSRequestHeadersExtended Extended list of request headers\n// these will be concatenated with the safelist\nvar CORSRequestHeadersExtended = []string{\"Authorization\", \"X-CSRF-TOKEN\"}\n\n// CORSResponseHeadersExtended Extended list of response headers\n// these will be concatenated with the safelist\nvar CORSResponseHeadersExtended = []string{}\n\n// CORSDefaultMaxAge max age for cache of preflight request result\n// default is 5 seconds\n// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age\nvar CORSDefaultMaxAge = 5\n\n// CORSAllowCredentials default value for allow credentials\n// this is required for cookies to be sent by the browser\n// we always want this since we are using cookies for authentication most of the time\nvar CORSAllowCredentials = true\n" }, { "path": "oryx/corsx/middleware.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage corsx\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\t\"github.com/rs/cors\"\n\t\"github.com/urfave/negroni\"\n)\n\n// ContextualizedMiddleware is a context-aware CORS middleware. It allows hot-reloading CORS configuration using\n// the HTTP request context.\n//\n//\tn := negroni.New()\n//\tn.UseFunc(ContextualizedMiddleware(func(context.Context) (opts cors.Options, enabled bool) {\n//\t panic(\"implement me\")\n//\t})\n//\t// ...\n//\n// Deprecated: because this is not really practical to use, you should use CheckOrigin as the cors.Options.AllowOriginRequestFunc instead.\nfunc ContextualizedMiddleware(provider func(context.Context) (opts cors.Options, enabled bool)) negroni.HandlerFunc {\n\treturn func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\t\toptions, enabled := provider(r.Context())\n\t\tif !enabled {\n\t\t\tnext(rw, r)\n\t\t\treturn\n\t\t}\n\n\t\tcors.New(options).Handler(next).ServeHTTP(rw, r)\n\t}\n}\n" }, { "path": "oryx/corsx/normalize.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage corsx\n\nimport \"net/url\"\n\n// NormalizeOrigins normalizes the CORS origins.\nfunc NormalizeOrigins(origins []url.URL) []string {\n\tresults := make([]string, len(origins))\n\tfor k, o := range origins {\n\t\tresults[k] = o.Scheme + \"://\" + o.Host\n\t}\n\treturn results\n}\n\n// NormalizeOriginStrings normalizes the CORS origins from string representation\nfunc NormalizeOriginStrings(origins []string) ([]string, error) {\n\tresults := make([]string, len(origins))\n\tfor k, o := range origins {\n\t\tu, err := url.ParseRequestURI(o)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tresults[k] = u.Scheme + \"://\" + u.Host\n\t}\n\treturn results, nil\n}\n" }, { "path": "oryx/crdbx/readonly.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage crdbx\n\nimport (\n\t\"github.com/ory/pop/v6\"\n\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\n// SetTransactionReadOnly sets the transaction to read only for CockroachDB.\nfunc SetTransactionReadOnly(c *pop.Connection) error {\n\tif c.Dialect.Name() != dbal.DriverCockroachDB {\n\t\t// Only CockroachDB supports this.\n\t\treturn nil\n\t}\n\n\treturn sqlcon.HandleError(c.RawQuery(\"SET TRANSACTION READ ONLY\").Exec())\n}\n" }, { "path": "oryx/crdbx/staleness.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage crdbx\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/ory/x/dbal\"\n\n\t\"github.com/ory/pop/v6\"\n\n\t\"github.com/ory/x/sqlcon\"\n)\n\n// Control API consistency guarantees\n//\n// swagger:model consistencyRequestParameters\ntype ConsistencyRequestParameters struct {\n\t// Read Consistency Level (preview)\n\t//\n\t// The read consistency level determines the consistency guarantee for reads:\n\t//\n\t// - strong (slow): The read is guaranteed to return the most recent data committed at the start of the read.\n\t// - eventual (very fast): The result will return data that is about 4.8 seconds old.\n\t//\n\t// The default consistency guarantee can be changed in the Ory Network Console or using the Ory CLI with\n\t// `ory patch project --replace '/previews/default_read_consistency_level=\"strong\"'`.\n\t//\n\t// Setting the default consistency level to `eventual` may cause regressions in the future as we add consistency\n\t// controls to more APIs. Currently, the following APIs will be affected by this setting:\n\t//\n\t// - `GET /admin/identities`\n\t//\n\t// This feature is in preview and only available in Ory Network.\n\t//\n\t// required: false\n\t// in: query\n\tConsistency ConsistencyLevel `json:\"consistency\"`\n}\n\n// ConsistencyLevel is the consistency level.\n// swagger:enum ConsistencyLevel\ntype ConsistencyLevel string\n\nconst (\n\t// ConsistencyLevelUnset is the unset / default consistency level.\n\tConsistencyLevelUnset ConsistencyLevel = \"\"\n\t// ConsistencyLevelStrong is the strong consistency level.\n\tConsistencyLevelStrong ConsistencyLevel = \"strong\"\n\t// ConsistencyLevelEventual is the eventual consistency level using follower read timestamps.\n\tConsistencyLevelEventual ConsistencyLevel = \"eventual\"\n)\n\n// ConsistencyLevelFromRequest extracts the consistency level from a request.\nfunc ConsistencyLevelFromRequest(r *http.Request) ConsistencyLevel {\n\treturn ConsistencyLevelFromString(r.URL.Query().Get(\"consistency\"))\n}\n\n// ConsistencyLevelFromString converts a string to a ConsistencyLevel.\n// If the string is not recognized or unset, ConsistencyLevelStrong is returned.\nfunc ConsistencyLevelFromString(in string) ConsistencyLevel {\n\tswitch in {\n\tcase string(ConsistencyLevelStrong):\n\t\treturn ConsistencyLevelStrong\n\tcase string(ConsistencyLevelEventual):\n\t\treturn ConsistencyLevelEventual\n\tcase string(ConsistencyLevelUnset):\n\t\treturn ConsistencyLevelUnset\n\t}\n\treturn ConsistencyLevelStrong\n}\n\n// SetTransactionConsistency sets the transaction consistency level for CockroachDB.\nfunc SetTransactionConsistency(c *pop.Connection, level ConsistencyLevel, fallback ConsistencyLevel) error {\n\tq := getTransactionConsistencyQuery(c.Dialect.Name(), level, fallback)\n\tif len(q) == 0 {\n\t\treturn nil\n\t}\n\n\treturn sqlcon.HandleError(c.RawQuery(q).Exec())\n}\n\nconst transactionFollowerReadTimestamp = \"SET TRANSACTION AS OF SYSTEM TIME follower_read_timestamp()\"\n\nfunc getTransactionConsistencyQuery(dialect string, level ConsistencyLevel, fallback ConsistencyLevel) string {\n\tif dialect != dbal.DriverCockroachDB {\n\t\t// Only CockroachDB supports this.\n\t\treturn \"\"\n\t}\n\n\tswitch level {\n\tcase ConsistencyLevelStrong:\n\t\t// Nothing to do\n\t\treturn \"\"\n\tcase ConsistencyLevelEventual:\n\t\t// Jumps to end of function\n\tcase ConsistencyLevelUnset:\n\t\tfallthrough\n\tdefault:\n\t\tif fallback != ConsistencyLevelEventual {\n\t\t\t// Nothing to do\n\t\t\treturn \"\"\n\t\t}\n\n\t\t// Jumps to end of function\n\t}\n\n\treturn transactionFollowerReadTimestamp\n}\n" }, { "path": "oryx/dbal/canonicalize.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage dbal\n\nconst (\n\tDriverMySQL = \"mysql\"\n\tDriverCockroachDB = \"cockroach\"\n)\n" }, { "path": "oryx/dbal/driver.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage dbal\n\nimport (\n\t\"strings\"\n)\n\n// IsSQLite returns true if the connection is a SQLite string.\nfunc IsSQLite(dsn string) bool {\n\tscheme := strings.Split(dsn, \"://\")[0]\n\treturn scheme == \"sqlite\" || scheme == \"sqlite3\"\n}\n" }, { "path": "oryx/dbal/dsn.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage dbal\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"regexp\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nvar sqliteMemoryRegexp = regexp.MustCompile(`^sqlite://file:.+\\?.*&?mode=memory($|&.*)|sqlite://(file:)?:memory:\\?.*$|^(:memory:|memory)$`)\n\n// IsMemorySQLite returns true if a given DSN string is pointing to a SQLite database.\n//\n// SQLite can be written in different styles depending on the use case\n// - just in memory\n// - shared connection\n// - shared but unique in the same process\n// see: https://sqlite.org/inmemorydb.html\nfunc IsMemorySQLite(dsn string) bool { return sqliteMemoryRegexp.MatchString(dsn) }\n\n// NewSQLiteTestDatabase creates a new, unique SQLite database\n// which is shared amongst all callers and identified by an individual file name.\n// The database file is created in the system's temporary directory, and not actively\n// removed to allow debugging in case of test failures.\nfunc NewSQLiteTestDatabase(t testing.TB) string {\n\tfn, err := os.MkdirTemp(\"\", \"sqlite-test-db-*\")\n\trequire.NoError(t, err)\n\treturn NewSQLiteDatabase(fn)\n}\n\n// NewSQLiteInMemoryDatabase creates a new in-memory, unique SQLite database\n// which is shared amongst all callers and identified by an individual file name.\nfunc NewSQLiteInMemoryDatabase(name string) string {\n\treturn fmt.Sprintf(\"sqlite://file:%s?_fk=true&mode=memory&cache=shared&_busy_timeout=100000\", name)\n}\n\n// NewSQLiteDatabase creates a new on-disk, unique SQLite database\n// which is shared amongst all callers and identified by an individual file name.\n// This is sometimes necessary over a in-memory database, for example when multiple tests/goroutines run in parallel\n// and access the same table.\n// This would result in a locking error from SQLite when running in-memory.\n// Additionally, shared cache mode is deprecated and discouraged, and the problem is better solved with the WAL,\n// according to official docs.\nfunc NewSQLiteDatabase(name string) string {\n\treturn fmt.Sprintf(\"sqlite://file:%s/db.sqlite?_fk=true&_journal_mode=WAL&_busy_timeout=100000\", name)\n}\n" }, { "path": "oryx/dbal/testhelpers.go", "content": "// Copyright © 2026 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage dbal\n\nimport (\n\t\"bytes\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"io/fs\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"testing\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/fsx\"\n\t\"github.com/ory/x/sqlcon/dockertest\"\n)\n\nvar hashDumpRegex = regexp.MustCompile(`-- migrations hash: ([^\\n]+)\\n`)\n\nfunc RestoreFromSchemaDump(t testing.TB, c *pop.Connection, migrations fs.FS, writeTo string) func(testing.TB) {\n\tnewHash, err := fsx.DirHash(migrations)\n\trequire.NoError(t, err)\n\n\tdumpFilename := filepath.Join(writeTo, c.Dialect.Name()+\"_dump.sql\")\n\n\tupdateDump := func(t testing.TB) {\n\t\tdump := dockertest.DumpSchema(t, c)\n\t\tf, err := os.OpenFile(dumpFilename, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)\n\t\trequire.NoError(t, err)\n\t\tdefer f.Close()\n\n\t\t_, _ = fmt.Fprintf(f, \"-- migrations hash: %x\\n\\n%s\", newHash, dump)\n\t\tt.Fatal(\"database schema restored from migrations and dump updated, please re-run the test\")\n\t}\n\n\tdump, err := os.ReadFile(dumpFilename)\n\tif errors.Is(err, fs.ErrNotExist) {\n\t\treturn updateDump\n\t}\n\trequire.NoError(t, err)\n\n\tmatches := hashDumpRegex.FindSubmatch(dump)\n\tif len(matches) != 2 {\n\t\treturn updateDump\n\t}\n\n\tcurrentHash, err := hex.DecodeString(string(matches[1]))\n\trequire.NoError(t, err)\n\n\tif !bytes.Equal(newHash, currentHash) {\n\t\treturn updateDump\n\t}\n\n\trequire.NoError(t, c.RawQuery(string(dump)).Exec())\n\treturn nil\n}\n" }, { "path": "oryx/decoderx/http.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage decoderx\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"slices\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/tidwall/gjson\"\n\t\"github.com/tidwall/sjson\"\n\n\t\"github.com/ory/jsonschema/v3\"\n\n\t\"github.com/ory/herodot\"\n\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/jsonschemax\"\n)\n\ntype (\n\thttpDecoderOptions struct {\n\t\tkeepRequestBody bool\n\t\tallowedContentTypes []string\n\t\tallowedHTTPMethods []string\n\t\tjsonSchemaRef string\n\t\tjsonSchemaCompiler *jsonschema.Compiler\n\t\tjsonSchemaValidate bool\n\t\tmaxCircularReferenceDepth uint8\n\t\thandleParseErrors parseErrorStrategy\n\t\texpectJSONFlattened bool\n\t\tqueryAndBody bool\n\t}\n\n\t// HTTPDecoderOption configures the HTTP decoder.\n\tHTTPDecoderOption func(*httpDecoderOptions)\n\n\tparseErrorStrategy uint8\n)\n\nconst (\n\thttpContentTypeMultipartForm = \"multipart/form-data\"\n\thttpContentTypeURLEncodedForm = \"application/x-www-form-urlencoded\"\n\thttpContentTypeJSON = \"application/json\"\n)\n\nconst (\n\t// ParseErrorIgnoreConversionErrors will ignore any errors caused by strconv.Parse* and use the\n\t// raw form field value, which is a string, when such a parse error occurs.\n\t//\n\t// If the JSON Schema defines `{\"ratio\": {\"type\": \"number\"}}` but `ratio=foobar` then field\n\t// `ratio` will be handled as a string. If the destination struct is a `json.RawMessage`, then\n\t// the output will be `{\"ratio\": \"foobar\"}`.\n\tParseErrorIgnoreConversionErrors parseErrorStrategy = iota + 1\n\n\t// ParseErrorUseEmptyValueOnConversionErrors will ignore any parse errors caused by strconv.Parse* and use the\n\t// default value of the type to be casted, e.g. float64(0), string(\"\").\n\t//\n\t// If the JSON Schema defines `{\"ratio\": {\"type\": \"number\"}}` but `ratio=foobar` then field\n\t// `ratio` will receive the default value for the primitive type (here `0.0` for `number`).\n\t// If the destination struct is a `json.RawMessage`, then the output will be `{\"ratio\": 0.0}`.\n\tParseErrorUseEmptyValueOnConversionErrors\n\n\t// ParseErrorReturnOnConversionErrors will abort and return with an error if strconv.Parse* returns\n\t// an error.\n\t//\n\t// If the JSON Schema defines `{\"ratio\": {\"type\": \"number\"}}` but `ratio=foobar` the parser aborts\n\t// and returns an error, here: `strconv.ParseFloat: parsing \"foobar\"`.\n\tParseErrorReturnOnConversionErrors\n)\n\nvar errKeyNotFound = errors.New(\"key not found\")\n\n// HTTPFormDecoder configures the HTTP decoder to only accept form-data\n// (application/x-www-form-urlencoded, multipart/form-data)\nfunc HTTPFormDecoder() HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.allowedContentTypes = []string{httpContentTypeMultipartForm, httpContentTypeURLEncodedForm}\n\t}\n}\n\n// HTTPJSONDecoder configures the HTTP decoder to only accept JSON data\n// (application/json).\nfunc HTTPJSONDecoder() HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.allowedContentTypes = []string{httpContentTypeJSON}\n\t}\n}\n\n// HTTPKeepRequestBody configures the HTTP decoder to allow other\n// HTTP request body readers to read the body as well by keeping\n// the data in memory.\nfunc HTTPKeepRequestBody(keep bool) HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.keepRequestBody = keep\n\t}\n}\n\n// HTTPDecoderSetValidatePayloads sets if payloads should be validated or not.\nfunc HTTPDecoderSetValidatePayloads(validate bool) HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.jsonSchemaValidate = validate\n\t\to.keepRequestBody = true\n\t}\n}\n\n// HTTPDecoderJSONFollowsFormFormat if set tells the decoder that JSON follows the same conventions\n// as the form decoder, meaning `{\"foo.bar\": \"...\"}` is translated to `{\"foo\": {\"bar\": \"...\"}}`.\nfunc HTTPDecoderJSONFollowsFormFormat() HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.expectJSONFlattened = true\n\t\to.keepRequestBody = true\n\t}\n}\n\n// HTTPDecoderAllowedMethods sets the allowed HTTP methods. Defaults are POST, PUT, PATCH.\nfunc HTTPDecoderAllowedMethods(method ...string) HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.allowedHTTPMethods = method\n\t}\n}\n\n// HTTPDecoderUseQueryAndBody will check both the HTTP body and the HTTP query params when decoding.\n// Only relevant for non-GET operations.\nfunc HTTPDecoderUseQueryAndBody() HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.queryAndBody = true\n\t}\n}\n\n// HTTPDecoderSetIgnoreParseErrorsStrategy sets a strategy for dealing with strconv.Parse* errors:\n//\n// - decoderx.ParseErrorIgnoreConversionErrors will ignore any parse errors caused by strconv.Parse* and use the\n// raw form field value, which is a string, when such a parse error occurs. (default)\n// - decoderx.ParseErrorUseEmptyValueOnConversionErrors will ignore any parse errors caused by strconv.Parse* and use the\n// default value of the type to be casted, e.g. float64(0), string(\"\").\n// - decoderx.ParseErrorReturnOnConversionErrors will abort and return with an error if strconv.Parse* returns\n// an error.\nfunc HTTPDecoderSetIgnoreParseErrorsStrategy(strategy parseErrorStrategy) HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.handleParseErrors = strategy\n\t}\n}\n\n// HTTPDecoderSetMaxCircularReferenceDepth sets the maximum recursive reference resolution depth.\nfunc HTTPDecoderSetMaxCircularReferenceDepth(depth uint8) HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\to.maxCircularReferenceDepth = depth\n\t}\n}\n\n// HTTPJSONSchemaCompiler sets a JSON schema to be used for validation and type assertion of\n// incoming requests.\nfunc HTTPJSONSchemaCompiler(ref string, compiler *jsonschema.Compiler) HTTPDecoderOption {\n\treturn func(o *httpDecoderOptions) {\n\t\tif compiler == nil {\n\t\t\tcompiler = jsonschema.NewCompiler()\n\t\t}\n\t\tcompiler.ExtractAnnotations = true\n\t\to.jsonSchemaCompiler = compiler\n\t\to.jsonSchemaRef = ref\n\t\to.jsonSchemaValidate = true\n\t}\n}\n\n// HTTPRawJSONSchemaCompiler uses a JSON Schema Compiler with the provided JSON Schema in raw byte form.\nfunc HTTPRawJSONSchemaCompiler(raw []byte) (HTTPDecoderOption, error) {\n\tcompiler := jsonschema.NewCompiler()\n\tid := fmt.Sprintf(\"%x.json\", sha256.Sum256(raw))\n\tif err := compiler.AddResource(id, bytes.NewReader(raw)); err != nil {\n\t\treturn nil, err\n\t}\n\tcompiler.ExtractAnnotations = true\n\n\treturn func(o *httpDecoderOptions) {\n\t\to.jsonSchemaCompiler = compiler\n\t\to.jsonSchemaRef = id\n\t\to.jsonSchemaValidate = true\n\t}, nil\n}\n\n// MustHTTPRawJSONSchemaCompiler uses HTTPRawJSONSchemaCompiler and panics on error.\nfunc MustHTTPRawJSONSchemaCompiler(raw []byte) HTTPDecoderOption {\n\tf, err := HTTPRawJSONSchemaCompiler(raw)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\treturn f\n}\n\nfunc newHTTPDecoderOptions(fs []HTTPDecoderOption) *httpDecoderOptions {\n\to := &httpDecoderOptions{\n\t\tallowedContentTypes: []string{\n\t\t\thttpContentTypeMultipartForm, httpContentTypeURLEncodedForm, httpContentTypeJSON,\n\t\t},\n\t\tallowedHTTPMethods: []string{\"POST\", \"PUT\", \"PATCH\"},\n\t\tmaxCircularReferenceDepth: 5,\n\t\thandleParseErrors: ParseErrorIgnoreConversionErrors,\n\t}\n\n\tfor _, f := range fs {\n\t\tf(o)\n\t}\n\n\treturn o\n}\n\nfunc validateRequest(r *http.Request, c *httpDecoderOptions) error {\n\tmethod := strings.ToUpper(r.Method)\n\n\tif !slices.Contains(c.allowedHTTPMethods, method) {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to decode body because HTTP Request Method was \"%s\" but only %v are supported.`, method, c.allowedHTTPMethods))\n\t}\n\n\tif method != \"GET\" {\n\t\tif r.ContentLength == 0 {\n\t\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to decode HTTP Request Body because its HTTP Header \"Content-Length\" is zero.`))\n\t\t}\n\n\t\tif !httpx.HasContentType(r, c.allowedContentTypes...) {\n\t\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(`HTTP %s Request used unknown HTTP Header \"Content-Type: %s\", only %v are supported.`, method, r.Header.Get(\"Content-Type\"), c.allowedContentTypes))\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc validatePayload(ctx context.Context, raw json.RawMessage, c *httpDecoderOptions) error {\n\tif !c.jsonSchemaValidate {\n\t\treturn nil\n\t}\n\n\tif c.jsonSchemaCompiler == nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"JSON Schema Validation is required but no compiler was provided.\"))\n\t}\n\n\tschema, err := c.jsonSchemaCompiler.Compile(ctx, c.jsonSchemaRef)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to load JSON Schema from location: %s\", c.jsonSchemaRef).WithDebug(err.Error()))\n\t}\n\n\tif err := schema.Validate(bytes.NewBuffer(raw)); err != nil {\n\t\tif errors.As(err, new(*jsonschema.ValidationError)) {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to process JSON Schema and input: %s\", err).WithDebug(err.Error()))\n\t}\n\n\treturn nil\n}\n\n// Decode takes an HTTP Request Body and decodes it into destination.\nfunc Decode(r *http.Request, destination any, opts ...HTTPDecoderOption) error {\n\tc := newHTTPDecoderOptions(opts)\n\tif err := validateRequest(r, c); err != nil {\n\t\treturn err\n\t}\n\n\tif r.Method == \"GET\" {\n\t\treturn decodeForm(r, destination, c)\n\t} else if httpx.HasContentType(r, httpContentTypeJSON) {\n\t\tif c.expectJSONFlattened {\n\t\t\treturn decodeJSONForm(r, destination, c)\n\t\t}\n\t\treturn decodeJSON(r, destination, c)\n\t} else if httpx.HasContentType(r, httpContentTypeMultipartForm, httpContentTypeURLEncodedForm) {\n\t\treturn decodeForm(r, destination, c)\n\t}\n\n\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to determine decoder for content type: %s\", r.Header.Get(\"Content-Type\")))\n}\n\nfunc requestBody(r *http.Request, o *httpDecoderOptions) (reader io.ReadCloser, err error) {\n\tif strings.ToUpper(r.Method) == \"GET\" {\n\t\treturn io.NopCloser(bytes.NewBufferString(r.URL.Query().Encode())), nil\n\t}\n\n\tif !o.keepRequestBody {\n\t\treturn r.Body, nil\n\t}\n\n\tbodyBytes, err := io.ReadAll(r.Body)\n\tif err != nil {\n\t\treturn nil, errors.Wrapf(err, \"unable to read body\")\n\t}\n\n\t_ = r.Body.Close() // must close\n\tr.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))\n\n\treturn io.NopCloser(bytes.NewBuffer(bodyBytes)), nil\n}\n\nfunc decodeJSONForm(r *http.Request, destination interface{}, o *httpDecoderOptions) error {\n\tif o.jsonSchemaCompiler == nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to decode HTTP Form Body because no validation schema was provided. This is a code bug.\"))\n\t}\n\n\tpaths, err := jsonschemax.ListPathsWithRecursion(r.Context(), o.jsonSchemaRef, o.jsonSchemaCompiler, o.maxCircularReferenceDepth)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithTrace(err).WithReasonf(\"Unable to prepare JSON Schema for HTTP Post Body Form parsing: %s\", err).WithDebugf(\"%+v\", err))\n\t}\n\n\treader, err := requestBody(r, o)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tvar interim json.RawMessage\n\tif err := json.NewDecoder(reader).Decode(&interim); err != nil {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithError(err.Error()).WithReason(\"Unable to decode form as JSON.\"))\n\t}\n\n\tparsed := gjson.ParseBytes(interim)\n\tif !parsed.IsObject() {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Expected JSON sent in request body to be an object but got: %s\", parsed.Type.String()))\n\t}\n\n\tvalues := url.Values{}\n\tparsed.ForEach(func(k, v gjson.Result) bool {\n\t\tvalues.Set(k.String(), v.String())\n\t\treturn true\n\t})\n\n\tif o.queryAndBody {\n\t\t_ = r.ParseForm()\n\t\tfor k := range r.Form {\n\t\t\tvalues.Set(k, r.Form.Get(k))\n\t\t}\n\t}\n\n\traw, err := decodeURLValues(values, paths, o)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif err := json.Unmarshal(raw, destination); err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\treturn validatePayload(r.Context(), raw, o)\n}\n\nfunc decodeForm(r *http.Request, destination interface{}, o *httpDecoderOptions) error {\n\tif o.jsonSchemaCompiler == nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"Unable to decode HTTP Form Body because no validation schema was provided. This is a code bug.\"))\n\t}\n\n\treader, err := requestBody(r, o)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdefer func() {\n\t\tr.Body = reader\n\t}()\n\n\tif err := r.ParseForm(); err != nil {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Unable to decode HTTP %s form body: %s\", strings.ToUpper(r.Method), err).WithDebug(err.Error()))\n\t}\n\n\tpaths, err := jsonschemax.ListPathsWithRecursion(r.Context(), o.jsonSchemaRef, o.jsonSchemaCompiler, o.maxCircularReferenceDepth)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithTrace(err).WithReasonf(\"Unable to prepare JSON Schema for HTTP Post Body Form parsing: %s\", err).WithDebugf(\"%+v\", err))\n\t}\n\n\tvalues := r.PostForm\n\tif r.Method == \"GET\" || o.queryAndBody {\n\t\tvalues = r.Form\n\t}\n\n\traw, err := decodeURLValues(values, paths, o)\n\tif err != nil && !errors.Is(err, errKeyNotFound) {\n\t\treturn err\n\t}\n\n\tif err := json.NewDecoder(bytes.NewReader(raw)).Decode(destination); err != nil {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Unable to decode JSON payload: %s\", err))\n\t}\n\n\treturn validatePayload(r.Context(), raw, o)\n}\n\nfunc decodeURLValues(values url.Values, paths []jsonschemax.Path, o *httpDecoderOptions) (json.RawMessage, error) {\n\traw := json.RawMessage(`{}`)\n\tfor key := range values {\n\t\tfor _, path := range paths {\n\t\t\tif key == path.Name {\n\t\t\t\tvar err error\n\t\t\t\tswitch path.Type.(type) {\n\t\t\t\tcase []string:\n\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, values[key])\n\t\t\t\tcase []float64:\n\t\t\t\t\tfor k, v := range values[key] {\n\t\t\t\t\t\tvar f float64\n\t\t\t\t\t\tif f, err = strconv.ParseFloat(v, 64); err != nil {\n\t\t\t\t\t\t\tswitch o.handleParseErrors {\n\t\t\t\t\t\t\tcase ParseErrorIgnoreConversionErrors:\n\t\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name+\".\"+strconv.Itoa(k), v)\n\t\t\t\t\t\t\tcase ParseErrorUseEmptyValueOnConversionErrors:\n\t\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name+\".\"+strconv.Itoa(k), f)\n\t\t\t\t\t\t\tcase ParseErrorReturnOnConversionErrors:\n\t\t\t\t\t\t\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Expected value to be a number.\").\n\t\t\t\t\t\t\t\t\tWithDetail(\"parse_error\", err.Error()).\n\t\t\t\t\t\t\t\t\tWithDetail(\"name\", key).\n\t\t\t\t\t\t\t\t\tWithDetailf(\"index\", \"%d\", k).\n\t\t\t\t\t\t\t\t\tWithDetail(\"value\", v))\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name+\".\"+strconv.Itoa(k), f)\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\tcase []bool:\n\t\t\t\t\tfor k, v := range values[key] {\n\t\t\t\t\t\tvar b bool\n\t\t\t\t\t\tif b, err = strconv.ParseBool(v); err != nil {\n\t\t\t\t\t\t\tswitch o.handleParseErrors {\n\t\t\t\t\t\t\tcase ParseErrorIgnoreConversionErrors:\n\t\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name+\".\"+strconv.Itoa(k), v)\n\t\t\t\t\t\t\tcase ParseErrorUseEmptyValueOnConversionErrors:\n\t\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name+\".\"+strconv.Itoa(k), b)\n\t\t\t\t\t\t\tcase ParseErrorReturnOnConversionErrors:\n\t\t\t\t\t\t\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Expected value to be a boolean.\").\n\t\t\t\t\t\t\t\t\tWithDetail(\"parse_error\", err.Error()).\n\t\t\t\t\t\t\t\t\tWithDetail(\"name\", key).\n\t\t\t\t\t\t\t\t\tWithDetailf(\"index\", \"%d\", k).\n\t\t\t\t\t\t\t\t\tWithDetail(\"value\", v))\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name+\".\"+strconv.Itoa(k), b)\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\tcase []interface{}:\n\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, values[key])\n\t\t\t\tcase bool:\n\t\t\t\t\tv := values[key][len(values[key])-1]\n\t\t\t\t\tif len(v) == 0 {\n\t\t\t\t\t\tif !path.Required {\n\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t}\n\t\t\t\t\t\tv = \"false\"\n\t\t\t\t\t}\n\n\t\t\t\t\tvar b bool\n\t\t\t\t\tif b, err = strconv.ParseBool(v); err != nil {\n\t\t\t\t\t\tswitch o.handleParseErrors {\n\t\t\t\t\t\tcase ParseErrorIgnoreConversionErrors:\n\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, v)\n\t\t\t\t\t\tcase ParseErrorUseEmptyValueOnConversionErrors:\n\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, b)\n\t\t\t\t\t\tcase ParseErrorReturnOnConversionErrors:\n\t\t\t\t\t\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Expected value to be a boolean.\").\n\t\t\t\t\t\t\t\tWithDetail(\"parse_error\", err.Error()).\n\t\t\t\t\t\t\t\tWithDetail(\"name\", key).\n\t\t\t\t\t\t\t\tWithDetail(\"value\", values.Get(key)))\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, b)\n\t\t\t\t\t}\n\t\t\t\tcase float64:\n\t\t\t\t\tv := values.Get(key)\n\t\t\t\t\tif len(v) == 0 {\n\t\t\t\t\t\tif !path.Required {\n\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t}\n\t\t\t\t\t\tv = \"0.0\"\n\t\t\t\t\t}\n\n\t\t\t\t\tvar f float64\n\t\t\t\t\tif f, err = strconv.ParseFloat(v, 64); err != nil {\n\t\t\t\t\t\tswitch o.handleParseErrors {\n\t\t\t\t\t\tcase ParseErrorIgnoreConversionErrors:\n\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, v)\n\t\t\t\t\t\tcase ParseErrorUseEmptyValueOnConversionErrors:\n\t\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, f)\n\t\t\t\t\t\tcase ParseErrorReturnOnConversionErrors:\n\t\t\t\t\t\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Expected value to be a number.\").\n\t\t\t\t\t\t\t\tWithDetail(\"parse_error\", err.Error()).\n\t\t\t\t\t\t\t\tWithDetail(\"name\", key).\n\t\t\t\t\t\t\t\tWithDetail(\"value\", values.Get(key)))\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, f)\n\t\t\t\t\t}\n\t\t\t\tcase string:\n\t\t\t\t\tv := values.Get(key)\n\t\t\t\t\tif len(v) == 0 {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, v)\n\t\t\t\tcase map[string]interface{}:\n\t\t\t\t\tv := values.Get(key)\n\t\t\t\t\tif len(v) == 0 && !path.Required {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\traw, err = sjson.SetRawBytes(raw, path.Name, []byte(v))\n\t\t\t\tcase []map[string]interface{}:\n\t\t\t\t\traw, err = sjson.SetBytes(raw, path.Name, values[key])\n\t\t\t\t}\n\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Unable to type assert values from HTTP Post Body: %s\", err))\n\t\t\t\t}\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t}\n\n\tfor _, path := range paths {\n\t\tif path.TypeHint != jsonschemax.JSON {\n\t\t\tcontinue\n\t\t}\n\n\t\tif !gjson.GetBytes(raw, path.Name).Exists() {\n\t\t\tvar err error\n\t\t\traw, err = sjson.SetRawBytes(raw, path.Name, []byte(`{}`))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, errors.WithStack(err)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn raw, nil\n}\n\nfunc decodeJSON(r *http.Request, destination interface{}, o *httpDecoderOptions) error {\n\treader, err := requestBody(r, o)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\traw, err := io.ReadAll(reader)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Unable to read HTTP POST body: %s\", err))\n\t}\n\n\tdc := json.NewDecoder(bytes.NewReader(raw))\n\tif err := dc.Decode(destination); err != nil {\n\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"Unable to decode JSON payload: %s\", err).WithDebugf(\"Received request body: %s\", string(raw)))\n\t}\n\n\tif err := validatePayload(r.Context(), raw, o); err != nil {\n\t\tif o.expectJSONFlattened && strings.Contains(err.Error(), \"json: unknown field\") {\n\t\t\treturn decodeJSONForm(r, destination, o)\n\t\t}\n\t\treturn err\n\t}\n\n\treturn nil\n}\n" }, { "path": "oryx/decoderx/stub/consent.json", "content": "{\n \"$id\": \"https://example.com/ory.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"additionalProperties\": false,\n \"properties\": {\n \"traits\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"consent\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"tos\": {\n \"description\": \"yyyymmdd of when this was accepted\",\n \"title\": \"I accept the Terms of Service https://www.ory.sh/ptos\",\n \"const\": true,\n \"maxLength\": 30\n },\n \"inner\": {\n \"type\": \"object\",\n \"properties\": {\n \"foo\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"foo\"]\n }\n },\n \"required\": [\"tos\"],\n \"title\": \"Consent\",\n \"type\": \"object\"\n },\n \"notrequired\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"tos\": {\n \"description\": \"yyyymmdd of when this was accepted\",\n \"title\": \"I accept the Terms of Service https://www.ory.sh/ptos\",\n \"const\": true,\n \"maxLength\": 30\n }\n },\n \"required\": [\"tos\"],\n \"title\": \"Consent\",\n \"type\": \"object\"\n }\n },\n \"required\": [\"consent\"],\n \"type\": \"object\"\n }\n },\n \"title\": \"Person\",\n \"type\": \"object\"\n}\n" }, { "path": "oryx/decoderx/stub/dynamic-object.json", "content": "{\n \"$id\": \"https://example.com/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"type\": \"string\"\n },\n \"last\": {\n \"type\": \"string\"\n }\n }\n },\n \"dynamic_object\": {\n \"type\": \"object\",\n \"additionalProperties\": true\n }\n }\n}\n" }, { "path": "oryx/decoderx/stub/nested.json", "content": "{\n \"$id\": \"https://example.com/person.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"required\": [\"node\"],\n \"properties\": {\n \"node\": {\n \"type\": \"object\",\n \"required\": [\"node\"],\n \"properties\": {\n \"node\": {\n \"type\": \"object\",\n \"properties\": {\n \"node\": {\n \"type\": \"object\",\n \"properties\": {\n \"leaf\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"leaf\"]\n },\n \"leaf\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"leaf\"]\n },\n \"leaf\": {\n \"type\": \"string\"\n }\n }\n }\n }\n}\n" }, { "path": "oryx/decoderx/stub/person.json", "content": "{\n \"$id\": \"https://example.com/person.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"type\": \"string\"\n },\n \"last\": {\n \"type\": \"string\"\n }\n }\n },\n \"age\": {\n \"type\": \"integer\"\n },\n \"ratio\": {\n \"type\": \"number\"\n },\n \"consent\": {\n \"type\": \"boolean\"\n },\n \"newsletter\": {\n \"type\": \"boolean\"\n }\n }\n}\n" }, { "path": "oryx/decoderx/stub/required-defaults.json", "content": "{\n \"$id\": \"https://example.com/person.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"type\": \"string\"\n },\n \"last\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"first\"]\n },\n \"name2\": {\n \"type\": \"object\",\n \"properties\": {\n \"first\": {\n \"type\": \"string\"\n },\n \"last\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"first\"]\n },\n \"age\": {\n \"type\": \"integer\"\n },\n \"age2\": {\n \"type\": \"integer\"\n },\n \"ratio\": {\n \"type\": \"number\"\n },\n \"ratio2\": {\n \"type\": \"number\"\n },\n \"consent\": {\n \"type\": \"boolean\"\n },\n \"consent2\": {\n \"type\": \"boolean\"\n },\n \"newsletter\": {\n \"type\": \"boolean\"\n },\n \"newsletter2\": {\n \"type\": \"boolean\"\n }\n },\n \"required\": [\"age2\", \"ratio2\", \"consent2\", \"newsletter2\", \"name2\"]\n}\n" }, { "path": "oryx/decoderx/stub/schema.json", "content": "{\n \"$id\": \"https://example.com/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"type\": \"object\",\n \"required\": [\"foo\"],\n \"properties\": {\n \"foo\": {\n \"type\": \"string\"\n }\n }\n}\n" }, { "path": "oryx/errorsx/errors.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage errorsx\n\nimport (\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n)\n\n// Cause returns the underlying cause of the error, if possible.\n// An error value has a cause if it implements the following\n// interface:\n//\n//\ttype causer interface {\n//\t Cause() error\n//\t}\n//\n// If the error does not implement Cause, the original error will\n// be returned. If the error is nil, nil will be returned without further\n// investigation.\n// Deprecated: you should probably use errors.As instead.\nfunc Cause(err error) error {\n\ttype causer interface {\n\t\tCause() error\n\t}\n\n\tfor err != nil {\n\t\tcause, ok := err.(causer)\n\t\tif !ok || cause.Cause() == nil {\n\t\t\tbreak\n\t\t}\n\t\terr = cause.Cause()\n\t}\n\treturn err\n}\n\n// WithStack mirror pkg/errors.WithStack but does not wrap existing stack\n// traces.\n// Deprecated: you should probably use errors.WithStack instead and only annotate stacks when it makes sense.\nfunc WithStack(err error) error {\n\tif e, ok := err.(StackTracer); ok && len(e.StackTrace()) > 0 {\n\t\treturn err\n\t}\n\n\treturn errors.WithStack(err)\n}\n\n// StatusCodeCarrier can be implemented by an error to support setting status codes in the error itself.\ntype StatusCodeCarrier interface {\n\t// StatusCode returns the status code of this error.\n\tStatusCode() int\n}\n\n// RequestIDCarrier can be implemented by an error to support error contexts.\ntype RequestIDCarrier interface {\n\t// RequestID returns the ID of the request that caused the error, if applicable.\n\tRequestID() string\n}\n\n// ReasonCarrier can be implemented by an error to support error contexts.\ntype ReasonCarrier interface {\n\t// Reason returns the reason for the error, if applicable.\n\tReason() string\n}\n\n// DebugCarrier can be implemented by an error to support error contexts.\ntype DebugCarrier interface {\n\t// Debug returns debugging information for the error, if applicable.\n\tDebug() string\n}\n\n// StatusCarrier can be implemented by an error to support error contexts.\ntype StatusCarrier interface {\n\t// ID returns the error id, if applicable.\n\tStatus() string\n}\n\n// DetailsCarrier can be implemented by an error to support error contexts.\ntype DetailsCarrier interface {\n\t// Details returns details on the error, if applicable.\n\tDetails() map[string]interface{}\n}\n\n// IDCarrier can be implemented by an error to support error contexts.\ntype IDCarrier interface {\n\t// ID returns application error ID on the error, if applicable.\n\tID() string\n}\n\ntype StackTracer interface {\n\tStackTrace() errors.StackTrace\n}\n\nfunc GetCodeFromHerodotError(err error) (code int, ok bool) {\n\therodotErr := &herodot.DefaultError{}\n\tisHerodot := errors.As(err, &herodotErr)\n\n\treturn herodotErr.CodeField, isHerodot\n}\n" }, { "path": "oryx/fetcher/fetcher.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage fetcher\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"encoding/base64\"\n\tstderrors \"errors\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/dgraph-io/ristretto/v2\"\n\t\"github.com/hashicorp/go-retryablehttp\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/stringsx\"\n)\n\n// Fetcher is able to load file contents from http, https, file, and base64 locations.\ntype Fetcher struct {\n\thc *retryablehttp.Client\n\tlimit int64\n\tcache *ristretto.Cache[[]byte, []byte]\n\tttl time.Duration\n}\n\ntype opts struct {\n\thc *retryablehttp.Client\n\tlimit int64\n\tcache *ristretto.Cache[[]byte, []byte]\n\tttl time.Duration\n}\n\nvar ErrUnknownScheme = stderrors.New(\"unknown scheme\")\n\n// WithClient sets the http.Client the fetcher uses.\nfunc WithClient(hc *retryablehttp.Client) Modifier {\n\treturn func(o *opts) {\n\t\to.hc = hc\n\t}\n}\n\n// WithMaxHTTPMaxBytes reads at most limit bytes from the HTTP response body,\n// returning bytes.ErrToLarge if the limit would be exceeded.\nfunc WithMaxHTTPMaxBytes(limit int64) Modifier {\n\treturn func(o *opts) {\n\t\to.limit = limit\n\t}\n}\n\nfunc WithCache(cache *ristretto.Cache[[]byte, []byte], ttl time.Duration) Modifier {\n\treturn func(o *opts) {\n\t\tif ttl < 0 {\n\t\t\treturn\n\t\t}\n\t\to.cache = cache\n\t\to.ttl = ttl\n\t}\n}\n\nfunc newOpts() *opts {\n\treturn &opts{\n\t\thc: httpx.NewResilientClient(),\n\t}\n}\n\ntype Modifier func(*opts)\n\n// NewFetcher creates a new fetcher instance.\nfunc NewFetcher(opts ...Modifier) *Fetcher {\n\to := newOpts()\n\tfor _, f := range opts {\n\t\tf(o)\n\t}\n\treturn &Fetcher{hc: o.hc, limit: o.limit, cache: o.cache, ttl: o.ttl}\n}\n\n// FetchContext fetches the file contents from the source and allows to pass a\n// context that is used for HTTP requests.\nfunc (f *Fetcher) FetchContext(ctx context.Context, source string) (*bytes.Buffer, error) {\n\tb, err := f.FetchBytes(ctx, source)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn bytes.NewBuffer(b), nil\n}\n\n// FetchBytes fetches the file contents from the source and allows to pass a\n// context that is used for HTTP requests.\nfunc (f *Fetcher) FetchBytes(ctx context.Context, source string) ([]byte, error) {\n\tswitch s := stringsx.SwitchPrefix(source); {\n\tcase s.HasPrefix(\"http://\", \"https://\"):\n\t\treturn f.fetchRemote(ctx, source)\n\tcase s.HasPrefix(\"file://\"):\n\t\treturn f.fetchFile(strings.TrimPrefix(source, \"file://\"))\n\tcase s.HasPrefix(\"base64://\"):\n\t\tsrc, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(source, \"base64://\"))\n\t\tif err != nil {\n\t\t\treturn nil, errors.Wrapf(err, \"base64decode: %s\", source)\n\t\t}\n\t\treturn src, nil\n\tdefault:\n\t\treturn nil, errors.Wrap(ErrUnknownScheme, s.ToUnknownPrefixErr().Error())\n\t}\n}\n\nfunc (f *Fetcher) fetchRemote(ctx context.Context, source string) (b []byte, err error) {\n\tif f.cache != nil {\n\t\tcacheKey := sha256.Sum256([]byte(source))\n\t\tif v, ok := f.cache.Get(cacheKey[:]); ok {\n\t\t\tb = make([]byte, len(v))\n\t\t\tcopy(b, v)\n\t\t\treturn b, nil\n\t\t}\n\t\tdefer func() {\n\t\t\tif err == nil && len(b) > 0 {\n\t\t\t\ttoCache := make([]byte, len(b))\n\t\t\t\tcopy(toCache, b)\n\t\t\t\tf.cache.SetWithTTL(cacheKey[:], toCache, int64(len(toCache)), f.ttl)\n\t\t\t}\n\t\t}()\n\t}\n\n\treq, err := retryablehttp.NewRequestWithContext(ctx, http.MethodGet, source, nil)\n\tif err != nil {\n\t\treturn nil, errors.Wrapf(err, \"new request: %s\", source)\n\t}\n\tres, err := f.hc.Do(req)\n\tif err != nil {\n\t\treturn nil, errors.Wrap(err, source)\n\t}\n\tdefer res.Body.Close()\n\n\tif res.StatusCode != http.StatusOK {\n\t\treturn nil, errors.Errorf(\"expected http response status code 200 but got %d when fetching: %s\", res.StatusCode, source)\n\t}\n\n\tif f.limit > 0 {\n\t\tvar buf bytes.Buffer\n\t\tn, err := io.Copy(&buf, io.LimitReader(res.Body, f.limit+1))\n\t\tif n > f.limit {\n\t\t\treturn nil, bytes.ErrTooLarge\n\t\t}\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn buf.Bytes(), nil\n\t}\n\treturn io.ReadAll(res.Body)\n}\n\nfunc (f *Fetcher) fetchFile(source string) ([]byte, error) {\n\tfp, err := os.Open(source) // #nosec:G304\n\tif err != nil {\n\t\treturn nil, errors.Wrapf(err, \"unable to open file: %s\", source)\n\t}\n\tdefer fp.Close()\n\tb, err := io.ReadAll(fp)\n\tif err != nil {\n\t\treturn nil, errors.Wrapf(err, \"unable to read file: %s\", source)\n\t}\n\tif err := fp.Close(); err != nil {\n\t\treturn nil, errors.Wrapf(err, \"unable to close file: %s\", source)\n\t}\n\treturn b, nil\n}\n" }, { "path": "oryx/flagx/flagx.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage flagx\n\nimport (\n\t\"time\"\n\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/x/cmdx\"\n)\n\nfunc NewFlagSet(name string) *pflag.FlagSet {\n\treturn pflag.NewFlagSet(name, pflag.ContinueOnError)\n}\n\n// MustGetBool returns a bool flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetBool(cmd *cobra.Command, name string) bool {\n\tok, err := cmd.Flags().GetBool(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn ok\n}\n\n// MustGetString returns a string flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetString(cmd *cobra.Command, name string) string {\n\ts, err := cmd.Flags().GetString(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn s\n}\n\n// MustGetDuration returns a time.Duration flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetDuration(cmd *cobra.Command, name string) time.Duration {\n\td, err := cmd.Flags().GetDuration(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn d\n}\n\n// MustGetStringSlice returns a []string flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetStringSlice(cmd *cobra.Command, name string) []string {\n\tss, err := cmd.Flags().GetStringSlice(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn ss\n}\n\n// MustGetStringArray returns a []string flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetStringArray(cmd *cobra.Command, name string) []string {\n\tss, err := cmd.Flags().GetStringArray(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn ss\n}\n\n// MustGetStringToStringMap returns a map[string]string flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetStringToStringMap(cmd *cobra.Command, name string) map[string]string {\n\tss, err := cmd.Flags().GetStringToString(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn ss\n}\n\n// MustGetInt returns a int flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetInt(cmd *cobra.Command, name string) int {\n\tss, err := cmd.Flags().GetInt(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn ss\n}\n\n// MustGetUint8 returns a uint8 flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetUint8(cmd *cobra.Command, name string) uint8 {\n\tv, err := cmd.Flags().GetUint8(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn v\n}\n\n// MustGetUint32 returns a uint32 flag or fatals if an error occurs.\n// Deprecated: just handle the error properly, this breaks command testing\nfunc MustGetUint32(cmd *cobra.Command, name string) uint32 {\n\tv, err := cmd.Flags().GetUint32(name)\n\tif err != nil {\n\t\tcmdx.Fatalf(err.Error())\n\t}\n\treturn v\n}\n" }, { "path": "oryx/fsx/dirhash.go", "content": "// Copyright © 2026 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage fsx\n\nimport (\n\t\"crypto/sha512\"\n\t\"io\"\n\t\"io/fs\"\n)\n\n// DirHash computes a directory hash from all files contained in any subdirectories.\nfunc DirHash(dir fs.FS) ([]byte, error) {\n\thash := sha512.New()\n\terr := fs.WalkDir(dir, \".\", func(path string, d fs.DirEntry, err error) error {\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif d.IsDir() {\n\t\t\treturn nil\n\t\t}\n\t\t_, _ = io.WriteString(hash, path) // hash write never errors\n\t\tf, err := dir.Open(path)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, _ = io.Copy(hash, f) // hash write never errors\n\t\tif err = f.Close(); err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n\treturn hash.Sum(nil), err\n}\n" }, { "path": "oryx/fsx/merge.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage fsx\n\nimport (\n\t\"io\"\n\t\"io/fs\"\n\t\"sort\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n)\n\ntype (\n\tmergedFS []fs.FS\n\tmergedFile struct {\n\t\tfiles []fs.File\n\t\tunprocessedDirEntries dirEntries\n\t}\n\tmergedFileInfo []fs.FileInfo\n\tdirEntries []fs.DirEntry\n)\n\nvar (\n\t_ fs.StatFS = (mergedFS)(nil)\n\t_ fs.ReadDirFS = (mergedFS)(nil)\n\t_ fs.ReadDirFile = (*mergedFile)(nil)\n\t_ fs.FileInfo = (mergedFileInfo)(nil)\n\t_ sort.Interface = (dirEntries)(nil)\n)\n\n// Merge multiple filesystems. Later file systems are shadowed by previous ones.\nfunc Merge(fss ...fs.FS) fs.FS {\n\treturn mergedFS(fss)\n}\n\nfunc (m mergedFS) Open(name string) (fs.File, error) {\n\tvar file mergedFile\n\tfor _, fsys := range m {\n\t\tf, err := fsys.Open(name)\n\t\tif errors.Is(err, fs.ErrNotExist) {\n\t\t\tcontinue\n\t\t}\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\n\t\tfile.files = append(file.files, f)\n\t}\n\tif len(file.files) == 0 {\n\t\treturn nil, errors.WithStack(fs.ErrNotExist)\n\t}\n\n\treturn &file, nil\n}\n\nfunc (m mergedFS) Stat(name string) (fs.FileInfo, error) {\n\tfor i, fsys := range m {\n\t\tinfo, err := fs.Stat(fsys, name)\n\t\tif errors.Is(err, fs.ErrNotExist) {\n\t\t\tcontinue\n\t\t}\n\n\t\tswitch {\n\t\tcase err != nil:\n\t\t\treturn nil, errors.WithStack(err)\n\t\tcase info.IsDir():\n\t\t\tdirs := mergedFileInfo{info}\n\t\t\tfor j := i + 1; j < len(m); j++ {\n\t\t\t\tinfo, err := fs.Stat(m[j], name)\n\t\t\t\tif errors.Is(err, fs.ErrNotExist) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tdirs = append(dirs, info)\n\t\t\t}\n\t\t\treturn dirs, nil\n\t\tdefault:\n\t\t\treturn info, nil\n\t\t}\n\t}\n\treturn nil, errors.WithStack(fs.ErrNotExist)\n}\n\nfunc (m mergedFS) ReadDir(name string) ([]fs.DirEntry, error) {\n\tvar entries dirEntries\n\n\tfor _, fsys := range m {\n\t\te, err := fs.ReadDir(fsys, name)\n\t\tif errors.Is(err, fs.ErrNotExist) {\n\t\t\tcontinue\n\t\t}\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tentries = append(entries, e...)\n\t}\n\tif len(entries) == 0 {\n\t\treturn nil, errors.WithStack(fs.ErrNotExist)\n\t}\n\n\tentries.clean()\n\treturn entries, nil\n}\n\nfunc (m mergedFileInfo) Name() string {\n\treturn m[0].Name()\n}\n\nfunc (m mergedFileInfo) Size() int64 {\n\treturn m[0].Size()\n}\n\nfunc (m mergedFileInfo) Mode() fs.FileMode {\n\treturn m[0].Mode()\n}\n\nfunc (m mergedFileInfo) ModTime() time.Time {\n\treturn m[0].ModTime()\n}\n\nfunc (m mergedFileInfo) IsDir() bool {\n\treturn m[0].IsDir()\n}\n\nfunc (m mergedFileInfo) Sys() interface{} {\n\treturn m\n}\n\nfunc (d dirEntries) Len() int {\n\treturn len(d)\n}\n\nfunc (d dirEntries) Less(i, j int) bool {\n\treturn d[i].Name() < d[j].Name()\n}\n\nfunc (d dirEntries) Swap(i, j int) {\n\td[i], d[j] = d[j], d[i]\n}\n\nfunc (d *dirEntries) clean() {\n\tsort.Sort(d)\n\n\tfor i := 1; i < len(*d); i++ {\n\t\tif (*d)[i-1].Name() == (*d)[i].Name() {\n\t\t\tif len(*d)-i == 1 {\n\t\t\t\t// remove the last entry; we're done\n\t\t\t\t*d = (*d)[:i]\n\t\t\t\treturn\n\t\t\t}\n\t\t\t// remove the duplicate entry at index i\n\t\t\t*d = append((*d)[:i], (*d)[i+1:]...)\n\n\t\t\t// need to check the same index again\n\t\t\ti--\n\t\t}\n\t}\n}\n\nfunc (m *mergedFile) Stat() (fs.FileInfo, error) {\n\treturn m.files[0].Stat()\n}\n\nfunc (m *mergedFile) Read(bytes []byte) (int, error) {\n\treturn m.files[0].Read(bytes)\n}\n\nfunc (m *mergedFile) Close() error {\n\tvar firstErr error\n\tfor _, f := range m.files {\n\t\tif err := f.Close(); err != nil {\n\t\t\tif firstErr == nil {\n\t\t\t\tfirstErr = errors.WithStack(err)\n\t\t\t}\n\t\t}\n\t}\n\treturn firstErr\n}\n\nfunc (m *mergedFile) ReadDir(n int) ([]fs.DirEntry, error) {\n\tif m.unprocessedDirEntries != nil {\n\t\tif n <= 0 {\n\t\t\tentries := m.unprocessedDirEntries\n\t\t\tm.unprocessedDirEntries = nil\n\t\t\treturn entries, nil\n\t\t}\n\t\tif n >= len(m.unprocessedDirEntries) {\n\t\t\tentries := m.unprocessedDirEntries\n\t\t\tm.unprocessedDirEntries = nil\n\t\t\treturn entries, io.EOF\n\t\t}\n\n\t\tvar entries dirEntries\n\t\tentries, m.unprocessedDirEntries = m.unprocessedDirEntries[:n], m.unprocessedDirEntries[n:]\n\t\treturn entries, nil\n\t}\n\n\tvar entries dirEntries\n\tfor _, f := range m.files {\n\t\tif f, ok := f.(fs.ReadDirFile); ok {\n\t\t\te, err := f.ReadDir(-1)\n\t\t\tif err != nil && !errors.Is(err, fs.ErrNotExist) {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\tentries = append(entries, e...)\n\t\t}\n\t}\n\tif entries == nil {\n\t\tif n > 0 {\n\t\t\treturn nil, io.EOF\n\t\t}\n\t\treturn nil, nil\n\t}\n\n\tentries.clean()\n\tif n <= 0 {\n\t\treturn entries, nil\n\t}\n\tif n >= len(entries) {\n\t\treturn entries, io.EOF\n\t}\n\n\tentries, m.unprocessedDirEntries = entries[:n], entries[n:]\n\treturn entries, nil\n}\n" }, { "path": "oryx/go.mod", "content": "module github.com/ory/x\n\ngo 1.26\n\nrequire (\n\tcode.dny.dev/ssrf v0.2.0\n\tgithub.com/Masterminds/sprig/v3 v3.3.0\n\tgithub.com/auth0/go-jwt-middleware/v2 v2.3.0\n\tgithub.com/avast/retry-go/v4 v4.6.1\n\tgithub.com/bmatcuk/doublestar/v2 v2.0.4\n\tgithub.com/bradleyjkemp/cupaloy/v2 v2.8.0\n\tgithub.com/cockroachdb/cockroach-go/v2 v2.4.1\n\tgithub.com/dgraph-io/ristretto/v2 v2.2.0\n\tgithub.com/docker/docker v28.3.3+incompatible\n\tgithub.com/evanphx/json-patch/v5 v5.9.11\n\tgithub.com/fsnotify/fsnotify v1.9.0\n\tgithub.com/ghodss/yaml v1.0.0\n\tgithub.com/go-jose/go-jose/v3 v3.0.4\n\tgithub.com/go-openapi/jsonpointer v0.21.2\n\tgithub.com/go-openapi/runtime v0.28.0\n\tgithub.com/go-sql-driver/mysql v1.9.3\n\tgithub.com/gobuffalo/httptest v1.5.2\n\tgithub.com/gobwas/glob v0.2.3\n\tgithub.com/goccy/go-yaml v1.18.0\n\tgithub.com/gofrs/uuid v4.4.0+incompatible\n\tgithub.com/golang-jwt/jwt/v5 v5.3.0\n\tgithub.com/google/go-jsonnet v0.21.0\n\tgithub.com/gorilla/websocket v1.5.3\n\tgithub.com/grpc-ecosystem/go-grpc-prometheus v1.2.0\n\tgithub.com/hashicorp/go-retryablehttp v0.7.8\n\tgithub.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf\n\tgithub.com/jackc/pgconn v1.14.3\n\tgithub.com/jackc/pgx/v5 v5.7.5\n\tgithub.com/jackc/puddle/v2 v2.2.2\n\tgithub.com/jmoiron/sqlx v1.4.0\n\tgithub.com/knadh/koanf/maps v0.1.2\n\tgithub.com/knadh/koanf/parsers/json v0.1.0\n\tgithub.com/knadh/koanf/parsers/toml v0.1.0\n\tgithub.com/knadh/koanf/parsers/yaml v0.1.0\n\tgithub.com/knadh/koanf/providers/posflag v0.1.0\n\tgithub.com/knadh/koanf/providers/rawbytes v0.1.0\n\tgithub.com/knadh/koanf/v2 v2.2.2\n\tgithub.com/laher/mergefs v0.1.1\n\tgithub.com/lestrrat-go/jwx v1.2.31\n\tgithub.com/lib/pq v1.10.9\n\tgithub.com/mattn/go-sqlite3 v1.14.32\n\tgithub.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826\n\tgithub.com/ory/analytics-go/v5 v5.0.1\n\tgithub.com/ory/dockertest/v4 v4.0.0-beta.4\n\tgithub.com/ory/herodot v0.10.7\n\tgithub.com/ory/jsonschema/v3 v3.0.9-0.20250317235931-280c5fc7bf0e\n\tgithub.com/ory/pop/v6 v6.3.2-0.20251203152233-a32233875f7e\n\tgithub.com/pelletier/go-toml v1.9.5\n\tgithub.com/peterhellberg/link v1.2.0\n\tgithub.com/pkg/errors v0.9.1\n\tgithub.com/pkg/profile v1.7.0\n\tgithub.com/prometheus/client_golang v1.23.0\n\tgithub.com/prometheus/client_model v0.6.2\n\tgithub.com/prometheus/common v0.65.0\n\tgithub.com/rakutentech/jwk-go v1.2.0\n\tgithub.com/rs/cors v1.11.1\n\tgithub.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761\n\tgithub.com/sirupsen/logrus v1.9.3\n\tgithub.com/spf13/cast v1.9.2\n\tgithub.com/spf13/cobra v1.10.1\n\tgithub.com/spf13/pflag v1.0.10\n\tgithub.com/ssoready/hyrumtoken v1.0.0\n\tgithub.com/stretchr/testify v1.11.1\n\tgithub.com/tidwall/gjson v1.18.0\n\tgithub.com/tidwall/sjson v1.2.5\n\tgithub.com/urfave/negroni v1.0.0\n\tgo.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0\n\tgo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0\n\tgo.opentelemetry.io/contrib/propagators/b3 v1.37.0\n\tgo.opentelemetry.io/contrib/propagators/jaeger v1.37.0\n\tgo.opentelemetry.io/contrib/samplers/jaegerremote v0.31.0\n\tgo.opentelemetry.io/otel v1.40.0\n\tgo.opentelemetry.io/otel/exporters/jaeger v1.17.0\n\tgo.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0\n\tgo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0\n\tgo.opentelemetry.io/otel/exporters/zipkin v1.37.0\n\tgo.opentelemetry.io/otel/sdk v1.40.0\n\tgo.opentelemetry.io/otel/trace v1.40.0\n\tgo.opentelemetry.io/proto/otlp v1.7.1\n\tgo.uber.org/goleak v1.3.0\n\tgo.uber.org/mock v0.5.2\n\tgolang.org/x/crypto v0.46.0\n\tgolang.org/x/oauth2 v0.34.0\n\tgolang.org/x/sync v0.19.0\n\tgoogle.golang.org/grpc v1.79.3\n\tgoogle.golang.org/protobuf v1.36.10\n)\n\nrequire (\n\tdario.cat/mergo v1.0.2 // indirect\n\tfilippo.io/edwards25519 v1.2.0 // indirect\n\tgithub.com/Masterminds/goutils v1.1.1 // indirect\n\tgithub.com/Masterminds/semver/v3 v3.4.0 // indirect\n\tgithub.com/Microsoft/go-winio v0.6.2 // indirect\n\tgithub.com/XSAM/otelsql v0.39.0 // indirect\n\tgithub.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect\n\tgithub.com/aymerick/douceur v0.2.0 // indirect\n\tgithub.com/beorn7/perks v1.0.1 // indirect\n\tgithub.com/cenkalti/backoff/v5 v5.0.3 // indirect\n\tgithub.com/cespare/xxhash/v2 v2.3.0 // indirect\n\tgithub.com/containerd/errdefs v1.0.0 // indirect\n\tgithub.com/containerd/errdefs/pkg v0.3.0 // indirect\n\tgithub.com/containerd/log v0.1.0 // indirect\n\tgithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect\n\tgithub.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect\n\tgithub.com/distribution/reference v0.6.0 // indirect\n\tgithub.com/docker/go-connections v0.6.0 // indirect\n\tgithub.com/docker/go-units v0.5.0 // indirect\n\tgithub.com/dustin/go-humanize v1.0.1 // indirect\n\tgithub.com/fatih/color v1.18.0 // indirect\n\tgithub.com/fatih/structs v1.1.0 // indirect\n\tgithub.com/felixge/fgprof v0.9.5 // indirect\n\tgithub.com/felixge/httpsnoop v1.0.4 // indirect\n\tgithub.com/go-logr/logr v1.4.3 // indirect\n\tgithub.com/go-logr/stdr v1.2.2 // indirect\n\tgithub.com/go-openapi/errors v0.22.2 // indirect\n\tgithub.com/go-openapi/strfmt v0.23.0 // indirect\n\tgithub.com/go-openapi/swag v0.23.1 // indirect\n\tgithub.com/go-viper/mapstructure/v2 v2.4.0 // indirect\n\tgithub.com/gobuffalo/envy v1.10.2 // indirect\n\tgithub.com/gobuffalo/fizz v1.14.4 // indirect\n\tgithub.com/gobuffalo/flect v1.0.3 // indirect\n\tgithub.com/gobuffalo/github_flavored_markdown v1.1.4 // indirect\n\tgithub.com/gobuffalo/helpers v0.6.10 // indirect\n\tgithub.com/gobuffalo/nulls v0.4.2 // indirect\n\tgithub.com/gobuffalo/plush/v4 v4.1.22 // indirect\n\tgithub.com/gobuffalo/plush/v5 v5.0.7 // indirect\n\tgithub.com/gobuffalo/tags/v3 v3.1.4 // indirect\n\tgithub.com/gobuffalo/validate/v3 v3.3.3 // indirect\n\tgithub.com/goccy/go-json v0.10.5 // indirect\n\tgithub.com/gofrs/flock v0.12.1 // indirect\n\tgithub.com/gogo/googleapis v1.4.1 // indirect\n\tgithub.com/gogo/protobuf v1.3.2 // indirect\n\tgithub.com/golang/protobuf v1.5.4 // indirect\n\tgithub.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 // indirect\n\tgithub.com/google/uuid v1.6.0 // indirect\n\tgithub.com/gorilla/css v1.0.1 // indirect\n\tgithub.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect\n\tgithub.com/hashicorp/go-cleanhttp v0.5.2 // indirect\n\tgithub.com/huandu/xstrings v1.5.0 // indirect\n\tgithub.com/inconshreveable/mousetrap v1.1.0 // indirect\n\tgithub.com/jackc/chunkreader/v2 v2.0.1 // indirect\n\tgithub.com/jackc/pgio v1.0.0 // indirect\n\tgithub.com/jackc/pgpassfile v1.0.0 // indirect\n\tgithub.com/jackc/pgproto3/v2 v2.3.3 // indirect\n\tgithub.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect\n\tgithub.com/jaegertracing/jaeger-idl v0.5.0 // indirect\n\tgithub.com/jandelgado/gcov2lcov v1.1.1 // indirect\n\tgithub.com/joho/godotenv v1.5.1 // indirect\n\tgithub.com/josharian/intern v1.0.0 // indirect\n\tgithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect\n\tgithub.com/lestrrat-go/backoff/v2 v2.0.8 // indirect\n\tgithub.com/lestrrat-go/blackmagic v1.0.4 // indirect\n\tgithub.com/lestrrat-go/httpcc v1.0.1 // indirect\n\tgithub.com/lestrrat-go/iter v1.0.2 // indirect\n\tgithub.com/lestrrat-go/option v1.0.1 // indirect\n\tgithub.com/mailru/easyjson v0.9.0 // indirect\n\tgithub.com/mattn/go-colorable v0.1.14 // indirect\n\tgithub.com/mattn/go-isatty v0.0.20 // indirect\n\tgithub.com/microcosm-cc/bluemonday v1.0.27 // indirect\n\tgithub.com/mitchellh/copystructure v1.2.0 // indirect\n\tgithub.com/mitchellh/mapstructure v1.5.0 // indirect\n\tgithub.com/mitchellh/reflectwalk v1.0.2 // indirect\n\tgithub.com/moby/docker-image-spec v1.3.1 // indirect\n\tgithub.com/moby/moby/api v1.54.0 // indirect\n\tgithub.com/moby/moby/client v0.3.0 // indirect\n\tgithub.com/moby/sys/atomicwriter v0.1.0 // indirect\n\tgithub.com/morikuni/aec v1.0.0 // indirect\n\tgithub.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect\n\tgithub.com/nyaruka/phonenumbers v1.6.5 // indirect\n\tgithub.com/oklog/ulid v1.3.1 // indirect\n\tgithub.com/opencontainers/go-digest v1.0.0 // indirect\n\tgithub.com/opencontainers/image-spec v1.1.1 // indirect\n\tgithub.com/openzipkin/zipkin-go v0.4.3 // indirect\n\tgithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect\n\tgithub.com/prometheus/procfs v0.17.0 // indirect\n\tgithub.com/rogpeppe/go-internal v1.14.1 // indirect\n\tgithub.com/segmentio/backo-go v1.1.0 // indirect\n\tgithub.com/sergi/go-diff v1.4.0 // indirect\n\tgithub.com/shopspring/decimal v1.4.0 // indirect\n\tgithub.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect\n\tgithub.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect\n\tgithub.com/tidwall/match v1.1.1 // indirect\n\tgithub.com/tidwall/pretty v1.2.1 // indirect\n\tgithub.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect\n\tgo.mongodb.org/mongo-driver v1.17.4 // indirect\n\tgo.opentelemetry.io/auto/sdk v1.2.1 // indirect\n\tgo.opentelemetry.io/otel/metric v1.40.0 // indirect\n\tgo.yaml.in/yaml/v2 v2.4.2 // indirect\n\tgolang.org/x/exp v0.0.0-20250813145105-42675adae3e6 // indirect\n\tgolang.org/x/mod v0.30.0 // indirect\n\tgolang.org/x/net v0.48.0 // indirect\n\tgolang.org/x/sys v0.40.0 // indirect\n\tgolang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect\n\tgolang.org/x/text v0.32.0 // indirect\n\tgolang.org/x/time v0.12.0 // indirect\n\tgolang.org/x/tools v0.39.0 // indirect\n\tgoogle.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect\n\tgoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect\n\tgopkg.in/yaml.v2 v2.4.0 // indirect\n\tgopkg.in/yaml.v3 v3.0.1 // indirect\n\tsigs.k8s.io/yaml v1.6.0 // indirect\n)\n\ntool (\n\tgithub.com/jandelgado/gcov2lcov\n\tgo.uber.org/mock/mockgen\n\tgolang.org/x/tools/cmd/goimports\n)\n" }, { "path": "oryx/go.sum", "content": "code.dny.dev/ssrf v0.2.0 h1:wCBP990rQQ1CYfRpW+YK1+8xhwUjv189AQ3WMo1jQaI=\ncode.dny.dev/ssrf v0.2.0/go.mod h1:B+91l25OnyaLIeCx0WRJN5qfJ/4/ZTZxRXgm0lj/2w8=\ndario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=\ndario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=\nfilippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=\nfilippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=\nfilippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=\ngithub.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=\ngithub.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=\ngithub.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=\ngithub.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=\ngithub.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=\ngithub.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=\ngithub.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=\ngithub.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=\ngithub.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=\ngithub.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=\ngithub.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=\ngithub.com/XSAM/otelsql v0.39.0 h1:4o374mEIMweaeevL7fd8Q3C710Xi2Jh/c8G4Qy9bvCY=\ngithub.com/XSAM/otelsql v0.39.0/go.mod h1:uMOXLUX+wkuAuP0AR3B45NXX7E9lJS2mERa8gqdU8R0=\ngithub.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=\ngithub.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=\ngithub.com/auth0/go-jwt-middleware/v2 v2.3.0 h1:4QREj6cS3d8dS05bEm443jhnqQF97FX9sMBeWqnNRzE=\ngithub.com/auth0/go-jwt-middleware/v2 v2.3.0/go.mod h1:dL4ObBs1/dj4/W4cYxd8rqAdDGXYyd5rqbpMIxcbVrU=\ngithub.com/avast/retry-go/v4 v4.6.1 h1:VkOLRubHdisGrHnTu89g08aQEWEgRU7LVEop3GbIcMk=\ngithub.com/avast/retry-go/v4 v4.6.1/go.mod h1:V6oF8njAwxJ5gRo1Q7Cxab24xs5NCWZBeaHHBklR8mA=\ngithub.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=\ngithub.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=\ngithub.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=\ngithub.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=\ngithub.com/bmatcuk/doublestar/v2 v2.0.4 h1:6I6oUiT/sU27eE2OFcWqBhL1SwjyvQuOssxT4a1yidI=\ngithub.com/bmatcuk/doublestar/v2 v2.0.4/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQmTZRptLie8RgRw=\ngithub.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=\ngithub.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=\ngithub.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=\ngithub.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=\ngithub.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=\ngithub.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=\ngithub.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=\ngithub.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=\ngithub.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=\ngithub.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=\ngithub.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=\ngithub.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=\ngithub.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=\ngithub.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=\ngithub.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=\ngithub.com/cockroachdb/cockroach-go/v2 v2.4.1 h1:ACVT/zXsuK6waRPVYtDQpsM8pPA7IA/3fkgA02RR/Gw=\ngithub.com/cockroachdb/cockroach-go/v2 v2.4.1/go.mod h1:9U179XbCx4qFWtNhc7BiWLPfuyMVQ7qdAhfrwLz1vH0=\ngithub.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=\ngithub.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=\ngithub.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=\ngithub.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=\ngithub.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=\ngithub.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=\ngithub.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=\ngithub.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=\ngithub.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=\ngithub.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=\ngithub.com/dgraph-io/ristretto/v2 v2.2.0 h1:bkY3XzJcXoMuELV8F+vS8kzNgicwQFAaGINAEJdWGOM=\ngithub.com/dgraph-io/ristretto/v2 v2.2.0/go.mod h1:RZrm63UmcBAaYWC1DotLYBmTvgkrs0+XhBd7Npn7/zI=\ngithub.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da h1:aIftn67I1fkbMa512G+w+Pxci9hJPB8oMnkcP3iZF38=\ngithub.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=\ngithub.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=\ngithub.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=\ngithub.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=\ngithub.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=\ngithub.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=\ngithub.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=\ngithub.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=\ngithub.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=\ngithub.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=\ngithub.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=\ngithub.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=\ngithub.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=\ngithub.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=\ngithub.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=\ngithub.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=\ngithub.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=\ngithub.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=\ngithub.com/felixge/fgprof v0.9.5 h1:8+vR6yu2vvSKn08urWyEuxx75NWPEvybbkBirEpsbVY=\ngithub.com/felixge/fgprof v0.9.5/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZPpayhMM=\ngithub.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=\ngithub.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=\ngithub.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=\ngithub.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=\ngithub.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=\ngithub.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=\ngithub.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=\ngithub.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=\ngithub.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY=\ngithub.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=\ngithub.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=\ngithub.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=\ngithub.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=\ngithub.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=\ngithub.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=\ngithub.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=\ngithub.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=\ngithub.com/go-openapi/errors v0.22.2 h1:rdxhzcBUazEcGccKqbY1Y7NS8FDcMyIRr0934jrYnZg=\ngithub.com/go-openapi/errors v0.22.2/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0=\ngithub.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA=\ngithub.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=\ngithub.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=\ngithub.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=\ngithub.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=\ngithub.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=\ngithub.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=\ngithub.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc=\ngithub.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=\ngithub.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=\ngithub.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=\ngithub.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4=\ngithub.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=\ngithub.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=\ngithub.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=\ngithub.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=\ngithub.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=\ngithub.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=\ngithub.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=\ngithub.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=\ngithub.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=\ngithub.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=\ngithub.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=\ngithub.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=\ngithub.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=\ngithub.com/gobuffalo/envy v1.10.2 h1:EIi03p9c3yeuRCFPOKcSfajzkLb3hrRjEpHGI8I2Wo4=\ngithub.com/gobuffalo/envy v1.10.2/go.mod h1:qGAGwdvDsaEtPhfBzb3o0SfDea8ByGn9j8bKmVft9z8=\ngithub.com/gobuffalo/fizz v1.14.4 h1:8uume7joF6niTNWN582IQ2jhGTUoa9g1fiV/tIoGdBs=\ngithub.com/gobuffalo/fizz v1.14.4/go.mod h1:9/2fGNXNeIFOXEEgTPJwiK63e44RjG+Nc4hfMm1ArGM=\ngithub.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE=\ngithub.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4=\ngithub.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs=\ngithub.com/gobuffalo/github_flavored_markdown v1.1.3/go.mod h1:IzgO5xS6hqkDmUh91BW/+Qxo/qYnvfzoz3A7uLkg77I=\ngithub.com/gobuffalo/github_flavored_markdown v1.1.4 h1:WacrEGPXUDX+BpU1GM/Y0ADgMzESKNWls9hOTG1MHVs=\ngithub.com/gobuffalo/github_flavored_markdown v1.1.4/go.mod h1:Vl9686qrVVQou4GrHRK/KOG3jCZOKLUqV8MMOAYtlso=\ngithub.com/gobuffalo/helpers v0.6.7/go.mod h1:j0u1iC1VqlCaJEEVkZN8Ia3TEzfj/zoXANqyJExTMTA=\ngithub.com/gobuffalo/helpers v0.6.10 h1:puKDCOrJ0EIq5ScnTRgKyvEZ05xQa+gwRGCpgoh6Ek8=\ngithub.com/gobuffalo/helpers v0.6.10/go.mod h1:r52L6VSnByLJFOmURp1irvzgSakk7RodChi1YbGwk8I=\ngithub.com/gobuffalo/httptest v1.5.2 h1:GpGy520SfY1QEmyPvaqmznTpG4gEQqQ82HtHqyNEreM=\ngithub.com/gobuffalo/httptest v1.5.2/go.mod h1:FA23yjsWLGj92mVV74Qtc8eqluc11VqcWr8/C1vxt4g=\ngithub.com/gobuffalo/nulls v0.4.2 h1:GAqBR29R3oPY+WCC7JL9KKk9erchaNuV6unsOSZGQkw=\ngithub.com/gobuffalo/nulls v0.4.2/go.mod h1:EElw2zmBYafU2R9W4Ii1ByIj177wA/pc0JdjtD0EsH8=\ngithub.com/gobuffalo/plush/v4 v4.1.16/go.mod h1:6t7swVsarJ8qSLw1qyAH/KbrcSTwdun2ASEQkOznakg=\ngithub.com/gobuffalo/plush/v4 v4.1.22 h1:bPQr5PsiTg54UGMsfvnIAvFmUfxzD/ri+wbpu7PlmTM=\ngithub.com/gobuffalo/plush/v4 v4.1.22/go.mod h1:WiKHJx3qBvfaDVlrv8zT7NCd3dEMaVR/fVxW4wqV17M=\ngithub.com/gobuffalo/plush/v5 v5.0.7 h1:nI8sIt5tZAN2tCZHeaXkH7HAvxvvk3sJHG2TtrKeSHM=\ngithub.com/gobuffalo/plush/v5 v5.0.7/go.mod h1:C08u/VEqzzPBXFF/yqs40P/5Cvc/zlZsMzhCxXyWJmU=\ngithub.com/gobuffalo/tags/v3 v3.1.4 h1:X/ydLLPhgXV4h04Hp2xlbI2oc5MDaa7eub6zw8oHjsM=\ngithub.com/gobuffalo/tags/v3 v3.1.4/go.mod h1:ArRNo3ErlHO8BtdA0REaZxijuWnWzF6PUXngmMXd2I0=\ngithub.com/gobuffalo/validate/v3 v3.3.3 h1:o7wkIGSvZBYBd6ChQoLxkz2y1pfmhbI4jNJYh6PuNJ4=\ngithub.com/gobuffalo/validate/v3 v3.3.3/go.mod h1:YC7FsbJ/9hW/VjQdmXPvFqvRis4vrRYFxr69WiNZw6g=\ngithub.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=\ngithub.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=\ngithub.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=\ngithub.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=\ngithub.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=\ngithub.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=\ngithub.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=\ngithub.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=\ngithub.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=\ngithub.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=\ngithub.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=\ngithub.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=\ngithub.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=\ngithub.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=\ngithub.com/gogo/googleapis v1.4.1 h1:1Yx4Myt7BxzvUr5ldGSbwYiZG6t9wGBZ+8/fX3Wvtq0=\ngithub.com/gogo/googleapis v1.4.1/go.mod h1:2lpHqI5OcWCtVElxXnPt+s8oJvMpySlOyM6xDCrzib4=\ngithub.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=\ngithub.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=\ngithub.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=\ngithub.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=\ngithub.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=\ngithub.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=\ngithub.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=\ngithub.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=\ngithub.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=\ngithub.com/google/go-jsonnet v0.21.0 h1:43Bk3K4zMRP/aAZm9Po2uSEjY6ALCkYUVIcz9HLGMvA=\ngithub.com/google/go-jsonnet v0.21.0/go.mod h1:tCGAu8cpUpEZcdGMmdOu37nh8bGgqubhI5v2iSk3KJQ=\ngithub.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=\ngithub.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=\ngithub.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 h1:xhMrHhTJ6zxu3gA4enFM9MLn9AY7613teCdFnlUVbSQ=\ngithub.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=\ngithub.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=\ngithub.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=\ngithub.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=\ngithub.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=\ngithub.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=\ngithub.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=\ngithub.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=\ngithub.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=\ngithub.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=\ngithub.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=\ngithub.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=\ngithub.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=\ngithub.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=\ngithub.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 h1:X5VWvz21y3gzm9Nw/kaUeku/1+uBhcekkmy4IkffJww=\ngithub.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1/go.mod h1:Zanoh4+gvIgluNqcfMVTJueD4wSS5hT7zTt4Mrutd90=\ngithub.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=\ngithub.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=\ngithub.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=\ngithub.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=\ngithub.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=\ngithub.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=\ngithub.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=\ngithub.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=\ngithub.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=\ngithub.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=\ngithub.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=\ngithub.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=\ngithub.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf h1:FtEj8sfIcaaBfAKrE1Cwb61YDtYq9JxChK1c7AKce7s=\ngithub.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf/go.mod h1:yrqSXGoD/4EKfF26AOGzscPOgTTJcyAwM2rpixWT+t4=\ngithub.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=\ngithub.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=\ngithub.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=\ngithub.com/jackc/pgconn v1.14.3 h1:bVoTr12EGANZz66nZPkMInAV/KHD2TxH9npjXXgiB3w=\ngithub.com/jackc/pgconn v1.14.3/go.mod h1:RZbme4uasqzybK2RK5c65VsHxoyaml09lx3tXOcO/VM=\ngithub.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=\ngithub.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=\ngithub.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc=\ngithub.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=\ngithub.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=\ngithub.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=\ngithub.com/jackc/pgproto3/v2 v2.3.3 h1:1HLSx5H+tXR9pW3in3zaztoEwQYRC9SQaYUHjTSUOag=\ngithub.com/jackc/pgproto3/v2 v2.3.3/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=\ngithub.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=\ngithub.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=\ngithub.com/jackc/pgx/v5 v5.7.5 h1:JHGfMnQY+IEtGM63d+NGMjoRpysB2JBwDr5fsngwmJs=\ngithub.com/jackc/pgx/v5 v5.7.5/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=\ngithub.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=\ngithub.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=\ngithub.com/jaegertracing/jaeger-idl v0.5.0 h1:zFXR5NL3Utu7MhPg8ZorxtCBjHrL3ReM1VoB65FOFGE=\ngithub.com/jaegertracing/jaeger-idl v0.5.0/go.mod h1:ON90zFo9eoyXrt9F/KN8YeF3zxcnujaisMweFY/rg5k=\ngithub.com/jandelgado/gcov2lcov v1.1.1 h1:CHUNoAglvb34DqmMoZchnzDbA3yjpzT8EoUvVqcAY+s=\ngithub.com/jandelgado/gcov2lcov v1.1.1/go.mod h1:tMVUlMVtS1po2SB8UkADWhOT5Y5Q13XOce2AYU69JuI=\ngithub.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=\ngithub.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=\ngithub.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=\ngithub.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=\ngithub.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=\ngithub.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=\ngithub.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=\ngithub.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=\ngithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=\ngithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=\ngithub.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=\ngithub.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=\ngithub.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=\ngithub.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=\ngithub.com/knadh/koanf/maps v0.1.2 h1:RBfmAW5CnZT+PJ1CVc1QSJKf4Xu9kxfQgYVQSu8hpbo=\ngithub.com/knadh/koanf/maps v0.1.2/go.mod h1:npD/QZY3V6ghQDdcQzl1W4ICNVTkohC8E73eI2xW4yI=\ngithub.com/knadh/koanf/parsers/json v0.1.0 h1:dzSZl5pf5bBcW0Acnu20Djleto19T0CfHcvZ14NJ6fU=\ngithub.com/knadh/koanf/parsers/json v0.1.0/go.mod h1:ll2/MlXcZ2BfXD6YJcjVFzhG9P0TdJ207aIBKQhV2hY=\ngithub.com/knadh/koanf/parsers/toml v0.1.0 h1:S2hLqS4TgWZYj4/7mI5m1CQQcWurxUz6ODgOub/6LCI=\ngithub.com/knadh/koanf/parsers/toml v0.1.0/go.mod h1:yUprhq6eo3GbyVXFFMdbfZSo928ksS+uo0FFqNMnO18=\ngithub.com/knadh/koanf/parsers/yaml v0.1.0 h1:ZZ8/iGfRLvKSaMEECEBPM1HQslrZADk8fP1XFUxVI5w=\ngithub.com/knadh/koanf/parsers/yaml v0.1.0/go.mod h1:cvbUDC7AL23pImuQP0oRw/hPuccrNBS2bps8asS0CwY=\ngithub.com/knadh/koanf/providers/posflag v0.1.0 h1:mKJlLrKPcAP7Ootf4pBZWJ6J+4wHYujwipe7Ie3qW6U=\ngithub.com/knadh/koanf/providers/posflag v0.1.0/go.mod h1:SYg03v/t8ISBNrMBRMlojH8OsKowbkXV7giIbBVgbz0=\ngithub.com/knadh/koanf/providers/rawbytes v0.1.0 h1:dpzgu2KO6uf6oCb4aP05KDmKmAmI51k5pe8RYKQ0qME=\ngithub.com/knadh/koanf/providers/rawbytes v0.1.0/go.mod h1:mMTB1/IcJ/yE++A2iEZbY1MLygX7vttU+C+S/YmPu9c=\ngithub.com/knadh/koanf/v2 v2.2.2 h1:ghbduIkpFui3L587wavneC9e3WIliCgiCgdxYO/wd7A=\ngithub.com/knadh/koanf/v2 v2.2.2/go.mod h1:abWQc0cBXLSF/PSOMCB/SK+T13NXDsPvOksbpi5e/9Q=\ngithub.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=\ngithub.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=\ngithub.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=\ngithub.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=\ngithub.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=\ngithub.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=\ngithub.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=\ngithub.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=\ngithub.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=\ngithub.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=\ngithub.com/laher/mergefs v0.1.1 h1:nV2bTS57vrmbMxeR6uvJpI8LyGl3QHj4bLBZO3aUV58=\ngithub.com/laher/mergefs v0.1.1/go.mod h1:FSY1hYy94on4Tz60waRMGdO1awwS23BacqJlqf9lJ9Q=\ngithub.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=\ngithub.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=\ngithub.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=\ngithub.com/lestrrat-go/blackmagic v1.0.4 h1:IwQibdnf8l2KoO+qC3uT4OaTWsW7tuRQXy9TRN9QanA=\ngithub.com/lestrrat-go/blackmagic v1.0.4/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw=\ngithub.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=\ngithub.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=\ngithub.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=\ngithub.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=\ngithub.com/lestrrat-go/jwx v1.2.31 h1:/OM9oNl/fzyldpv5HKZ9m7bTywa7COUfg8gujd9nJ54=\ngithub.com/lestrrat-go/jwx v1.2.31/go.mod h1:eQJKoRwWcLg4PfD5CFA5gIZGxhPgoPYq9pZISdxLf0c=\ngithub.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=\ngithub.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=\ngithub.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=\ngithub.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=\ngithub.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=\ngithub.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=\ngithub.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=\ngithub.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=\ngithub.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=\ngithub.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=\ngithub.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=\ngithub.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=\ngithub.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=\ngithub.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=\ngithub.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=\ngithub.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=\ngithub.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=\ngithub.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=\ngithub.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=\ngithub.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=\ngithub.com/microcosm-cc/bluemonday v1.0.20/go.mod h1:yfBmMi8mxvaZut3Yytv+jTXRY8mxyjJ0/kQBTElld50=\ngithub.com/microcosm-cc/bluemonday v1.0.22/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM=\ngithub.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=\ngithub.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=\ngithub.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=\ngithub.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=\ngithub.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=\ngithub.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=\ngithub.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=\ngithub.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=\ngithub.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=\ngithub.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=\ngithub.com/moby/moby/api v1.54.0 h1:7kbUgyiKcoBhm0UrWbdrMs7RX8dnwzURKVbZGy2GnL0=\ngithub.com/moby/moby/api v1.54.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=\ngithub.com/moby/moby/client v0.3.0 h1:UUGL5okry+Aomj3WhGt9Aigl3ZOxZGqR7XPo+RLPlKs=\ngithub.com/moby/moby/client v0.3.0/go.mod h1:HJgFbJRvogDQjbM8fqc1MCEm4mIAGMLjXbgwoZp6jCQ=\ngithub.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=\ngithub.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=\ngithub.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=\ngithub.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=\ngithub.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=\ngithub.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=\ngithub.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=\ngithub.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=\ngithub.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=\ngithub.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=\ngithub.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=\ngithub.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=\ngithub.com/nyaruka/phonenumbers v1.6.5 h1:aBCaUhfpRA7hU6fsXk+p7KF1aNx4nQlq9hGeo2qdFg8=\ngithub.com/nyaruka/phonenumbers v1.6.5/go.mod h1:7gjs+Lchqm49adhAKB5cdcng5ZXgt6x7Jgvi0ZorUtU=\ngithub.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=\ngithub.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=\ngithub.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU=\ngithub.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk=\ngithub.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=\ngithub.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=\ngithub.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=\ngithub.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=\ngithub.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=\ngithub.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=\ngithub.com/openzipkin/zipkin-go v0.4.3 h1:9EGwpqkgnwdEIJ+Od7QVSEIH+ocmm5nPat0G7sjsSdg=\ngithub.com/openzipkin/zipkin-go v0.4.3/go.mod h1:M9wCJZFWCo2RiY+o1eBCEMe0Dp2S5LDHcMZmk3RmK7c=\ngithub.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=\ngithub.com/ory/analytics-go/v5 v5.0.1 h1:LX8T5B9FN8KZXOtxgN+R3I4THRRVB6+28IKgKBpXmAM=\ngithub.com/ory/analytics-go/v5 v5.0.1/go.mod h1:lWCiCjAaJkKfgR/BN5DCLMol8BjKS1x+4jxBxff/FF0=\ngithub.com/ory/dockertest/v4 v4.0.0-beta.4 h1:QcrNrobOP+5IjSDmS4//EuBtwiFuznQhi5xTe8oFSoM=\ngithub.com/ory/dockertest/v4 v4.0.0-beta.4/go.mod h1:p9kfE14tzK8+WU4F9YbIZlzhCzQ2pH7H1KIfBKrF3DM=\ngithub.com/ory/herodot v0.10.7 h1:CETBRP4LboLlQCSVTkyQix/a2bVh1rmNhhfxd45khCI=\ngithub.com/ory/herodot v0.10.7/go.mod h1:j6i246U6iX8TStYNKIVQxb2waweQvtOLi+b/9q+OULg=\ngithub.com/ory/jsonschema/v3 v3.0.9-0.20250317235931-280c5fc7bf0e h1:4tUrC7x4YWRVMFp+c64KACNSGchW1zXo4l6Pa9/1hA8=\ngithub.com/ory/jsonschema/v3 v3.0.9-0.20250317235931-280c5fc7bf0e/go.mod h1:XWLxVK4un/iuIcrw+6lCeanbF3NZwO5k6RdLeu/loQk=\ngithub.com/ory/pop/v6 v6.3.2-0.20251203152233-a32233875f7e h1:gsbAteu8HZYnkIF4WVBaxklvF/s5IbcxYcCi6qX93ms=\ngithub.com/ory/pop/v6 v6.3.2-0.20251203152233-a32233875f7e/go.mod h1:PEqjxMcIV87rBhlyDDha76I7/w2W/FHenSq3V3X1A/A=\ngithub.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=\ngithub.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=\ngithub.com/peterhellberg/link v1.2.0 h1:UA5pg3Gp/E0F2WdX7GERiNrPQrM1K6CVJUUWfHa4t6c=\ngithub.com/peterhellberg/link v1.2.0/go.mod h1:gYfAh+oJgQu2SrZHg5hROVRQe1ICoK0/HHJTcE0edxc=\ngithub.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=\ngithub.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=\ngithub.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=\ngithub.com/pkg/profile v1.7.0/go.mod h1:8Uer0jas47ZQMJ7VD+OHknK4YDY07LPUC6dEvqDjvNo=\ngithub.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=\ngithub.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=\ngithub.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=\ngithub.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=\ngithub.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=\ngithub.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=\ngithub.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=\ngithub.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=\ngithub.com/rakutentech/jwk-go v1.2.0 h1:vNJwedPkRR+32V5WGNj0JP4COes93BGERvzQLBjLy4c=\ngithub.com/rakutentech/jwk-go v1.2.0/go.mod h1:pI0bYVntqaJ27RCpaC75MTUacheW0Rk4+8XzWWe1OWM=\ngithub.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=\ngithub.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=\ngithub.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=\ngithub.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=\ngithub.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=\ngithub.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=\ngithub.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=\ngithub.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 h1:0b8DF5kR0PhRoRXDiEEdzrgBc8UqVY4JWLkQJCRsLME=\ngithub.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761/go.mod h1:/THDZYi7F/BsVEcYzYPqdcWFQ+1C2InkawTKfLOAnzg=\ngithub.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=\ngithub.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc=\ngithub.com/segmentio/backo-go v1.1.0 h1:cJIfHQUdmLsd8t9IXqf5J8SdrOMn9vMa7cIvOavHAhc=\ngithub.com/segmentio/backo-go v1.1.0/go.mod h1:ckenwdf+v/qbyhVdNPWHnqh2YdJBED1O9cidYyM5J18=\ngithub.com/segmentio/conf v1.2.0/go.mod h1:Y3B9O/PqqWqjyxyWWseyj/quPEtMu1zDp/kVbSWWaB0=\ngithub.com/segmentio/go-snakecase v1.1.0/go.mod h1:jk1miR5MS7Na32PZUykG89Arm+1BUSYhuGR6b7+hJto=\ngithub.com/segmentio/objconv v1.0.1/go.mod h1:auayaH5k3137Cl4SoXTgrzQcuQDmvuVtZgS0fb1Ahys=\ngithub.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=\ngithub.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=\ngithub.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=\ngithub.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=\ngithub.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=\ngithub.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=\ngithub.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=\ngithub.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=\ngithub.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d h1:yKm7XZV6j9Ev6lojP2XaIshpT4ymkqhMeSghO5Ps00E=\ngithub.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=\ngithub.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e h1:qpG93cPwA5f7s/ZPBJnGOYQNK/vKsaDaseuKT5Asee8=\ngithub.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=\ngithub.com/spf13/cast v1.9.2 h1:SsGfm7M8QOFtEzumm7UZrZdLLquNdzFYfIbEXntcFbE=\ngithub.com/spf13/cast v1.9.2/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=\ngithub.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=\ngithub.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=\ngithub.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=\ngithub.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/ssoready/hyrumtoken v1.0.0 h1:N/JPJDOuYS7qPSnOvZpPxNVXwtlT3kfzAMEcPrH8ywQ=\ngithub.com/ssoready/hyrumtoken v1.0.0/go.mod h1:h8q768r5Uv6iJKOwsNENIWWUP9kvmLykQox5m3SCpqc=\ngithub.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=\ngithub.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=\ngithub.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=\ngithub.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=\ngithub.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=\ngithub.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=\ngithub.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=\ngithub.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=\ngithub.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=\ngithub.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=\ngithub.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=\ngithub.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=\ngithub.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=\ngithub.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=\ngithub.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=\ngithub.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=\ngithub.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=\ngithub.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=\ngithub.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=\ngithub.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=\ngithub.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=\ngithub.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=\ngithub.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=\ngithub.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=\ngithub.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g=\ngithub.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM=\ngithub.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=\ngo.mongodb.org/mongo-driver v1.17.4 h1:jUorfmVzljjr0FLzYQsGP8cgN/qzzxlY9Vh0C9KFXVw=\ngo.mongodb.org/mongo-driver v1.17.4/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=\ngo.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=\ngo.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=\ngo.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0 h1:wCeciVlAfb5DC8MQl/DlmAv/FVPNpQgFvI/71+hatuc=\ngo.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0/go.mod h1:WfEApdZDMlLUAev/0QQpr8EJ/z0VWDKYZ5tF5RH5T1U=\ngo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU=\ngo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY=\ngo.opentelemetry.io/contrib/propagators/b3 v1.37.0 h1:0aGKdIuVhy5l4GClAjl72ntkZJhijf2wg1S7b5oLoYA=\ngo.opentelemetry.io/contrib/propagators/b3 v1.37.0/go.mod h1:nhyrxEJEOQdwR15zXrCKI6+cJK60PXAkJ/jRyfhr2mg=\ngo.opentelemetry.io/contrib/propagators/jaeger v1.37.0 h1:pW+qDVo0jB0rLsNeaP85xLuz20cvsECUcN7TE+D8YTM=\ngo.opentelemetry.io/contrib/propagators/jaeger v1.37.0/go.mod h1:x7bd+t034hxLTve1hF9Yn9qQJlO/pP8H5pWIt7+gsFM=\ngo.opentelemetry.io/contrib/samplers/jaegerremote v0.31.0 h1:l8XCsDh7L6Z7PB+vlw1s4ufNab+ayT2RMNdvDE/UyPc=\ngo.opentelemetry.io/contrib/samplers/jaegerremote v0.31.0/go.mod h1:XAOSk4bqj5vtoiY08bexeiafzxdXeLlxKFnwscvn8Fc=\ngo.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=\ngo.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=\ngo.opentelemetry.io/otel/exporters/jaeger v1.17.0 h1:D7UpUy2Xc2wsi1Ras6V40q806WM07rqoCWzXu7Sqy+4=\ngo.opentelemetry.io/otel/exporters/jaeger v1.17.0/go.mod h1:nPCqOnEH9rNLKqH/+rrUjiMzHJdV1BlpKcTwRTyKkKI=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 h1:Ahq7pZmv87yiyn3jeFz/LekZmPLLdKejuO3NcK9MssM=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0/go.mod h1:MJTqhM0im3mRLw1i8uGHnCvUEeS7VwRyxlLC78PA18M=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 h1:bDMKF3RUSxshZ5OjOTi8rsHGaPKsAt76FaqgvIUySLc=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0/go.mod h1:dDT67G/IkA46Mr2l9Uj7HsQVwsjASyV9SjGofsiUZDA=\ngo.opentelemetry.io/otel/exporters/zipkin v1.37.0 h1:Z2apuaRnHEjzDAkpbWNPiksz1R0/FCIrJSjiMA43zwI=\ngo.opentelemetry.io/otel/exporters/zipkin v1.37.0/go.mod h1:ofGu/7fG+bpmjZoiPUUmYDJ4vXWxMT57HmGoegx49uw=\ngo.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=\ngo.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=\ngo.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=\ngo.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=\ngo.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=\ngo.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=\ngo.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=\ngo.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=\ngo.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4=\ngo.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE=\ngo.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=\ngo.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=\ngo.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=\ngo.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=\ngo.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=\ngo.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=\ngo.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE=\ngo.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=\ngolang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\ngolang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=\ngolang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=\ngolang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=\ngolang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=\ngolang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=\ngolang.org/x/exp v0.0.0-20250813145105-42675adae3e6 h1:SbTAbRFnd5kjQXbczszQ0hdk3ctwYf3qBNH9jIsGclE=\ngolang.org/x/exp v0.0.0-20250813145105-42675adae3e6/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4=\ngolang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=\ngolang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=\ngolang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=\ngolang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=\ngolang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=\ngolang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=\ngolang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=\ngolang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=\ngolang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=\ngolang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=\ngolang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=\ngolang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=\ngolang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=\ngolang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=\ngolang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=\ngolang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=\ngolang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=\ngolang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=\ngolang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=\ngolang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=\ngolang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=\ngolang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=\ngolang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo=\ngolang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=\ngolang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=\ngolang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=\ngolang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=\ngolang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=\ngolang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=\ngolang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=\ngolang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=\ngolang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=\ngolang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=\ngolang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=\ngolang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=\ngolang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=\ngolang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=\ngolang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=\ngolang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=\ngolang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=\ngolang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=\ngolang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=\ngonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=\ngoogle.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=\ngoogle.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=\ngoogle.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=\ngoogle.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=\ngoogle.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=\ngoogle.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=\ngopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=\ngopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=\ngopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=\ngopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=\ngopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=\ngopkg.in/go-playground/mold.v2 v2.2.0/go.mod h1:XMyyRsGtakkDPbxXbrA5VODo6bUXyvoDjLd5l3T0XoA=\ngopkg.in/validator.v2 v2.0.0-20180514200540-135c24b11c19/go.mod h1:o4V0GXN9/CAmCsvJ0oXYZvrZOe7syiDZSN1GWGZTGzc=\ngopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=\ngopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=\ngopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=\ngopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=\ngotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=\npgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=\npgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=\nsigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=\nsigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=\n" }, { "path": "oryx/hasherx/hash_comparator.go", "content": "package hasherx\n\nimport (\n\t\"context\"\n\t\"crypto/subtle\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"math\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n\t\"golang.org/x/crypto/argon2\"\n\t\"golang.org/x/crypto/bcrypt\"\n\t\"golang.org/x/crypto/pbkdf2\"\n)\n\nvar ErrUnknownHashAlgorithm = errors.New(\"unknown hash algorithm\")\n\n// Compare the given password with the given hash.\nfunc Compare(ctx context.Context, password []byte, hash []byte) error {\n\tswitch {\n\tcase IsBcryptHash(hash):\n\t\treturn CompareBcrypt(ctx, password, hash)\n\tcase IsArgon2idHash(hash):\n\t\treturn CompareArgon2id(ctx, password, hash)\n\tcase IsArgon2iHash(hash):\n\t\treturn CompareArgon2i(ctx, password, hash)\n\tcase IsPbkdf2Hash(hash):\n\t\treturn ComparePbkdf2(ctx, password, hash)\n\tdefault:\n\t\treturn errors.WithStack(ErrUnknownHashAlgorithm)\n\t}\n}\n\nfunc CompareBcrypt(_ context.Context, password []byte, hash []byte) error {\n\tif err := validateBcryptPasswordLength(password); err != nil {\n\t\treturn err\n\t}\n\n\terr := bcrypt.CompareHashAndPassword(hash, password)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc CompareArgon2id(_ context.Context, password []byte, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, hash, err := decodeArgon2idHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tmem := uint64(p.Memory)\n\tif mem > math.MaxUint32 {\n\t\treturn errors.WithStack(ErrInvalidHash)\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\totherHash := argon2.IDKey(password, salt, p.Iterations, uint32(mem), p.Parallelism, p.KeyLength)\n\n\t// Check that the contents of the hashed passwords are identical. Note\n\t// that we are using the subtle.ConstantTimeCompare() function for this\n\t// to help prevent timing attacks.\n\tif subtle.ConstantTimeCompare(hash, otherHash) == 1 {\n\t\treturn nil\n\t}\n\treturn errors.WithStack(ErrMismatchedHashAndPassword)\n}\n\nfunc CompareArgon2i(_ context.Context, password []byte, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, hash, err := decodeArgon2idHash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tmem := uint64(p.Memory)\n\tif mem > math.MaxUint32 {\n\t\treturn errors.WithStack(ErrInvalidHash)\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\totherHash := argon2.Key(password, salt, p.Iterations, uint32(mem), p.Parallelism, p.KeyLength)\n\n\t// Check that the contents of the hashed passwords are identical. Note\n\t// that we are using the subtle.ConstantTimeCompare() function for this\n\t// to help prevent timing attacks.\n\tif subtle.ConstantTimeCompare(hash, otherHash) == 1 {\n\t\treturn nil\n\t}\n\treturn errors.WithStack(ErrMismatchedHashAndPassword)\n}\n\nfunc ComparePbkdf2(_ context.Context, password []byte, hash []byte) error {\n\t// Extract the parameters, salt and derived key from the encoded password\n\t// hash.\n\tp, salt, hash, err := decodePbkdf2Hash(string(hash))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// Derive the key from the other password using the same parameters.\n\totherHash := pbkdf2.Key(password, salt, int(p.Iterations), int(p.KeyLength), getPseudorandomFunctionForPbkdf2(p.Algorithm))\n\n\t// Check that the contents of the hashed passwords are identical. Note\n\t// that we are using the subtle.ConstantTimeCompare() function for this\n\t// to help prevent timing attacks.\n\tif subtle.ConstantTimeCompare(hash, otherHash) == 1 {\n\t\treturn nil\n\t}\n\treturn errors.WithStack(ErrMismatchedHashAndPassword)\n}\n\nvar (\n\tisBcryptHash = regexp.MustCompile(`^\\$2[abzy]?\\$`)\n\tisArgon2idHash = regexp.MustCompile(`^\\$argon2id\\$`)\n\tisArgon2iHash = regexp.MustCompile(`^\\$argon2i\\$`)\n\tisPbkdf2Hash = regexp.MustCompile(`^\\$pbkdf2-sha[0-9]{1,3}\\$`)\n)\n\nfunc IsBcryptHash(hash []byte) bool {\n\treturn isBcryptHash.Match(hash)\n}\n\nfunc IsArgon2idHash(hash []byte) bool {\n\treturn isArgon2idHash.Match(hash)\n}\n\nfunc IsArgon2iHash(hash []byte) bool {\n\treturn isArgon2iHash.Match(hash)\n}\n\nfunc IsPbkdf2Hash(hash []byte) bool {\n\treturn isPbkdf2Hash.Match(hash)\n}\n\nfunc decodeArgon2idHash(encodedHash string) (p *Argon2Config, salt, hash []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\tif len(parts) != 6 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\n\tvar version int\n\t_, err = fmt.Sscanf(parts[2], \"v=%d\", &version)\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tif version != argon2.Version {\n\t\treturn nil, nil, nil, ErrIncompatibleVersion\n\t}\n\n\tp = new(Argon2Config)\n\t_, err = fmt.Sscanf(parts[3], \"m=%d,t=%d,p=%d\", &p.Memory, &p.Iterations, &p.Parallelism)\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\n\tsalt, err = base64.RawStdEncoding.Strict().DecodeString(parts[4])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tsaltLength := uint(len(salt))\n\tif saltLength > math.MaxUint32 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\tp.SaltLength = uint32(saltLength)\n\n\thash, err = base64.RawStdEncoding.Strict().DecodeString(parts[5])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tkeyLength := uint(len(hash))\n\tif keyLength > math.MaxUint32 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\tp.KeyLength = uint32(keyLength)\n\n\treturn p, salt, hash, nil\n}\n\n// decodePbkdf2Hash decodes PBKDF2 encoded password hash.\n// format: $pbkdf2-$i=,l=$$\nfunc decodePbkdf2Hash(encodedHash string) (p *PBKDF2Config, salt, hash []byte, err error) {\n\tparts := strings.Split(encodedHash, \"$\")\n\tif len(parts) != 5 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\n\tp = new(PBKDF2Config)\n\tdigestParts := strings.SplitN(parts[1], \"-\", 2)\n\tif len(digestParts) != 2 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\tp.Algorithm = digestParts[1]\n\n\t_, err = fmt.Sscanf(parts[2], \"i=%d,l=%d\", &p.Iterations, &p.KeyLength)\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\n\tsalt, err = base64.RawStdEncoding.Strict().DecodeString(parts[3])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tsaltLength := uint(len(salt))\n\tif saltLength > math.MaxUint32 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\tp.SaltLength = uint32(saltLength)\n\n\thash, err = base64.RawStdEncoding.Strict().DecodeString(parts[4])\n\tif err != nil {\n\t\treturn nil, nil, nil, err\n\t}\n\tkeyLength := uint(len(hash))\n\tif keyLength > math.MaxUint32 {\n\t\treturn nil, nil, nil, ErrInvalidHash\n\t}\n\tp.KeyLength = uint32(keyLength)\n\n\treturn p, salt, hash, nil\n}\n" }, { "path": "oryx/hasherx/hasher.go", "content": "package hasherx\n\nimport (\n\t\"context\"\n)\n\n// Hasher provides methods for generating and comparing password hashes.\ntype Hasher interface {\n\t// Generate returns a hash derived from the password or an error if the hash method failed.\n\tGenerate(ctx context.Context, password []byte) ([]byte, error)\n\n\t// Understands returns whether the given hash can be understood by this hasher.\n\tUnderstands(hash []byte) bool\n}\n\ntype HashProvider interface {\n\tHasher() Hasher\n}\n\nconst tracingComponent = \"github.com/ory/kratos/hash\"\n" }, { "path": "oryx/hasherx/hasher_argon2.go", "content": "package hasherx\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/rand\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"math\"\n\t\"time\"\n\n\t\"github.com/ory/x/otelx\"\n\n\t\"github.com/inhies/go-bytesize\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/codes\"\n\n\t\"github.com/pkg/errors\"\n\t\"golang.org/x/crypto/argon2\"\n)\n\nvar (\n\tErrInvalidHash = errors.New(\"the encoded hash is not in the correct format\")\n\tErrIncompatibleVersion = errors.New(\"incompatible version of argon2\")\n\tErrMismatchedHashAndPassword = errors.New(\"passwords do not match\")\n)\n\ntype (\n\t// Argon2Config is the configuration for a Argon2 hasher.\n\tArgon2Config struct {\n\t\t// Memory is the amount of memory to use.\n\t\tMemory bytesize.ByteSize `json:\"memory\"`\n\n\t\t// Iterations is the number of iterations to use.\n\t\tIterations uint32 `json:\"iterations\"`\n\n\t\t// Parallelism is the number of threads to use.\n\t\tParallelism uint8 `json:\"parallelism\"`\n\n\t\t// SaltLength is the length of the salt to use.\n\t\tSaltLength uint32 `json:\"salt_length\"`\n\n\t\t// KeyLength is the length of the key to use.\n\t\tKeyLength uint32 `json:\"key_length\"`\n\n\t\t// ExpectedDuration is the expected duration of the hash.\n\t\tExpectedDuration time.Duration `json:\"expected_duration\"`\n\n\t\t// ExpectedDeviation is the expected deviation of the hash.\n\t\tExpectedDeviation time.Duration `json:\"expected_deviation\"`\n\n\t\t// DedicatedMemory is the amount of dedicated memory to use.\n\t\tDedicatedMemory bytesize.ByteSize `json:\"dedicated_memory\"`\n\t}\n\t// Argon2 is a hasher that uses the Argon2 algorithm.\n\tArgon2 struct {\n\t\tc Argon2Configurator\n\t}\n\t// Argon2Configurator is a function that returns the Argon2 configuration.\n\tArgon2Configurator interface {\n\t\tHasherArgon2Config(ctx context.Context) *Argon2Config\n\t}\n)\n\nfunc NewHasherArgon2(c Argon2Configurator) *Argon2 {\n\treturn &Argon2{c: c}\n}\n\nfunc toKB(mem bytesize.ByteSize) (uint32, error) {\n\tkb := uint64(mem / bytesize.KB)\n\tif kb > math.MaxUint32 {\n\t\treturn 0, errors.Errorf(\"memory %v is too large\", mem)\n\t}\n\treturn uint32(kb), nil\n}\n\n// Generate generates a hash for the given password.\nfunc (h *Argon2) Generate(ctx context.Context, password []byte) (_ []byte, err error) {\n\tctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, \"hash.Argon2.Generate\")\n\tdefer otelx.End(span, &err)\n\tp := h.c.HasherArgon2Config(ctx)\n\tspan.SetAttributes(attribute.String(\"argon2.config\", fmt.Sprintf(\"#%v\", p)))\n\n\tsalt := make([]byte, p.SaltLength)\n\tif _, err := rand.Read(salt); err != nil {\n\t\treturn nil, err\n\t}\n\n\tmem, err := toKB(p.Memory)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\t// Pass the plaintext password, salt and parameters to the argon2.IDKey\n\t// function. This will generate a hash of the password using the Argon2id\n\t// variant.\n\thash := argon2.IDKey(password, salt, p.Iterations, mem, p.Parallelism, p.KeyLength)\n\n\tvar b bytes.Buffer\n\tif _, err := fmt.Fprintf(\n\t\t&b,\n\t\t\"$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s\",\n\t\targon2.Version, mem, p.Iterations, p.Parallelism,\n\t\tbase64.RawStdEncoding.EncodeToString(salt),\n\t\tbase64.RawStdEncoding.EncodeToString(hash),\n\t); err != nil {\n\t\tspan.RecordError(err)\n\t\tspan.SetStatus(codes.Error, err.Error())\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\treturn b.Bytes(), nil\n}\n\n// Understands checks if the given hash is in the correct format.\nfunc (h *Argon2) Understands(hash []byte) bool {\n\treturn IsArgon2idHash(hash)\n}\n" }, { "path": "oryx/hasherx/hasher_bcrypt.go", "content": "package hasherx\n\nimport (\n\t\"context\"\n\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"golang.org/x/crypto/bcrypt\"\n\n\t\"github.com/ory/x/otelx\"\n)\n\n// ErrBcryptPasswordLengthReached is returned when the password is longer than 72 bytes.\nvar ErrBcryptPasswordLengthReached = errors.Errorf(\"passwords are limited to a maximum length of 72 characters\")\n\ntype (\n\t// Bcrypt is a hasher that uses the bcrypt algorithm.\n\tBcrypt struct {\n\t\tc BCryptConfigurator\n\t}\n\t// BCryptConfig is the configuration for the bcrypt hasher.\n\tBCryptConfig struct {\n\t\tCost uint32 `json:\"cost\"`\n\t}\n\t// BCryptConfigurator is the interface that must be implemented by a configuration provider for the bcrypt hasher.\n\tBCryptConfigurator interface {\n\t\tHasherBcryptConfig(ctx context.Context) *BCryptConfig\n\t}\n)\n\nfunc NewHasherBcrypt(c BCryptConfigurator) *Bcrypt {\n\treturn &Bcrypt{c: c}\n}\n\n// Generate generates a hash for the given password.\nfunc (h *Bcrypt) Generate(ctx context.Context, password []byte) (hash []byte, err error) {\n\tctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, \"hash.Bcrypt.Generate\")\n\tdefer otelx.End(span, &err)\n\n\tif err := validateBcryptPasswordLength(password); err != nil {\n\t\treturn nil, err\n\t}\n\n\tcost := int(h.c.HasherBcryptConfig(ctx).Cost)\n\tspan.SetAttributes(attribute.Int(\"bcrypt.cost\", cost))\n\thash, err = bcrypt.GenerateFromPassword(password, cost)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn hash, nil\n}\n\nfunc validateBcryptPasswordLength(password []byte) error {\n\t// Bcrypt truncates the password to the first 72 bytes, following the OpenBSD implementation,\n\t// so if password is longer than 72 bytes, function returns an error\n\t// See https://en.wikipedia.org/wiki/Bcrypt#User_input\n\tif len(password) > 72 {\n\t\treturn ErrBcryptPasswordLengthReached\n\t}\n\treturn nil\n}\n\n// Understands checks if the given hash is in the correct format.\nfunc (h *Bcrypt) Understands(hash []byte) bool {\n\treturn IsBcryptHash(hash)\n}\n" }, { "path": "oryx/hasherx/hasher_pbkdf2.go", "content": "package hasherx\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/rand\"\n\t\"crypto/sha1\" // #nosec G505 - compatibility for imported passwords\n\t\"crypto/sha256\"\n\t\"crypto/sha512\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"hash\"\n\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/codes\"\n\t\"golang.org/x/crypto/pbkdf2\"\n\t\"golang.org/x/crypto/sha3\"\n\n\t\"github.com/ory/x/otelx\"\n)\n\ntype (\n\t// PBKDF2 is a PBKDF2 hasher.\n\tPBKDF2 struct {\n\t\tc PBKDF2Configurator\n\t}\n\n\t// PBKDF2Config is the configuration for a PBKDF2 hasher.\n\tPBKDF2Config struct {\n\t\t// Algorithm can be one of sha1, sha224, sha256, sha384, sha512\n\t\tAlgorithm string\n\t\t// Iterations is the number of iterations to use.\n\t\tIterations uint32\n\t\t// KeyLength is the length of the salt.\n\t\tSaltLength uint32\n\t\t// KeyLength is the length of the key.\n\t\tKeyLength uint32\n\t}\n\n\t// PBKDF2Configurator is a configurator for a PBKDF2 hasher.\n\tPBKDF2Configurator interface {\n\t\tHasherPBKDF2Config(ctx context.Context) *PBKDF2Config\n\t}\n)\n\n// NewHasherPBKDF2 creates a new PBKDF2 hasher.\nfunc NewHasherPBKDF2(c PBKDF2Configurator) *PBKDF2 {\n\treturn &PBKDF2{c: c}\n}\n\n// Generate generates a hash for the given password.\nfunc (h *PBKDF2) Generate(ctx context.Context, password []byte) (hash []byte, err error) {\n\tctx, span := otel.GetTracerProvider().Tracer(\"\").Start(ctx, \"hash.PBKDF2.Generate\")\n\tdefer otelx.End(span, &err)\n\n\tconf := h.c.HasherPBKDF2Config(ctx)\n\tsalt := make([]byte, conf.SaltLength)\n\tif _, err := rand.Read(salt); err != nil {\n\t\treturn nil, err\n\t}\n\n\tkey := pbkdf2.Key(password, salt, int(conf.Iterations), int(conf.KeyLength), getPseudorandomFunctionForPbkdf2(conf.Algorithm))\n\n\tvar b bytes.Buffer\n\tif _, err := fmt.Fprintf(\n\t\t&b,\n\t\t\"$pbkdf2-%s$i=%d,l=%d$%s$%s\",\n\t\tconf.Algorithm,\n\t\tconf.Iterations,\n\t\tconf.KeyLength,\n\t\tbase64.RawStdEncoding.EncodeToString(salt),\n\t\tbase64.RawStdEncoding.EncodeToString(key),\n\t); err != nil {\n\t\tspan.RecordError(err)\n\t\tspan.SetStatus(codes.Error, err.Error())\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\treturn b.Bytes(), nil\n}\n\n// Understands checks if the given hash is in the correct format.\nfunc (h *PBKDF2) Understands(hash []byte) bool {\n\treturn IsPbkdf2Hash(hash)\n}\n\nfunc getPseudorandomFunctionForPbkdf2(alg string) func() hash.Hash {\n\tswitch alg {\n\tcase \"sha1\":\n\t\treturn sha1.New\n\tcase \"sha224\":\n\t\treturn sha3.New224\n\tcase \"sha256\":\n\t\treturn sha256.New\n\tcase \"sha384\":\n\t\treturn sha3.New384\n\tcase \"sha512\":\n\t\treturn sha512.New\n\tdefault:\n\t\treturn sha256.New\n\t}\n}\n" }, { "path": "oryx/healthx/doc.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// Package healthx providers helpers for returning health status information via HTTP.\npackage healthx\n\nimport \"strings\"\n\n// The health status of the service.\n//\n// swagger:model healthStatus\ntype swaggerHealthStatus struct {\n\t// Status always contains \"ok\".\n\tStatus string `json:\"status\"`\n}\n\n// The not ready status of the service.\n//\n// swagger:model healthNotReadyStatus\ntype swaggerNotReadyStatus struct {\n\t// Errors contains a list of errors that caused the not ready status.\n\tErrors map[string]string `json:\"errors\"`\n}\n\nfunc (s swaggerNotReadyStatus) Error() string {\n\tvar errs []string\n\tfor _, err := range s.Errors {\n\t\terrs = append(errs, err)\n\t}\n\treturn strings.Join(errs, \"; \")\n}\n\n// swagger:model version\ntype swaggerVersion struct {\n\t// Version is the service's version.\n\tVersion string `json:\"version\"`\n}\n" }, { "path": "oryx/healthx/handler.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage healthx\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/ory/herodot\"\n)\n\nconst (\n\t// AliveCheckPath is the path where information about the life state of the instance is provided.\n\tAliveCheckPath = \"/health/alive\"\n\t// ReadyCheckPath is the path where information about the ready state of the instance is provided.\n\tReadyCheckPath = \"/health/ready\"\n\t// VersionPath is the path where information about the software version of the instance is provided.\n\tVersionPath = \"/version\"\n)\n\n// RoutesToObserve returns a string of all the available routes of this module.\nfunc RoutesToObserve() []string {\n\treturn []string{\n\t\tAliveCheckPath,\n\t\tReadyCheckPath,\n\t\tVersionPath,\n\t}\n}\n\n// ReadyChecker should return an error if the component is not ready yet.\ntype ReadyChecker func(r *http.Request) error\n\n// ReadyCheckers is a map of ReadyCheckers.\ntype ReadyCheckers map[string]ReadyChecker\n\n// NoopReadyChecker is always ready.\nfunc NoopReadyChecker() error {\n\treturn nil\n}\n\n// Handler handles HTTP requests to health and version endpoints.\ntype Handler struct {\n\tH herodot.Writer\n\tVersionString string\n\tReadyChecks ReadyCheckers\n}\n\ntype options struct {\n\tmiddleware func(http.Handler) http.Handler\n}\n\ntype Options func(*options)\n\n// NewHandler instantiates a handler.\nfunc NewHandler(\n\th herodot.Writer,\n\tversion string,\n\treadyChecks ReadyCheckers,\n) *Handler {\n\treturn &Handler{\n\t\tH: h,\n\t\tVersionString: version,\n\t\tReadyChecks: readyChecks,\n\t}\n}\n\ntype router interface {\n\tHandler(method, path string, handler http.Handler)\n}\n\n// SetHealthRoutes registers this handler's routes for health checking.\nfunc (h *Handler) SetHealthRoutes(r router, shareErrors bool, opts ...Options) {\n\to := &options{}\n\taliveHandler := h.Alive()\n\treadyHandler := h.Ready(shareErrors)\n\n\tfor _, opt := range opts {\n\t\topt(o)\n\t}\n\n\tif o.middleware != nil {\n\t\taliveHandler = o.middleware(aliveHandler)\n\t\treadyHandler = o.middleware(readyHandler)\n\t}\n\n\tr.Handler(\"GET\", AliveCheckPath, aliveHandler)\n\tr.Handler(\"GET\", ReadyCheckPath, readyHandler)\n}\n\n// SetVersionRoutes registers this handler's routes for health checking.\nfunc (h *Handler) SetVersionRoutes(r router, opts ...Options) {\n\to := &options{}\n\tversionHandler := h.Version()\n\n\tfor _, opt := range opts {\n\t\topt(o)\n\t}\n\n\tif o.middleware != nil {\n\t\tversionHandler = o.middleware(versionHandler)\n\t}\n\n\tr.Handler(\"GET\", VersionPath, versionHandler)\n}\n\n// Alive returns an ok status if the instance is ready to handle HTTP requests.\n//\n// swagger:route GET /health/alive health isInstanceAlive\n//\n// # Check alive status\n//\n// This endpoint returns a 200 status code when the HTTP server is up running.\n// This status does currently not include checks whether the database connection is working.\n//\n// If the service supports TLS Edge Termination, this endpoint does not require the\n// `X-Forwarded-Proto` header to be set.\n//\n// Be aware that if you are running multiple nodes of this service, the health status will never\n// refer to the cluster state, only to a single instance.\n//\n//\tProduces:\n//\t- application/json\n//\t- text/plain\n//\n//\tResponses:\n//\t 200: healthStatus\n//\t default: unexpectedError\nfunc (h *Handler) Alive() http.Handler {\n\treturn http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {\n\t\th.H.Write(rw, r, &swaggerHealthStatus{\n\t\t\tStatus: \"ok\",\n\t\t})\n\t})\n}\n\n// swagger:model unexpectedError\n//\n//nolint:deadcode,unused\n//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions\ntype unexpectedError string\n\n// Ready returns an ok status if the instance is ready to handle HTTP requests and all ReadyCheckers are ok.\n//\n// swagger:route GET /health/ready health isInstanceReady\n//\n// # Check readiness status\n//\n// This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g.\n// the database) are responsive as well.\n//\n// If the service supports TLS Edge Termination, this endpoint does not require the\n// `X-Forwarded-Proto` header to be set.\n//\n// Be aware that if you are running multiple nodes of this service, the health status will never\n// refer to the cluster state, only to a single instance.\n//\n//\tProduces:\n//\t- application/json\n//\t- text/plain\n//\n//\tResponses:\n//\t 200: healthStatus\n//\t 503: healthNotReadyStatus\n//\t default: unexpectedError\nfunc (h *Handler) Ready(shareErrors bool) http.Handler {\n\treturn http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {\n\t\tvar notReady = swaggerNotReadyStatus{\n\t\t\tErrors: map[string]string{},\n\t\t}\n\n\t\tfor n, c := range h.ReadyChecks {\n\t\t\tif err := c(r); err != nil {\n\t\t\t\tif shareErrors {\n\t\t\t\t\tnotReady.Errors[n] = err.Error()\n\t\t\t\t} else {\n\t\t\t\t\tnotReady.Errors[n] = \"error may contain sensitive information and was obfuscated\"\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(notReady.Errors) > 0 {\n\t\t\th.H.WriteErrorCode(rw, r, http.StatusServiceUnavailable, ¬Ready)\n\t\t\treturn\n\t\t}\n\n\t\th.H.Write(rw, r, &swaggerHealthStatus{\n\t\t\tStatus: \"ok\",\n\t\t})\n\t})\n}\n\n// Version returns this service's versions.\n//\n// swagger:route GET /version version getVersion\n//\n// # Get service version\n//\n// This endpoint returns the service version typically notated using semantic versioning.\n//\n// If the service supports TLS Edge Termination, this endpoint does not require the\n// `X-Forwarded-Proto` header to be set.\n//\n// Be aware that if you are running multiple nodes of this service, the health status will never\n// refer to the cluster state, only to a single instance.\n//\n//\t Produces:\n//\t - application/json\n//\n//\t\t Responses:\n//\t\t\t\t200: version\nfunc (h *Handler) Version() http.Handler {\n\treturn http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {\n\t\th.H.Write(rw, r, &swaggerVersion{\n\t\t\tVersion: h.VersionString,\n\t\t})\n\t})\n}\n\n// WithMiddleware accepts a http.Handler to be run on the\n// route handlers\nfunc WithMiddleware(h func(http.Handler) http.Handler) Options {\n\treturn func(o *options) {\n\t\to.middleware = h\n\t}\n}\n" }, { "path": "oryx/healthx/openapi/patch.yaml", "content": "- op: replace\n path: /paths/~1health~1alive\n value:\n get:\n description: |-\n This endpoint returns a HTTP 200 status code when {{.ProjectHumanName}} is accepting incoming\n HTTP requests. This status does currently not include checks whether the database connection is working.\n\n If the service supports TLS Edge Termination, this endpoint does not require the\n `X-Forwarded-Proto` header to be set.\n\n Be aware that if you are running multiple nodes of this service, the health status will never\n refer to the cluster state, only to a single instance.\n operationId: isAlive\n responses:\n '200':\n content:\n application/json:\n schema:\n required:\n - status\n type: object\n properties:\n status:\n description: Always \"ok\".\n type: string\n description: '{{.ProjectHumanName}} is ready to accept connections.'\n default:\n content:\n text/plain:\n schema:\n type: string\n description: Unexpected error\n summary: Check HTTP Server Status\n tags: {{ .HealthPathTags | toJson }}\n- op: replace\n path: /paths/~1health~1ready\n value:\n get:\n operationId: isReady\n description: |-\n This endpoint returns a HTTP 200 status code when {{.ProjectHumanName}} is up running and the environment dependencies (e.g.\n the database) are responsive as well.\n\n If the service supports TLS Edge Termination, this endpoint does not require the\n `X-Forwarded-Proto` header to be set.\n\n Be aware that if you are running multiple nodes of {{.ProjectHumanName}}, the health status will never\n refer to the cluster state, only to a single instance.\n responses:\n '200':\n content:\n application/json:\n schema:\n required:\n - status\n type: object\n properties:\n status:\n description: Always \"ok\".\n type: string\n description: '{{.ProjectHumanName}} is ready to accept requests.'\n '503':\n content:\n application/json:\n schema:\n required:\n - errors\n properties:\n errors:\n additionalProperties:\n type: string\n description: Errors contains a list of errors that caused the not ready status.\n type: object\n type: object\n description: Ory Kratos is not yet ready to accept requests.\n default:\n content:\n text/plain:\n schema:\n type: string\n description: Unexpected error\n summary: Check HTTP Server and Database Status\n tags: {{ .HealthPathTags | toJson }}\n- op: replace\n path: /paths/~1version\n value:\n get:\n description: |-\n This endpoint returns the version of {{.ProjectHumanName}}.\n\n If the service supports TLS Edge Termination, this endpoint does not require the\n `X-Forwarded-Proto` header to be set.\n\n Be aware that if you are running multiple nodes of this service, the version will never\n refer to the cluster state, only to a single instance.\n operationId: getVersion\n responses:\n '200':\n content:\n application/json:\n schema:\n type: object\n required:\n - version\n properties:\n version:\n description: The version of {{.ProjectHumanName}}.\n type: string\n description: Returns the {{.ProjectHumanName}} version.\n summary: Return Running Software Version.\n tags: {{ .HealthPathTags | toJson }}\n" }, { "path": "oryx/httprouterx/router.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httprouterx\n\nimport (\n\t\"net/http\"\n\t\"path\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/ory/x/prometheusx\"\n)\n\nconst AdminPrefix = \"/admin\"\n\ntype (\n\trouter struct {\n\t\tmux *http.ServeMux\n\t\tprefix string\n\t\tmetrics *prometheusx.HTTPMetrics\n\t}\n\tRouterAdmin struct{ router }\n\tRouterPublic struct{ router }\n\n\tRouter interface {\n\t\thttp.Handler\n\t\tGET(route string, handle http.HandlerFunc)\n\t\tHEAD(route string, handle http.HandlerFunc)\n\t\tPOST(route string, handle http.HandlerFunc)\n\t\tPUT(route string, handle http.HandlerFunc)\n\t\tPATCH(route string, handle http.HandlerFunc)\n\t\tDELETE(route string, handle http.HandlerFunc)\n\t\tHandler(method, route string, handler http.Handler)\n\t}\n)\n\nfunc newRouter(metrics *prometheusx.HTTPMetrics) *router {\n\treturn &router{\n\t\tmux: http.NewServeMux(),\n\t\tmetrics: metrics,\n\t}\n}\n\n// NewRouter creates a new general purpose router. It should only be used when neither the admin nor the public router is applicable.\nfunc NewRouter(metrics *prometheusx.HTTPMetrics) Router { return newRouter(metrics) }\n\n// NewRouterAdmin creates a new admin router.\nfunc NewRouterAdmin(metrics *prometheusx.HTTPMetrics) *RouterAdmin {\n\treturn &RouterAdmin{router: *newRouter(metrics)}\n}\n\nfunc NewTestRouterAdmin(_ testing.TB) *RouterAdmin { return NewRouterAdmin(nil) }\nfunc NewTestRouterAdminWithPrefix(_ testing.TB) *RouterAdmin { return NewRouterAdminWithPrefix(nil) }\nfunc NewTestRouterPublic(_ testing.TB) *RouterPublic { return NewRouterPublic(nil) }\n\nfunc (r *RouterAdmin) ToPublic() *RouterPublic {\n\treturn &RouterPublic{router: router{\n\t\tmux: r.mux,\n\t\tmetrics: r.metrics,\n\t\tprefix: \"\", // do not copy the admin prefix\n\t}}\n}\n\n// NewRouterPublic returns a public router.\nfunc NewRouterPublic(metrics *prometheusx.HTTPMetrics) *RouterPublic {\n\treturn &RouterPublic{router: *newRouter(metrics)}\n}\n\n// NewRouterAdminWithPrefix creates a new router with the admin prefix.\nfunc NewRouterAdminWithPrefix(metricsManager *prometheusx.HTTPMetrics) *RouterAdmin {\n\tr := NewRouterAdmin(metricsManager)\n\tr.prefix = AdminPrefix\n\treturn r\n}\n\nfunc (r *router) GET(route string, handle http.HandlerFunc) {\n\tr.handle(http.MethodGet, route, handle)\n}\n\nfunc (r *router) HEAD(route string, handle http.HandlerFunc) {\n\tr.handle(http.MethodHead, route, handle)\n}\n\nfunc (r *router) POST(route string, handle http.HandlerFunc) {\n\tr.handle(http.MethodPost, route, handle)\n}\n\nfunc (r *router) PUT(route string, handle http.HandlerFunc) {\n\tr.handle(http.MethodPut, route, handle)\n}\n\nfunc (r *router) PATCH(route string, handle http.HandlerFunc) {\n\tr.handle(http.MethodPatch, route, handle)\n}\n\nfunc (r *router) DELETE(route string, handle http.HandlerFunc) {\n\tr.handle(http.MethodDelete, route, handle)\n}\n\nfunc (r *router) Handler(method, route string, handler http.Handler) {\n\tr.handle(method, route, handler)\n}\n\nfunc (r *router) handle(method string, route string, handler http.Handler) {\n\troute = path.Join(r.prefix, route)\n\tif r.metrics != nil {\n\t\thandler = r.metrics.Instrument(handler, prometheusx.GetLabelForPattern(route))\n\t}\n\tr.mux.Handle(method+\" \"+route, handler)\n}\n\nfunc (r *router) ServeHTTP(w http.ResponseWriter, req *http.Request) { r.mux.ServeHTTP(w, req) }\n\nfunc TrimTrailingSlashNegroni(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tr.URL.Path = strings.TrimSuffix(r.URL.Path, \"/\")\n\n\tnext(rw, r)\n}\n\nfunc NoCacheNegroni(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tif r.Method == \"GET\" {\n\t\trw.Header().Set(\"Cache-Control\", \"private, no-cache, no-store, must-revalidate\")\n\t}\n\n\tnext(rw, r)\n}\n\nfunc AddAdminPrefixIfNotPresentNegroni(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tif !strings.HasPrefix(r.URL.Path, AdminPrefix) {\n\t\tr.URL.Path = path.Join(AdminPrefix, r.URL.Path)\n\t}\n\n\tnext(rw, r)\n}\n" }, { "path": "oryx/httpx/assert.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"net/http\"\n)\n\nfunc GetResponseMeta(w http.ResponseWriter) (status, size int) {\n\tswitch t := w.(type) {\n\tcase interface{ Status() int }:\n\t\tstatus = t.Status()\n\t}\n\n\tswitch t := w.(type) {\n\tcase interface{ Size() int }:\n\t\tsize = t.Size()\n\tcase interface{ Written() int64 }:\n\t\tsize = int(t.Written())\n\t}\n\n\treturn\n}\n" }, { "path": "oryx/httpx/chan_handler.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport \"net/http\"\n\ntype chanHandler <-chan http.HandlerFunc\n\nvar _ http.Handler = chanHandler(nil)\n\nfunc (c chanHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {\n\t(<-c)(w, r)\n}\n\n// NewChanHandler returns a new handler and corresponding channel for sending handler funcs.\n// Useful for testing. The argument buf specifies the channel capacity, so pass 0 for a sync handler.\nfunc NewChanHandler(buf int) (http.Handler, chan<- http.HandlerFunc) {\n\tc := make(chan http.HandlerFunc, buf)\n\treturn chanHandler(c), c\n}\n" }, { "path": "oryx/httpx/client_info.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"net\"\n\t\"net/http\"\n\t\"strconv\"\n\t\"strings\"\n)\n\ntype GeoLocation struct {\n\tCity string\n\tRegion string\n\tCountry string\n\tLatitude *float64\n\tLongitude *float64\n}\n\nfunc GetClientIPAddressesWithoutInternalIPs(ipAddresses []string) (string, error) {\n\tvar res string\n\n\tfor i := len(ipAddresses) - 1; i >= 0; i-- {\n\t\tip := strings.TrimSpace(ipAddresses[i])\n\n\t\tif !net.ParseIP(ip).IsPrivate() {\n\t\t\tres = ip\n\t\t\tbreak\n\t\t}\n\t}\n\n\treturn res, nil\n}\n\nfunc ClientIP(r *http.Request) string {\n\tif trueClientIP := r.Header.Get(\"True-Client-IP\"); trueClientIP != \"\" {\n\t\treturn trueClientIP\n\t} else if cfConnectingIP := r.Header.Get(\"Cf-Connecting-IP\"); cfConnectingIP != \"\" {\n\t\treturn cfConnectingIP\n\t} else if realClientIP := r.Header.Get(\"X-Real-IP\"); realClientIP != \"\" {\n\t\treturn realClientIP\n\t} else if forwardedIP := r.Header.Get(\"X-Forwarded-For\"); forwardedIP != \"\" {\n\t\tip, _ := GetClientIPAddressesWithoutInternalIPs(strings.Split(forwardedIP, \",\"))\n\t\treturn ip\n\t} else {\n\t\treturn r.RemoteAddr\n\t}\n}\n\nfunc parseFloatHeaderValue(headerValue string) *float64 {\n\tif headerValue == \"\" {\n\t\treturn nil\n\t}\n\n\tval, err := strconv.ParseFloat(headerValue, 64)\n\tif err != nil {\n\t\treturn nil\n\t}\n\n\treturn &val\n}\n\nfunc ClientGeoLocation(r *http.Request) *GeoLocation {\n\treturn &GeoLocation{\n\t\tCity: r.Header.Get(\"Cf-Ipcity\"),\n\t\tRegion: r.Header.Get(\"Cf-Region-Code\"),\n\t\tCountry: r.Header.Get(\"Cf-Ipcountry\"),\n\t\tLongitude: parseFloatHeaderValue(r.Header.Get(\"Cf-Iplongitude\")),\n\t\tLatitude: parseFloatHeaderValue(r.Header.Get(\"Cf-Iplatitude\")),\n\t}\n}\n" }, { "path": "oryx/httpx/content_type.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"mime\"\n\t\"net/http\"\n\t\"slices\"\n\t\"strings\"\n)\n\n// HasContentType determines whether the request `content-type` includes a\n// server-acceptable mime-type\n//\n// Failure should yield an HTTP 415 (`http.StatusUnsupportedMediaType`)\nfunc HasContentType(r *http.Request, mimetypes ...string) bool {\n\tcontentType := r.Header.Get(\"Content-Type\")\n\tif contentType == \"\" {\n\t\treturn slices.Contains(mimetypes, \"application/octet-stream\")\n\t}\n\n\tmediaType, _, err := mime.ParseMediaType(strings.TrimSpace(contentType))\n\tif err != nil {\n\t\treturn false\n\t}\n\treturn slices.Contains(mimetypes, mediaType)\n}\n" }, { "path": "oryx/httpx/gzip_server.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"compress/gzip\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"strings\"\n)\n\ntype CompressionRequestReader struct {\n\tErrHandler func(w http.ResponseWriter, r *http.Request, err error)\n}\n\nfunc defaultCompressionErrorHandler(w http.ResponseWriter, r *http.Request, err error) {\n\thttp.Error(w, err.Error(), http.StatusBadRequest)\n}\n\nfunc NewCompressionRequestReader(eh func(w http.ResponseWriter, r *http.Request, err error)) *CompressionRequestReader {\n\tif eh == nil {\n\t\teh = defaultCompressionErrorHandler\n\t}\n\n\treturn &CompressionRequestReader{\n\t\tErrHandler: eh,\n\t}\n}\n\nfunc (c *CompressionRequestReader) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tfor _, enc := range strings.Split(r.Header.Get(\"Content-Encoding\"), \",\") {\n\t\tswitch enc = strings.TrimSpace(enc); enc {\n\t\tcase \"gzip\":\n\t\t\treader, err := gzip.NewReader(r.Body)\n\t\t\tif err != nil {\n\t\t\t\tc.ErrHandler(w, r, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tr.Body = io.NopCloser(reader)\n\t\tcase \"identity\", \"\":\n\t\t\t// nothing to do\n\t\tdefault:\n\t\t\tc.ErrHandler(w, r, fmt.Errorf(\"%s content encoding not supported\", enc))\n\t\t}\n\t}\n\n\tnext(w, r)\n}\n" }, { "path": "oryx/httpx/private_ip_validator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"fmt\"\n\t\"net\"\n\t\"net/netip\"\n\t\"net/url\"\n\n\t\"code.dny.dev/ssrf\"\n\t\"github.com/pkg/errors\"\n)\n\n// ErrPrivateIPAddressDisallowed is returned when a private IP address is disallowed.\ntype ErrPrivateIPAddressDisallowed error\n\n// DisallowIPPrivateAddresses returns nil for a domain (with NS lookup), IP, or IPv6 address if it\n// does not resolve to a private IP subnet. This is a first level of defense against\n// SSRF attacks by disallowing any domain or IP to resolve to a private network range.\n//\n// Please keep in mind that validations for domains is valid only when looking up.\n// A malicious actor could easily update the DSN record post validation to point\n// to an internal IP\nfunc DisallowIPPrivateAddresses(ipOrHostnameOrURL string) error {\n\tlookup := func(hostname string) ([]net.IP, error) {\n\t\tlookup, err := net.LookupIP(hostname)\n\t\tif err != nil {\n\t\t\tif dnsErr := new(net.DNSError); errors.As(err, &dnsErr) && (dnsErr.IsNotFound || dnsErr.IsTemporary) {\n\t\t\t\t// If the hostname does not resolve, we can't validate it. So yeah,\n\t\t\t\t// I guess we're allowing it.\n\t\t\t\treturn nil, nil\n\t\t\t}\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\treturn lookup, nil\n\t}\n\n\tvar ips []net.IP\n\tip := net.ParseIP(ipOrHostnameOrURL)\n\tif ip == nil {\n\t\tif result, err := lookup(ipOrHostnameOrURL); err != nil {\n\t\t\treturn err\n\t\t} else if result != nil {\n\t\t\tips = append(ips, result...)\n\t\t}\n\n\t\tif parsed, err := url.Parse(ipOrHostnameOrURL); err == nil {\n\t\t\tif result, err := lookup(parsed.Hostname()); err != nil {\n\t\t\t\treturn err\n\t\t\t} else if result != nil {\n\t\t\t\tips = append(ips, result...)\n\t\t\t}\n\t\t}\n\t} else {\n\t\tips = append(ips, ip)\n\t}\n\n\tfor _, ip := range ips {\n\t\tip, err := netip.ParseAddr(ip.String())\n\t\tif err != nil {\n\t\t\treturn ErrPrivateIPAddressDisallowed(errors.WithStack(err)) // should be unreacheable\n\t\t}\n\n\t\tif ip.Is4() {\n\t\t\tfor _, deny := range ssrf.IPv4DeniedPrefixes {\n\t\t\t\tif deny.Contains(ip) {\n\t\t\t\t\treturn ErrPrivateIPAddressDisallowed(fmt.Errorf(\"%s is not a public IP address\", ip))\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tif !ssrf.IPv6GlobalUnicast.Contains(ip) {\n\t\t\t\treturn ErrPrivateIPAddressDisallowed(fmt.Errorf(\"%s is not a public IP address\", ip))\n\t\t\t}\n\t\t\tfor _, net := range ssrf.IPv6DeniedPrefixes {\n\t\t\t\tif net.Contains(ip) {\n\t\t\t\t\treturn ErrPrivateIPAddressDisallowed(fmt.Errorf(\"%s is not a public IP address\", ip))\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "oryx/httpx/request.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n)\n\n// NewRequestJSON returns a new JSON *http.Request.\nfunc NewRequestJSON(method, url string, data interface{}) (*http.Request, error) {\n\tvar b bytes.Buffer\n\tif err := json.NewEncoder(&b).Encode(data); err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\treq, err := http.NewRequest(method, url, &b)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\treq.Header.Set(\"Content-Type\", \"application/json\")\n\treturn req, nil\n}\n\n// NewRequestForm returns a new POST Form *http.Request.\nfunc NewRequestForm(method, url string, data url.Values) (*http.Request, error) {\n\treq, err := http.NewRequest(method, url, strings.NewReader(data.Encode()))\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\treq.Header.Set(\"Content-Type\", \"application/x-www-form-urlencoded\")\n\treturn req, nil\n}\n\n// MustNewRequest returns a new *http.Request or fatals.\nfunc MustNewRequest(method, url string, body io.Reader, contentType string) *http.Request {\n\treq, err := http.NewRequest(method, url, body)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\tif contentType != \"\" {\n\t\treq.Header.Set(\"Content-Type\", contentType)\n\t}\n\treturn req\n}\n" }, { "path": "oryx/httpx/resilient_client.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"context\"\n\t\"io\"\n\t\"log\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/hashicorp/go-retryablehttp\"\n\t\"golang.org/x/oauth2\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/x/logrusx\"\n)\n\ntype resilientOptions struct {\n\tc *http.Client\n\tl interface{}\n\tretryWaitMin time.Duration\n\tretryWaitMax time.Duration\n\tretryMax int\n\tnoInternalIPs bool\n\tinternalIPExceptions []string\n}\n\nfunc newResilientOptions() *resilientOptions {\n\treturn &resilientOptions{\n\t\tc: &http.Client{Timeout: time.Minute},\n\t\tretryWaitMin: 1 * time.Second,\n\t\tretryWaitMax: 30 * time.Second,\n\t\tretryMax: 4,\n\t\tl: log.New(io.Discard, \"\", log.LstdFlags),\n\t}\n}\n\n// ResilientOptions is a set of options for the ResilientClient.\ntype ResilientOptions func(o *resilientOptions)\n\n// ResilientClientWithMaxRetry sets the maximum number of retries.\nfunc ResilientClientWithMaxRetry(retryMax int) ResilientOptions {\n\treturn func(o *resilientOptions) { o.retryMax = retryMax }\n}\n\n// ResilientClientWithMinxRetryWait sets the minimum wait time between retries.\nfunc ResilientClientWithMinxRetryWait(retryWaitMin time.Duration) ResilientOptions {\n\treturn func(o *resilientOptions) { o.retryWaitMin = retryWaitMin }\n}\n\n// ResilientClientWithMaxRetryWait sets the maximum wait time for a retry.\nfunc ResilientClientWithMaxRetryWait(retryWaitMax time.Duration) ResilientOptions {\n\treturn func(o *resilientOptions) { o.retryWaitMax = retryWaitMax }\n}\n\n// ResilientClientWithConnectionTimeout sets the connection timeout for the client.\nfunc ResilientClientWithConnectionTimeout(connTimeout time.Duration) ResilientOptions {\n\treturn func(o *resilientOptions) { o.c.Timeout = connTimeout }\n}\n\n// ResilientClientWithLogger sets the logger to be used by the client.\nfunc ResilientClientWithLogger(l *logrusx.Logger) ResilientOptions {\n\treturn func(o *resilientOptions) { o.l = l }\n}\n\n// ResilientClientDisallowInternalIPs disallows internal IPs from being used.\nfunc ResilientClientDisallowInternalIPs() ResilientOptions {\n\treturn func(o *resilientOptions) { o.noInternalIPs = true }\n}\n\n// ResilientClientAllowInternalIPRequestsTo allows requests to the glob-matching URLs even\n// if they are internal IPs.\nfunc ResilientClientAllowInternalIPRequestsTo(urlGlobs ...string) ResilientOptions {\n\treturn func(o *resilientOptions) { o.internalIPExceptions = urlGlobs }\n}\n\n// NewResilientClient creates a new ResilientClient.\nfunc NewResilientClient(opts ...ResilientOptions) *retryablehttp.Client {\n\to := newResilientOptions()\n\tfor _, f := range opts {\n\t\tf(o)\n\t}\n\n\tif o.noInternalIPs {\n\t\to.c.Transport = &noInternalIPRoundTripper{\n\t\t\tonWhitelist: allowInternalAllowIPv6,\n\t\t\tnotOnWhitelist: prohibitInternalAllowIPv6,\n\t\t\tinternalIPExceptions: o.internalIPExceptions,\n\t\t}\n\t} else {\n\t\to.c.Transport = allowInternalAllowIPv6\n\t}\n\n\tcl := retryablehttp.NewClient()\n\tcl.HTTPClient = o.c\n\tcl.Logger = o.l\n\tcl.RetryWaitMin = o.retryWaitMin\n\tcl.RetryWaitMax = o.retryWaitMax\n\tcl.RetryMax = o.retryMax\n\tcl.CheckRetry = retryablehttp.DefaultRetryPolicy\n\tcl.Backoff = retryablehttp.DefaultBackoff\n\treturn cl\n}\n\n// SetOAuth2 modifies the given client to enable OAuth2 authentication. Requests\n// with the client should always use the returned context.\n//\n//\tclient := http.NewResilientClient(opts...)\n//\tctx, client = httpx.SetOAuth2(ctx, client, oauth2Config, oauth2Token)\n//\treq, err := retryablehttp.NewRequestWithContext(ctx, ...)\n//\tif err != nil { /* ... */ }\n//\tres, err := client.Do(req)\nfunc SetOAuth2(ctx context.Context, cl *retryablehttp.Client, c OAuth2Config, t *oauth2.Token) (context.Context, *retryablehttp.Client) {\n\tctx = context.WithValue(ctx, oauth2.HTTPClient, cl.HTTPClient)\n\tcl.HTTPClient = c.Client(ctx, t)\n\treturn ctx, cl\n}\n\ntype (\n\tOAuth2Config interface {\n\t\tClient(context.Context, *oauth2.Token) *http.Client\n\t}\n\tClientProvider interface {\n\t\tHTTPClient(ctx context.Context, opts ...ResilientOptions) *retryablehttp.Client\n\t}\n\tWriterProvider interface {\n\t\tWriter() herodot.Writer\n\t}\n)\n" }, { "path": "oryx/httpx/ssrf.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"context\"\n\t\"net\"\n\t\"net/http\"\n\t\"net/http/httptrace\"\n\t\"net/netip\"\n\t\"time\"\n\n\t\"code.dny.dev/ssrf\"\n\t\"github.com/gobwas/glob\"\n\t\"go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace\"\n\t\"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n\nvar _ http.RoundTripper = (*noInternalIPRoundTripper)(nil)\n\ntype noInternalIPRoundTripper struct {\n\tonWhitelist, notOnWhitelist http.RoundTripper\n\tinternalIPExceptions []string\n}\n\n// RoundTrip implements http.RoundTripper.\nfunc (n noInternalIPRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {\n\tincoming := IncomingRequestURL(request)\n\tincoming.RawQuery = \"\"\n\tincoming.RawFragment = \"\"\n\tfor _, exception := range n.internalIPExceptions {\n\t\tcompiled, err := glob.Compile(exception, '.', '/')\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tif compiled.Match(incoming.String()) {\n\t\t\treturn n.onWhitelist.RoundTrip(request)\n\t\t}\n\t}\n\n\treturn n.notOnWhitelist.RoundTrip(request)\n}\n\nvar (\n\tprohibitInternalAllowIPv6 http.RoundTripper\n\tallowInternalAllowIPv6 http.RoundTripper\n)\n\nfunc init() {\n\tt, d := newDefaultTransport()\n\td.Control = ssrf.New(\n\t\tssrf.WithAnyPort(),\n\t\tssrf.WithNetworks(\"tcp4\", \"tcp6\"),\n\t).Safe\n\tprohibitInternalAllowIPv6 = OTELTraceTransport(t)\n}\n\nfunc init() {\n\tt, d := newDefaultTransport()\n\td.Control = ssrf.New(\n\t\tssrf.WithAnyPort(),\n\t\tssrf.WithNetworks(\"tcp4\"),\n\t).Safe\n\tt.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {\n\t\treturn d.DialContext(ctx, \"tcp4\", addr)\n\t}\n}\n\nfunc init() {\n\tt, d := newDefaultTransport()\n\td.Control = ssrf.New(\n\t\tssrf.WithAnyPort(),\n\t\tssrf.WithNetworks(\"tcp4\", \"tcp6\"),\n\t\tssrf.WithAllowedV4Prefixes(\n\t\t\tnetip.MustParsePrefix(\"10.0.0.0/8\"), // Private-Use (RFC 1918)\n\t\t\tnetip.MustParsePrefix(\"127.0.0.0/8\"), // Loopback (RFC 1122, Section 3.2.1.3))\n\t\t\tnetip.MustParsePrefix(\"169.254.0.0/16\"), // Link Local (RFC 3927)\n\t\t\tnetip.MustParsePrefix(\"172.16.0.0/12\"), // Private-Use (RFC 1918)\n\t\t\tnetip.MustParsePrefix(\"192.168.0.0/16\"), // Private-Use (RFC 1918)\n\t\t),\n\t\tssrf.WithAllowedV6Prefixes(\n\t\t\tnetip.MustParsePrefix(\"::1/128\"), // Loopback (RFC 4193)\n\t\t\tnetip.MustParsePrefix(\"fc00::/7\"), // Unique Local (RFC 4193)\n\t\t),\n\t).Safe\n\tallowInternalAllowIPv6 = OTELTraceTransport(t)\n}\n\nfunc init() {\n\tt, d := newDefaultTransport()\n\td.Control = ssrf.New(\n\t\tssrf.WithAnyPort(),\n\t\tssrf.WithNetworks(\"tcp4\"),\n\t\tssrf.WithAllowedV4Prefixes(\n\t\t\tnetip.MustParsePrefix(\"10.0.0.0/8\"), // Private-Use (RFC 1918)\n\t\t\tnetip.MustParsePrefix(\"127.0.0.0/8\"), // Loopback (RFC 1122, Section 3.2.1.3))\n\t\t\tnetip.MustParsePrefix(\"169.254.0.0/16\"), // Link Local (RFC 3927)\n\t\t\tnetip.MustParsePrefix(\"172.16.0.0/12\"), // Private-Use (RFC 1918)\n\t\t\tnetip.MustParsePrefix(\"192.168.0.0/16\"), // Private-Use (RFC 1918)\n\t\t),\n\t\tssrf.WithAllowedV6Prefixes(\n\t\t\tnetip.MustParsePrefix(\"::1/128\"), // Loopback (RFC 4193)\n\t\t\tnetip.MustParsePrefix(\"fc00::/7\"), // Unique Local (RFC 4193)\n\t\t),\n\t).Safe\n\tt.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {\n\t\treturn d.DialContext(ctx, \"tcp4\", addr)\n\t}\n}\n\nfunc newDefaultTransport() (*http.Transport, *net.Dialer) {\n\tdialer := net.Dialer{\n\t\tTimeout: 30 * time.Second,\n\t\tKeepAlive: 30 * time.Second,\n\t}\n\treturn &http.Transport{\n\t\tProxy: http.ProxyFromEnvironment,\n\t\tDialContext: dialer.DialContext,\n\t\tForceAttemptHTTP2: true,\n\t\tMaxIdleConns: 100,\n\t\tIdleConnTimeout: 90 * time.Second,\n\t\tTLSHandshakeTimeout: 10 * time.Second,\n\t\tExpectContinueTimeout: 1 * time.Second,\n\t}, &dialer\n}\n\n// OTELTraceTransport wraps the given http.Transport with OpenTelemetry instrumentation.\nfunc OTELTraceTransport(t *http.Transport) http.RoundTripper {\n\treturn otelhttp.NewTransport(t, otelhttp.WithClientTrace(func(ctx context.Context) *httptrace.ClientTrace {\n\t\treturn otelhttptrace.NewClientTrace(ctx, otelhttptrace.WithoutHeaders(), otelhttptrace.WithoutSubSpans())\n\t}))\n}\n" }, { "path": "oryx/httpx/transports.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport \"net/http\"\n\n// WrapTransportWithHeader wraps a http.Transport to always use the values from the given header.\nfunc WrapTransportWithHeader(parent http.RoundTripper, h http.Header) *TransportWithHeader {\n\treturn &TransportWithHeader{\n\t\tRoundTripper: parent,\n\t\th: h,\n\t}\n}\n\n// NewTransportWithHeader returns a new http.Transport that always uses the values from the given header.\nfunc NewTransportWithHeader(h http.Header) *TransportWithHeader {\n\treturn &TransportWithHeader{\n\t\tRoundTripper: http.DefaultTransport,\n\t\th: h,\n\t}\n}\n\n// TransportWithHeader is an http.RoundTripper that always uses the values from the given header.\ntype TransportWithHeader struct {\n\thttp.RoundTripper\n\th http.Header\n}\n\n// RoundTrip implements http.RoundTripper.\nfunc (ct *TransportWithHeader) RoundTrip(req *http.Request) (*http.Response, error) {\n\tfor k := range ct.h {\n\t\treq.Header.Set(k, ct.h.Get(k))\n\t}\n\treturn ct.RoundTripper.RoundTrip(req)\n}\n\n// NewTransportWithHost returns a new http.Transport that always uses the given host.\nfunc NewTransportWithHost(host string) *TransportWithHost {\n\treturn &TransportWithHost{\n\t\tRoundTripper: http.DefaultTransport,\n\t\thost: host,\n\t}\n}\n\n// WrapRoundTripperWithHost wraps a http.RoundTripper that always uses the given host.\nfunc WrapRoundTripperWithHost(parent http.RoundTripper, host string) *TransportWithHost {\n\treturn &TransportWithHost{\n\t\tRoundTripper: parent,\n\t\thost: host,\n\t}\n}\n\n// TransportWithHost is an http.RoundTripper that always uses the given host.\ntype TransportWithHost struct {\n\thttp.RoundTripper\n\thost string\n}\n\n// RoundTrip implements http.RoundTripper.\nfunc (ct *TransportWithHost) RoundTrip(req *http.Request) (*http.Response, error) {\n\treq.Host = ct.host\n\treturn ct.RoundTripper.RoundTrip(req)\n}\n" }, { "path": "oryx/httpx/url.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"cmp\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\n// IncomingRequestURL returns the URL of the incoming HTTP request by looking at the host, TLS, and X-Forwarded-* headers.\nfunc IncomingRequestURL(r *http.Request) *url.URL {\n\tsource := *r.URL\n\tsource.Host = cmp.Or(source.Host, r.Header.Get(\"X-Forwarded-Host\"), r.Host)\n\n\tif proto := r.Header.Get(\"X-Forwarded-Proto\"); len(proto) > 0 {\n\t\tsource.Scheme = proto\n\t}\n\n\tif source.Scheme == \"\" {\n\t\tsource.Scheme = \"https\"\n\t\tif r.TLS == nil {\n\t\t\tsource.Scheme = \"http\"\n\t\t}\n\t}\n\n\treturn &source\n}\n" }, { "path": "oryx/httpx/wait_for.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage httpx\n\nimport (\n\t\"context\"\n\t\"io\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/avast/retry-go/v4\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/tidwall/gjson\"\n)\n\n// WaitForEndpoint waits for the endpoint to be available.\nfunc WaitForEndpoint(ctx context.Context, endpoint string, opts ...retry.Option) error {\n\treturn WaitForEndpointWithClient(ctx, http.DefaultClient, endpoint, opts...)\n}\n\n// WaitForEndpointWithClient waits for the endpoint to be available while using the given http.Client.\nfunc WaitForEndpointWithClient(ctx context.Context, client *http.Client, endpoint string, opts ...retry.Option) error {\n\treturn retry.Do(func() error {\n\t\treq, err := http.NewRequestWithContext(ctx, \"GET\", endpoint, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tres, err := client.Do(req)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefer res.Body.Close()\n\n\t\tbody, err := io.ReadAll(res.Body)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif gjson.GetBytes(body, \"status\").String() != \"ok\" {\n\t\t\treturn errors.Errorf(\"status is not yet ok: %s\", body)\n\t\t}\n\n\t\treturn nil\n\t},\n\t\tappend([]retry.Option{\n\t\t\tretry.DelayType(retry.BackOffDelay),\n\t\t\tretry.Delay(time.Second),\n\t\t\tretry.MaxDelay(time.Second * 2),\n\t\t\tretry.Attempts(20),\n\t\t}, opts...)...)\n}\n" }, { "path": "oryx/ioutilx/pkger.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage ioutilx\n\nimport (\n\t\"io\"\n)\n\n// MustReadAll reads a reader or panics.\nfunc MustReadAll(r io.Reader) []byte {\n\tall, err := io.ReadAll(r)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\treturn all\n}\n" }, { "path": "oryx/ipx/cidr.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage ipx\n\nimport (\n\t\"iter\"\n\t\"net/netip\"\n)\n\nfunc Hosts(prefix netip.Prefix) iter.Seq[netip.Addr] {\n\tprefix = prefix.Masked()\n\treturn func(yield func(netip.Addr) bool) {\n\t\tif !prefix.IsValid() {\n\t\t\treturn\n\t\t}\n\t\tfor addr := prefix.Addr().Next(); prefix.Contains(addr); addr = addr.Next() {\n\t\t\tif !yield(addr) {\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "oryx/ipx/ip_validator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage ipx\n\nimport (\n\t\"context\"\n\t\"net\"\n\t\"net/url\"\n\t\"time\"\n\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/pkg/errors\"\n)\n\n// IsAssociatedIPAllowedWhenSet is a wrapper for IsAssociatedIPAllowed which returns valid\n// when ipOrHostnameOrURL is empty.\nfunc IsAssociatedIPAllowedWhenSet(ipOrHostnameOrURL string) error {\n\tif ipOrHostnameOrURL == \"\" {\n\t\treturn nil\n\t}\n\treturn IsAssociatedIPAllowed(ipOrHostnameOrURL)\n}\n\n// AreAllAssociatedIPsAllowed fails if one of the pairs is failing.\nfunc AreAllAssociatedIPsAllowed(pairs map[string]string) error {\n\tg := new(errgroup.Group)\n\tfor key, ipOrHostnameOrURL := range pairs {\n\t\tkey := key\n\t\tipOrHostnameOrURL := ipOrHostnameOrURL\n\t\tg.Go(func() error {\n\t\t\treturn errors.Wrapf(IsAssociatedIPAllowed(ipOrHostnameOrURL), \"key %s validation is failing\", key)\n\t\t})\n\t}\n\treturn g.Wait()\n}\n\n// IsAssociatedIPAllowed returns nil for a domain (with NS lookup), IP, or IPv6 address if it\n// does not resolve to a private IP subnet. This is a first level of defense against\n// SSRF attacks by disallowing any domain or IP to resolve to a private network range.\n//\n// Please keep in mind that validations for domains is valid only when looking up.\n// A malicious actor could easily update the DSN record post validation to point\n// to an internal IP\nfunc IsAssociatedIPAllowed(ipOrHostnameOrURL string) error {\n\tlookup := func(hostname string) []net.IP {\n\t\tctx, cancel := context.WithTimeoutCause(context.Background(), 2*time.Second, errors.Errorf(\"failed to resolve %s within 2s\", ipOrHostnameOrURL))\n\t\tdefer cancel()\n\n\t\tlookup, err := net.DefaultResolver.LookupIPAddr(ctx, hostname)\n\t\tif err != nil {\n\t\t\treturn nil\n\t\t}\n\t\tips := make([]net.IP, len(lookup))\n\t\tfor i, ip := range lookup {\n\t\t\tips[i] = ip.IP\n\t\t}\n\t\treturn ips\n\t}\n\n\tvar ips []net.IP\n\tip := net.ParseIP(ipOrHostnameOrURL)\n\tif ip == nil {\n\t\tif result := lookup(ipOrHostnameOrURL); result != nil {\n\t\t\tips = append(ips, result...)\n\t\t}\n\n\t\tif parsed, err := url.Parse(ipOrHostnameOrURL); err == nil {\n\t\t\tif result := lookup(parsed.Hostname()); result != nil {\n\t\t\t\tips = append(ips, result...)\n\t\t\t}\n\t\t}\n\t} else {\n\t\tips = append(ips, ip)\n\t}\n\n\tfor _, disabled := range []string{\n\t\t\"127.0.0.0/8\",\n\t\t\"10.0.0.0/8\",\n\t\t\"172.16.0.0/12\",\n\t\t\"192.168.0.0/16\",\n\t\t\"fd47:1ed0:805d:59f0::/64\",\n\t\t\"fc00::/7\",\n\t\t\"::1/128\",\n\t} {\n\t\t_, cidr, err := net.ParseCIDR(disabled)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tfor _, ip := range ips {\n\t\t\tif cidr.Contains(ip) {\n\t\t\t\treturn errors.Errorf(\"ip %s is in the %s range\", ip, disabled)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "oryx/josex/encoding.go", "content": "/*-\n * Copyright 2019 Square Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\npackage josex\n\nimport \"io\"\n\n// Base64Reader wraps an input stream consisting of either standard or url-safe\n// base64 data, and maps it to a raw (unpadded) standard encoding. This can be used\n// to read any base64-encoded data as input, whether padded, unpadded, standard or\n// url-safe.\ntype Base64Reader struct {\n\tIn io.Reader\n}\n\nfunc (r Base64Reader) Read(p []byte) (n int, err error) {\n\tn, err = r.In.Read(p)\n\tif err != nil {\n\t\treturn\n\t}\n\n\tfor i := range n {\n\t\tswitch p[i] {\n\t\t// Map - to +\n\t\tcase 0x2D:\n\t\t\tp[i] = 0x2B\n\t\t// Map _ to /\n\t\tcase 0x5F:\n\t\t\tp[i] = 0x2F\n\t\t// Strip =\n\t\tcase 0x3D:\n\t\t\tn = i\n\t\tdefault:\n\t\t}\n\t}\n\n\tif n == 0 {\n\t\terr = io.EOF\n\t}\n\n\treturn\n}\n" }, { "path": "oryx/josex/generate.go", "content": "/*-\n * Copyright 2019 Square Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\npackage josex\n\nimport (\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/elliptic\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/go-jose/go-jose/v3\"\n)\n\n// NewSigningKey generates a keypair for corresponding SignatureAlgorithm.\nfunc NewSigningKey(alg jose.SignatureAlgorithm, bits int) (crypto.PublicKey, crypto.PrivateKey, error) {\n\tswitch alg {\n\tcase jose.ES256, jose.ES384, jose.ES512, jose.EdDSA:\n\t\tkeylen := map[jose.SignatureAlgorithm]int{\n\t\t\tjose.ES256: 256,\n\t\t\tjose.ES384: 384,\n\t\t\tjose.ES512: 521, // sic!\n\t\t\tjose.EdDSA: 256,\n\t\t}\n\t\tif bits != 0 && bits != keylen[alg] {\n\t\t\treturn nil, nil, errors.New(\"invalid elliptic curve key size, this algorithm does not support arbitrary size\")\n\t\t}\n\tcase jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512:\n\t\tif bits == 0 {\n\t\t\tbits = 2048\n\t\t}\n\t\tif bits < 2048 {\n\t\t\treturn nil, nil, errors.New(\"invalid key size for RSA key, 2048 or more is required\")\n\t\t}\n\t}\n\tswitch alg {\n\tcase jose.ES256:\n\t\tkey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)\n\t\tif err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\t\treturn key.Public(), key, err\n\tcase jose.ES384:\n\t\tkey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)\n\t\tif err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\t\treturn key.Public(), key, err\n\tcase jose.ES512:\n\t\tkey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)\n\t\tif err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\t\treturn key.Public(), key, err\n\tcase jose.EdDSA:\n\t\tpub, key, err := ed25519.GenerateKey(rand.Reader)\n\t\treturn pub, key, err\n\tcase jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512:\n\t\tkey, err := rsa.GenerateKey(rand.Reader, bits)\n\t\tif err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\t\treturn key.Public(), key, err\n\tdefault:\n\t\treturn nil, nil, fmt.Errorf(\"unknown algorithm %s for signing key\", alg)\n\t}\n}\n\n// NewEncryptionKey generates a keypair for corresponding KeyAlgorithm.\nfunc NewEncryptionKey(alg jose.KeyAlgorithm, bits int) (crypto.PublicKey, crypto.PrivateKey, error) {\n\tswitch alg {\n\tcase jose.RSA1_5, jose.RSA_OAEP, jose.RSA_OAEP_256:\n\t\tif bits == 0 {\n\t\t\tbits = 2048\n\t\t}\n\t\tif bits < 2048 {\n\t\t\treturn nil, nil, errors.New(\"invalid key size for RSA key, 2048 or more is required\")\n\t\t}\n\t\tkey, err := rsa.GenerateKey(rand.Reader, bits)\n\t\tif err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\t\treturn key.Public(), key, err\n\tcase jose.ECDH_ES, jose.ECDH_ES_A128KW, jose.ECDH_ES_A192KW, jose.ECDH_ES_A256KW:\n\t\tvar crv elliptic.Curve\n\t\tswitch bits {\n\t\tcase 0, 256:\n\t\t\tcrv = elliptic.P256()\n\t\tcase 384:\n\t\t\tcrv = elliptic.P384()\n\t\tcase 521:\n\t\t\tcrv = elliptic.P521()\n\t\tdefault:\n\t\t\treturn nil, nil, errors.New(\"invalid elliptic curve key size, use one of 256, 384, or 521\")\n\t\t}\n\t\tkey, err := ecdsa.GenerateKey(crv, rand.Reader)\n\t\tif err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\t\treturn key.Public(), key, err\n\tdefault:\n\t\treturn nil, nil, fmt.Errorf(\"unknown algorithm %s for encryption key\", alg)\n\t}\n}\n" }, { "path": "oryx/josex/public.go", "content": "package josex\n\nimport (\n\t\"crypto\"\n\n\t\"github.com/go-jose/go-jose/v3\"\n)\n\n// ToPublicKey returns the public key of the given private key.\nfunc ToPublicKey(k *jose.JSONWebKey) jose.JSONWebKey {\n\tif key := k.Public(); key.Key != nil {\n\t\treturn key\n\t}\n\n\t// HSM workaround - jose does not understand crypto.Signer / HSM so we need to manually\n\t// extract the public key.\n\tswitch key := k.Key.(type) {\n\tcase crypto.Signer:\n\t\tnewKey := *k\n\t\tnewKey.Key = key.Public()\n\t\treturn newKey\n\tcase jose.OpaqueSigner:\n\t\tnewKey := *k\n\t\tnewKey.Key = key.Public().Key\n\t\treturn newKey\n\t}\n\n\treturn jose.JSONWebKey{}\n}\n" }, { "path": "oryx/josex/utils.go", "content": "/*-\n * Copyright 2019 Square Inc.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\npackage josex\n\nimport (\n\t\"crypto/x509\"\n\t\"encoding/pem\"\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/go-jose/go-jose/v3\"\n)\n\n// LoadJSONWebKey returns a *jose.JSONWebKey for a given JSON string.\nfunc LoadJSONWebKey(json []byte, pub bool) (*jose.JSONWebKey, error) {\n\tvar jwk jose.JSONWebKey\n\terr := jwk.UnmarshalJSON(json)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif !jwk.Valid() {\n\t\treturn nil, errors.New(\"invalid JWK key\")\n\t}\n\tif jwk.IsPublic() != pub {\n\t\treturn nil, errors.New(\"priv/pub JWK key mismatch\")\n\t}\n\treturn &jwk, nil\n}\n\n// LoadPublicKey loads a public key from PEM/DER/JWK-encoded data.\nfunc LoadPublicKey(data []byte) (interface{}, error) {\n\tinput := data\n\n\tblock, _ := pem.Decode(data)\n\tif block != nil {\n\t\tinput = block.Bytes\n\t}\n\n\t// Try to load SubjectPublicKeyInfo\n\tpub, err0 := x509.ParsePKIXPublicKey(input)\n\tif err0 == nil {\n\t\treturn pub, nil\n\t}\n\n\tcert, err1 := x509.ParseCertificate(input)\n\tif err1 == nil {\n\t\treturn cert.PublicKey, nil\n\t}\n\n\tjwk, err2 := LoadJSONWebKey(data, true)\n\tif err2 == nil {\n\t\treturn jwk, nil\n\t}\n\n\treturn nil, fmt.Errorf(\"square/go-jose: parse error, got '%s', '%s' and '%s'\", err0, err1, err2)\n}\n\n// LoadPrivateKey loads a private key from PEM/DER/JWK-encoded data.\nfunc LoadPrivateKey(data []byte) (interface{}, error) {\n\tinput := data\n\n\tblock, _ := pem.Decode(data)\n\tif block != nil {\n\t\tinput = block.Bytes\n\t}\n\n\tvar priv interface{}\n\tpriv, err0 := x509.ParsePKCS1PrivateKey(input)\n\tif err0 == nil {\n\t\treturn priv, nil\n\t}\n\n\tpriv, err1 := x509.ParsePKCS8PrivateKey(input)\n\tif err1 == nil {\n\t\treturn priv, nil\n\t}\n\n\tpriv, err2 := x509.ParseECPrivateKey(input)\n\tif err2 == nil {\n\t\treturn priv, nil\n\t}\n\n\tjwk, err3 := LoadJSONWebKey(input, false)\n\tif err3 == nil {\n\t\treturn jwk, nil\n\t}\n\n\treturn nil, fmt.Errorf(\"square/go-jose: parse error, got '%s', '%s', '%s' and '%s'\", err0, err1, err2, err3)\n}\n" }, { "path": "oryx/jsonnetsecure/cmd/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/ory/x/jsonnetsecure\"\n)\n\nfunc main() {\n\tif err := jsonnetsecure.NewJsonnetCmd().ExecuteContext(context.Background()); err != nil {\n\t\tfmt.Println(err)\n\t\tos.Exit(-1)\n\t}\n}\n" }, { "path": "oryx/jsonnetsecure/cmd.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonnetsecure\n\nimport (\n\t\"bufio\"\n\t\"fmt\"\n\t\"io\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/spf13/cobra\"\n)\n\nconst (\n\tGiB uint64 = 1024 * 1024 * 1024\n\t// Generous limit on virtual memory including the peak memory allocated by the Go runtime, the Jsonnet VM,\n\t// and the Jsonnet script.\n\t// This number was acquired by running:\n\t// Found by trial and error with:\n\t// `ulimit -Sv 1048576 && echo '{\"Snippet\": \"{user_id: std.repeat(\\'a\\', 1000)}\"}' | kratos jsonnet -0`\n\t// NOTE: Ideally we'd like to limit RSS but that is not possible on Linux with `ulimit/setrlimit(2)` - only with cgroups.\n\tvirtualMemoryLimitBytes = 2 * GiB\n)\n\nfunc NewJsonnetCmd() *cobra.Command {\n\tvar null bool\n\tcmd := &cobra.Command{\n\t\tUse: \"jsonnet\",\n\t\tShort: \"Run Jsonnet as a CLI command\",\n\t\tHidden: true,\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\n\t\t\t// This could fail because current limits are lower than what we tried to set,\n\t\t\t// so we still continue in this case.\n\t\t\tSetVirtualMemoryLimit(virtualMemoryLimitBytes)\n\n\t\t\tif null {\n\t\t\t\treturn scan(cmd.OutOrStdout(), cmd.InOrStdin())\n\t\t\t}\n\n\t\t\tinput, err := io.ReadAll(cmd.InOrStdin())\n\t\t\tif err != nil {\n\t\t\t\treturn errors.Wrap(err, \"failed to read from stdin\")\n\t\t\t}\n\n\t\t\tjson, err := eval(input)\n\t\t\tif err != nil {\n\t\t\t\treturn errors.Wrap(err, \"failed to evaluate jsonnet\")\n\t\t\t}\n\n\t\t\tif _, err := io.WriteString(cmd.OutOrStdout(), json); err != nil {\n\t\t\t\treturn errors.Wrap(err, \"failed to write json output\")\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t}\n\tcmd.Flags().BoolVarP(&null, \"null\", \"0\", false,\n\t\t`Read multiple snippets and parameters from stdin separated by null bytes.\nOutput will be in the same order as inputs, separated by null bytes.\nEvaluation errors will also be reported to stdout, separated by null bytes.\nNon-recoverable errors are written to stderr and the program will terminate with a non-zero exit code.`)\n\n\treturn cmd\n}\n\nfunc scan(w io.Writer, r io.Reader) error {\n\tscanner := bufio.NewScanner(r)\n\tscanner.Split(splitNull)\n\tfor scanner.Scan() {\n\t\tjson, err := eval(scanner.Bytes())\n\t\tif err != nil {\n\t\t\tjson = fmt.Sprintf(\"ERROR: %s\", err)\n\t\t}\n\t\tif _, err := fmt.Fprintf(w, \"%s%c\", json, 0); err != nil {\n\t\t\treturn errors.Wrap(err, \"failed to write json output\")\n\t\t}\n\t}\n\treturn errors.Wrap(scanner.Err(), \"failed to read from stdin\")\n}\n\nfunc eval(input []byte) (json string, err error) {\n\tvar params processParameters\n\tif err := params.Decode(input); err != nil {\n\t\treturn \"\", err\n\t}\n\n\tvm := MakeSecureVM()\n\n\tfor _, it := range params.ExtCodes {\n\t\tvm.ExtCode(it.Key, it.Value)\n\t}\n\tfor _, it := range params.ExtVars {\n\t\tvm.ExtVar(it.Key, it.Value)\n\t}\n\tfor _, it := range params.TLACodes {\n\t\tvm.TLACode(it.Key, it.Value)\n\t}\n\tfor _, it := range params.TLAVars {\n\t\tvm.TLAVar(it.Key, it.Value)\n\t}\n\n\treturn vm.EvaluateAnonymousSnippet(params.Filename, params.Snippet)\n}\n" }, { "path": "oryx/jsonnetsecure/jsonnet.go", "content": "package jsonnetsecure\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path\"\n\t\"runtime\"\n\t\"testing\"\n\n\t\"github.com/google/go-jsonnet\"\n)\n\ntype (\n\tVM interface {\n\t\tEvaluateAnonymousSnippet(filename string, snippet string) (json string, formattedErr error)\n\t\tExtCode(key string, val string)\n\t\tExtVar(key string, val string)\n\t\tTLACode(key string, val string)\n\t\tTLAVar(key string, val string)\n\t}\n\n\tkv struct {\n\t\tKey, Value string\n\t}\n\tprocessParameters struct {\n\t\tFilename, Snippet string\n\t\tTLACodes, TLAVars, ExtCodes, ExtVars []kv\n\t}\n\n\tvmOptions struct {\n\t\tjsonnetBinaryPath string\n\t\targs []string\n\t\tctx context.Context\n\t\tpool *pool\n\t}\n\n\tOption func(o *vmOptions)\n)\n\nfunc (pp *processParameters) EncodeTo(w io.Writer) error {\n\treturn json.NewEncoder(w).Encode(pp)\n}\n\nfunc (pp *processParameters) Decode(d []byte) error {\n\treturn json.Unmarshal(d, pp)\n}\n\nfunc newVMOptions() *vmOptions {\n\tjsonnetBinaryPath, _ := os.Executable()\n\treturn &vmOptions{\n\t\tjsonnetBinaryPath: jsonnetBinaryPath,\n\t\tctx: context.Background(),\n\t}\n}\n\nfunc WithContext(ctx context.Context) Option {\n\treturn func(o *vmOptions) {\n\t\to.ctx = ctx\n\t}\n}\n\nfunc WithProcessPool(p Pool) Option {\n\treturn func(o *vmOptions) {\n\t\tpool, _ := p.(*pool)\n\t\to.pool = pool\n\t}\n}\n\nfunc WithJsonnetBinary(jsonnetBinaryPath string) Option {\n\treturn func(o *vmOptions) {\n\t\to.jsonnetBinaryPath = jsonnetBinaryPath\n\t}\n}\n\nfunc WithProcessArgs(args ...string) Option {\n\treturn func(o *vmOptions) {\n\t\to.args = args\n\t}\n}\n\nfunc MakeSecureVM(opts ...Option) VM {\n\toptions := newVMOptions()\n\tfor _, o := range opts {\n\t\to(options)\n\t}\n\n\tif options.pool != nil {\n\t\treturn NewProcessPoolVM(options)\n\t} else {\n\t\tvm := jsonnet.MakeVM()\n\t\tvm.Importer(new(ErrorImporter))\n\t\treturn vm\n\t}\n}\n\n// ErrorImporter errors when calling \"import\".\ntype ErrorImporter struct{}\n\n// Import fetches data from a map entry.\n// All paths are treated as absolute keys.\nfunc (importer *ErrorImporter) Import(importedFrom, importedPath string) (contents jsonnet.Contents, foundAt string, err error) {\n\treturn jsonnet.Contents{}, \"\", fmt.Errorf(\"import not available %v\", importedPath)\n}\n\nfunc JsonnetTestBinary(t testing.TB) string {\n\tt.Helper()\n\n\t// We can force the usage of a given jsonnet executable.\n\t// Useful to test different versions, or run the tests under wine.\n\tif s := os.Getenv(\"ORY_JSONNET_PATH\"); s != \"\" {\n\t\treturn s\n\t}\n\n\tvar stderr bytes.Buffer\n\t// Using `t.TempDir()` results in permissions errors on Windows, sometimes.\n\toutPath := path.Join(os.TempDir(), \"jsonnet\")\n\tif runtime.GOOS == \"windows\" {\n\t\toutPath = outPath + \".exe\"\n\t}\n\tcmd := exec.Command(\"go\", \"build\", \"-o\", outPath, \"github.com/ory/x/jsonnetsecure/cmd\")\n\tcmd.Stderr = &stderr\n\n\tif err := cmd.Run(); err != nil || stderr.Len() != 0 {\n\t\tt.Fatalf(\"building the Go binary returned error: %v\\n%s\", err, stderr.String())\n\t}\n\n\treturn outPath\n}\n" }, { "path": "oryx/jsonnetsecure/jsonnet_pool.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonnetsecure\n\n// Known limitations/edge cases:\n// - The child process exiting early (e.g. crashing) or getting killed (e.g. reaching some OS limit)\n// is not detected and no error will be returned in this case from `eval()`.\n// - Misbehaving jsonnet scripts in the middle of a batch being passed to the child process for evaluation may result in\n// no error (as mentioned above), and other valid scripts in this batch may result\n// in an error (because the output from the child process is truncated).\n//\n// Possible remediations:\n// - Do not pass a batch of scripts to a worker, only pass one script at a time (to isolate misbehaving scripts)\n// - Validate that the output is valid JSON (to detect truncated output)\n// - Detect the child process exiting (to return an error)\n\nimport (\n\t\"bufio\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"io\"\n\t\"math\"\n\t\"os/exec\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/jackc/puddle/v2\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\tsemconv \"go.opentelemetry.io/otel/semconv/v1.27.0\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/x/otelx\"\n)\n\nconst (\n\tKiB = 1024\n\tjsonnetOutputLimit = 512 * KiB\n\tjsonnetErrLimit = 1 * KiB\n)\n\ntype (\n\tprocessPoolVM struct {\n\t\tpath string\n\t\targs []string\n\t\tctx context.Context\n\t\tparams processParameters\n\t\tpool *pool\n\t}\n\tPool interface {\n\t\tClose()\n\t\tprivate()\n\t}\n\tpool struct {\n\t\tpuddle *puddle.Pool[worker]\n\t}\n\tworker struct {\n\t\tcmd *exec.Cmd\n\t\tstdin chan<- []byte\n\t\tstdout <-chan string\n\t\tstderr <-chan string\n\t}\n\tcontextKeyType string\n)\n\nvar (\n\tErrProcessPoolClosed = errors.New(\"jsonnetsecure: process pool closed\")\n\n\t_ VM = (*processPoolVM)(nil)\n\t_ Pool = (*pool)(nil)\n\n\tcontextValuePath contextKeyType = \"argc\"\n\tcontextValueArgs contextKeyType = \"argv\"\n)\n\nfunc NewProcessPool(size int) Pool {\n\tsize = max(5, min(size, math.MaxInt32))\n\tpud, err := puddle.NewPool(&puddle.Config[worker]{\n\t\tMaxSize: int32(size), //nolint:gosec // disable G115 // because of the previous min/max, 5 <= size <= math.MaxInt32\n\t\tConstructor: newWorker,\n\t\tDestructor: worker.destroy,\n\t})\n\tif err != nil {\n\t\tpanic(err) // this should never happen, see implementation of puddle.NewPool\n\t}\n\tfor range size {\n\t\t// warm pool\n\t\tgo pud.CreateResource(context.Background())\n\t}\n\tgo func() {\n\t\tfor {\n\t\t\ttime.Sleep(10 * time.Second)\n\t\t\tfor _, proc := range pud.AcquireAllIdle() {\n\t\t\t\tif proc.Value().cmd.ProcessState != nil {\n\t\t\t\t\tproc.Destroy()\n\t\t\t\t} else {\n\t\t\t\t\tproc.Release()\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}()\n\treturn &pool{pud}\n}\n\nfunc (*pool) private() {}\n\nfunc (p *pool) Close() {\n\tp.puddle.Close()\n}\n\nfunc newWorker(ctx context.Context) (_ worker, err error) {\n\ttracer := trace.SpanFromContext(ctx).TracerProvider().Tracer(\"\")\n\tctx, span := tracer.Start(ctx, \"jsonnetsecure.newWorker\")\n\tdefer otelx.End(span, &err)\n\n\tpath, _ := ctx.Value(contextValuePath).(string)\n\tif path == \"\" {\n\t\treturn worker{}, errors.New(\"newWorker: missing binary path in context\")\n\t}\n\targs, _ := ctx.Value(contextValueArgs).([]string)\n\tcmd := exec.Command(path, append(args, \"-0\")...)\n\tcmd.Env = []string{\"GOMAXPROCS=1\"}\n\tcmd.WaitDelay = 100 * time.Millisecond\n\n\tspan.SetAttributes(semconv.ProcessCommand(cmd.Path), semconv.ProcessCommandArgs(cmd.Args...))\n\n\tstdin, err := cmd.StdinPipe()\n\tif err != nil {\n\t\treturn worker{}, errors.Wrap(err, \"newWorker: failed to create stdin pipe\")\n\t}\n\n\tin := make(chan []byte, 1)\n\tgo func(c <-chan []byte) {\n\t\tfor input := range c {\n\t\t\tif _, err := stdin.Write(append(input, 0)); err != nil {\n\t\t\t\tstdin.Close()\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}(in)\n\n\tstdout, err := cmd.StdoutPipe()\n\tif err != nil {\n\t\treturn worker{}, errors.Wrap(err, \"newWorker: failed to create stdout pipe\")\n\t}\n\tstderr, err := cmd.StderrPipe()\n\tif err != nil {\n\t\treturn worker{}, errors.Wrap(err, \"newWorker: failed to create stderr pipe\")\n\t}\n\n\tif err := cmd.Start(); err != nil {\n\t\treturn worker{}, errors.Wrap(err, \"newWorker: failed to start process\")\n\t}\n\n\tspan.SetAttributes(semconv.ProcessPID(cmd.Process.Pid))\n\n\tscan := func(c chan<- string, r io.Reader) {\n\t\tdefer close(c)\n\t\t// NOTE: `bufio.Scanner` has its own internal limit of 64 KiB.\n\t\tscanner := bufio.NewScanner(r)\n\n\t\tscanner.Split(splitNull)\n\t\tfor scanner.Scan() {\n\t\t\tc <- scanner.Text()\n\t\t}\n\t\tif err := scanner.Err(); err != nil {\n\t\t\tc <- \"ERROR: scan: \" + err.Error()\n\t\t}\n\t}\n\tout := make(chan string, 1)\n\tgo scan(out, stdout)\n\terrs := make(chan string, 1)\n\tgo scan(errs, stderr)\n\n\tw := worker{\n\t\tcmd: cmd,\n\t\tstdin: in,\n\t\tstdout: out,\n\t\tstderr: errs,\n\t}\n\t_, err = w.eval(ctx, []byte(\"{}\")) // warm up\n\tif err != nil {\n\t\tw.destroy()\n\t\treturn worker{}, errors.Wrap(err, \"newWorker: warm up failed\")\n\t}\n\n\treturn w, nil\n}\n\nfunc (w worker) destroy() {\n\tclose(w.stdin)\n\tw.cmd.Process.Kill()\n\tw.cmd.Wait()\n}\n\nfunc (w worker) eval(ctx context.Context, processParams []byte) (output string, err error) {\n\ttracer := trace.SpanFromContext(ctx).TracerProvider().Tracer(\"\")\n\tctx, span := tracer.Start(ctx, \"jsonnetsecure.worker.eval\", trace.WithAttributes(\n\t\tsemconv.ProcessPID(w.cmd.Process.Pid)))\n\tdefer otelx.End(span, &err)\n\n\tselect {\n\tcase <-ctx.Done():\n\t\treturn \"\", ctx.Err()\n\tcase w.stdin <- processParams:\n\t\tbreak\n\t}\n\n\tselect {\n\tcase <-ctx.Done():\n\t\treturn \"\", ctx.Err()\n\tcase output := <-w.stdout:\n\t\treturn output, nil\n\tcase err := <-w.stderr:\n\t\treturn \"\", errors.New(err)\n\t}\n}\n\nfunc (vm *processPoolVM) EvaluateAnonymousSnippet(filename string, snippet string) (_ string, err error) {\n\ttracer := trace.SpanFromContext(vm.ctx).TracerProvider().Tracer(\"\")\n\tctx, span := tracer.Start(vm.ctx, \"jsonnetsecure.processPoolVM.EvaluateAnonymousSnippet\", trace.WithAttributes(attribute.String(\"filename\", filename)))\n\tdefer otelx.End(span, &err)\n\n\tparams := vm.params\n\tparams.Filename = filename\n\tparams.Snippet = snippet\n\tpp, err := json.Marshal(params)\n\tif err != nil {\n\t\treturn \"\", errors.Wrap(err, \"jsonnetsecure: marshal\")\n\t}\n\n\tctx = context.WithValue(ctx, contextValuePath, vm.path)\n\tctx = context.WithValue(ctx, contextValueArgs, vm.args)\n\tworker, err := vm.pool.puddle.Acquire(ctx)\n\tif err != nil {\n\t\treturn \"\", errors.Wrap(err, \"jsonnetsecure: acquire\")\n\t}\n\n\tctx, cancel := context.WithTimeoutCause(ctx, 1*time.Second, errors.Errorf(\"failed to run jsonnet within 1s: filename=%s\", filename))\n\tdefer cancel()\n\tresult, err := worker.Value().eval(ctx, pp)\n\tif err != nil {\n\t\tworker.Destroy()\n\t\treturn \"\", errors.Wrap(err, \"jsonnetsecure: eval\")\n\t} else {\n\t\tworker.Release()\n\t}\n\n\tif strings.HasPrefix(result, \"ERROR: \") {\n\t\treturn \"\", errors.New(\"jsonnetsecure: \" + result)\n\t}\n\n\treturn result, nil\n}\n\nfunc NewProcessPoolVM(opts *vmOptions) VM {\n\tctx := opts.ctx\n\tif ctx == nil {\n\t\tctx = context.Background()\n\t}\n\treturn &processPoolVM{\n\t\tpath: opts.jsonnetBinaryPath,\n\t\targs: opts.args,\n\t\tctx: ctx,\n\t\tpool: opts.pool,\n\t}\n}\n\nfunc (vm *processPoolVM) ExtCode(key string, val string) {\n\tvm.params.ExtCodes = append(vm.params.ExtCodes, kv{key, val})\n}\n\nfunc (vm *processPoolVM) ExtVar(key string, val string) {\n\tvm.params.ExtVars = append(vm.params.ExtVars, kv{key, val})\n}\n\nfunc (vm *processPoolVM) TLACode(key string, val string) {\n\tvm.params.TLACodes = append(vm.params.TLACodes, kv{key, val})\n}\n\nfunc (vm *processPoolVM) TLAVar(key string, val string) {\n\tvm.params.TLAVars = append(vm.params.TLAVars, kv{key, val})\n}\n" }, { "path": "oryx/jsonnetsecure/limit_unix.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build !windows\n\npackage jsonnetsecure\n\nimport (\n\t\"fmt\"\n\t\"runtime/debug\"\n\t\"syscall\"\n\n\t\"github.com/pkg/errors\"\n)\n\nfunc SetVirtualMemoryLimit(limitBytes uint64) error {\n\t// Tell the Go runtime about the limit.\n\tdebug.SetMemoryLimit(int64(limitBytes)) //nolint:gosec // The number is a compile-time constant.\n\n\tlim := syscall.Rlimit{\n\t\tCur: limitBytes,\n\t\tMax: limitBytes,\n\t}\n\terr := syscall.Setrlimit(syscall.RLIMIT_AS, &lim)\n\tif err != nil {\n\t\treturn errors.WithStack(fmt.Errorf(\"failed to set virtual memory limit: %v\", err))\n\t}\n\treturn nil\n}\n" }, { "path": "oryx/jsonnetsecure/limit_windows.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build windows\n\npackage jsonnetsecure\n\nimport \"runtime/debug\"\n\nfunc SetVirtualMemoryLimit(limitBytes uint64) error {\n\t// Tell the Go runtime about the limit.\n\tdebug.SetMemoryLimit(int64(limitBytes)) //nolint:gosec // The number is a compile-time constant.\n\n\t// TODO No OS limit for now. Apparently there is a Windows-specific equivalent (Job control)?\n\treturn nil\n}\n" }, { "path": "oryx/jsonnetsecure/null.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonnetsecure\n\nimport \"bytes\"\n\nfunc splitNull(data []byte, atEOF bool) (advance int, token []byte, err error) {\n\t// Look for a null byte; if found, return the position after it,\n\t// the data before it, and no error.\n\tif i := bytes.IndexByte(data, 0); i >= 0 {\n\t\treturn i + 1, data[0:i], nil\n\t}\n\n\t// If we're at EOF, we have a final, non-terminated word. Return it.\n\tif atEOF && len(data) != 0 {\n\t\treturn len(data), data, nil\n\t}\n\n\t// Request more data.\n\treturn 0, nil, nil\n}\n" }, { "path": "oryx/jsonnetsecure/provider.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonnetsecure\n\nimport (\n\t\"context\"\n\t\"os\"\n\t\"runtime\"\n\t\"testing\"\n)\n\ntype (\n\tVMProvider interface {\n\t\t// JsonnetVM creates a new secure process-isolated Jsonnet VM whose\n\t\t// execution is bound to the provided context, i.e.,\n\t\t// cancelling the context will terminate the VM process.\n\t\tJsonnetVM(context.Context) (VM, error)\n\t}\n\n\t// TestProvider provides a secure VM by running go build on github.com/ory/x/jsonnetsecure/cmd\n\tTestProvider struct {\n\t\tjsonnetBinary string\n\t\tpool Pool\n\t}\n\n\t// DefaultProvider provides a secure VM by calling the currently\n\t// running the current binary with the provided subcommand.\n\tDefaultProvider struct {\n\t\tSubcommand string\n\t\tPool Pool\n\t}\n)\n\nfunc NewTestProvider(t testing.TB) *TestProvider {\n\tpool := NewProcessPool(runtime.GOMAXPROCS(0))\n\tt.Cleanup(pool.Close)\n\treturn &TestProvider{JsonnetTestBinary(t), pool}\n}\n\nfunc (p *TestProvider) JsonnetVM(ctx context.Context) (VM, error) {\n\treturn MakeSecureVM(\n\t\tWithContext(ctx),\n\t\tWithProcessPool(p.pool),\n\t\tWithJsonnetBinary(p.jsonnetBinary),\n\t), nil\n}\n\nfunc (p *DefaultProvider) JsonnetVM(ctx context.Context) (VM, error) {\n\tself, err := os.Executable()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn MakeSecureVM(\n\t\tWithContext(ctx),\n\t\tWithJsonnetBinary(self),\n\t\tWithProcessArgs(p.Subcommand),\n\t\tWithProcessPool(p.Pool),\n\t), nil\n}\n" }, { "path": "oryx/jsonnetsecure/stub/import.jsonnet", "content": "{ foo: 'bar' }\n" }, { "path": "oryx/jsonnetx/format.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonnetx\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/bmatcuk/doublestar/v2\"\n\t\"github.com/google/go-jsonnet/formatter\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/x/cmdx\"\n)\n\nfunc NewFormatCommand() *cobra.Command {\n\tvar verbose, write bool\n\tcmd := &cobra.Command{\n\t\tUse: \"format path/to/files/*.jsonnet [more/files.jsonnet, [supports/**/{foo,bar}.jsonnet]]\",\n\t\tLong: `Formats JSONNet files using the official JSONNet formatter.\n\nUse -w or --write to write output back to files instead of stdout.\n\n` + GlobHelp,\n\t\tArgs: cobra.MinimumNArgs(1),\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tfor _, pattern := range args {\n\t\t\t\tfiles, err := doublestar.Glob(pattern)\n\t\t\t\tif err != nil {\n\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Glob pattern %q is not valid: %s\\n\", pattern, err)\n\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t}\n\n\t\t\t\tfor _, file := range files {\n\t\t\t\t\tif fi, err := os.Stat(file); err != nil {\n\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Matching file %q could not be opened: %s\\n\", file, err)\n\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t} else if fi.IsDir() {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tif verbose {\n\t\t\t\t\t\tfmt.Printf(\"Processing file: %s\\n\", file)\n\t\t\t\t\t}\n\n\t\t\t\t\t//#nosec G304 -- false positive\n\t\t\t\t\tcontent, err := os.ReadFile(file)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Unable to read file %q: %s\\n\", file, err)\n\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t}\n\n\t\t\t\t\toutput, err := formatter.Format(file, string(content), formatter.DefaultOptions())\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"File %q could not be formatted: %s\", file, err)\n\t\t\t\t\t}\n\n\t\t\t\t\tif write {\n\t\t\t\t\t\terr := os.WriteFile(file, []byte(output), 0o644) // #nosec\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Unable to write file %q: %s\\n\", file, err)\n\t\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\tfmt.Println(output)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t}\n\tcmd.Flags().BoolVarP(&write, \"write\", \"w\", false, \"Write formatted output back to file.\")\n\tcmd.Flags().BoolVarP(&verbose, \"verbose\", \"v\", false, \"Verbose output.\")\n\treturn cmd\n}\n" }, { "path": "oryx/jsonnetx/lint.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonnetx\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/bmatcuk/doublestar/v2\"\n\t\"github.com/google/go-jsonnet\"\n\t\"github.com/google/go-jsonnet/linter\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/x/cmdx\"\n)\n\nfunc NewLintCommand() *cobra.Command {\n\tvar verbose bool\n\tcmd := &cobra.Command{\n\t\tUse: \"lint path/to/files/*.jsonnet [more/files.jsonnet, [supports/**/{foo,bar}.jsonnet]]\",\n\t\tLong: `Lints JSONNet files using the official JSONNet linter and exits with a status code of 1 when issues are detected.\n\n` + GlobHelp,\n\t\tArgs: cobra.MinimumNArgs(1),\n\t\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\t\tfor _, pattern := range args {\n\t\t\t\tfiles, err := doublestar.Glob(pattern)\n\t\t\t\tif err != nil {\n\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Glob pattern %q is not valid: %s\\n\", pattern, err)\n\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t}\n\n\t\t\t\tfor _, file := range files {\n\t\t\t\t\tif fi, err := os.Stat(file); err != nil {\n\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Matching file %q could not be opened: %s\\n\", file, err)\n\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t} else if fi.IsDir() {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tif verbose {\n\t\t\t\t\t\tfmt.Printf(\"Processing file: %s\\n\", file)\n\t\t\t\t\t}\n\n\t\t\t\t\t//#nosec G304 -- false positive\n\t\t\t\t\tcontent, err := os.ReadFile(file)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Unable to read file %q: %s\\n\", file, err)\n\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t}\n\n\t\t\t\t\tif linter.LintSnippet(jsonnet.MakeVM(), cmd.ErrOrStderr(), []linter.Snippet{{FileName: file, Code: string(content)}}) {\n\t\t\t\t\t\treturn cmdx.FailSilently(cmd)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t}\n\tcmd.Flags().BoolVarP(&verbose, \"verbose\", \"v\", false, \"Verbose output.\")\n\treturn cmd\n}\n" }, { "path": "oryx/jsonnetx/root.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonnetx\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\nconst GlobHelp = `Glob patterns supports the following special terms in the patterns:\n\t\n\tSpecial Terms | Meaning\n\t------------- | -------\n\t'*' | matches any sequence of non-path-separators\n\t'**' | matches any sequence of characters, including path separators\n\t'?' | matches any single non-path-separator character\n\t'[class]' | matches any single non-path-separator character against a class of characters ([see below](#character-classes))\n\t'{alt1,...}' | matches a sequence of characters if one of the comma-separated alternatives matches\n\t\n\tAny character with a special meaning can be escaped with a backslash ('\\').\n\t\n\t#### Character Classes\n\t\n\tCharacter classes support the following:\n\t\n\tClass | Meaning\n\t---------- | -------\n\t'[abc]' | matches any single character within the set\n\t'[a-z]' | matches any single character in the range\n\t'[^class]' | matches any single character which does *not* match the class\n`\n\n// RootCommand represents the jsonnet command\n// Deprecated: use NewRootCommand instead.\nvar RootCommand = &cobra.Command{\n\tUse: \"jsonnet\",\n\tShort: \"Helpers for linting and formatting JSONNet code\",\n}\n\n// RegisterCommandRecursive adds all jsonnet helpers to the RootCommand\n// Deprecated: use NewRootCommand instead.\nfunc RegisterCommandRecursive(parent *cobra.Command) {\n\tparent.AddCommand(RootCommand)\n\n\tRootCommand.AddCommand(NewFormatCommand())\n\tRootCommand.AddCommand(NewLintCommand())\n}\n\nfunc NewRootCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"jsonnet\",\n\t\tShort: \"Helpers for linting and formatting JSONNet code\",\n\t}\n\tcmd.AddCommand(NewFormatCommand(), NewLintCommand())\n\treturn cmd\n}\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=0.json", "content": "[\n {\n \"Title\": \"Access Rules\",\n \"Description\": \"Configure access rules. All sub-keys support configuration reloading without restarting.\",\n \"Examples\": null,\n \"Name\": \"access_rules\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Repositories\",\n \"Description\": \"Locations (list of URLs) where access rules should be fetched from on boot. It is expected that the documents at those locations return a JSON or YAML Array containing ORY Oathkeeper Access Rules:\\n\\n- If the URL Scheme is `file://`, the access rules (an array of access rules is expected) will be fetched from the local file system.\\n- If the URL Scheme is `inline://`, the access rules (an array of access rules is expected) are expected to be a base64 encoded (with padding!) JSON/YAML string (base64_encode(`[{\\\"id\\\":\\\"foo-rule\\\",\\\"authenticators\\\":[....]}]`)).\\n- If the URL Scheme is `http://` or `https://`, the access rules (an array of access rules is expected) will be fetched from the provided HTTP(s) location.\",\n \"Examples\": [\n \"[\\\"file://path/to/rules.json\\\",\\\"inline://W3siaWQiOiJmb28tcnVsZSIsImF1dGhlbnRpY2F0b3JzIjpbXX1d\\\",\\\"https://path-to-my-rules/rules.json\\\"]\"\n ],\n \"Name\": \"access_rules.repositories\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"access_rules.repositories.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Authenticators\",\n \"Description\": \"For more information on authenticators head over to: https://www.ory.sh/docs/oathkeeper/pipeline/authn\",\n \"Examples\": null,\n \"Name\": \"authenticators\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Anonymous\",\n \"Description\": \"The [`anonymous` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#anonymous).\",\n \"Examples\": null,\n \"Name\": \"authenticators.anonymous\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Anonymous Authenticator Configuration\",\n \"Description\": \"This section is optional when the authenticator is disabled.\",\n \"Examples\": null,\n \"Name\": \"authenticators.anonymous.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Anonymous Subject\",\n \"Description\": \"Sets the anonymous username.\",\n \"Examples\": [\n \"guest\",\n \"anon\",\n \"anonymous\",\n \"unknown\"\n ],\n \"Name\": \"authenticators.anonymous.config.subject\",\n \"Default\": \"anonymous\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authenticators.anonymous.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Cookie Session\",\n \"Description\": \"The [`cookie_session` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#cookie_session).\",\n \"Examples\": null,\n \"Name\": \"authenticators.cookie_session\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Cookie Session Authenticator Configuration\",\n \"Description\": \"This section is optional when the authenticator is disabled.\",\n \"Examples\": null,\n \"Name\": \"authenticators.cookie_session.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Session Check URL\",\n \"Description\": \"The origin to proxy requests to. If the response is a 200 with body `{ \\\"subject\\\": \\\"...\\\", \\\"extra\\\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\\n\\n\\u003eIf this authenticator is enabled, this value is required.\",\n \"Examples\": [\n \"https://session-store-host\"\n ],\n \"Name\": \"authenticators.cookie_session.config.check_session_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Only Cookies\",\n \"Description\": \"A list of possible cookies to look for on incoming requests, and will fallthrough to the next authenticator if none of the passed cookies are set on the request.\",\n \"Examples\": null,\n \"Name\": \"authenticators.cookie_session.config.only\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.cookie_session.config.only.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authenticators.cookie_session.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"JSON Web Token (jwt)\",\n \"Description\": \"The [`jwt` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#jwt).\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"JWT Authenticator Configuration\",\n \"Description\": \"This section is optional when the authenticator is disabled.\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.allowed_algorithms\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.allowed_algorithms.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"JSON Web Key URLs\",\n \"Description\": \"URLs where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web Token. Usually something like \\\"https://my-keys.com/.well-known/jwks.json\\\". The response of that endpoint must return a JSON Web Key Set (JWKS).\\n\\n\\u003eIf this authenticator is enabled, this value is required.\",\n \"Examples\": [\n \"https://my-website.com/.well-known/jwks.json\",\n \"https://my-other-website.com/.well-known/jwks.json\",\n \"file://path/to/local/jwks.json\"\n ],\n \"Name\": \"authenticators.jwt.config.jwks_urls\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.jwks_urls.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Required Token Scope\",\n \"Description\": \"An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header did not request that specific scope, the request is denied.\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.required_scope\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.required_scope.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Scope Strategy\",\n \"Description\": \"Sets the strategy validation algorithm.\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.scope_strategy\",\n \"Default\": \"none\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"hierarchic\",\n \"exact\",\n \"wildcard\",\n \"none\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Intended Audience\",\n \"Description\": \"An array of audiences that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.target_audience\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.target_audience.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.token_from\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Header\",\n \"Description\": \"The header (case insensitive) that must contain a token for request authentication. It can't be set along with query_parameter.\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.token_from.header\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Query Parameter\",\n \"Description\": \"The query parameter (case sensitive) that must contain a token for request authentication. It can't be set along with header.\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.token_from.query_parameter\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.trusted_issuers\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.jwt.config.trusted_issuers.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authenticators.jwt.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"No Operation (noop)\",\n \"Description\": \"The [`noop` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#noop).\",\n \"Examples\": null,\n \"Name\": \"authenticators.noop\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authenticators.noop.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Client Credentials\",\n \"Description\": \"The [`oauth2_client_credentials` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#oauth2_client_credentials).\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_client_credentials\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Client Credentials Authenticator Configuration\",\n \"Description\": \"This section is optional when the authenticator is disabled.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_client_credentials.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Request Permissions (Token Scope)\",\n \"Description\": \"Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.\\n If the token used in the Authorization header did not request that specific scope, the request is denied.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_client_credentials.config.required_scope\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_client_credentials.config.required_scope.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\\n\\n\\u003eIf this authenticator is enabled, this value is required.\",\n \"Examples\": [\n \"https://my-website.com/oauth2/token\"\n ],\n \"Name\": \"authenticators.oauth2_client_credentials.config.token_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authenticators.oauth2_client_credentials.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Token Introspection\",\n \"Description\": \"The [`oauth2_introspection` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#oauth2_introspection).\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Introspection Authenticator Configuration\",\n \"Description\": \"This section is optional when the authenticator is disabled.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Introspection URL\",\n \"Description\": \"The OAuth 2.0 Token Introspection endpoint URL.\\n\\n\\u003eIf this authenticator is enabled, this value is required.\",\n \"Examples\": [\n \"https://my-website.com/oauth2/introspection\"\n ],\n \"Name\": \"authenticators.oauth2_introspection.config.introspection_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Pre-Authorization\",\n \"Description\": \"Enable pre-authorization in cases where the OAuth 2.0 Token Introspection endpoint is protected by OAuth 2.0 Bearer Tokens that can be retrieved using the OAuth 2.0 Client Credentials grant.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.pre_authorization\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Client ID\",\n \"Description\": \"The OAuth 2.0 Client ID to be used for the OAuth 2.0 Client Credentials Grant.\\n\\n\\u003eIf pre-authorization is enabled, this value is required.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.pre_authorization.client_id\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Client Secret\",\n \"Description\": \"The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.\\n\\n\\u003eIf pre-authorization is enabled, this value is required.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.pre_authorization.client_secret\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.pre_authorization.enabled\",\n \"Default\": null,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": [\n true\n ],\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Scope\",\n \"Description\": \"The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.\",\n \"Examples\": [\n [\n \"[\\\"foo\\\", \\\"bar\\\"]\"\n ]\n ],\n \"Name\": \"authenticators.oauth2_introspection.config.pre_authorization.scope\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.pre_authorization.scope.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"OAuth 2.0 Token URL\",\n \"Description\": \"The OAuth 2.0 Token Endpoint where the OAuth 2.0 Client Credentials Grant will be performed.\\n\\n\\u003eIf pre-authorization is enabled, this value is required.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.pre_authorization.token_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Required Scope\",\n \"Description\": \"An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header did not request that specific scope, the request is denied.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.required_scope\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.required_scope.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Scope Strategy\",\n \"Description\": \"Sets the strategy validation algorithm.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.scope_strategy\",\n \"Default\": \"none\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"hierarchic\",\n \"exact\",\n \"wildcard\",\n \"none\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Target Audience\",\n \"Description\": \"An array of audiences that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.target_audience\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.target_audience.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Token From\",\n \"Description\": \"The location of the token.\\n If not configured, the token will be received from a default location - 'Authorization' header.\\n One and only one location (header or query) must be specified.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.token_from\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Header\",\n \"Description\": \"The header (case insensitive) that must contain a token for request authentication.\\n It can't be set along with query_parameter.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.token_from.header\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Query Parameter\",\n \"Description\": \"The query parameter (case sensitive) that must contain a token for request authentication.\\n It can't be set along with header.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.token_from.query_parameter\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Trusted Issuers\",\n \"Description\": \"The token must have been issued by one of the issuers listed in this array.\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.trusted_issuers\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authenticators.oauth2_introspection.config.trusted_issuers.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authenticators.oauth2_introspection.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Unauthorized\",\n \"Description\": \"The [`unauthorized` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#unauthorized).\",\n \"Examples\": null,\n \"Name\": \"authenticators.unauthorized\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authenticators.unauthorized.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Authorizers\",\n \"Description\": \"For more information on authorizers head over to: https://www.ory.sh/docs/oathkeeper/pipeline/authz\",\n \"Examples\": null,\n \"Name\": \"authorizers\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allow\",\n \"Description\": \"The [`allow` authorizer](https://www.ory.sh/docs/oathkeeper/pipeline/authz#allow).\",\n \"Examples\": null,\n \"Name\": \"authorizers.allow\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authorizers.allow.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Deny\",\n \"Description\": \"The [`deny` authorizer](https://www.ory.sh/docs/oathkeeper/pipeline/authz#allow).\",\n \"Examples\": null,\n \"Name\": \"authorizers.deny\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authorizers.deny.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"ORY Keto Access Control Policies Engine\",\n \"Description\": \"The [`keto_engine_acp_ory` authorizer](https://www.ory.sh/docs/oathkeeper/pipeline/authz#keto_engine_acp_ory).\",\n \"Examples\": null,\n \"Name\": \"authorizers.keto_engine_acp_ory\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"ORY Keto Access Control Policy Authorizer Configuration\",\n \"Description\": \"This section is optional when the authorizer is disabled.\",\n \"Examples\": null,\n \"Name\": \"authorizers.keto_engine_acp_ory.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Base URL\",\n \"Description\": \"The base URL of ORY Keto.\\n\\n\\u003eIf this authorizer is enabled, this value is required.\",\n \"Examples\": [\n \"http://my-keto/\"\n ],\n \"Name\": \"authorizers.keto_engine_acp_ory.config.base_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authorizers.keto_engine_acp_ory.config.flavor\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authorizers.keto_engine_acp_ory.config.required_action\",\n \"Default\": \"unset\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authorizers.keto_engine_acp_ory.config.required_resource\",\n \"Default\": \"unset\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"authorizers.keto_engine_acp_ory.config.subject\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"authorizers.keto_engine_acp_ory.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Log\",\n \"Description\": \"Configure logging using the following options. Logging will always be sent to stdout and stderr.\",\n \"Examples\": null,\n \"Name\": \"log\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Format\",\n \"Description\": \"The log format can either be text or JSON.\",\n \"Examples\": null,\n \"Name\": \"log.format\",\n \"Default\": \"text\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"text\",\n \"json\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Level\",\n \"Description\": \"Debug enables stack traces on errors. Can also be set using environment variable LOG_LEVEL.\",\n \"Examples\": null,\n \"Name\": \"log.level\",\n \"Default\": \"info\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"panic\",\n \"fatal\",\n \"error\",\n \"warn\",\n \"info\",\n \"debug\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Mutators\",\n \"Description\": \"For more information on mutators head over to: https://www.ory.sh/docs/oathkeeper/pipeline/mutator\",\n \"Examples\": null,\n \"Name\": \"mutators\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP Cookie\",\n \"Description\": \"The [`cookie` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#cookie).\",\n \"Examples\": null,\n \"Name\": \"mutators.cookie\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Cookie Mutator Configuration\",\n \"Description\": \"This section is optional when the mutator is disabled.\",\n \"Examples\": null,\n \"Name\": \"mutators.cookie.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.cookie.config.cookies\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"mutators.cookie.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP Header\",\n \"Description\": \"The [`header` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#header).\",\n \"Examples\": null,\n \"Name\": \"mutators.header\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Header Mutator Configuration\",\n \"Description\": \"This section is optional when the mutator is disabled.\",\n \"Examples\": null,\n \"Name\": \"mutators.header.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.header.config.headers\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"mutators.header.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Hydrator\",\n \"Description\": \"The [`hydrator` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#hydrator).\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Hydrator Mutator Configuration\",\n \"Description\": \"This section is optional when the mutator is disabled.\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.auth\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.auth.basic\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.auth.basic.password\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.auth.basic.username\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.retry\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.retry.delay_in_milliseconds\",\n \"Default\": 3,\n \"Type\": 0,\n \"TypeHint\": 3,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": \"0\",\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.retry.number_of_retries\",\n \"Default\": 100,\n \"Type\": 0,\n \"TypeHint\": 2,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": \"0\",\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.hydrator.config.api.url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"mutators.hydrator.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"ID Token (JSON Web Token)\",\n \"Description\": \"The [`id_token` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#id_token).\",\n \"Examples\": null,\n \"Name\": \"mutators.id_token\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"ID Token Mutator Configuration\",\n \"Description\": \"This section is optional when the mutator is disabled.\",\n \"Examples\": null,\n \"Name\": \"mutators.id_token.config\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"mutators.id_token.config.claims\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Issuer URL\",\n \"Description\": \"Sets the \\\"iss\\\" value of the ID Token.\\n\\n\\u003eIf this mutator is enabled, this value is required.\",\n \"Examples\": null,\n \"Name\": \"mutators.id_token.config.issuer_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"JSON Web Key URL\",\n \"Description\": \"Sets the URL where keys should be fetched from. Supports remote locations (http, https) as well as local filesystem paths.\\n\\n\\u003eIf this mutator is enabled, this value is required.\",\n \"Examples\": [\n \"https://fetch-keys/from/this/location.json\",\n \"file:///from/this/absolute/location.json\",\n \"file://../from/this/relative/location.json\"\n ],\n \"Name\": \"mutators.id_token.config.jwks_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Expire After\",\n \"Description\": \"Sets the time-to-live of the JSON Web Token.\",\n \"Examples\": [\n \"1h\",\n \"1m\",\n \"30s\"\n ],\n \"Name\": \"mutators.id_token.config.ttl\",\n \"Default\": \"1m\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"mutators.id_token.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"No Operation (noop)\",\n \"Description\": \"The [`noop` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#noop).\",\n \"Examples\": null,\n \"Name\": \"mutators.noop\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enabled\",\n \"Description\": \"En-/disables this component.\",\n \"Examples\": [\n true\n ],\n \"Name\": \"mutators.noop.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Profiling\",\n \"Description\": \"Enables CPU or memory profiling if set. For more details on profiling Go programs read [Profiling Go Programs](https://blog.golang.org/profiling-go-programs).\",\n \"Examples\": null,\n \"Name\": \"profiling\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"cpu\",\n \"mem\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP(s)\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP REST API\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.api\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Cross Origin Resource Sharing (CORS)\",\n \"Description\": \"Configure [Cross Origin Resource Sharing (CORS)](http://www.w3.org/TR/cors/) using the following options.\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allow HTTP Credentials\",\n \"Description\": \"Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.allow_credentials\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed Request HTTP Headers\",\n \"Description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.allowed_headers\",\n \"Default\": [\n \"Authorization\",\n \"Content-Type\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.allowed_headers.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed HTTP Methods\",\n \"Description\": \"A list of methods the client is allowed to use with cross-domain requests.\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.allowed_methods\",\n \"Default\": [\n \"GET\",\n \"POST\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.allowed_methods.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"GET\",\n \"HEAD\",\n \"POST\",\n \"PUT\",\n \"DELETE\",\n \"CONNECT\",\n \"TRACE\",\n \"PATCH\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed Origins\",\n \"Description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality. Only one wildcard can be used per origin.\",\n \"Examples\": [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ],\n \"Name\": \"serve.api.cors.allowed_origins\",\n \"Default\": [\n \"*\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.allowed_origins.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enable Debugging\",\n \"Description\": \"Set to true to debug server side CORS issues.\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.debug\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enable CORS\",\n \"Description\": \"If set to true, CORS will be enabled and preflight-requests (OPTION) will be answered.\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed Response HTTP Headers\",\n \"Description\": \"Indicates which headers are safe to expose to the API of a CORS API specification\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.exposed_headers\",\n \"Default\": [\n \"Content-Type\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.exposed_headers.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Maximum Age\",\n \"Description\": \"Indicates how long (in seconds) the results of a preflight request can be cached. The default is 0 which stands for no max age.\",\n \"Examples\": null,\n \"Name\": \"serve.api.cors.max_age\",\n \"Default\": 0,\n \"Type\": 0,\n \"TypeHint\": 2,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Host\",\n \"Description\": \"The network interface to listen on.\",\n \"Examples\": [\n \"localhost\",\n \"127.0.0.1\"\n ],\n \"Name\": \"serve.api.host\",\n \"Default\": \"\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Port\",\n \"Description\": \"The port to listen on.\",\n \"Examples\": null,\n \"Name\": \"serve.api.port\",\n \"Default\": 4456,\n \"Type\": 0,\n \"TypeHint\": 2,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTPS\",\n \"Description\": \"Configure HTTP over TLS (HTTPS). All options can also be set using environment variables by replacing dots (`.`) with underscores (`_`) and uppercasing the key. For example, `some.prefix.tls.key.path` becomes `export SOME_PREFIX_TLS_KEY_PATH`. If all keys are left undefined, TLS will be disabled.\",\n \"Examples\": null,\n \"Name\": \"serve.api.tls\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.api.tls.cert\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Base64 Encoded Inline\",\n \"Description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"Examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ],\n \"Name\": \"serve.api.tls.cert.base64\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Path to PEM-encoded Fle\",\n \"Description\": \"\",\n \"Examples\": [\n \"path/to/file.pem\"\n ],\n \"Name\": \"serve.api.tls.cert.path\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.api.tls.key\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Base64 Encoded Inline\",\n \"Description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"Examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ],\n \"Name\": \"serve.api.tls.key.base64\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Path to PEM-encoded Fle\",\n \"Description\": \"\",\n \"Examples\": [\n \"path/to/file.pem\"\n ],\n \"Name\": \"serve.api.tls.key.path\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP Reverse Proxy\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.proxy\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Cross Origin Resource Sharing (CORS)\",\n \"Description\": \"Configure [Cross Origin Resource Sharing (CORS)](http://www.w3.org/TR/cors/) using the following options.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allow HTTP Credentials\",\n \"Description\": \"Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.allow_credentials\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed Request HTTP Headers\",\n \"Description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.allowed_headers\",\n \"Default\": [\n \"Authorization\",\n \"Content-Type\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.allowed_headers.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed HTTP Methods\",\n \"Description\": \"A list of methods the client is allowed to use with cross-domain requests.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.allowed_methods\",\n \"Default\": [\n \"GET\",\n \"POST\",\n \"PUT\",\n \"PATCH\",\n \"DELETE\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.allowed_methods.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"GET\",\n \"HEAD\",\n \"POST\",\n \"PUT\",\n \"DELETE\",\n \"CONNECT\",\n \"TRACE\",\n \"PATCH\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed Origins\",\n \"Description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality. Only one wildcard can be used per origin.\",\n \"Examples\": [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ],\n \"Name\": \"serve.proxy.cors.allowed_origins\",\n \"Default\": [\n \"*\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.allowed_origins.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enable Debugging\",\n \"Description\": \"Set to true to debug server side CORS issues.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.debug\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Enable CORS\",\n \"Description\": \"If set to true, CORS will be enabled and preflight-requests (OPTION) will be answered.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.enabled\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Allowed Response HTTP Headers\",\n \"Description\": \"Indicates which headers are safe to expose to the API of a CORS API specification\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.exposed_headers\",\n \"Default\": [\n \"Content-Type\"\n ],\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.exposed_headers.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Maximum Age\",\n \"Description\": \"Indicates how long (in seconds) the results of a preflight request can be cached. The default is 0 which stands for no max age.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.cors.max_age\",\n \"Default\": 0,\n \"Type\": 0,\n \"TypeHint\": 2,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Host\",\n \"Description\": \"The network interface to listen on. Leave empty to listen on all interfaces.\",\n \"Examples\": [\n \"localhost\",\n \"127.0.0.1\"\n ],\n \"Name\": \"serve.proxy.host\",\n \"Default\": \"\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Port\",\n \"Description\": \"The port to listen on.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.port\",\n \"Default\": 4455,\n \"Type\": 0,\n \"TypeHint\": 2,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP Timeouts\",\n \"Description\": \"Control the reverse proxy's HTTP timeouts.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.timeout\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP Idle Timeout\",\n \"Description\": \" The maximum amount of time to wait for any action of a request session, reading data or writing the response.\",\n \"Examples\": [\n \"5s\",\n \"5m\",\n \"5h\"\n ],\n \"Name\": \"serve.proxy.timeout.idle\",\n \"Default\": \"120s\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP Read Timeout\",\n \"Description\": \"The maximum duration for reading the entire request, including the body.\",\n \"Examples\": [\n \"5s\",\n \"5m\",\n \"5h\"\n ],\n \"Name\": \"serve.proxy.timeout.read\",\n \"Default\": \"5s\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTP Write Timeout\",\n \"Description\": \"The maximum duration before timing out writes of the response. Increase this parameter to prevent unexpected closing a client connection if an upstream request is responding slowly.\",\n \"Examples\": [\n \"5s\",\n \"5m\",\n \"5h\"\n ],\n \"Name\": \"serve.proxy.timeout.write\",\n \"Default\": \"120s\",\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"HTTPS\",\n \"Description\": \"Configure HTTP over TLS (HTTPS). All options can also be set using environment variables by replacing dots (`.`) with underscores (`_`) and uppercasing the key. For example, `some.prefix.tls.key.path` becomes `export SOME_PREFIX_TLS_KEY_PATH`. If all keys are left undefined, TLS will be disabled.\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.tls\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.tls.cert\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Base64 Encoded Inline\",\n \"Description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"Examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ],\n \"Name\": \"serve.proxy.tls.cert.base64\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Path to PEM-encoded Fle\",\n \"Description\": \"\",\n \"Examples\": [\n \"path/to/file.pem\"\n ],\n \"Name\": \"serve.proxy.tls.cert.path\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"serve.proxy.tls.key\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Base64 Encoded Inline\",\n \"Description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"Examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ],\n \"Name\": \"serve.proxy.tls.key.base64\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Path to PEM-encoded Fle\",\n \"Description\": \"\",\n \"Examples\": [\n \"path/to/file.pem\"\n ],\n \"Name\": \"serve.proxy.tls.key.path\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=1.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#.id\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=2.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"dsn\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=3.json", "content": "[\n {\n \"Title\": \"OpenID Connect and OAuth2 Providers\",\n \"Description\": \"A list and configuration of OAuth2 and OpenID Connect providers ORY Kratos should integrate with.\",\n \"Examples\": null,\n \"Name\": \"providers\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": [\n \"https://accounts.google.com/o/oauth2/v2/auth\"\n ],\n \"Name\": \"providers.#.auth_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#.client_id\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#.client_secret\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": [\n \"google\"\n ],\n \"Name\": \"providers.#.id\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": [\n \"https://accounts.google.com\"\n ],\n \"Name\": \"providers.#.issuer_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Jsonnet Mapper URL\",\n \"Description\": \"The URL where the jsonnet source is located for mapping the provider's data to ORY Kratos data.\",\n \"Examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ],\n \"Name\": \"providers.#.mapper_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Provider\",\n \"Description\": \"Can be one of github, gitlab, generic, google, microsoft, discord.\",\n \"Examples\": [\n \"google\"\n ],\n \"Name\": \"providers.#.provider\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": [\n \"github\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\"\n ],\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#.scope\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": [\n \"offline_access\",\n \"profile\"\n ],\n \"Name\": \"providers.#.scope.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"Azure AD Tenant\",\n \"Description\": \"The Azure AD Tenant to use for authentication.\",\n \"Examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ],\n \"Name\": \"providers.#.tenant\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": [\n \"https://www.googleapis.com/oauth2/v4/token\"\n ],\n \"Name\": \"providers.#.token_url\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"uri\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=4.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar\",\n \"Default\": \"asdf\",\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": true,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"foo\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"list\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"list.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=5.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar\",\n \"Default\": \"asdf\",\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": true,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"foo\",\n \"Default\": false,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"list\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"list.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=6.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": {\n \"foobar\": \"bar\"\n }\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"foo\",\n \"Default\": null,\n \"Type\": false,\n \"TypeHint\": 4,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=7.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=8.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"baz\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"baz.#\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 8,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"baz.#.#\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPaths-case=9.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"baz\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"baz.#\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"baz.#.foo\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/.snapshots/TestListPathsWithRecursion-case=0.json", "content": "[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bar\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bar.foo\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bar.foo.bar\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bar.foo.bar.foo\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bar.foo.bar.foos\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": 10,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bar.foo.bars\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"email\",\n \"Pattern\": \".*\",\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bar.foos\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": 10,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foo.bars\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"email\",\n \"Pattern\": \".*\",\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": true,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"bar.foos\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": 1,\n \"MaxLength\": 10,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n" }, { "path": "oryx/jsonschemax/README.md", "content": "# JSON Schema Helpers\n\nThis package contains utilities for working with JSON Schemas.\n\n## Listing all Possible JSON Schema Paths\n\nUsing `jsonschemax.ListPaths()` you can get a list of all possible JSON paths in\na JSON Schema.\n\n```go\npackage main\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/x/jsonschemax\"\n)\n\nvar schema = \"...\"\n\nfunc main() {\n\tc := jsonschema.NewCompiler()\n\t_ = c.AddResource(\"test.json\", bytes.NewBufferString(schema))\n\tpaths, _ := jsonschemax.ListPaths(\"test.json\", c)\n\tfmt.Printf(\"%+v\", paths)\n}\n```\n\nAll keys are delimited using `.`. Please note that arrays are denoted with `#`\nwhen `ListPathsWithArraysIncluded` is used. For example, the JSON Schema\n\n```json\n{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"properties\": {\n \"providers\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n}\n```\n\nResults in paths:\n\n```json\n[\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers\",\n \"Default\": null,\n \"Type\": [],\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#\",\n \"Default\": null,\n \"Type\": {},\n \"TypeHint\": 5,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n },\n {\n \"Title\": \"\",\n \"Description\": \"\",\n \"Examples\": null,\n \"Name\": \"providers.#.id\",\n \"Default\": null,\n \"Type\": \"\",\n \"TypeHint\": 1,\n \"Format\": \"\",\n \"Pattern\": null,\n \"Enum\": null,\n \"Constant\": null,\n \"ReadOnly\": false,\n \"MinLength\": -1,\n \"MaxLength\": -1,\n \"Required\": false,\n \"Minimum\": null,\n \"Maximum\": null,\n \"MultipleOf\": null,\n \"CustomProperties\": null\n }\n]\n```\n" }, { "path": "oryx/jsonschemax/error.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonschemax\n\nimport (\n\t\"github.com/ory/jsonschema/v3\"\n)\n\n// ErrorType is the schema error type.\ntype ErrorType int\n\nconst (\n\t// ErrorTypeMissing represents a validation that failed because a value is missing.\n\tErrorTypeMissing ErrorType = iota + 1\n)\n\n// Error represents a schema error.\ntype Error struct {\n\t// Type is the error type.\n\tType ErrorType\n\n\t// DocumentPointer is the JSON Pointer in the document.\n\tDocumentPointer string\n\n\t// SchemaPointer is the JSON Pointer in the schema.\n\tSchemaPointer string\n\n\t// DocumentFieldName is a pointer to the document in dot-notation: fo.bar.baz\n\tDocumentFieldName string\n}\n\n// NewFromSanthoshError converts github.com/santhosh-tekuri/jsonschema.ValidationError to Error.\nfunc NewFromSanthoshError(validationError jsonschema.ValidationError) *Error {\n\treturn &Error{\n\t\t// DocumentPointer: JSONPointerToDotNotation(validationError.InstancePtr),\n\t\t// SchemaPointer: JSONPointerToDotNotation(validationError.SchemaPtr),\n\t\t// DocumentFieldName: JSONPointerToDotNotation(validationError.InstancePtr),\n\t}\n}\n" }, { "path": "oryx/jsonschemax/keys.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonschemax\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"math/big\"\n\t\"regexp\"\n\t\"slices\"\n\t\"sort\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/jsonschema/v3\"\n)\n\ntype (\n\tbyName []Path\n\tPathEnhancer interface {\n\t\tEnhancePath(Path) map[string]interface{}\n\t}\n\tTypeHint int\n)\n\nfunc (s byName) Len() int { return len(s) }\nfunc (s byName) Swap(i, j int) { s[i], s[j] = s[j], s[i] }\nfunc (s byName) Less(i, j int) bool { return s[i].Name < s[j].Name }\n\nconst (\n\tString TypeHint = iota + 1\n\tFloat\n\tInt\n\tBool\n\tJSON\n\tNil\n\n\tBoolSlice\n\tStringSlice\n\tIntSlice\n\tFloatSlice\n)\n\n// Path represents a JSON Schema Path.\ntype Path struct {\n\t// Title of the path.\n\tTitle string\n\n\t// Description of the path.\n\tDescription string\n\n\t// Examples of the path.\n\tExamples []interface{}\n\n\t// Name is the JSON path name.\n\tName string\n\n\t// Default is the default value of that path.\n\tDefault interface{}\n\n\t// Type is a prototype (e.g. float64(0)) of the path type.\n\tType interface{}\n\n\tTypeHint\n\n\t// Format is the format of the path if defined\n\tFormat string\n\n\t// Pattern is the pattern of the path if defined\n\tPattern *regexp.Regexp\n\n\t// Enum are the allowed enum values\n\tEnum []interface{}\n\n\t// first element in slice is constant value. note: slice is used to capture nil constant.\n\tConstant []interface{}\n\n\t// ReadOnly is whether the value is readonly\n\tReadOnly bool\n\n\t// -1 if not specified\n\tMinLength int\n\tMaxLength int\n\n\t// Required if set indicates this field is required.\n\tRequired bool\n\n\tMinimum *big.Float\n\tMaximum *big.Float\n\n\tMultipleOf *big.Float\n\n\tCustomProperties map[string]interface{}\n}\n\n// ListPathsBytes works like ListPathsWithRecursion but prepares the JSON Schema itself.\nfunc ListPathsBytes(ctx context.Context, raw json.RawMessage, maxRecursion int16) ([]Path, error) {\n\tcompiler := jsonschema.NewCompiler()\n\tcompiler.ExtractAnnotations = true\n\tid := fmt.Sprintf(\"%x.json\", sha256.Sum256(raw))\n\tif err := compiler.AddResource(id, bytes.NewReader(raw)); err != nil {\n\t\treturn nil, err\n\t}\n\tcompiler.ExtractAnnotations = true\n\treturn runPathsFromCompiler(ctx, id, compiler, maxRecursion, false)\n}\n\n// ListPathsWithRecursion will follow circular references until maxRecursion is reached, without\n// returning an error.\nfunc ListPathsWithRecursion(ctx context.Context, ref string, compiler *jsonschema.Compiler, maxRecursion uint8) ([]Path, error) {\n\treturn runPathsFromCompiler(ctx, ref, compiler, int16(maxRecursion), false)\n}\n\n// ListPaths lists all paths of a JSON Schema. Will return an error\n// if circular references are found.\nfunc ListPaths(ctx context.Context, ref string, compiler *jsonschema.Compiler) ([]Path, error) {\n\treturn runPathsFromCompiler(ctx, ref, compiler, -1, false)\n}\n\n// ListPathsWithArraysIncluded lists all paths of a JSON Schema. Will return an error\n// if circular references are found.\n// Includes arrays with `#`.\nfunc ListPathsWithArraysIncluded(ctx context.Context, ref string, compiler *jsonschema.Compiler) ([]Path, error) {\n\treturn runPathsFromCompiler(ctx, ref, compiler, -1, true)\n}\n\n// ListPathsWithInitializedSchema loads the paths from the schema without compiling it.\n//\n// You MUST ensure that the compiler was using `ExtractAnnotations = true`.\nfunc ListPathsWithInitializedSchema(schema *jsonschema.Schema) ([]Path, error) {\n\treturn runPaths(schema, -1, false)\n}\n\n// ListPathsWithInitializedSchemaAndArraysIncluded loads the paths from the schema without compiling it.\n//\n// You MUST ensure that the compiler was using `ExtractAnnotations = true`.\n// Includes arrays with `#`.\nfunc ListPathsWithInitializedSchemaAndArraysIncluded(schema *jsonschema.Schema) ([]Path, error) {\n\treturn runPaths(schema, -1, true)\n}\n\nfunc runPathsFromCompiler(ctx context.Context, ref string, compiler *jsonschema.Compiler, maxRecursion int16, includeArrays bool) ([]Path, error) {\n\tif compiler == nil {\n\t\tcompiler = jsonschema.NewCompiler()\n\t}\n\n\tcompiler.ExtractAnnotations = true\n\n\tschema, err := compiler.Compile(ctx, ref)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\treturn runPaths(schema, maxRecursion, includeArrays)\n}\n\nfunc runPaths(schema *jsonschema.Schema, maxRecursion int16, includeArrays bool) ([]Path, error) {\n\tpointers := map[string]bool{}\n\tpaths, err := listPaths(schema, nil, nil, pointers, 0, maxRecursion, includeArrays)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\tsort.Stable(paths)\n\treturn makeUnique(paths)\n}\n\nfunc makeUnique(in byName) (byName, error) {\n\tcache := make(map[string]Path)\n\tfor _, p := range in {\n\t\tvc, ok := cache[p.Name]\n\t\tif !ok {\n\t\t\tcache[p.Name] = p\n\t\t\tcontinue\n\t\t}\n\n\t\tif fmt.Sprintf(\"%T\", p.Type) != fmt.Sprintf(\"%T\", p.Type) {\n\t\t\treturn nil, errors.Errorf(\"multiple types %+v are not supported for path: %s\", []interface{}{p.Type, vc.Type}, p.Name)\n\t\t}\n\n\t\tif vc.Default == nil {\n\t\t\tcache[p.Name] = p\n\t\t}\n\t}\n\n\tk := 0\n\tout := make([]Path, len(cache))\n\tfor _, v := range cache {\n\t\tout[k] = v\n\t\tk++\n\t}\n\n\tpaths := byName(out)\n\tsort.Sort(paths)\n\treturn paths, nil\n}\n\nfunc appendPointer(in map[string]bool, pointer *jsonschema.Schema) map[string]bool {\n\tout := make(map[string]bool)\n\tfor k, v := range in {\n\t\tout[k] = v\n\t}\n\tout[fmt.Sprintf(\"%p\", pointer)] = true\n\treturn out\n}\n\nfunc listPaths(schema *jsonschema.Schema, parent *jsonschema.Schema, parents []string, pointers map[string]bool, currentRecursion int16, maxRecursion int16, includeArrays bool) (byName, error) {\n\tvar pathType interface{}\n\tvar pathTypeHint TypeHint\n\tvar paths []Path\n\t_, isCircular := pointers[fmt.Sprintf(\"%p\", schema)]\n\n\tif len(schema.Constant) > 0 {\n\t\tswitch schema.Constant[0].(type) {\n\t\tcase float64, json.Number:\n\t\t\tpathType = float64(0)\n\t\t\tpathTypeHint = Float\n\t\tcase int8, int16, int, int64:\n\t\t\tpathType = int64(0)\n\t\t\tpathTypeHint = Int\n\t\tcase string:\n\t\t\tpathType = \"\"\n\t\t\tpathTypeHint = String\n\t\tcase bool:\n\t\t\tpathType = false\n\t\t\tpathTypeHint = Bool\n\t\tdefault:\n\t\t\tpathType = schema.Constant[0]\n\t\t\tpathTypeHint = JSON\n\t\t}\n\t} else if len(schema.Types) == 1 {\n\t\tswitch schema.Types[0] {\n\t\tcase \"null\":\n\t\t\tpathType = nil\n\t\t\tpathTypeHint = Nil\n\t\tcase \"boolean\":\n\t\t\tpathType = false\n\t\t\tpathTypeHint = Bool\n\t\tcase \"number\":\n\t\t\tpathType = float64(0)\n\t\t\tpathTypeHint = Float\n\t\tcase \"integer\":\n\t\t\tpathType = float64(0)\n\t\t\tpathTypeHint = Int\n\t\tcase \"string\":\n\t\t\tpathType = \"\"\n\t\t\tpathTypeHint = String\n\t\tcase \"array\":\n\t\t\tpathType = []interface{}{}\n\t\t\tif schema.Items != nil {\n\t\t\t\tvar itemSchemas []*jsonschema.Schema\n\t\t\t\tswitch t := schema.Items.(type) {\n\t\t\t\tcase []*jsonschema.Schema:\n\t\t\t\t\titemSchemas = t\n\t\t\t\tcase *jsonschema.Schema:\n\t\t\t\t\titemSchemas = []*jsonschema.Schema{t}\n\t\t\t\t}\n\t\t\t\tvar types []string\n\t\t\t\tfor _, is := range itemSchemas {\n\t\t\t\t\ttypes = append(types, is.Types...)\n\t\t\t\t\tif is.Ref != nil {\n\t\t\t\t\t\ttypes = append(types, is.Ref.Types...)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\ttypes = slices.Compact(types)\n\t\t\t\tif len(types) == 1 {\n\t\t\t\t\tswitch types[0] {\n\t\t\t\t\tcase \"boolean\":\n\t\t\t\t\t\tpathType = []bool{}\n\t\t\t\t\t\tpathTypeHint = BoolSlice\n\t\t\t\t\tcase \"number\":\n\t\t\t\t\t\tpathType = []float64{}\n\t\t\t\t\t\tpathTypeHint = FloatSlice\n\t\t\t\t\tcase \"integer\":\n\t\t\t\t\t\tpathType = []float64{}\n\t\t\t\t\t\tpathTypeHint = IntSlice\n\t\t\t\t\tcase \"string\":\n\t\t\t\t\t\tpathType = []string{}\n\t\t\t\t\t\tpathTypeHint = StringSlice\n\t\t\t\t\tdefault:\n\t\t\t\t\t\tpathType = []interface{}{}\n\t\t\t\t\t\tpathTypeHint = JSON\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\tcase \"object\":\n\t\t\tpathType = map[string]interface{}{}\n\t\t\tpathTypeHint = JSON\n\t\t}\n\t} else if len(schema.Types) > 2 {\n\t\tpathType = nil\n\t\tpathTypeHint = JSON\n\t}\n\n\tvar def interface{} = schema.Default\n\tif v, ok := def.(json.Number); ok {\n\t\tdef, _ = v.Float64()\n\t}\n\n\tif (pathType != nil || schema.Default != nil) && len(parents) > 0 {\n\t\tname := parents[len(parents)-1]\n\t\tvar required bool\n\t\tif parent != nil {\n\t\t\tfor _, r := range parent.Required {\n\t\t\t\tif r == name {\n\t\t\t\t\trequired = true\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tpath := Path{\n\t\t\tName: strings.Join(parents, \".\"),\n\t\t\tDefault: def,\n\t\t\tType: pathType,\n\t\t\tTypeHint: pathTypeHint,\n\t\t\tFormat: schema.Format,\n\t\t\tPattern: schema.Pattern,\n\t\t\tEnum: schema.Enum,\n\t\t\tConstant: schema.Constant,\n\t\t\tMinLength: schema.MinLength,\n\t\t\tMaxLength: schema.MaxLength,\n\t\t\tMinimum: schema.Minimum,\n\t\t\tMaximum: schema.Maximum,\n\t\t\tMultipleOf: schema.MultipleOf,\n\t\t\tReadOnly: schema.ReadOnly,\n\t\t\tTitle: schema.Title,\n\t\t\tDescription: schema.Description,\n\t\t\tExamples: schema.Examples,\n\t\t\tRequired: required,\n\t\t}\n\n\t\tfor _, e := range schema.Extensions {\n\t\t\tif enhancer, ok := e.(PathEnhancer); ok {\n\t\t\t\tpath.CustomProperties = enhancer.EnhancePath(path)\n\t\t\t}\n\t\t}\n\t\tpaths = append(paths, path)\n\t}\n\n\tif isCircular {\n\t\tif maxRecursion == -1 {\n\t\t\treturn nil, errors.Errorf(\"detected circular dependency in schema path: %s\", strings.Join(parents, \".\"))\n\t\t} else if currentRecursion > maxRecursion {\n\t\t\treturn paths, nil\n\t\t}\n\t\tcurrentRecursion++\n\t}\n\n\tif schema.Ref != nil {\n\t\tpath, err := listPaths(schema.Ref, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tif schema.Not != nil {\n\t\tpath, err := listPaths(schema.Not, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tif schema.If != nil {\n\t\tpath, err := listPaths(schema.If, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tif schema.Then != nil {\n\t\tpath, err := listPaths(schema.Then, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tif schema.Else != nil {\n\t\tpath, err := listPaths(schema.Else, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tfor _, sub := range schema.AllOf {\n\t\tpath, err := listPaths(sub, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tfor _, sub := range schema.AnyOf {\n\t\tpath, err := listPaths(sub, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tfor _, sub := range schema.OneOf {\n\t\tpath, err := listPaths(sub, schema, parents, appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tfor name, sub := range schema.Properties {\n\t\tpath, err := listPaths(sub, schema, append(parents, name), appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tpaths = append(paths, path...)\n\t}\n\n\tif schema.Items != nil && includeArrays {\n\t\tswitch t := schema.Items.(type) {\n\t\tcase []*jsonschema.Schema:\n\t\t\tfor _, sub := range t {\n\t\t\t\tpath, err := listPaths(sub, schema, append(parents, \"#\"), appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tpaths = append(paths, path...)\n\t\t\t}\n\t\tcase *jsonschema.Schema:\n\t\t\tpath, err := listPaths(t, schema, append(parents, \"#\"), appendPointer(pointers, schema), currentRecursion, maxRecursion, includeArrays)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\tpaths = append(paths, path...)\n\t\t}\n\t}\n\n\treturn paths, nil\n}\n" }, { "path": "oryx/jsonschemax/pointer.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonschemax\n\nimport (\n\t\"net/url\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n)\n\n// JSONPointerToDotNotation converts JSON Pointer \"#/foo/bar\" to dot-notation \"foo.bar\".\nfunc JSONPointerToDotNotation(pointer string) (string, error) {\n\tif !strings.HasPrefix(pointer, \"#/\") {\n\t\treturn pointer, errors.Errorf(\"remote JSON pointers are not supported: %s\", pointer)\n\t}\n\n\tvar path []string\n\tfor _, item := range strings.Split(strings.TrimPrefix(pointer, \"#/\"), \"/\") {\n\t\titem = strings.Replace(item, \"~1\", \"/\", -1)\n\t\titem = strings.Replace(item, \"~0\", \"~\", -1)\n\t\titem, err := url.PathUnescape(item)\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t\tpath = append(path, strings.ReplaceAll(item, \".\", \"\\\\.\"))\n\t}\n\n\treturn strings.Join(path, \".\"), nil\n}\n" }, { "path": "oryx/jsonschemax/print.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonschemax\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"strings\"\n\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/jsonschema/v3\"\n)\n\nfunc FormatValidationErrorForCLI(w io.Writer, conf []byte, err error) {\n\tif err == nil {\n\t\treturn\n\t}\n\n\tif e := new(jsonschema.ValidationError); errors.As(err, &e) {\n\t\t_, _ = fmt.Fprintln(w, \"The configuration contains values or keys which are invalid:\")\n\t\tpointer, validation := FormatError(e)\n\n\t\tif pointer == \"#\" {\n\t\t\tif len(e.Causes) == 0 {\n\t\t\t\t_, _ = fmt.Fprintln(w, \"(root)\")\n\t\t\t\t_, _ = fmt.Fprintln(w, \"^-- \"+validation)\n\t\t\t\t_, _ = fmt.Fprintln(w, \"\")\n\t\t\t}\n\t\t} else {\n\t\t\tspaces := make([]string, len(pointer)+3)\n\t\t\t_, _ = fmt.Fprintf(w, \"%s: %+v\", pointer, gjson.GetBytes(conf, pointer).Value())\n\t\t\t_, _ = fmt.Fprintln(w, \"\")\n\t\t\t_, _ = fmt.Fprintf(w, \"%s^-- %s\", strings.Join(spaces, \" \"), validation)\n\t\t\t_, _ = fmt.Fprintln(w, \"\")\n\t\t\t_, _ = fmt.Fprintln(w, \"\")\n\t\t}\n\n\t\tfor _, cause := range e.Causes {\n\t\t\tFormatValidationErrorForCLI(w, conf, cause)\n\t\t}\n\t\treturn\n\t}\n}\n\nfunc FormatError(e *jsonschema.ValidationError) (string, string) {\n\tvar (\n\t\terr error\n\t\tpointer string\n\t\tmessage string\n\t)\n\n\tpointer = e.InstancePtr\n\tmessage = e.Message\n\tswitch ctx := e.Context.(type) {\n\tcase *jsonschema.ValidationErrorContextRequired:\n\t\tif len(ctx.Missing) > 0 {\n\t\t\tmessage = \"one or more required properties are missing\"\n\t\t\tpointer = ctx.Missing[0]\n\t\t}\n\t}\n\n\t// We can ignore the error as it will simply echo the pointer.\n\tpointer, err = JSONPointerToDotNotation(pointer)\n\tif err != nil {\n\t\tpointer = e.InstancePtr\n\t}\n\n\treturn pointer, message\n}\n" }, { "path": "oryx/jsonschemax/stub/.config.yaml", "content": "dsn: memory\nitems:\n - id: 1\n" }, { "path": "oryx/jsonschemax/stub/.oathkeeper.schema.json", "content": "{\n \"$id\": \"https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"ORY Oathkeeper Configuration\",\n \"type\": \"object\",\n \"definitions\": {\n \"tlsxSource\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"path\": {\n \"title\": \"Path to PEM-encoded Fle\",\n \"type\": \"string\",\n \"examples\": [\"path/to/file.pem\"]\n },\n \"base64\": {\n \"title\": \"Base64 Encoded Inline\",\n \"description\": \"The base64 string of the PEM-encoded file content. Can be generated using for example `base64 -i path/to/file.pem`.\",\n \"type\": \"string\",\n \"examples\": [\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...\"\n ]\n }\n }\n },\n \"tlsx\": {\n \"title\": \"HTTPS\",\n \"description\": \"Configure HTTP over TLS (HTTPS). All options can also be set using environment variables by replacing dots (`.`) with underscores (`_`) and uppercasing the key. For example, `some.prefix.tls.key.path` becomes `export SOME_PREFIX_TLS_KEY_PATH`. If all keys are left undefined, TLS will be disabled.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"key\": {\n \"title\": \"Private Key (PEM)\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/tlsxSource\"\n }\n ]\n },\n \"cert\": {\n \"title\": \"TLS Certificate (PEM)\",\n \"allOf\": [\n {\n \"$ref\": \"#/definitions/tlsxSource\"\n }\n ]\n }\n }\n },\n \"cors\": {\n \"title\": \"Cross Origin Resource Sharing (CORS)\",\n \"description\": \"Configure [Cross Origin Resource Sharing (CORS)](http://www.w3.org/TR/cors/) using the following options.\",\n \"type\": \"object\",\n \"properties\": {\n \"enabled\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"title\": \"Enable CORS\",\n \"description\": \"If set to true, CORS will be enabled and preflight-requests (OPTION) will be answered.\"\n },\n \"allowed_origins\": {\n \"title\": \"Allowed Origins\",\n \"description\": \"A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality. Only one wildcard can be used per origin.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"minLength\": 1\n },\n \"default\": [\"*\"],\n \"uniqueItems\": true,\n \"examples\": [\n \"https://example.com\",\n \"https://*.example.com\",\n \"https://*.foo.example.com\"\n ]\n },\n \"allowed_methods\": {\n \"type\": \"array\",\n \"title\": \"Allowed HTTP Methods\",\n \"description\": \"A list of methods the client is allowed to use with cross-domain requests.\",\n \"items\": {\n \"type\": \"string\",\n \"enum\": [\n \"GET\",\n \"HEAD\",\n \"POST\",\n \"PUT\",\n \"DELETE\",\n \"CONNECT\",\n \"TRACE\",\n \"PATCH\"\n ]\n },\n \"uniqueItems\": true,\n \"default\": [\"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\"]\n },\n \"allowed_headers\": {\n \"description\": \"A list of non simple headers the client is allowed to use with cross-domain requests.\",\n \"title\": \"Allowed Request HTTP Headers\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"minLength\": 1,\n \"uniqueItems\": true,\n \"default\": [\"Authorization\", \"Content-Type\"]\n },\n \"exposed_headers\": {\n \"description\": \"Indicates which headers are safe to expose to the API of a CORS API specification\",\n \"title\": \"Allowed Response HTTP Headers\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"minLength\": 1,\n \"uniqueItems\": true,\n \"default\": [\"Content-Type\"]\n },\n \"allow_credentials\": {\n \"type\": \"boolean\",\n \"title\": \"Allow HTTP Credentials\",\n \"default\": false,\n \"description\": \"Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.\"\n },\n \"max_age\": {\n \"type\": \"number\",\n \"default\": 0,\n \"title\": \"Maximum Age\",\n \"description\": \"Indicates how long (in seconds) the results of a preflight request can be cached. The default is 0 which stands for no max age.\"\n },\n \"debug\": {\n \"type\": \"boolean\",\n \"default\": false,\n \"title\": \"Enable Debugging\",\n \"description\": \"Set to true to debug server side CORS issues.\"\n }\n },\n \"additionalProperties\": false\n },\n \"handlerSwitch\": {\n \"title\": \"Enabled\",\n \"type\": \"boolean\",\n \"default\": false,\n \"examples\": [true],\n \"description\": \"En-/disables this component.\"\n },\n \"scopeStrategy\": {\n \"title\": \"Scope Strategy\",\n \"type\": \"string\",\n \"enum\": [\"hierarchic\", \"exact\", \"wildcard\", \"none\"],\n \"default\": \"none\",\n \"description\": \"Sets the strategy validation algorithm.\"\n },\n \"configAuthenticatorsAnonymous\": {\n \"type\": \"object\",\n \"title\": \"Anonymous Authenticator Configuration\",\n \"description\": \"This section is optional when the authenticator is disabled.\",\n \"properties\": {\n \"subject\": {\n \"type\": \"string\",\n \"title\": \"Anonymous Subject\",\n \"examples\": [\"guest\", \"anon\", \"anonymous\", \"unknown\"],\n \"default\": \"anonymous\",\n \"description\": \"Sets the anonymous username.\"\n }\n },\n \"additionalProperties\": false\n },\n \"configAuthenticatorsCookieSession\": {\n \"type\": \"object\",\n \"title\": \"Cookie Session Authenticator Configuration\",\n \"description\": \"This section is optional when the authenticator is disabled.\",\n \"properties\": {\n \"check_session_url\": {\n \"title\": \"Session Check URL\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"description\": \"The origin to proxy requests to. If the response is a 200 with body `{ \\\"subject\\\": \\\"...\\\", \\\"extra\\\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\\n\\n>If this authenticator is enabled, this value is required.\",\n \"examples\": [\"https://session-store-host\"]\n },\n \"only\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"additionalItems\": false\n },\n \"title\": \"Only Cookies\",\n \"description\": \"A list of possible cookies to look for on incoming requests, and will fallthrough to the next authenticator if none of the passed cookies are set on the request.\"\n }\n },\n \"required\": [\"check_session_url\"],\n \"additionalProperties\": false\n },\n \"configAuthenticatorsJwt\": {\n \"type\": \"object\",\n \"title\": \"JWT Authenticator Configuration\",\n \"description\": \"This section is optional when the authenticator is disabled.\",\n \"required\": [\"jwks_urls\"],\n \"properties\": {\n \"required_scope\": {\n \"type\": \"array\",\n \"title\": \"Required Token Scope\",\n \"description\": \"An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header did not request that specific scope, the request is denied.\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"target_audience\": {\n \"title\": \"Intended Audience\",\n \"type\": \"array\",\n \"description\": \"An array of audiences that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"trusted_issuers\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"allowed_algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"jwks_urls\": {\n \"title\": \"JSON Web Key URLs\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n \"description\": \"URLs where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web Token. Usually something like \\\"https://my-keys.com/.well-known/jwks.json\\\". The response of that endpoint must return a JSON Web Key Set (JWKS).\\n\\n>If this authenticator is enabled, this value is required.\",\n \"examples\": [\n \"https://my-website.com/.well-known/jwks.json\",\n \"https://my-other-website.com/.well-known/jwks.json\",\n \"file://path/to/local/jwks.json\"\n ]\n },\n \"scope_strategy\": {\n \"$ref\": \"#/definitions/scopeStrategy\"\n },\n \"token_from\": {\n \"title\": \"Token From\",\n \"description\": \"The location of the token.\\n If not configured, the token will be received from a default location - 'Authorization' header.\\n One and only one location (header or query) must be specified.\",\n \"oneOf\": [\n {\n \"type\": \"object\",\n \"required\": [\"header\"],\n \"properties\": {\n \"header\": {\n \"title\": \"Header\",\n \"type\": \"string\",\n \"description\": \"The header (case insensitive) that must contain a token for request authentication. It can't be set along with query_parameter.\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"required\": [\"query_parameter\"],\n \"properties\": {\n \"query_parameter\": {\n \"title\": \"Query Parameter\",\n \"type\": \"string\",\n \"description\": \"The query parameter (case sensitive) that must contain a token for request authentication. It can't be set along with header.\"\n }\n }\n }\n ]\n }\n },\n \"additionalProperties\": false\n },\n \"configAuthenticatorsOauth2ClientCredentials\": {\n \"type\": \"object\",\n \"title\": \"OAuth 2.0 Client Credentials Authenticator Configuration\",\n \"description\": \"This section is optional when the authenticator is disabled.\",\n \"properties\": {\n \"token_url\": {\n \"type\": \"string\",\n \"description\": \"The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\\n\\n>If this authenticator is enabled, this value is required.\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-website.com/oauth2/token\"]\n },\n \"required_scope\": {\n \"type\": \"array\",\n \"title\": \"Request Permissions (Token Scope)\",\n \"description\": \"Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.\\n If the token used in the Authorization header did not request that specific scope, the request is denied.\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"token_url\"],\n \"additionalProperties\": false\n },\n \"configAuthenticatorsOauth2Introspection\": {\n \"type\": \"object\",\n \"title\": \"OAuth 2.0 Introspection Authenticator Configuration\",\n \"description\": \"This section is optional when the authenticator is disabled.\",\n \"properties\": {\n \"introspection_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://my-website.com/oauth2/introspection\"],\n \"title\": \"OAuth 2.0 Introspection URL\",\n \"description\": \"The OAuth 2.0 Token Introspection endpoint URL.\\n\\n>If this authenticator is enabled, this value is required.\"\n },\n \"scope_strategy\": {\n \"$ref\": \"#/definitions/scopeStrategy\"\n },\n \"pre_authorization\": {\n \"title\": \"Pre-Authorization\",\n \"description\": \"Enable pre-authorization in cases where the OAuth 2.0 Token Introspection endpoint is protected by OAuth 2.0 Bearer Tokens that can be retrieved using the OAuth 2.0 Client Credentials grant.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"required\": [\"client_id\", \"client_secret\", \"token_url\"],\n \"properties\": {\n \"enabled\": {\n \"const\": true\n },\n \"client_id\": {\n \"type\": \"string\",\n \"title\": \"OAuth 2.0 Client ID\",\n \"description\": \"The OAuth 2.0 Client ID to be used for the OAuth 2.0 Client Credentials Grant.\\n\\n>If pre-authorization is enabled, this value is required.\"\n },\n \"client_secret\": {\n \"type\": \"string\",\n \"title\": \"OAuth 2.0 Client Secret\",\n \"description\": \"The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.\\n\\n>If pre-authorization is enabled, this value is required.\"\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"title\": \"OAuth 2.0 Token URL\",\n \"description\": \"The OAuth 2.0 Token Endpoint where the OAuth 2.0 Client Credentials Grant will be performed.\\n\\n>If pre-authorization is enabled, this value is required.\"\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"title\": \"OAuth 2.0 Scope\",\n \"description\": \"The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.\",\n \"examples\": [[\"[\\\"foo\\\", \\\"bar\\\"]\"]]\n }\n }\n },\n \"required_scope\": {\n \"title\": \"Required Scope\",\n \"description\": \"An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header did not request that specific scope, the request is denied.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"target_audience\": {\n \"title\": \"Target Audience\",\n \"description\": \"An array of audiences that are required when accessing an endpoint protected by this handler.\\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"trusted_issuers\": {\n \"title\": \"Trusted Issuers\",\n \"description\": \"The token must have been issued by one of the issuers listed in this array.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_from\": {\n \"title\": \"Token From\",\n \"description\": \"The location of the token.\\n If not configured, the token will be received from a default location - 'Authorization' header.\\n One and only one location (header or query) must be specified.\",\n \"type\": \"object\",\n \"oneOf\": [\n {\n \"required\": [\"header\"],\n \"properties\": {\n \"header\": {\n \"title\": \"Header\",\n \"type\": \"string\",\n \"description\": \"The header (case insensitive) that must contain a token for request authentication.\\n It can't be set along with query_parameter.\"\n }\n }\n },\n {\n \"required\": [\"query_parameter\"],\n \"properties\": {\n \"query_parameter\": {\n \"title\": \"Query Parameter\",\n \"type\": \"string\",\n \"description\": \"The query parameter (case sensitive) that must contain a token for request authentication.\\n It can't be set along with header.\"\n }\n }\n }\n ]\n }\n },\n \"required\": [\"introspection_url\"],\n \"additionalProperties\": false\n },\n \"configAuthorizersKetoEngineAcpOry\": {\n \"type\": \"object\",\n \"title\": \"ORY Keto Access Control Policy Authorizer Configuration\",\n \"description\": \"This section is optional when the authorizer is disabled.\",\n \"properties\": {\n \"base_url\": {\n \"title\": \"Base URL\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"description\": \"The base URL of ORY Keto.\\n\\n>If this authorizer is enabled, this value is required.\",\n \"examples\": [\"http://my-keto/\"]\n },\n \"required_action\": {\n \"type\": \"string\",\n \"default\": \"unset\"\n },\n \"required_resource\": {\n \"type\": \"string\",\n \"default\": \"unset\"\n },\n \"subject\": {\n \"type\": \"string\"\n },\n \"flavor\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"base_url\", \"required_action\", \"required_resource\"],\n \"additionalProperties\": false\n },\n \"configMutatorsCookie\": {\n \"type\": \"object\",\n \"title\": \"Cookie Mutator Configuration\",\n \"description\": \"This section is optional when the mutator is disabled.\",\n \"required\": [\"cookies\"],\n \"properties\": {\n \"cookies\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"additionalProperties\": false\n },\n \"configMutatorsHeader\": {\n \"type\": \"object\",\n \"title\": \"Header Mutator Configuration\",\n \"description\": \"This section is optional when the mutator is disabled.\",\n \"required\": [\"headers\"],\n \"properties\": {\n \"headers\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"additionalProperties\": false\n },\n \"configMutatorsHydrator\": {\n \"type\": \"object\",\n \"title\": \"Hydrator Mutator Configuration\",\n \"description\": \"This section is optional when the mutator is disabled.\",\n \"properties\": {\n \"api\": {\n \"additionalProperties\": false,\n \"required\": [\"url\"],\n \"type\": \"object\",\n \"properties\": {\n \"url\": {\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n \"auth\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"basic\": {\n \"required\": [\"username\", \"password\"],\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"username\": {\n \"type\": \"string\"\n },\n \"password\": {\n \"type\": \"string\"\n }\n }\n }\n }\n },\n \"retry\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"number_of_retries\": {\n \"type\": \"number\",\n \"minimum\": 0,\n \"default\": 100\n },\n \"delay_in_milliseconds\": {\n \"type\": \"integer\",\n \"minimum\": 0,\n \"default\": 3\n }\n }\n }\n }\n }\n },\n \"required\": [\"api\"],\n \"additionalProperties\": false\n },\n \"configMutatorsIdToken\": {\n \"type\": \"object\",\n \"title\": \"ID Token Mutator Configuration\",\n \"description\": \"This section is optional when the mutator is disabled.\",\n \"required\": [\"jwks_url\", \"issuer_url\"],\n \"properties\": {\n \"claims\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"title\": \"Issuer URL\",\n \"description\": \"Sets the \\\"iss\\\" value of the ID Token.\\n\\n>If this mutator is enabled, this value is required.\"\n },\n \"jwks_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"title\": \"JSON Web Key URL\",\n \"description\": \"Sets the URL where keys should be fetched from. Supports remote locations (http, https) as well as local filesystem paths.\\n\\n>If this mutator is enabled, this value is required.\",\n \"examples\": [\n \"https://fetch-keys/from/this/location.json\",\n \"file:///from/this/absolute/location.json\",\n \"file://../from/this/relative/location.json\"\n ]\n },\n \"ttl\": {\n \"type\": \"string\",\n \"title\": \"Expire After\",\n \"description\": \"Sets the time-to-live of the JSON Web Token.\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"default\": \"1m\",\n \"examples\": [\"1h\", \"1m\", \"30s\"]\n }\n },\n \"additionalProperties\": false\n }\n },\n \"properties\": {\n \"serve\": {\n \"title\": \"HTTP(s)\",\n \"additionalProperties\": false,\n \"type\": \"object\",\n \"properties\": {\n \"api\": {\n \"type\": \"object\",\n \"title\": \"HTTP REST API\",\n \"additionalProperties\": false,\n \"properties\": {\n \"port\": {\n \"type\": \"number\",\n \"default\": 4456,\n \"title\": \"Port\",\n \"description\": \"The port to listen on.\"\n },\n \"host\": {\n \"type\": \"string\",\n \"default\": \"\",\n \"examples\": [\"localhost\", \"127.0.0.1\"],\n \"title\": \"Host\",\n \"description\": \"The network interface to listen on.\"\n },\n \"cors\": {\n \"$ref\": \"#/definitions/cors\"\n },\n \"tls\": {\n \"$ref\": \"#/definitions/tlsx\"\n }\n }\n },\n \"proxy\": {\n \"type\": \"object\",\n \"title\": \"HTTP Reverse Proxy\",\n \"additionalProperties\": false,\n \"properties\": {\n \"port\": {\n \"type\": \"number\",\n \"default\": 4455,\n \"title\": \"Port\",\n \"description\": \"The port to listen on.\"\n },\n \"host\": {\n \"type\": \"string\",\n \"default\": \"\",\n \"examples\": [\"localhost\", \"127.0.0.1\"],\n \"title\": \"Host\",\n \"description\": \"The network interface to listen on. Leave empty to listen on all interfaces.\"\n },\n \"timeout\": {\n \"title\": \"HTTP Timeouts\",\n \"description\": \"Control the reverse proxy's HTTP timeouts.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"read\": {\n \"title\": \"HTTP Read Timeout\",\n \"type\": \"string\",\n \"default\": \"5s\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"description\": \"The maximum duration for reading the entire request, including the body.\",\n \"examples\": [\"5s\", \"5m\", \"5h\"]\n },\n \"write\": {\n \"title\": \"HTTP Write Timeout\",\n \"type\": \"string\",\n \"default\": \"120s\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"description\": \"The maximum duration before timing out writes of the response. Increase this parameter to prevent unexpected closing a client connection if an upstream request is responding slowly.\",\n \"examples\": [\"5s\", \"5m\", \"5h\"]\n },\n \"idle\": {\n \"title\": \"HTTP Idle Timeout\",\n \"type\": \"string\",\n \"default\": \"120s\",\n \"pattern\": \"^[0-9]+(ns|us|ms|s|m|h)$\",\n \"description\": \" The maximum amount of time to wait for any action of a request session, reading data or writing the response.\",\n \"examples\": [\"5s\", \"5m\", \"5h\"]\n }\n }\n },\n \"cors\": {\n \"$ref\": \"#/definitions/cors\"\n },\n \"tls\": {\n \"$ref\": \"#/definitions/tlsx\"\n }\n }\n }\n }\n },\n \"access_rules\": {\n \"title\": \"Access Rules\",\n \"description\": \"Configure access rules. All sub-keys support configuration reloading without restarting.\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"repositories\": {\n \"title\": \"Repositories\",\n \"description\": \"Locations (list of URLs) where access rules should be fetched from on boot. It is expected that the documents at those locations return a JSON or YAML Array containing ORY Oathkeeper Access Rules:\\n\\n- If the URL Scheme is `file://`, the access rules (an array of access rules is expected) will be fetched from the local file system.\\n- If the URL Scheme is `inline://`, the access rules (an array of access rules is expected) are expected to be a base64 encoded (with padding!) JSON/YAML string (base64_encode(`[{\\\"id\\\":\\\"foo-rule\\\",\\\"authenticators\\\":[....]}]`)).\\n- If the URL Scheme is `http://` or `https://`, the access rules (an array of access rules is expected) will be fetched from the provided HTTP(s) location.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"format\": \"uri\"\n },\n \"examples\": [\n \"[\\\"file://path/to/rules.json\\\",\\\"inline://W3siaWQiOiJmb28tcnVsZSIsImF1dGhlbnRpY2F0b3JzIjpbXX1d\\\",\\\"https://path-to-my-rules/rules.json\\\"]\"\n ]\n }\n }\n },\n \"authenticators\": {\n \"title\": \"Authenticators\",\n \"type\": \"object\",\n \"description\": \"For more information on authenticators head over to: https://www.ory.sh/docs/oathkeeper/pipeline/authn\",\n \"additionalProperties\": false,\n \"properties\": {\n \"anonymous\": {\n \"title\": \"Anonymous\",\n \"description\": \"The [`anonymous` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#anonymous).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configAuthenticatorsAnonymous\"\n }\n }\n },\n \"noop\": {\n \"title\": \"No Operation (noop)\",\n \"description\": \"The [`noop` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#noop).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n }\n }\n },\n \"unauthorized\": {\n \"title\": \"Unauthorized\",\n \"description\": \"The [`unauthorized` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#unauthorized).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n }\n }\n },\n \"cookie_session\": {\n \"title\": \"Cookie Session\",\n \"description\": \"The [`cookie_session` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#cookie_session).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configAuthenticatorsCookieSession\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n },\n \"jwt\": {\n \"title\": \"JSON Web Token (jwt)\",\n \"description\": \"The [`jwt` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#jwt).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configAuthenticatorsJwt\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n },\n \"oauth2_client_credentials\": {\n \"title\": \"OAuth 2.0 Client Credentials\",\n \"description\": \"The [`oauth2_client_credentials` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#oauth2_client_credentials).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configAuthenticatorsOauth2ClientCredentials\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n },\n \"oauth2_introspection\": {\n \"title\": \"OAuth 2.0 Token Introspection\",\n \"description\": \"The [`oauth2_introspection` authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#oauth2_introspection).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configAuthenticatorsOauth2Introspection\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n }\n }\n },\n \"authorizers\": {\n \"title\": \"Authorizers\",\n \"type\": \"object\",\n \"description\": \"For more information on authorizers head over to: https://www.ory.sh/docs/oathkeeper/pipeline/authz\",\n \"additionalProperties\": false,\n \"properties\": {\n \"allow\": {\n \"title\": \"Allow\",\n \"description\": \"The [`allow` authorizer](https://www.ory.sh/docs/oathkeeper/pipeline/authz#allow).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n }\n }\n },\n \"deny\": {\n \"title\": \"Deny\",\n \"description\": \"The [`deny` authorizer](https://www.ory.sh/docs/oathkeeper/pipeline/authz#allow).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n }\n }\n },\n \"keto_engine_acp_ory\": {\n \"title\": \"ORY Keto Access Control Policies Engine\",\n \"description\": \"The [`keto_engine_acp_ory` authorizer](https://www.ory.sh/docs/oathkeeper/pipeline/authz#keto_engine_acp_ory).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configAuthorizersKetoEngineAcpOry\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n }\n }\n },\n \"mutators\": {\n \"title\": \"Mutators\",\n \"type\": \"object\",\n \"description\": \"For more information on mutators head over to: https://www.ory.sh/docs/oathkeeper/pipeline/mutator\",\n \"additionalProperties\": false,\n \"properties\": {\n \"noop\": {\n \"title\": \"No Operation (noop)\",\n \"description\": \"The [`noop` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#noop).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n }\n }\n },\n \"cookie\": {\n \"title\": \"HTTP Cookie\",\n \"description\": \"The [`cookie` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#cookie).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configMutatorsCookie\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n },\n \"header\": {\n \"title\": \"HTTP Header\",\n \"description\": \"The [`header` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#header).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configMutatorsHeader\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n },\n \"hydrator\": {\n \"title\": \"Hydrator\",\n \"description\": \"The [`hydrator` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#hydrator).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configMutatorsHydrator\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n },\n \"id_token\": {\n \"title\": \"ID Token (JSON Web Token)\",\n \"description\": \"The [`id_token` mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#id_token).\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"enabled\": {\n \"$ref\": \"#/definitions/handlerSwitch\"\n },\n \"config\": {\n \"$ref\": \"#/definitions/configMutatorsIdToken\"\n }\n },\n \"oneOf\": [\n {\n \"properties\": {\n \"enabled\": {\n \"const\": true\n }\n },\n \"required\": [\"config\"]\n },\n {\n \"properties\": {\n \"enabled\": {\n \"const\": false\n }\n }\n }\n ]\n }\n }\n },\n \"log\": {\n \"title\": \"Log\",\n \"description\": \"Configure logging using the following options. Logging will always be sent to stdout and stderr.\",\n \"type\": \"object\",\n \"properties\": {\n \"level\": {\n \"type\": \"string\",\n \"default\": \"info\",\n \"enum\": [\"panic\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\"],\n \"title\": \"Level\",\n \"description\": \"Debug enables stack traces on errors. Can also be set using environment variable LOG_LEVEL.\"\n },\n \"format\": {\n \"type\": \"string\",\n \"default\": \"text\",\n \"enum\": [\"text\", \"json\"],\n \"title\": \"Format\",\n \"description\": \"The log format can either be text or JSON.\"\n }\n },\n \"additionalProperties\": false\n },\n \"profiling\": {\n \"title\": \"Profiling\",\n \"description\": \"Enables CPU or memory profiling if set. For more details on profiling Go programs read [Profiling Go Programs](https://blog.golang.org/profiling-go-programs).\",\n \"type\": \"string\",\n \"enum\": [\"cpu\", \"mem\"]\n }\n },\n \"required\": [],\n \"additionalProperties\": false\n}\n" }, { "path": "oryx/jsonschemax/stub/config.schema.json", "content": "{\n \"$id\": \"https://example.com/config.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"config\",\n \"type\": \"object\",\n \"properties\": {\n \"dsn\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"dsn\"]\n}\n" }, { "path": "oryx/jsonschemax/stub/json/.project-stub-name.json", "content": "{\n \"serve\": {\n \"admin\": {\n \"port\": 1\n }\n }\n}\n" }, { "path": "oryx/jsonschemax/stub/nested-array.schema.json", "content": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"properties\": {\n \"providers\": {\n \"title\": \"OpenID Connect and OAuth2 Providers\",\n \"description\": \"A list and configuration of OAuth2 and OpenID Connect providers ORY Kratos should integrate with.\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\",\n \"examples\": [\"google\"]\n },\n \"provider\": {\n \"title\": \"Provider\",\n \"description\": \"Can be one of github, gitlab, generic, google, microsoft, discord.\",\n \"type\": \"string\",\n \"enum\": [\n \"github\",\n \"gitlab\",\n \"generic\",\n \"google\",\n \"microsoft\",\n \"discord\"\n ],\n \"examples\": [\"google\"]\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"client_secret\": {\n \"type\": \"string\"\n },\n \"issuer_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com\"]\n },\n \"auth_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://accounts.google.com/o/oauth2/v2/auth\"]\n },\n \"token_url\": {\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\"https://www.googleapis.com/oauth2/v4/token\"]\n },\n \"mapper_url\": {\n \"title\": \"Jsonnet Mapper URL\",\n \"description\": \"The URL where the jsonnet source is located for mapping the provider's data to ORY Kratos data.\",\n \"type\": \"string\",\n \"format\": \"uri\",\n \"examples\": [\n \"file://path/to/oidc.jsonnet\",\n \"https://foo.bar.com/path/to/oidc.jsonnet\",\n \"base64://bG9jYWwgc3ViamVjdCA9I...\"\n ]\n },\n \"scope\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\",\n \"examples\": [\"offline_access\", \"profile\"]\n }\n },\n \"tenant\": {\n \"title\": \"Azure AD Tenant\",\n \"description\": \"The Azure AD Tenant to use for authentication.\",\n \"type\": \"string\",\n \"examples\": [\n \"common\",\n \"organizations\",\n \"consumers\",\n \"8eaef023-2b34-4da1-9baa-8bc8c9d6a490\",\n \"contoso.onmicrosoft.com\"\n ]\n }\n },\n \"additionalProperties\": false,\n \"required\": [],\n \"if\": {\n \"properties\": {\n \"provider\": {\n \"const\": \"microsoft\"\n }\n },\n \"required\": [\"provider\"]\n },\n \"then\": {\n \"required\": [\"tenant\"]\n },\n \"else\": {\n \"not\": {\n \"properties\": {\n \"tenant\": {}\n },\n \"required\": [\"tenant\"]\n }\n }\n }\n }\n }\n}\n" }, { "path": "oryx/jsonschemax/stub/nested-simple-array.schema.json", "content": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"properties\": {\n \"providers\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n}\n" }, { "path": "oryx/jsonschemax/stub/toml/.project-stub-name.toml", "content": "[serve]\n\n [serve.admin]\n port = \"2\"" }, { "path": "oryx/jsonschemax/stub/yaml/.project-stub-name.yaml", "content": "# serve controls the configuration for the http(s) daemon\nserve:\n admin:\n port: 3\n" }, { "path": "oryx/jsonschemax/stub/yml/.project-stub-name.yml", "content": "serve:\n admin:\n port: 4\n" }, { "path": "oryx/jsonx/.snapshots/TestEmbedSources-fixtures-fixture=1.json.json", "content": "\"foo\"\n" }, { "path": "oryx/jsonx/.snapshots/TestEmbedSources-fixtures-fixture=2.json.json", "content": "{\n \"some\": \"key\"\n}\n" }, { "path": "oryx/jsonx/.snapshots/TestEmbedSources-fixtures-fixture=3.json.json", "content": "{\n \"some_key\": 1234\n}\n" }, { "path": "oryx/jsonx/.snapshots/TestEmbedSources-fixtures-fixture=4.json.json", "content": "{\n \"nested\": {\n \"object\": {\n \"source\": \"base64://aGVsbG8gd29ybGQ=\"\n },\n \"array\": [\n {\n \"nested\": {\n \"source\": \"base64://aGVsbG8gd29ybGQ=\"\n }\n },\n \"base64://aGVsbG8gd29ybGQ=\"\n ]\n }\n}\n" }, { "path": "oryx/jsonx/.snapshots/TestEmbedSources-fixtures-fixture=5.json.json", "content": "\"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n" }, { "path": "oryx/jsonx/.snapshots/TestEmbedSources-fixtures-fixture=6.json.json", "content": "{\n \"nested\": {\n \"object\": {\n \"ignore_this_key\": \"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n },\n \"array\": [\n {\n \"nested\": {\n \"source\": \"base64://aGVsbG8gd29ybGQ=\"\n }\n },\n \"base64://aGVsbG8gd29ybGQ=\"\n ]\n }\n}\n" }, { "path": "oryx/jsonx/.snapshots/TestEmbedSources-only_embeds_base64.json", "content": "{\n \"key\": \"https://foobar.com\",\n \"bar\": \"base64://YXNkZg==\"\n}\n" }, { "path": "oryx/jsonx/debug.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonx\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"slices\"\n)\n\n// Anonymize takes a JSON byte array and anonymizes its content by\n// recursively replacing all values with a string indicating their type.\n//\n// It recurses into nested objects and arrays, but ignores the \"schemas\" and \"id\".\nfunc Anonymize(data []byte, except ...string) []byte {\n\tobj := make(map[string]any)\n\tif err := json.Unmarshal(data, &obj); err != nil {\n\t\treturn []byte(fmt.Sprintf(`{\"error\": \"invalid JSON\", \"message\": %q}`, err.Error()))\n\t}\n\n\tanonymize(obj, except...)\n\n\tout, err := json.MarshalIndent(obj, \"\", \" \")\n\tif err != nil {\n\t\treturn []byte(fmt.Sprintf(`{\"error\": \"could not marshal JSON shape\", \"message\": %q}`, err.Error()))\n\t}\n\n\treturn out\n}\n\nfunc anonymize(obj map[string]any, except ...string) {\n\tfor k, v := range obj {\n\t\tif slices.Contains(except, k) {\n\t\t\tcontinue\n\t\t}\n\n\t\tswitch v := v.(type) {\n\t\tcase []any:\n\t\t\tfor elIdx, el := range v {\n\t\t\t\tswitch el := el.(type) {\n\t\t\t\tcase map[string]any:\n\t\t\t\t\tanonymize(el)\n\t\t\t\t\tv[elIdx] = el\n\t\t\t\tdefault:\n\t\t\t\t\tv[elIdx] = jsonType(el)\n\t\t\t\t}\n\t\t\t}\n\n\t\tcase map[string]any:\n\t\t\tanonymize(v)\n\t\t\tobj[k] = v\n\t\tdefault:\n\t\t\tobj[k] = jsonType(v)\n\t\t}\n\t}\n}\n\nfunc jsonType(v any) string {\n\tswitch v := v.(type) {\n\tcase string:\n\t\treturn \"string\"\n\tcase float64:\n\t\treturn \"number\"\n\tcase bool:\n\t\treturn \"boolean\"\n\tcase nil:\n\t\treturn \"null\"\n\tcase []any:\n\t\treturn \"array\"\n\tcase map[string]any:\n\t\treturn \"object\"\n\tdefault:\n\t\treturn fmt.Sprintf(\"%T\", v)\n\t}\n}\n" }, { "path": "oryx/jsonx/decoder.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonx\n\nimport (\n\t\"encoding/json\"\n\t\"io\"\n)\n\n// NewStrictDecoder is a shorthand for json.Decoder.DisallowUnknownFields\nfunc NewStrictDecoder(b io.Reader) *json.Decoder {\n\td := json.NewDecoder(b)\n\td.DisallowUnknownFields()\n\treturn d\n}\n" }, { "path": "oryx/jsonx/embed.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonx\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"net/url\"\n\t\"slices\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/tidwall/gjson\"\n\t\"github.com/tidwall/sjson\"\n\n\t\"github.com/ory/x/osx\"\n)\n\ntype options struct {\n\tignoreKeys []string\n\tonlySchemes []string\n}\n\ntype OptionsModifier func(*options)\n\nfunc newOptions(o []OptionsModifier) *options {\n\topt := &options{}\n\tfor _, f := range o {\n\t\tf(opt)\n\t}\n\treturn opt\n}\n\nfunc WithIgnoreKeys(keys ...string) OptionsModifier {\n\treturn func(o *options) {\n\t\to.ignoreKeys = keys\n\t}\n}\n\nfunc WithOnlySchemes(scheme ...string) OptionsModifier {\n\treturn func(o *options) {\n\t\to.onlySchemes = scheme\n\t}\n}\n\nfunc EmbedSources(in json.RawMessage, opts ...OptionsModifier) (out json.RawMessage, err error) {\n\tout = make([]byte, len(in))\n\tcopy(out, in)\n\tif err := embed(gjson.ParseBytes(in), nil, &out, newOptions(opts)); err != nil {\n\t\treturn nil, err\n\t}\n\treturn out, nil\n}\n\nfunc embed(parsed gjson.Result, parents []string, result *json.RawMessage, o *options) (err error) {\n\tif parsed.IsObject() {\n\t\tparsed.ForEach(func(k, v gjson.Result) bool {\n\t\t\terr = embed(v, append(parents, strings.ReplaceAll(k.String(), \".\", \"\\\\.\")), result, o)\n\t\t\treturn err == nil\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t} else if parsed.IsArray() {\n\t\tfor kk, vv := range parsed.Array() {\n\t\t\tif err = embed(vv, append(parents, strconv.Itoa(kk)), result, o); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t} else if parsed.Type != gjson.String {\n\t\treturn nil\n\t}\n\n\tif len(parents) > 0 && slices.Contains(o.ignoreKeys, parents[len(parents)-1]) {\n\t\treturn nil\n\t}\n\n\tloc, err := url.ParseRequestURI(parsed.String())\n\tif err != nil {\n\t\t// Not a URL, return\n\t\treturn nil\n\t}\n\n\tif len(o.onlySchemes) == 0 {\n\t\tif loc.Scheme != \"file\" && loc.Scheme != \"http\" && loc.Scheme != \"https\" && loc.Scheme != \"base64\" {\n\t\t\t// Not a known pattern, ignore\n\t\t\treturn nil\n\t\t}\n\t} else if !slices.Contains(o.onlySchemes, loc.Scheme) {\n\t\t// Not a known pattern, ignore\n\t\treturn nil\n\t}\n\n\tcontents, err := osx.ReadFileFromAllSources(loc.String())\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tencoded := base64.StdEncoding.EncodeToString(contents)\n\tkey := strings.Join(parents, \".\")\n\tif key == \"\" {\n\t\tkey = \"@\"\n\t}\n\n\tinterim, err := sjson.SetBytes(*result, key, \"base64://\"+encoded)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t*result = interim\n\treturn\n}\n" }, { "path": "oryx/jsonx/fixture/embed/1.json", "content": "\"foo\"\n" }, { "path": "oryx/jsonx/fixture/embed/2.json", "content": "{\n \"some\": \"key\"\n}\n" }, { "path": "oryx/jsonx/fixture/embed/3.json", "content": "{\n \"some_key\": 1234\n}\n" }, { "path": "oryx/jsonx/fixture/embed/4.json", "content": "{\n \"nested\": {\n \"object\": {\n \"source\": \"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n },\n \"array\": [\n {\n \"nested\": {\n \"source\": \"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n }\n },\n \"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n ]\n }\n}\n" }, { "path": "oryx/jsonx/fixture/embed/5.json", "content": "\"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n" }, { "path": "oryx/jsonx/fixture/embed/6.json", "content": "{\n \"nested\": {\n \"object\": {\n \"ignore_this_key\": \"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n },\n \"array\": [\n {\n \"nested\": {\n \"source\": \"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n }\n },\n \"https://gist.githubusercontent.com/aeneasr/eb4612d295f613ee44bada6e30e2a856/raw/29edbda41bcb27492a1ac56926e03dee9480708f/hello-world.txt\"\n ]\n }\n}\n" }, { "path": "oryx/jsonx/flatten.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonx\n\nimport (\n\t\"encoding/json\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/tidwall/gjson\"\n)\n\n// Flatten flattens a JSON object using dot notation.\nfunc Flatten(raw json.RawMessage) map[string]interface{} {\n\tparsed := gjson.ParseBytes(raw)\n\tif !parsed.IsObject() {\n\t\treturn nil\n\t}\n\n\tflattened := make(map[string]interface{})\n\tflatten(parsed, nil, flattened)\n\treturn flattened\n}\n\nfunc flatten(parsed gjson.Result, parents []string, flattened map[string]interface{}) {\n\tif parsed.IsObject() {\n\t\tparsed.ForEach(func(k, v gjson.Result) bool {\n\t\t\tflatten(v, append(parents, strings.ReplaceAll(k.String(), \".\", \"\\\\.\")), flattened)\n\t\t\treturn true\n\t\t})\n\t} else if parsed.IsArray() {\n\t\tfor kk, vv := range parsed.Array() {\n\t\t\tflatten(vv, append(parents, strconv.Itoa(kk)), flattened)\n\t\t}\n\t} else {\n\t\tflattened[strings.Join(parents, \".\")] = parsed.Value()\n\t}\n}\n" }, { "path": "oryx/jsonx/get.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonx\n\nimport (\n\t\"reflect\"\n\t\"strings\"\n\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n)\n\nfunc jsonKey(f reflect.StructField) *string {\n\tif jsonTag := f.Tag.Get(\"json\"); jsonTag != \"\" {\n\t\tif jsonTag == \"-\" {\n\t\t\treturn nil\n\t\t}\n\t\treturn &strings.Split(jsonTag, \",\")[0]\n\t} else if f.Anonymous {\n\t\treturn nil\n\t} else if f.IsExported() {\n\t\treturn &f.Name\n\t}\n\treturn nil\n}\n\n// AllValidJSONKeys returns all JSON keys from the struct or *struct type.\n// It does not return keys from nested slices, but embedded/nested structs.\nfunc AllValidJSONKeys(s interface{}) (keys []string) {\n\tt := reflect.TypeOf(s)\n\tv := reflect.ValueOf(s)\n\tif t.Kind() == reflect.Pointer {\n\t\tt = t.Elem()\n\t\tv = v.Elem()\n\t}\n\tfor i := range t.NumField() {\n\t\tf := t.Field(i)\n\t\tjKey := jsonKey(f)\n\t\tif k := f.Type.Kind(); k == reflect.Struct || k == reflect.Pointer {\n\t\t\tsubKeys := AllValidJSONKeys(v.Field(i).Interface())\n\t\t\tfor _, subKey := range subKeys {\n\t\t\t\tif jKey != nil {\n\t\t\t\t\tkeys = append(keys, *jKey+\".\"+subKey)\n\t\t\t\t} else {\n\t\t\t\t\tkeys = append(keys, subKey)\n\t\t\t\t}\n\t\t\t}\n\t\t} else if jKey != nil {\n\t\t\tkeys = append(keys, *jKey)\n\t\t}\n\t}\n\treturn keys\n}\n\n// ParseEnsureKeys returns a result that has the GetRequireValidKey function.\nfunc ParseEnsureKeys(original interface{}, raw []byte) *Result {\n\treturn &Result{\n\t\tkeys: AllValidJSONKeys(original),\n\t\tresult: gjson.ParseBytes(raw),\n\t}\n}\n\ntype Result struct {\n\tresult gjson.Result\n\tkeys []string\n}\n\n// GetRequireValidKey ensures that the key is valid before returning the result.\nfunc (r *Result) GetRequireValidKey(t require.TestingT, key string) gjson.Result {\n\trequire.Contains(t, r.keys, key)\n\treturn r.result.Get(key)\n}\n\nfunc GetRequireValidKey(t require.TestingT, original interface{}, raw []byte, key string) gjson.Result {\n\treturn ParseEnsureKeys(original, raw).GetRequireValidKey(t, key)\n}\n" }, { "path": "oryx/jsonx/helpers.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonx\n\nimport (\n\t\"encoding/json\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestMarshalJSONString(t *testing.T, i interface{}) string {\n\tout, err := json.Marshal(i)\n\trequire.NoError(t, err)\n\treturn string(out)\n}\n" }, { "path": "oryx/jsonx/patch.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jsonx\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"strconv\"\n\t\"strings\"\n\n\tjsonpatch \"github.com/evanphx/json-patch/v5\"\n\t\"github.com/gobwas/glob\"\n\t\"github.com/pkg/errors\"\n)\n\nvar opAllowList = map[string]struct{}{\n\t\"add\": {},\n\t\"remove\": {},\n\t\"replace\": {},\n}\n\nfunc isUnsupported(op jsonpatch.Operation) bool {\n\t_, ok := opAllowList[op.Kind()]\n\n\treturn !ok\n}\n\nfunc isElementAccess(path string) bool {\n\tif path == \"\" {\n\t\treturn false\n\t}\n\telements := strings.Split(path, \"/\")\n\tlastElement := elements[len(elements)-1:][0]\n\tif lastElement == \"-\" {\n\t\treturn true\n\t}\n\tif _, err := strconv.Atoi(lastElement); err == nil {\n\t\treturn true\n\t}\n\n\treturn false\n}\n\n// ApplyJSONPatch applies a JSON patch to an object and returns the modified\n// object. The original object is not modified. It returns an error if the patch\n// is invalid or if the patch includes paths that are denied. denyPaths is a\n// list of path globs (interpreted with [glob.Compile] that are not allowed to\n// be patched.\nfunc ApplyJSONPatch[T any](p json.RawMessage, object T, denyPaths ...string) (result T, err error) {\n\tpatch, err := jsonpatch.DecodePatch(p)\n\tif err != nil {\n\t\treturn result, errors.WithStack(err)\n\t}\n\n\tdenyPattern := fmt.Sprintf(\"{%s}\", strings.ToLower(strings.Join(denyPaths, \",\")))\n\tmatcher, err := glob.Compile(denyPattern, '/')\n\tif err != nil {\n\t\treturn result, errors.WithStack(err)\n\t}\n\n\tfor _, op := range patch {\n\t\t// Some operations are buggy, see https://github.com/evanphx/json-patch/pull/158\n\t\tif isUnsupported(op) {\n\t\t\treturn result, errors.Errorf(\"unsupported operation: %s\", op.Kind())\n\t\t}\n\t\tpath, err := op.Path()\n\t\tif err != nil {\n\t\t\treturn result, errors.Errorf(\"error parsing patch operations: %v\", err)\n\t\t}\n\t\tif matcher.Match(strings.ToLower(path)) {\n\t\t\treturn result, errors.Errorf(\"patch includes denied path: %s\", path)\n\t\t}\n\n\t\t// JSON patch officially rejects replacing paths that don't exist, but we want to be more tolerant.\n\t\t// Therefore, we will ensure that all paths that we want to replace exist in the original document.\n\t\tif op.Kind() == \"replace\" && !isElementAccess(path) {\n\t\t\top[\"op\"] = new(json.RawMessage(`\"add\"`))\n\t\t}\n\t}\n\n\toriginal, err := json.Marshal(object)\n\tif err != nil {\n\t\treturn result, errors.WithStack(err)\n\t}\n\n\toptions := jsonpatch.NewApplyOptions()\n\toptions.EnsurePathExistsOnAdd = true\n\n\tmodified, err := patch.ApplyWithOptions(original, options)\n\tif err != nil {\n\t\treturn result, errors.WithStack(err)\n\t}\n\n\terr = json.Unmarshal(modified, &result)\n\treturn result, errors.WithStack(err)\n}\n" }, { "path": "oryx/jsonx/stub/random.json", "content": "{\n \"floating\": [\n -1273085434,\n 953442581,\n {\n \"ready\": \"silent\",\n \"worker\": \"situation\",\n \"joy\": \"difference\",\n \"probably\": -413625494,\n \"gray\": {\n \"parent\": \"pull\",\n \"shore\": -738396277,\n \"usually\": 1050049449,\n \"hold\": [\n [\n 181518765,\n [\n {\n \"steam\": {\n \"box\": false,\n \"cry\": 1463961818,\n \"appropriate\": 1249911539,\n \"through\": 695239749,\n \"ago\": true,\n \"entirely\": -851427469\n },\n \"leather\": \"across\",\n \"flies\": -1571371799,\n \"over\": 512666854,\n \"thank\": true,\n \"shaking\": true\n },\n \"hit\",\n -648178744.4899056,\n 1225027271,\n -1481507228,\n true\n ],\n -2114582277,\n 1390060204.9360588,\n 1615602630.9049141,\n \"darkness\"\n ],\n 63427197.713988304,\n -580344963.961421,\n \"stems\",\n 1016960217.612642,\n 1240918909\n ],\n \"buy\": true,\n \"wonder\": false\n },\n \"little\": \"cloud\"\n },\n \"grade\",\n false,\n \"thou\"\n ],\n \"wagon\": -1722583702,\n \"shop\": 1294397217,\n \"spend\": \"greatest\",\n \"product\": \"whale\",\n \"fall\": \"to\"\n}\n" }, { "path": "oryx/jwksx/.snapshots/TestFetcherNext-case=resolve_multiple_source_urls-case=succeeds_with_forced_kid.json", "content": "{\n \"alg\": \"HS256\",\n \"k\": \"Y2hhbmdlbWVjaGFuZ2VtZWNoYW5nZW1lY2hhbmdlbWU\",\n \"kid\": \"8d5f5ad0674ec2f2960b1a34f33370a0f71471fa0e3ef0c0a692977d276dafe8\",\n \"kty\": \"oct\",\n \"use\": \"sig\"\n}\n" }, { "path": "oryx/jwksx/.snapshots/TestFetcherNext-case=resolve_single_source_url-case=with_cache.json", "content": "{\n \"alg\": \"HS256\",\n \"k\": \"Y2hhbmdlbWVjaGFuZ2VtZWNoYW5nZW1lY2hhbmdlbWU\",\n \"kid\": \"7d5f5ad0674ec2f2960b1a34f33370a0f71471fa0e3ef0c0a692977d276dafe8\",\n \"kty\": \"oct\",\n \"use\": \"sig\"\n}\n" }, { "path": "oryx/jwksx/.snapshots/TestFetcherNext-case=resolve_single_source_url-case=with_cache_and_TTL.json", "content": "{\n \"alg\": \"HS256\",\n \"k\": \"Y2hhbmdlbWVjaGFuZ2VtZWNoYW5nZW1lY2hhbmdlbWU\",\n \"kid\": \"7d5f5ad0674ec2f2960b1a34f33370a0f71471fa0e3ef0c0a692977d276dafe8\",\n \"kty\": \"oct\",\n \"use\": \"sig\"\n}\n" }, { "path": "oryx/jwksx/.snapshots/TestFetcherNext-case=resolve_single_source_url-case=with_forced_key.json", "content": "{\n \"alg\": \"HS256\",\n \"k\": \"Y2hhbmdlbWVjaGFuZ2VtZWNoYW5nZW1lY2hhbmdlbWU\",\n \"kid\": \"7d5f5ad0674ec2f2960b1a34f33370a0f71471fa0e3ef0c0a692977d276dafe8\",\n \"kty\": \"oct\",\n \"use\": \"sig\"\n}\n" }, { "path": "oryx/jwksx/.snapshots/TestFetcherNext-case=resolve_single_source_url-case=without_cache.json", "content": "{\n \"alg\": \"HS256\",\n \"k\": \"Y2hhbmdlbWVjaGFuZ2VtZWNoYW5nZW1lY2hhbmdlbWU\",\n \"kid\": \"7d5f5ad0674ec2f2960b1a34f33370a0f71471fa0e3ef0c0a692977d276dafe8\",\n \"kty\": \"oct\",\n \"use\": \"sig\"\n}\n" }, { "path": "oryx/jwksx/fetcher.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jwksx\n\nimport (\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"sync\"\n\n\t\"github.com/go-jose/go-jose/v3\"\n\t\"github.com/pkg/errors\"\n)\n\n// Fetcher is a small helper for fetching JSON Web Keys from remote endpoints.\n//\n// DEPRECATED: Use FetcherNext instead.\ntype Fetcher struct {\n\tsync.RWMutex\n\tremote string\n\tc *http.Client\n\tkeys map[string]jose.JSONWebKey\n}\n\n// NewFetcher returns a new fetcher that can download JSON Web Keys from remote endpoints.\n//\n// DEPRECATED: Use FetcherNext instead.\nfunc NewFetcher(remote string) *Fetcher {\n\treturn &Fetcher{\n\t\tremote: remote,\n\t\tc: http.DefaultClient,\n\t\tkeys: make(map[string]jose.JSONWebKey),\n\t}\n}\n\n// GetKey retrieves a JSON Web Key from the cache, fetches it from a remote if it is not yet cached or returns an error.\n//\n// DEPRECATED: Use FetcherNext instead.\nfunc (f *Fetcher) GetKey(kid string) (*jose.JSONWebKey, error) {\n\tf.RLock()\n\tif k, ok := f.keys[kid]; ok {\n\t\tf.RUnlock()\n\t\treturn &k, nil\n\t}\n\tf.RUnlock()\n\n\tres, err := f.c.Get(f.remote)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\tdefer res.Body.Close()\n\tif res.StatusCode != http.StatusOK {\n\t\treturn nil, errors.Errorf(\"expected status code 200 but got %d when requesting %s\", res.StatusCode, f.remote)\n\t}\n\n\tvar set jose.JSONWebKeySet\n\tif err := json.NewDecoder(res.Body).Decode(&set); err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\tfor _, k := range set.Keys {\n\t\tf.Lock()\n\t\tf.keys[k.KeyID] = k\n\t\tf.Unlock()\n\t}\n\n\tf.RLock()\n\tdefer f.RUnlock()\n\tif k, ok := f.keys[kid]; ok {\n\t\treturn &k, nil\n\t}\n\n\treturn nil, errors.Errorf(\"unable to find JSON Web Key with ID: %s\", kid)\n}\n" }, { "path": "oryx/jwksx/fetcher_v2.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jwksx\n\nimport (\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"time\"\n\n\t\"github.com/ory/herodot\"\n\n\t\"github.com/hashicorp/go-retryablehttp\"\n\n\t\"github.com/ory/x/fetcher\"\n\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/x/otelx\"\n\n\t\"github.com/dgraph-io/ristretto/v2\"\n\t\"github.com/lestrrat-go/jwx/jwk\"\n\t\"github.com/pkg/errors\"\n\t\"golang.org/x/sync/errgroup\"\n)\n\nvar ErrUnableToFindKeyID = errors.New(\"specified JWK kid can not be found in the JWK sets\")\n\ntype (\n\tfetcherNextOptions struct {\n\t\tforceKID string\n\t\tcacheTTL time.Duration\n\t\tuseCache bool\n\t\thttpClient *retryablehttp.Client\n\t}\n\t// FetcherNext is a JWK fetcher that can be used to fetch JWKs from multiple locations.\n\tFetcherNext struct {\n\t\tcache *ristretto.Cache[[]byte, jwk.Set]\n\t}\n\t// FetcherNextOption is a functional option for the FetcherNext.\n\tFetcherNextOption func(*fetcherNextOptions)\n)\n\n// NewFetcherNext returns a new FetcherNext instance.\nfunc NewFetcherNext(cache *ristretto.Cache[[]byte, jwk.Set]) *FetcherNext {\n\treturn &FetcherNext{\n\t\tcache: cache,\n\t}\n}\n\n// WithForceKID forces the key ID to be used. Required when multiple JWK sets are configured.\nfunc WithForceKID(kid string) FetcherNextOption {\n\treturn func(o *fetcherNextOptions) {\n\t\to.forceKID = kid\n\t}\n}\n\n// WithCacheTTL sets the cache TTL. If not set, the TTL is unlimited.\nfunc WithCacheTTL(ttl time.Duration) FetcherNextOption {\n\treturn func(o *fetcherNextOptions) {\n\t\to.cacheTTL = ttl\n\t}\n}\n\n// WithCacheEnabled enables the cache.\nfunc WithCacheEnabled() FetcherNextOption {\n\treturn func(o *fetcherNextOptions) {\n\t\to.useCache = true\n\t}\n}\n\n// WithHTTPClient will use the given HTTP client to fetch the JSON Web Keys.\nfunc WithHTTPClient(c *retryablehttp.Client) FetcherNextOption {\n\treturn func(o *fetcherNextOptions) {\n\t\to.httpClient = c\n\t}\n}\n\nfunc (f *FetcherNext) ResolveKey(ctx context.Context, locations string, modifiers ...FetcherNextOption) (jwk.Key, error) {\n\treturn f.ResolveKeyFromLocations(ctx, []string{locations}, modifiers...)\n}\n\nfunc (f *FetcherNext) ResolveKeyFromLocations(ctx context.Context, locations []string, modifiers ...FetcherNextOption) (jwk.Key, error) {\n\topts := new(fetcherNextOptions)\n\tfor _, m := range modifiers {\n\t\tm(opts)\n\t}\n\n\tif len(locations) > 1 && opts.forceKID == \"\" {\n\t\treturn nil, errors.Errorf(\"a key ID must be specified when multiple JWK sets are configured\")\n\t}\n\n\tset := jwk.NewSet()\n\teg := new(errgroup.Group)\n\tfor k := range locations {\n\t\tlocation := locations[k]\n\t\teg.Go(func() error {\n\t\t\tremoteSet, err := f.fetch(ctx, location, opts)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\titerator := remoteSet.Iterate(ctx)\n\t\t\tfor iterator.Next(ctx) {\n\t\t\t\t// Pair().Value is always of type jwk.Key when generated by Iterate.\n\t\t\t\tset.Add(iterator.Pair().Value.(jwk.Key))\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\t}\n\n\tif err := eg.Wait(); err != nil {\n\t\treturn nil, err\n\t}\n\n\tif opts.forceKID != \"\" {\n\t\tkey, found := set.LookupKeyID(opts.forceKID)\n\t\tif !found {\n\t\t\treturn nil, errors.WithStack(ErrUnableToFindKeyID)\n\t\t}\n\n\t\treturn key, nil\n\t}\n\n\t// No KID was forced? Use the first key we can find.\n\tkey, found := set.Get(0)\n\tif !found {\n\t\treturn nil, errors.WithStack(ErrUnableToFindKeyID)\n\t}\n\n\treturn key, nil\n}\n\n// fetch fetches the JWK set from the given location and if enabled, may use the cache to look up the JWK set.\nfunc (f *FetcherNext) fetch(ctx context.Context, location string, opts *fetcherNextOptions) (_ jwk.Set, err error) {\n\ttracer := trace.SpanFromContext(ctx).TracerProvider().Tracer(\"\")\n\tctx, span := tracer.Start(ctx, \"jwksx.FetcherNext.fetch\", trace.WithAttributes(attribute.String(\"location\", location)))\n\tdefer otelx.End(span, &err)\n\n\tcacheKey := sha256.Sum256([]byte(location))\n\tif opts.useCache {\n\t\tif result, found := f.cache.Get(cacheKey[:]); found {\n\t\t\treturn result, nil\n\t\t}\n\t}\n\n\tvar fopts []fetcher.Modifier\n\tif opts.httpClient != nil {\n\t\tfopts = append(fopts, fetcher.WithClient(opts.httpClient))\n\t}\n\n\tresult, err := fetcher.NewFetcher(fopts...).FetchContext(ctx, location)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tset, err := jwk.ParseReader(result)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(herodot.ErrBadRequest.WithReason(\"failed to parse JWK set\").WithWrap(err))\n\t}\n\n\tif opts.useCache {\n\t\tf.cache.SetWithTTL(cacheKey[:], set, 1, opts.cacheTTL)\n\t}\n\n\treturn set, nil\n}\n" }, { "path": "oryx/jwksx/generator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jwksx\n\nimport (\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/elliptic\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"crypto/x509\"\n\t\"io\"\n\n\t\"github.com/go-jose/go-jose/v3\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"golang.org/x/crypto/ed25519\"\n)\n\n// GenerateSigningKeys generates a JSON Web Key Set for signing.\nfunc GenerateSigningKeys(id, alg string, bits int) (*jose.JSONWebKeySet, error) {\n\tif id == \"\" {\n\t\tid = uuid.Must(uuid.NewV4()).String()\n\t}\n\n\tkey, err := generate(jose.SignatureAlgorithm(alg), bits)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &jose.JSONWebKeySet{\n\t\tKeys: []jose.JSONWebKey{\n\t\t\t{\n\t\t\t\tAlgorithm: alg,\n\t\t\t\tUse: \"sig\",\n\t\t\t\tKey: key,\n\t\t\t\tKeyID: id,\n\t\t\t\tCertificates: []*x509.Certificate{},\n\t\t\t},\n\t\t},\n\t}, nil\n}\n\n// GenerateSigningKeysAvailableAlgorithms lists available algorithms that are supported by GenerateSigningKeys.\nfunc GenerateSigningKeysAvailableAlgorithms() []string {\n\treturn []string{\n\t\tstring(jose.HS256), string(jose.HS384), string(jose.HS512),\n\t\tstring(jose.ES256), string(jose.ES384), string(jose.ES512), string(jose.EdDSA),\n\t\tstring(jose.RS256), string(jose.RS384), string(jose.RS512), string(jose.PS256), string(jose.PS384), string(jose.PS512),\n\t}\n}\n\n// generate generates keypair for corresponding SignatureAlgorithm.\nfunc generate(alg jose.SignatureAlgorithm, bits int) (crypto.PrivateKey, error) {\n\tswitch alg {\n\tcase jose.ES256, jose.ES384, jose.ES512, jose.EdDSA:\n\t\tkeylen := map[jose.SignatureAlgorithm]int{\n\t\t\tjose.ES256: 256,\n\t\t\tjose.ES384: 384,\n\t\t\tjose.ES512: 521, // sic!\n\t\t\tjose.EdDSA: 256,\n\t\t}\n\t\tif bits != 0 && bits != keylen[alg] {\n\t\t\treturn nil, errors.Errorf(`jwksx: \"%s\" does not support arbitrary key length`, alg)\n\t\t}\n\tcase jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512:\n\t\tif bits == 0 {\n\t\t\tbits = 2048\n\t\t}\n\t\tif bits < 2048 {\n\t\t\treturn nil, errors.Errorf(`jwksx: key size must be at least 2048 bit for algorithm \"%s\"`, alg)\n\t\t}\n\tcase jose.HS256:\n\t\tif bits == 0 {\n\t\t\tbits = 256\n\t\t}\n\t\tif bits < 256 {\n\t\t\treturn nil, errors.Errorf(`jwksx: key size must be at least 256 bit for algorithm \"%s\"`, alg)\n\t\t}\n\tcase jose.HS384:\n\t\tif bits == 0 {\n\t\t\tbits = 384\n\t\t}\n\t\tif bits < 384 {\n\t\t\treturn nil, errors.Errorf(`jwksx: key size must be at least 2038448 bit for algorithm \"%s\"`, alg)\n\t\t}\n\tcase jose.HS512:\n\t\tif bits == 0 {\n\t\t\tbits = 1024\n\t\t}\n\t\tif bits < 512 {\n\t\t\treturn nil, errors.Errorf(`jwksx: key size must be at least 512 bit for algorithm \"%s\"`, alg)\n\t\t}\n\t}\n\n\tswitch alg {\n\tcase jose.ES256:\n\t\t// The cryptographic operations are implemented using constant-time algorithms.\n\t\tkey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)\n\t\treturn key, errors.Wrapf(err, \"jwks: unable to generate key\")\n\tcase jose.ES384:\n\t\t// NB: The cryptographic operations do not use constant-time algorithms.\n\t\tkey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)\n\t\treturn key, errors.Wrapf(err, \"jwks: unable to generate key\")\n\tcase jose.ES512:\n\t\t// NB: The cryptographic operations do not use constant-time algorithms.\n\t\tkey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)\n\t\treturn key, errors.Wrapf(err, \"jwks: unable to generate key\")\n\tcase jose.EdDSA:\n\t\t_, key, err := ed25519.GenerateKey(rand.Reader)\n\t\treturn key, errors.Wrapf(err, \"jwks: unable to generate key\")\n\tcase jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512:\n\t\tkey, err := rsa.GenerateKey(rand.Reader, bits)\n\t\treturn key, errors.Wrapf(err, \"jwks: unable to generate key\")\n\tcase jose.HS256, jose.HS384, jose.HS512:\n\t\tif bits%8 != 0 {\n\t\t\treturn nil, errors.Errorf(`jwksx: key size must be a multiple of 8 for algorithm \"%s\" but got: %d`, alg, bits)\n\t\t}\n\n\t\tkey := make([]byte, bits/8)\n\t\tif _, err := io.ReadFull(rand.Reader, key); err != nil {\n\t\t\treturn nil, errors.Wrapf(err, \"jwks: unable to generate key\")\n\t\t}\n\t\treturn key, nil\n\tdefault:\n\t\treturn nil, errors.Errorf(`jwksx: available algorithms are \"%+v\" but unknown algorithm was requested: \"%s\"`, GenerateSigningKeysAvailableAlgorithms(), alg)\n\t}\n}\n" }, { "path": "oryx/jwtmiddleware/middleware.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jwtmiddleware\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"strings\"\n\n\t\"github.com/golang-jwt/jwt/v5\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\n\tjwtmiddleware \"github.com/auth0/go-jwt-middleware/v2\"\n\t\"github.com/urfave/negroni\"\n\n\t\"github.com/ory/x/jwksx\"\n)\n\ntype Middleware struct {\n\to *middlewareOptions\n\twku string\n\tjm *jwtmiddleware.JWTMiddleware\n}\n\ntype middlewareOptions struct {\n\tDebug bool\n\tExcludePaths []string\n\tSigningMethod jwt.SigningMethod\n\tErrorWriter herodot.Writer\n}\n\ntype MiddlewareOption func(*middlewareOptions)\n\nfunc SessionFromContext(ctx context.Context) (json.RawMessage, error) {\n\traw := ctx.Value(jwtmiddleware.ContextKey{})\n\tif raw == nil {\n\t\treturn nil, errors.WithStack(herodot.ErrUnauthorized.WithReasonf(\"Could not find credentials in the request.\"))\n\t}\n\n\ttoken, ok := raw.(*jwt.Token)\n\tif !ok {\n\t\treturn nil, errors.WithStack(herodot.ErrInternalServerError.WithDebugf(`Expected context key \"%T\" to transport value of type *jwt.MapClaims but got type: %T`, jwtmiddleware.ContextKey{}, raw))\n\t}\n\n\tsession, err := json.Marshal(token.Claims)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(herodot.ErrInternalServerError.WithDebugf(\"Unable to encode session data: %s\", err))\n\t}\n\n\treturn session, nil\n}\n\nfunc MiddlewareDebugEnabled() MiddlewareOption {\n\treturn func(o *middlewareOptions) {\n\t\to.Debug = true\n\t}\n}\n\nfunc MiddlewareExcludePaths(paths ...string) MiddlewareOption {\n\treturn func(o *middlewareOptions) {\n\t\to.ExcludePaths = append(o.ExcludePaths, paths...)\n\t}\n}\n\nfunc MiddlewareAllowSigningMethod(method jwt.SigningMethod) MiddlewareOption {\n\treturn func(o *middlewareOptions) {\n\t\to.SigningMethod = method\n\t}\n}\n\nfunc MiddlewareErrorWriter(w herodot.Writer) MiddlewareOption {\n\treturn func(o *middlewareOptions) {\n\t\to.ErrorWriter = w\n\t}\n}\n\nfunc NewMiddleware(\n\twellKnownURL string,\n\topts ...MiddlewareOption,\n) *Middleware {\n\tc := &middlewareOptions{\n\t\tSigningMethod: jwt.SigningMethodES256,\n\t\tErrorWriter: herodot.NewJSONWriter(nil),\n\t}\n\n\tfor _, o := range opts {\n\t\to(c)\n\t}\n\tjc := jwksx.NewFetcher(wellKnownURL)\n\treturn &Middleware{\n\t\to: c,\n\t\twku: wellKnownURL,\n\t\tjm: jwtmiddleware.New(\n\t\t\tfunc(ctx context.Context, rawToken string) (any, error) {\n\t\t\t\treturn jwt.NewParser(\n\t\t\t\t\tjwt.WithValidMethods([]string{c.SigningMethod.Alg()}),\n\t\t\t\t).Parse(rawToken, func(token *jwt.Token) (interface{}, error) {\n\t\t\t\t\tif raw, ok := token.Header[\"kid\"]; !ok {\n\t\t\t\t\t\treturn nil, errors.New(`jwt from authorization HTTP header is missing value for \"kid\" in token header`)\n\t\t\t\t\t} else if kid, ok := raw.(string); !ok {\n\t\t\t\t\t\treturn nil, fmt.Errorf(`jwt from authorization HTTP header is expecting string value for \"kid\" in tokenWithoutKid header but got: %T`, raw)\n\t\t\t\t\t} else if k, err := jc.GetKey(kid); err != nil {\n\t\t\t\t\t\treturn nil, err\n\t\t\t\t\t} else {\n\t\t\t\t\t\treturn k.Key, nil\n\t\t\t\t\t}\n\t\t\t\t})\n\t\t\t},\n\t\t\tjwtmiddleware.WithCredentialsOptional(false),\n\t\t\tjwtmiddleware.WithTokenExtractor(func(r *http.Request) (string, error) {\n\t\t\t\t// wrapping the extractor to get a herodot.ErrorContainer\n\t\t\t\ttoken, err := jwtmiddleware.AuthHeaderTokenExtractor(r)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn \"\", herodot.ErrUnauthorized.WithReason(err.Error())\n\t\t\t\t}\n\t\t\t\treturn token, nil\n\t\t\t}),\n\t\t\tjwtmiddleware.WithErrorHandler(func(w http.ResponseWriter, r *http.Request, err error) {\n\t\t\t\tswitch {\n\t\t\t\tcase errors.Is(err, jwtmiddleware.ErrJWTInvalid):\n\t\t\t\t\treason := \"The token is invalid or expired.\"\n\t\t\t\t\tif err := errors.Unwrap(err); err != nil {\n\t\t\t\t\t\treason = err.Error()\n\t\t\t\t\t}\n\t\t\t\t\tc.ErrorWriter.WriteError(w, r, errors.WithStack(herodot.ErrUnauthorized.WithReason(reason)))\n\t\t\t\tcase errors.Is(err, jwtmiddleware.ErrJWTMissing):\n\t\t\t\t\tc.ErrorWriter.WriteError(w, r, errors.WithStack(herodot.ErrUnauthorized.WithReason(\"The token is missing.\")))\n\t\t\t\tdefault:\n\t\t\t\t\tc.ErrorWriter.WriteError(w, r, err)\n\t\t\t\t}\n\t\t\t}),\n\t\t),\n\t}\n}\n\n// Deprecated: use Middleware as a negroni.Handler directly instead.\nfunc (h *Middleware) NegroniHandler() negroni.Handler {\n\treturn negroni.HandlerFunc(h.ServeHTTP)\n}\n\nfunc (h *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tfor _, excluded := range h.o.ExcludePaths {\n\t\tif strings.HasPrefix(r.URL.Path, excluded) {\n\t\t\tnext(w, r)\n\t\t\treturn\n\t\t}\n\t}\n\n\th.jm.CheckJWT(next).ServeHTTP(w, r)\n}\n" }, { "path": "oryx/jwtmiddleware/stub/jwks.json", "content": "{\n \"use\": \"sig\",\n \"kty\": \"EC\",\n \"kid\": \"b71ff5bd-a016-4ac0-9f3f-a172552578ea\",\n \"crv\": \"P-256\",\n \"alg\": \"ES256\",\n \"x\": \"7fVj_SeCx3TnkHANRWrpEho9BcYkU953LHUvKsSF5Wo\",\n \"y\": \"2A9D_AAFPiJQLSJQ_h600Fy9jUrg9Q88gNPPZwHDb7o\",\n \"d\": \"sRl-e-tGEVsNBF8FgEado9NAEipxhAFXGMryWDgbUMo\"\n}\n" }, { "path": "oryx/jwtx/claims.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage jwtx\n\nimport (\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/mapx\"\n)\n\n// Claims represents a JSON Web Token's standard claims.\ntype Claims struct {\n\t// Audience identifies the recipients that the JWT is intended for.\n\tAudience []string `json:\"aud\"`\n\n\t// Issuer identifies the principal that issued the JWT.\n\tIssuer string `json:\"iss\"`\n\n\t// Subject identifies the principal that is the subject of the JWT.\n\tSubject string `json:\"sub\"`\n\n\t// ExpiresAt identifies the expiration time on or after which the JWT most not be accepted for processing.\n\tExpiresAt time.Time `json:\"exp\"`\n\n\t// IssuedAt identifies the time at which the JWT was issued.\n\tIssuedAt time.Time `json:\"iat\"`\n\n\t// NotBefore identifies the time before which the JWT must not be accepted for processing.\n\tNotBefore time.Time `json:\"nbf\"`\n\n\t// JTI provides a unique identifier for the JWT.\n\tJTI string `json:\"jti\"`\n}\n\n// ParseMapStringInterfaceClaims converts map[string]interface{} to *Claims.\nfunc ParseMapStringInterfaceClaims(claims map[string]interface{}) *Claims {\n\tc := make(map[interface{}]interface{})\n\tfor k, v := range claims {\n\t\tc[k] = v\n\t}\n\treturn ParseMapInterfaceInterfaceClaims(c)\n}\n\n// ParseMapInterfaceInterfaceClaims converts map[interface{}]interface{} to *Claims.\nfunc ParseMapInterfaceInterfaceClaims(claims map[interface{}]interface{}) *Claims {\n\tresult := &Claims{\n\t\tIssuer: mapx.GetStringDefault(claims, \"iss\", \"\"),\n\t\tSubject: mapx.GetStringDefault(claims, \"sub\", \"\"),\n\t\tJTI: mapx.GetStringDefault(claims, \"jti\", \"\"),\n\t}\n\n\tif aud, err := mapx.GetString(claims, \"aud\"); err == nil {\n\t\tresult.Audience = []string{aud}\n\t} else if errors.Is(err, mapx.ErrKeyCanNotBeTypeAsserted) {\n\t\tif aud, err := mapx.GetStringSlice(claims, \"aud\"); err == nil {\n\t\t\tresult.Audience = aud\n\t\t} else {\n\t\t\tresult.Audience = []string{}\n\t\t}\n\t} else {\n\t\tresult.Audience = []string{}\n\t}\n\n\tif exp, err := mapx.GetTime(claims, \"exp\"); err == nil {\n\t\tresult.ExpiresAt = exp\n\t}\n\n\tif iat, err := mapx.GetTime(claims, \"iat\"); err == nil {\n\t\tresult.IssuedAt = iat\n\t}\n\n\tif nbf, err := mapx.GetTime(claims, \"nbf\"); err == nil {\n\t\tresult.NotBefore = nbf\n\t}\n\n\treturn result\n}\n" }, { "path": "oryx/logrusx/config.schema.json", "content": "{\n \"$id\": \"ory://logging-config\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Log\",\n \"description\": \"Configure logging using the following options. Logs will always be sent to stdout and stderr.\",\n \"type\": \"object\",\n \"properties\": {\n \"level\": {\n \"title\": \"Level\",\n \"description\": \"The level of log entries to show. Debug enables stack traces on errors.\",\n \"type\": \"string\",\n \"default\": \"info\",\n \"enum\": [\"panic\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\", \"trace\"]\n },\n \"format\": {\n \"title\": \"Log Format\",\n \"description\": \"The output format of log messages.\",\n \"type\": \"string\",\n \"default\": \"text\",\n \"enum\": [\"json\", \"json_pretty\", \"gelf\", \"text\"]\n },\n \"leak_sensitive_values\": {\n \"type\": \"boolean\",\n \"title\": \"Leak Sensitive Log Values\",\n \"description\": \"If set will leak sensitive values (e.g. emails) in the logs.\",\n \"default\": false\n },\n \"redaction_text\": {\n \"type\": \"string\",\n \"title\": \"Sensitive log value redaction text\",\n \"description\": \"Text to use, when redacting sensitive log value.\"\n },\n \"additional_redacted_headers\": {\n \"type\": \"array\",\n \"title\": \"Additional redacted headers\",\n \"description\": \"List of HTTP headers which will be redacted.\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"additionalProperties\": false\n}\n" }, { "path": "oryx/logrusx/helper.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage logrusx\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"reflect\"\n\t\"strings\"\n\n\t\"github.com/sirupsen/logrus\"\n\n\t\"go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace\"\n\t\"go.opentelemetry.io/otel/propagation\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/x/errorsx\"\n)\n\ntype (\n\tLogger struct {\n\t\t*logrus.Entry\n\t\tleakSensitive bool\n\t\tredactionText string\n\t\tadditionalRedactedHeaders map[string]struct{}\n\t\topts []Option\n\t}\n\tProvider interface {\n\t\tLogger() *Logger\n\t}\n)\n\nvar opts = otelhttptrace.WithPropagators(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\nfunc (l *Logger) Logrus() *logrus.Logger {\n\treturn l.Entry.Logger\n}\n\nfunc (l *Logger) NewEntry() *Logger {\n\tll := *l\n\tll.Entry = logrus.NewEntry(l.Logger)\n\treturn &ll\n}\n\nfunc (l *Logger) WithContext(ctx context.Context) *Logger {\n\tll := *l\n\tll.Entry = l.Logger.WithContext(ctx)\n\treturn &ll\n}\n\nfunc (l *Logger) HTTPHeadersRedacted(h http.Header) map[string]any {\n\theaders := map[string]any{}\n\n\tfor key, value := range h {\n\t\tswitch keyLower := strings.ToLower(key); keyLower {\n\t\tcase \"authorization\", \"cookie\", \"set-cookie\", \"x-session-token\":\n\t\t\theaders[keyLower] = l.maybeRedact(value)\n\t\tcase \"location\":\n\t\t\tlocationURL, err := url.Parse(h.Get(\"Location\"))\n\t\t\tif err != nil {\n\t\t\t\theaders[keyLower] = l.maybeRedact(value)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif l.leakSensitive {\n\t\t\t\theaders[keyLower] = locationURL.String()\n\t\t\t} else {\n\t\t\t\tlocationURL.RawQuery = \"\"\n\t\t\t\tlocationURL.Fragment = \"\"\n\t\t\t\theaders[keyLower] = locationURL.Redacted()\n\t\t\t}\n\t\tdefault:\n\t\t\tif _, ok := l.additionalRedactedHeaders[keyLower]; ok {\n\t\t\t\theaders[keyLower] = l.maybeRedact(value)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\theaders[keyLower] = h.Get(key)\n\t\t}\n\t}\n\n\treturn headers\n}\n\nfunc (l *Logger) WithRequest(r *http.Request) *Logger {\n\theaders := l.HTTPHeadersRedacted(r.Header)\n\tif ua := r.UserAgent(); len(ua) > 0 {\n\t\theaders[\"user-agent\"] = ua\n\t}\n\n\tscheme := \"https\"\n\tif r.TLS == nil {\n\t\tscheme = \"http\"\n\t}\n\n\tll := l.WithField(\"http_request\", map[string]any{\n\t\t\"remote\": r.RemoteAddr,\n\t\t\"method\": r.Method,\n\t\t\"path\": r.URL.EscapedPath(),\n\t\t\"query\": l.maybeRedact(r.URL.RawQuery),\n\t\t\"scheme\": scheme,\n\t\t\"host\": r.Host,\n\t\t\"headers\": headers,\n\t})\n\n\tspanCtx := trace.SpanContextFromContext(r.Context())\n\tif !spanCtx.IsValid() {\n\t\t_, _, spanCtx = otelhttptrace.Extract(r.Context(), r, opts)\n\t}\n\tif spanCtx.IsValid() {\n\t\ttraces := make(map[string]string, 2)\n\t\tif spanCtx.HasTraceID() {\n\t\t\ttraces[\"trace_id\"] = spanCtx.TraceID().String()\n\t\t}\n\t\tif spanCtx.HasSpanID() {\n\t\t\ttraces[\"span_id\"] = spanCtx.SpanID().String()\n\t\t}\n\t\tll = ll.WithField(\"otel\", traces)\n\t}\n\treturn ll\n}\n\nfunc (l *Logger) WithSpanFromContext(ctx context.Context) *Logger {\n\tspanCtx := trace.SpanContextFromContext(ctx)\n\tif !spanCtx.IsValid() {\n\t\treturn l\n\t}\n\n\ttraces := make(map[string]string, 2)\n\tif spanCtx.HasTraceID() {\n\t\ttraces[\"trace_id\"] = spanCtx.TraceID().String()\n\t}\n\tif spanCtx.HasSpanID() {\n\t\ttraces[\"span_id\"] = spanCtx.SpanID().String()\n\t}\n\treturn l.WithField(\"otel\", traces)\n}\n\nfunc (l *Logger) Logf(level logrus.Level, format string, args ...any) {\n\tif !l.leakSensitive {\n\t\tfor i, arg := range args {\n\t\t\tswitch urlArg := arg.(type) {\n\t\t\tcase url.URL:\n\t\t\t\turlCopy := url.URL{Scheme: urlArg.Scheme, Host: urlArg.Host, Path: urlArg.Path}\n\t\t\t\targs[i] = urlCopy\n\t\t\tcase *url.URL:\n\t\t\t\turlCopy := url.URL{Scheme: urlArg.Scheme, Host: urlArg.Host, Path: urlArg.Path}\n\t\t\t\targs[i] = &urlCopy\n\t\t\tdefault:\n\t\t\t\tcontinue\n\t\t\t}\n\t\t}\n\t}\n\tl.Entry.Logf(level, format, args...)\n}\n\nfunc (l *Logger) Tracef(format string, args ...any) {\n\tl.Logf(logrus.TraceLevel, format, args...)\n}\n\nfunc (l *Logger) Debugf(format string, args ...any) {\n\tl.Logf(logrus.DebugLevel, format, args...)\n}\n\nfunc (l *Logger) Infof(format string, args ...any) {\n\tl.Logf(logrus.InfoLevel, format, args...)\n}\n\nfunc (l *Logger) Warnf(format string, args ...any) {\n\tl.Logf(logrus.WarnLevel, format, args...)\n}\n\nfunc (l *Logger) Errorf(format string, args ...any) {\n\tl.Logf(logrus.ErrorLevel, format, args...)\n}\n\nfunc (l *Logger) Fatalf(format string, args ...any) {\n\tl.Logf(logrus.FatalLevel, format, args...)\n\tl.Entry.Logger.Exit(1)\n}\n\nfunc (l *Logger) Panicf(format string, args ...any) {\n\tl.Logf(logrus.PanicLevel, format, args...)\n}\n\nfunc (l *Logger) WithFields(f logrus.Fields) *Logger {\n\tll := *l\n\tll.Entry = l.Entry.WithFields(f)\n\treturn &ll\n}\n\nfunc (l *Logger) WithField(key string, value any) *Logger {\n\tll := *l\n\tll.Entry = l.Entry.WithField(key, value)\n\treturn &ll\n}\n\nfunc (l *Logger) maybeRedact(value any) any {\n\tif fmt.Sprintf(\"%v\", value) == \"\" || value == nil {\n\t\treturn nil\n\t}\n\tif !l.leakSensitive {\n\t\treturn l.redactionText\n\t}\n\treturn value\n}\n\nfunc (l *Logger) WithSensitiveField(key string, value any) *Logger {\n\treturn l.WithField(key, l.maybeRedact(value))\n}\n\nfunc (l *Logger) WithError(err error) *Logger {\n\tif err == nil {\n\t\treturn l\n\t}\n\n\tctx := map[string]any{\"message\": err.Error()}\n\tif l.Entry.Logger.IsLevelEnabled(logrus.DebugLevel) {\n\t\tif e, ok := err.(errorsx.StackTracer); ok {\n\t\t\tctx[\"stack_trace\"] = fmt.Sprintf(\"%+v\", e.StackTrace())\n\t\t} else {\n\t\t\tctx[\"stack_trace\"] = fmt.Sprintf(\"stack trace could not be recovered from error type %s\", reflect.TypeOf(err))\n\t\t}\n\t}\n\tif c := errorsx.ReasonCarrier(nil); errors.As(err, &c) {\n\t\tctx[\"reason\"] = c.Reason()\n\t}\n\tif c := errorsx.RequestIDCarrier(nil); errors.As(err, &c) && c.RequestID() != \"\" {\n\t\tctx[\"request_id\"] = c.RequestID()\n\t}\n\tif c := errorsx.DetailsCarrier(nil); errors.As(err, &c) && c.Details() != nil {\n\t\tctx[\"details\"] = c.Details()\n\t}\n\tif c := errorsx.StatusCarrier(nil); errors.As(err, &c) && c.Status() != \"\" {\n\t\tctx[\"status\"] = c.Status()\n\t}\n\tif c := errorsx.StatusCodeCarrier(nil); errors.As(err, &c) && c.StatusCode() != 0 {\n\t\tctx[\"status_code\"] = c.StatusCode()\n\t}\n\tif c := errorsx.DebugCarrier(nil); errors.As(err, &c) {\n\t\tctx[\"debug\"] = c.Debug()\n\t}\n\n\treturn l.WithField(\"error\", ctx)\n}\n\nfunc (l *Logger) StdLogger(lvl logrus.Level) *log.Logger {\n\treturn log.New(writer{l.Logger, lvl}, \"\", 0)\n}\n\ntype writer struct {\n\tl *logrus.Logger\n\tlvl logrus.Level\n}\n\nfunc (w writer) Write(p []byte) (n int, err error) {\n\tw.l.Log(w.lvl, strings.TrimSuffix(string(p), \"\\n\"))\n\treturn len(p), nil\n}\n" }, { "path": "oryx/logrusx/logrus.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage logrusx\n\nimport (\n\t\"bytes\"\n\t\"cmp\"\n\t_ \"embed\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/sirupsen/logrus\"\n\n\tgelf \"github.com/seatgeek/logrus-gelf-formatter\"\n\n\t\"github.com/ory/x/stringsx\"\n)\n\ntype (\n\toptions struct {\n\t\tl *logrus.Logger\n\t\tlevel *logrus.Level\n\t\tformatter logrus.Formatter\n\t\tformat string\n\t\treportCaller bool\n\t\texitFunc func(int)\n\t\tleakSensitive bool\n\t\tredactionText string\n\t\tadditionalRedactedHeaders []string\n\t\thooks []logrus.Hook\n\t\tc configurator\n\t}\n\tOption func(*options)\n\tnullConfigurator struct{}\n\tconfigurator interface {\n\t\tBool(key string) bool\n\t\tString(key string) string\n\t\tStrings(path string) []string\n\t}\n)\n\n//go:embed config.schema.json\nvar ConfigSchema string\n\nconst ConfigSchemaID = \"ory://logging-config\"\n\n// AddConfigSchema adds the logging schema to the compiler.\n// The interface is specified instead of `jsonschema.Compiler` to allow the use of any jsonschema library fork or version.\nfunc AddConfigSchema(c interface {\n\tAddResource(url string, r io.Reader) error\n},\n) error {\n\treturn c.AddResource(ConfigSchemaID, bytes.NewBufferString(ConfigSchema))\n}\n\nfunc newLogger(parent *logrus.Logger, o *options) *logrus.Logger {\n\tl := parent\n\tif l == nil {\n\t\tl = logrus.New()\n\t}\n\n\tif o.exitFunc != nil {\n\t\tl.ExitFunc = o.exitFunc\n\t}\n\n\tfor _, hook := range o.hooks {\n\t\tl.AddHook(hook)\n\t}\n\n\tsetLevel(l, o)\n\tsetFormatter(l, o)\n\n\tl.ReportCaller = o.reportCaller || l.IsLevelEnabled(logrus.TraceLevel)\n\treturn l\n}\n\nfunc setLevel(l *logrus.Logger, o *options) {\n\tif o.level != nil {\n\t\tl.Level = *o.level\n\t} else {\n\t\tvar err error\n\t\tl.Level, err = logrus.ParseLevel(cmp.Or(\n\t\t\to.c.String(\"log.level\"),\n\t\t\tos.Getenv(\"LOG_LEVEL\")))\n\t\tif err != nil {\n\t\t\tl.Level = logrus.InfoLevel\n\t\t}\n\t}\n}\n\nfunc setFormatter(l *logrus.Logger, o *options) {\n\tif o.formatter != nil {\n\t\tl.Formatter = o.formatter\n\t} else {\n\t\tvar unknownFormat bool // we first have to set the formatter before we can complain about the unknown format\n\n\t\tformat := stringsx.SwitchExact(cmp.Or(o.format, o.c.String(\"log.format\"), os.Getenv(\"LOG_FORMAT\")))\n\t\tswitch {\n\t\tcase format.AddCase(\"json\"):\n\t\t\tl.Formatter = &logrus.JSONFormatter{PrettyPrint: false, TimestampFormat: time.RFC3339Nano, DisableHTMLEscape: true}\n\t\tcase format.AddCase(\"json_pretty\"):\n\t\t\tl.Formatter = &logrus.JSONFormatter{PrettyPrint: true, TimestampFormat: time.RFC3339Nano, DisableHTMLEscape: true}\n\t\tcase format.AddCase(\"gelf\"):\n\t\t\tl.Formatter = new(gelf.GelfFormatter)\n\t\tdefault:\n\t\t\tunknownFormat = true\n\t\t\tfallthrough\n\t\tcase format.AddCase(\"text\", \"\"):\n\t\t\tl.Formatter = &logrus.TextFormatter{\n\t\t\t\tDisableQuote: true,\n\t\t\t\tDisableTimestamp: false,\n\t\t\t\tFullTimestamp: true,\n\t\t\t}\n\t\t}\n\n\t\tif unknownFormat {\n\t\t\tl.WithError(format.ToUnknownCaseErr()).Warn(\"got unknown \\\"log.format\\\", falling back to \\\"text\\\"\")\n\t\t}\n\t}\n}\n\nfunc ForceLevel(level logrus.Level) Option {\n\treturn func(o *options) {\n\t\to.level = &level\n\t}\n}\n\nfunc ForceFormatter(formatter logrus.Formatter) Option {\n\treturn func(o *options) {\n\t\to.formatter = formatter\n\t}\n}\n\nfunc WithConfigurator(c configurator) Option {\n\treturn func(o *options) {\n\t\to.c = c\n\t}\n}\n\nfunc ForceFormat(format string) Option {\n\treturn func(o *options) {\n\t\to.format = format\n\t}\n}\n\nfunc WithHook(hook logrus.Hook) Option {\n\treturn func(o *options) {\n\t\to.hooks = append(o.hooks, hook)\n\t}\n}\n\nfunc WithExitFunc(exitFunc func(int)) Option {\n\treturn func(o *options) {\n\t\to.exitFunc = exitFunc\n\t}\n}\n\nfunc ReportCaller(reportCaller bool) Option {\n\treturn func(o *options) {\n\t\to.reportCaller = reportCaller\n\t}\n}\n\nfunc UseLogger(l *logrus.Logger) Option {\n\treturn func(o *options) {\n\t\to.l = l\n\t}\n}\n\nfunc LeakSensitive() Option {\n\treturn func(o *options) {\n\t\to.leakSensitive = true\n\t}\n}\n\nfunc RedactionText(text string) Option {\n\treturn func(o *options) {\n\t\to.redactionText = text\n\t}\n}\n\nfunc WithAdditionalRedactedHeaders(headers []string) Option {\n\treturn func(o *options) {\n\t\to.additionalRedactedHeaders = headers\n\t}\n}\n\nfunc toHeaderMap(headers []string) map[string]struct{} {\n\tm := make(map[string]struct{}, len(headers))\n\tfor _, h := range headers {\n\t\tm[strings.ToLower(h)] = struct{}{}\n\t}\n\treturn m\n}\n\nfunc (c *nullConfigurator) Bool(_ string) bool { return false }\nfunc (c *nullConfigurator) String(_ string) string { return \"\" }\nfunc (c *nullConfigurator) Strings(_ string) []string { return []string{} }\n\nfunc newOptions(opts []Option) *options {\n\to := new(options)\n\to.c = new(nullConfigurator)\n\tfor _, f := range opts {\n\t\tf(o)\n\t}\n\treturn o\n}\n\n// New creates a new logger with all the important fields set.\nfunc New(name string, version string, opts ...Option) *Logger {\n\to := newOptions(opts)\n\treturn &Logger{\n\t\topts: opts,\n\t\tleakSensitive: o.leakSensitive || o.c.Bool(\"log.leak_sensitive_values\"),\n\t\tredactionText: cmp.Or(o.redactionText, `Value is sensitive and has been redacted. To see the value set config key \"log.leak_sensitive_values = true\" or environment variable \"LOG_LEAK_SENSITIVE_VALUES=true\".`),\n\t\tadditionalRedactedHeaders: toHeaderMap(func() []string {\n\t\t\tif len(o.additionalRedactedHeaders) > 0 {\n\t\t\t\treturn o.additionalRedactedHeaders\n\t\t\t}\n\t\t\treturn o.c.Strings(\"log.additional_redacted_headers\")\n\t\t}()),\n\t\tEntry: newLogger(o.l, o).WithFields(logrus.Fields{\n\t\t\t\"audience\": \"application\", \"service_name\": name, \"service_version\": version,\n\t\t}),\n\t}\n}\n\nfunc NewT(t testing.TB, opts ...Option) *Logger {\n\topts = append(opts, LeakSensitive(), WithExitFunc(func(code int) {\n\t\tt.Fatalf(\"Logger exited with code %d\", code)\n\t}))\n\tl := New(t.Name(), \"test\", opts...)\n\tl.Logger.Out = t.Output()\n\treturn l\n}\n\nfunc (l *Logger) UseConfig(c configurator) {\n\tl.leakSensitive = l.leakSensitive || c.Bool(\"log.leak_sensitive_values\")\n\tl.redactionText = cmp.Or(c.String(\"log.redaction_text\"), l.redactionText)\n\tnewHeaders := toHeaderMap(c.Strings(\"log.additional_redacted_headers\"))\n\tfor k := range newHeaders {\n\t\tl.additionalRedactedHeaders[k] = struct{}{}\n\t}\n\to := newOptions(append(l.opts, WithConfigurator(c)))\n\tsetLevel(l.Entry.Logger, o)\n\tsetFormatter(l.Entry.Logger, o)\n}\n\nfunc (l *Logger) ReportError(r *http.Request, code int, err error, args ...interface{}) {\n\tlogger := l.WithError(err).WithRequest(r).WithField(\"http_response\", map[string]interface{}{\n\t\t\"status_code\": code,\n\t})\n\tswitch {\n\tcase code < 500:\n\t\tlogger.Info(args...)\n\tdefault:\n\t\tlogger.Error(args...)\n\t}\n}\n" }, { "path": "oryx/mapx/type_assert.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage mapx\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"math\"\n\t\"time\"\n)\n\n// ErrKeyDoesNotExist is returned when the key does not exist in the map.\nvar ErrKeyDoesNotExist = errors.New(\"key is not present in map\")\n\n// ErrKeyCanNotBeTypeAsserted is returned when the key can not be type asserted.\nvar ErrKeyCanNotBeTypeAsserted = errors.New(\"key could not be type asserted\")\n\n// GetString returns a string for a given key in values.\nfunc GetString[K comparable](values map[K]any, key K) (string, error) {\n\tif v, ok := values[key]; !ok {\n\t\treturn \"\", ErrKeyDoesNotExist\n\t} else if sv, ok := v.(string); !ok {\n\t\treturn \"\", ErrKeyCanNotBeTypeAsserted\n\t} else {\n\t\treturn sv, nil\n\t}\n}\n\n// GetStringSlice returns a string slice for a given key in values.\nfunc GetStringSlice[K comparable](values map[K]any, key K) ([]string, error) {\n\tv, ok := values[key]\n\tif !ok {\n\t\treturn nil, ErrKeyDoesNotExist\n\t}\n\tswitch v := v.(type) {\n\tcase []string:\n\t\treturn v, nil\n\tcase []any:\n\t\tvs := make([]string, len(v))\n\t\tfor k, v := range v {\n\t\t\tvar ok bool\n\t\t\tvs[k], ok = v.(string)\n\t\t\tif !ok {\n\t\t\t\treturn nil, ErrKeyCanNotBeTypeAsserted\n\t\t\t}\n\t\t}\n\t\treturn vs, nil\n\t}\n\treturn nil, ErrKeyCanNotBeTypeAsserted\n}\n\n// GetTime returns a string slice for a given key in values.\nfunc GetTime[K comparable](values map[K]any, key K) (time.Time, error) {\n\tv, ok := values[key]\n\tif !ok {\n\t\treturn time.Time{}, ErrKeyDoesNotExist\n\t}\n\n\tswitch v := v.(type) {\n\tcase time.Time:\n\t\treturn v, nil\n\tcase int64:\n\t\treturn time.Unix(v, 0), nil\n\tcase int32:\n\t\treturn time.Unix(int64(v), 0), nil\n\tcase int:\n\t\treturn time.Unix(int64(v), 0), nil\n\tcase float64:\n\t\tif v < math.MinInt64 || v > math.MaxInt64 {\n\t\t\treturn time.Time{}, errors.New(\"value is out of range\")\n\t\t}\n\t\treturn time.Unix(int64(v), 0), nil\n\tcase float32:\n\t\tif v < math.MinInt64 || v > math.MaxInt64 {\n\t\t\treturn time.Time{}, errors.New(\"value is out of range\")\n\t\t}\n\t\treturn time.Unix(int64(v), 0), nil\n\t}\n\n\treturn time.Time{}, ErrKeyCanNotBeTypeAsserted\n}\n\n// GetInt64 returns an int64 for a given key in values.\nfunc GetInt64[K comparable](values map[K]any, key K) (int64, error) {\n\tv, ok := values[key]\n\tif !ok {\n\t\treturn 0, ErrKeyDoesNotExist\n\t}\n\tswitch v := v.(type) {\n\tcase json.Number:\n\t\treturn v.Int64()\n\tcase int64:\n\t\treturn v, nil\n\tcase int:\n\t\treturn int64(v), nil\n\tcase int32:\n\t\treturn int64(v), nil\n\tcase uint:\n\t\tvv := uint64(v)\n\t\tif vv > math.MaxInt64 {\n\t\t\treturn 0, errors.New(\"value is out of range\")\n\t\t}\n\t\treturn int64(vv), nil\n\tcase uint32:\n\t\treturn int64(v), nil\n\tcase uint64:\n\t\tif v > math.MaxInt64 {\n\t\t\treturn 0, errors.New(\"value is out of range\")\n\t\t}\n\t\treturn int64(v), nil\n\t}\n\treturn 0, ErrKeyCanNotBeTypeAsserted\n}\n\n// GetInt32 returns an int32 for a given key in values.\nfunc GetInt32[K comparable](values map[K]any, key K) (int32, error) {\n\tv, err := GetInt64(values, key)\n\tif err != nil {\n\t\treturn 0, err\n\t}\n\tif v > math.MaxInt32 || v < math.MinInt32 {\n\t\treturn 0, errors.New(\"value is out of range\")\n\t}\n\treturn int32(v), nil\n}\n\n// GetInt returns an int for a given key in values.\nfunc GetInt[K comparable](values map[K]any, key K) (int, error) {\n\tv, err := GetInt64(values, key)\n\tif err != nil {\n\t\treturn 0, err\n\t}\n\tif v > math.MaxInt || v < math.MinInt {\n\t\treturn 0, errors.New(\"value is out of range\")\n\t}\n\treturn int(v), nil\n}\n\n// GetFloat64Default returns a float64 or the default value for a given key in values.\nfunc GetFloat64Default[K comparable](values map[K]any, key K, defaultValue float64) float64 {\n\tf, err := GetFloat64(values, key)\n\tif err != nil {\n\t\treturn defaultValue\n\t}\n\treturn f\n}\n\n// GetFloat64 returns a float64 for a given key in values.\nfunc GetFloat64[K comparable](values map[K]any, key K) (float64, error) {\n\tv, ok := values[key]\n\tif !ok {\n\t\treturn 0, ErrKeyDoesNotExist\n\t}\n\tswitch v := v.(type) {\n\tcase json.Number:\n\t\treturn v.Float64()\n\tcase float32:\n\t\treturn float64(v), nil\n\tcase float64:\n\t\treturn v, nil\n\t}\n\treturn 0, ErrKeyCanNotBeTypeAsserted\n}\n\n// GetStringDefault returns a string or the default value for a given key in values.\nfunc GetStringDefault[K comparable](values map[K]any, key K, defaultValue string) string {\n\tif s, err := GetString(values, key); err == nil {\n\t\treturn s\n\t}\n\treturn defaultValue\n}\n\n// GetStringSliceDefault returns a string slice or the default value for a given key in values.\nfunc GetStringSliceDefault[K comparable](values map[K]any, key K, defaultValue []string) []string {\n\tif s, err := GetStringSlice(values, key); err == nil {\n\t\treturn s\n\t}\n\treturn defaultValue\n}\n" }, { "path": "oryx/metricsx/metrics.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage metricsx\n\nimport (\n\t\"runtime\"\n\t\"sync\"\n)\n\n// MemoryStatistics is a JSON-able version of runtime.MemStats\ntype MemoryStatistics struct {\n\tsync.Mutex\n\t// Alloc is bytes of allocated heap objects.\n\tAlloc uint64 `json:\"alloc\"`\n\t// TotalAlloc is cumulative bytes allocated for heap objects.\n\tTotalAlloc uint64 `json:\"totalAlloc\"`\n\t// Sys is the total bytes of memory obtained from the OS.\n\tSys uint64 `json:\"sys\"`\n\t// Lookups is the number of pointer lookups performed by the\n\t// runtime.\n\tLookups uint64 `json:\"lookups\"`\n\t// Mallocs is the cumulative count of heap objects allocated.\n\t// The number of live objects is Mallocs - Frees.\n\tMallocs uint64 `json:\"mallocs\"`\n\t// Frees is the cumulative count of heap objects freed.\n\tFrees uint64 `json:\"frees\"`\n\t// HeapAlloc is bytes of allocated heap objects.\n\tHeapAlloc uint64 `json:\"heapAlloc\"`\n\t// HeapSys is bytes of heap memory obtained from the OS.\n\tHeapSys uint64 `json:\"heapSys\"`\n\t// HeapIdle is bytes in idle (unused) spans.\n\tHeapIdle uint64 `json:\"heapIdle\"`\n\t// HeapInuse is bytes in in-use spans.\n\tHeapInuse uint64 `json:\"heapInuse\"`\n\t// HeapReleased is bytes of physical memory returned to the OS.\n\tHeapReleased uint64 `json:\"heapReleased\"`\n\t// HeapObjects is the number of allocated heap objects.\n\tHeapObjects uint64 `json:\"heapObjects\"`\n\t// NumGC is the number of completed GC cycles.\n\tNumGC uint32 `json:\"numGC\"`\n}\n\n// ToMap converts to a map[string]interface{}.\nfunc (ms *MemoryStatistics) ToMap() map[string]interface{} {\n\treturn map[string]interface{}{\n\t\t\"alloc\": ms.Alloc,\n\t\t\"totalAlloc\": ms.TotalAlloc,\n\t\t\"sys\": ms.Sys,\n\t\t\"lookups\": ms.Lookups,\n\t\t\"mallocs\": ms.Mallocs,\n\t\t\"frees\": ms.Frees,\n\t\t\"heapAlloc\": ms.HeapAlloc,\n\t\t\"heapSys\": ms.HeapSys,\n\t\t\"heapIdle\": ms.HeapIdle,\n\t\t\"heapInuse\": ms.HeapInuse,\n\t\t\"heapReleased\": ms.HeapReleased,\n\t\t\"heapObjects\": ms.HeapObjects,\n\t\t\"numGC\": ms.NumGC,\n\t\t\"nonInteraction\": 1,\n\t}\n}\n\n// Update takes the most recent stats from runtime.\nfunc (ms *MemoryStatistics) Update() {\n\tvar m runtime.MemStats\n\truntime.ReadMemStats(&m)\n\n\tms.Lock()\n\tdefer ms.Unlock()\n\tms.Alloc = m.Alloc\n\tms.TotalAlloc = m.TotalAlloc\n\tms.Sys = m.Sys\n\tms.Lookups = m.Lookups\n\tms.Mallocs = m.Mallocs\n\tms.Frees = m.Frees\n\tms.HeapAlloc = m.HeapAlloc\n\tms.HeapSys = m.HeapSys\n\tms.HeapIdle = m.HeapIdle\n\tms.HeapInuse = m.HeapInuse\n\tms.HeapReleased = m.HeapReleased\n\tms.HeapObjects = m.HeapObjects\n\tms.NumGC = m.NumGC\n}\n" }, { "path": "oryx/metricsx/middleware.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage metricsx\n\nimport (\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"math\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"runtime\"\n\t\"strconv\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"google.golang.org/grpc\"\n\t\"google.golang.org/grpc/metadata\"\n\t\"google.golang.org/grpc/status\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/resilience\"\n\t\"github.com/ory/x/urlx\"\n\n\t\"github.com/ory/analytics-go/v5\"\n)\n\nconst (\n\tXForwardedHostHeader = \"X-Forwarded-Host\"\n\tAuthorityHeader = \":authority\"\n)\n\nvar (\n\tinstance *Service\n\tlock sync.Mutex\n\tknownHeaders = []string{AuthorityHeader, XForwardedHostHeader}\n)\n\n// Service helps with providing context on metrics.\ntype Service struct {\n\toptOut bool\n\tinstanceId string\n\n\to *Options\n\n\tc analytics.Client\n\tl *logrusx.Logger\n\n\tmem *MemoryStatistics\n}\n\n// Hash returns a hashed string of the value.\nfunc Hash(value string) string {\n\tsha := sha256.Sum256([]byte(value))\n\treturn hex.EncodeToString(sha[:])\n}\n\n// Options configures the metrics service.\ntype Options struct {\n\t// Service represents the service name, for example \"ory-hydra\".\n\tService string\n\n\t// DeploymentId represents the cluster id, typically a hash of some unique configuration properties.\n\tDeploymentId string\n\n\t// DBDialect specifies the database dialect in use (e.g., \"postgres\", \"mysql\", \"sqlite\").\n\tDBDialect string\n\n\t// When this instance was started\n\tStartTime time.Time\n\n\t// IsDevelopment should be true if we assume that we're in a development environment.\n\tIsDevelopment bool\n\n\t// WriteKey is the segment API key.\n\tWriteKey string\n\n\t// WhitelistedPaths represents a list of paths that can be transmitted in clear text to segment.\n\tWhitelistedPaths []string\n\n\t// BuildVersion represents the build version.\n\tBuildVersion string\n\n\t// BuildHash represents the build git hash.\n\tBuildHash string\n\n\t// BuildTime represents the build time.\n\tBuildTime string\n\n\t// Hostname is a public URL configured for the service, used to derive hosted name for telemetry.\n\tHostname string\n\n\t// Config overrides the analytics.Config. If nil, sensible defaults will be used.\n\tConfig *analytics.Config\n\n\t// MemoryInterval sets how often memory statistics should be transmitted. Defaults to every 12 hours.\n\tMemoryInterval time.Duration\n}\n\ntype void struct{}\n\nfunc (v *void) Logf(format string, args ...interface{}) {\n}\n\nfunc (v *void) Errorf(format string, args ...interface{}) {\n}\n\n// New returns a new metrics service. If one has been instantiated already, no new instance will be created.\nfunc New(\n\tcmd *cobra.Command,\n\tl *logrusx.Logger,\n\tc *configx.Provider,\n\to *Options,\n) *Service {\n\tlock.Lock()\n\tdefer lock.Unlock()\n\n\tif instance != nil {\n\t\treturn instance\n\t}\n\n\to.StartTime = time.Now()\n\n\tif o.BuildTime == \"\" {\n\t\to.BuildTime = \"unknown\"\n\t}\n\n\tif o.BuildVersion == \"\" {\n\t\to.BuildVersion = \"unknown\"\n\t}\n\n\tif o.BuildHash == \"\" {\n\t\to.BuildHash = \"unknown\"\n\t}\n\n\tif o.Config == nil {\n\t\to.Config = &analytics.Config{\n\t\t\tInterval: time.Hour * 6,\n\t\t}\n\t}\n\n\to.Config.Logger = new(void)\n\n\tif o.MemoryInterval < time.Minute {\n\t\to.MemoryInterval = time.Hour * 12\n\t}\n\n\tsegment, err := analytics.NewWithConfig(o.WriteKey, *o.Config)\n\tif err != nil {\n\t\tl.WithError(err).Fatalf(\"Unable to initialise software quality assurance features.\")\n\t\treturn nil\n\t}\n\n\toptOut, err := cmd.Flags().GetBool(\"sqa-opt-out\")\n\tif err != nil {\n\t\tcmdx.Must(err, `Unable to get command line flag \"sqa-opt-out\": %s`, err)\n\t}\n\n\tif !optOut {\n\t\toptOut = c.Bool(\"sqa.opt_out\")\n\t}\n\n\tif !optOut {\n\t\toptOut = c.Bool(\"sqa_opt_out\")\n\t}\n\n\tif !optOut {\n\t\toptOut, _ = strconv.ParseBool(os.Getenv(\"SQA_OPT_OUT\"))\n\t}\n\n\tif !optOut {\n\t\toptOut, _ = strconv.ParseBool(os.Getenv(\"SQA-OPT-OUT\"))\n\t}\n\n\tif !optOut {\n\t\tl.Info(\"Software quality assurance features are enabled. Learn more at: https://www.ory.sh/docs/ecosystem/sqa\")\n\t}\n\n\tm := &Service{\n\t\toptOut: optOut,\n\t\tinstanceId: uuid.Must(uuid.NewV4()).String(),\n\t\to: o,\n\t\tc: segment,\n\t\tl: l,\n\t\tmem: new(MemoryStatistics),\n\t}\n\n\tinstance = m\n\n\tgo m.Identify()\n\tgo m.Track()\n\n\treturn m\n}\n\n// Identify enables reporting to segment.\nfunc (sw *Service) Identify() {\n\tIdentifySend(sw, true)\n\n\t// User has not opt-out then make identify to be sent every 6 hours\n\tif !sw.optOut {\n\t\tfor range time.Tick(time.Hour * 6) {\n\t\t\tIdentifySend(sw, false)\n\t\t}\n\t}\n}\n\nfunc IdentifySend(sw *Service, startup bool) {\n\tif err := resilience.Retry(sw.l, time.Minute*5, time.Hour*6, func() error {\n\t\treturn sw.c.Enqueue(analytics.Identify{\n\t\t\tInstanceId: sw.instanceId,\n\t\t\tDeploymentId: sw.o.DeploymentId,\n\t\t\tProject: sw.o.Service,\n\n\t\t\tDatabaseDialect: sw.o.DBDialect,\n\t\t\tProductVersion: sw.o.BuildVersion,\n\t\t\tProductBuild: sw.o.BuildHash,\n\t\t\tUptimeDeployment: 0,\n\t\t\tUptimeInstance: math.Round(time.Since(sw.o.StartTime).Seconds()),\n\t\t\tIsDevelopment: sw.o.IsDevelopment,\n\t\t\tIsOptOut: sw.optOut,\n\t\t\tStartup: startup,\n\t\t})\n\t}); err != nil {\n\t\tsw.l.WithError(err).Debug(\"Could not commit anonymized environment information\")\n\t}\n}\n\n// Track commits memory statistics to segment.\nfunc (sw *Service) Track() {\n\tif sw.optOut {\n\t\treturn\n\t}\n\n\tfor {\n\t\tsw.mem.Update()\n\t\tif err := sw.c.Enqueue(analytics.Track{\n\t\t\tInstanceId: sw.instanceId,\n\t\t\tDeploymentId: sw.o.DeploymentId,\n\t\t\tProject: sw.o.Service,\n\n\t\t\tCPU: runtime.NumCPU(),\n\t\t\tOsName: runtime.GOOS,\n\t\t\tOsArchitecture: runtime.GOARCH,\n\t\t\tAlloc: sw.mem.Alloc,\n\t\t\tTotalAlloc: sw.mem.TotalAlloc,\n\t\t\tFrees: sw.mem.Frees,\n\t\t\tMallocs: sw.mem.Mallocs,\n\t\t\tLookups: sw.mem.Lookups,\n\t\t\tSys: sw.mem.Sys,\n\t\t\tNumGC: sw.mem.NumGC,\n\t\t\tHeapAlloc: sw.mem.HeapAlloc,\n\t\t\tHeapInuse: sw.mem.HeapInuse,\n\t\t\tHeapIdle: sw.mem.HeapIdle,\n\t\t\tHeapObjects: sw.mem.HeapObjects,\n\t\t\tHeapReleased: sw.mem.HeapReleased,\n\t\t\tHeapSys: sw.mem.HeapSys,\n\t\t}); err != nil {\n\t\t\tsw.l.WithError(err).Debug(\"Could not commit anonymized telemetry data\")\n\t\t}\n\t\ttime.Sleep(sw.o.MemoryInterval)\n\t}\n}\n\n// ServeHTTP is a middleware for sending meta information to segment.\nfunc (sw *Service) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tvar start time.Time\n\tif !sw.optOut {\n\t\tstart = time.Now()\n\t}\n\n\tnext(rw, r)\n\n\tif sw.optOut {\n\t\treturn\n\t}\n\n\tlatency := time.Since(start).Milliseconds()\n\tpath := sw.anonymizePath(r.URL.Path)\n\thost := urlx.ExtractPublicAddress(sw.o.Hostname, r.Header.Get(XForwardedHostHeader), r.Host)\n\n\t// Collecting request info\n\tstat, _ := httpx.GetResponseMeta(rw)\n\n\tif err := sw.c.Enqueue(analytics.Page{\n\t\tInstanceId: sw.instanceId,\n\t\tDeploymentId: sw.o.DeploymentId,\n\t\tProject: sw.o.Service,\n\t\tUrlHost: host,\n\t\tUrlPath: path,\n\t\tRequestCode: stat,\n\t\tRequestLatency: int(latency),\n\t}); err != nil {\n\t\tsw.l.WithError(err).Debug(\"Could not commit anonymized telemetry data\")\n\t\t// do nothing...\n\t}\n}\n\nfunc (sw *Service) UnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {\n\tvar start time.Time\n\tif !sw.optOut {\n\t\tstart = time.Now()\n\t}\n\n\tresp, err := handler(ctx, req)\n\n\tif sw.optOut {\n\t\treturn resp, err\n\t}\n\n\tlatency := time.Since(start).Milliseconds()\n\n\thosts := []string{sw.o.Hostname}\n\tif md, ok := metadata.FromIncomingContext(ctx); ok {\n\t\tfor _, h := range knownHeaders {\n\t\t\tif v := md.Get(h); len(v) > 0 {\n\t\t\t\thosts = append(hosts, v[0])\n\t\t\t}\n\t\t}\n\t}\n\thost := urlx.ExtractPublicAddress(hosts...)\n\n\tif err := sw.c.Enqueue(analytics.Page{\n\t\tInstanceId: sw.instanceId,\n\t\tDeploymentId: sw.o.DeploymentId,\n\t\tProject: sw.o.Service,\n\t\tUrlHost: host,\n\t\tUrlPath: info.FullMethod,\n\t\tRequestCode: int(status.Code(err)),\n\t\tRequestLatency: int(latency),\n\t}); err != nil {\n\t\tsw.l.WithError(err).Debug(\"Could not commit anonymized telemetry data\")\n\t\t// do nothing...\n\t}\n\n\treturn resp, err\n}\n\nfunc (sw *Service) StreamInterceptor(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {\n\t// this needs a bit of thought, but we don't have streaming RPCs currently anyway\n\tsw.l.Info(\"The telemetry stream interceptor is not yet implemented!\")\n\treturn handler(srv, stream)\n}\n\nfunc (sw *Service) Close() error {\n\treturn sw.c.Close()\n}\n\nfunc (sw *Service) anonymizePath(path string) string {\n\tpaths := sw.o.WhitelistedPaths\n\tpath = strings.ToLower(path)\n\n\tfor _, p := range paths {\n\t\tp = strings.ToLower(p)\n\t\tif path == p {\n\t\t\treturn p\n\t\t} else if len(path) > len(p) && path[:len(p)+1] == p+\"/\" {\n\t\t\treturn p\n\t\t}\n\t}\n\n\treturn \"/\"\n}\n\nfunc (sw *Service) anonymizeQuery(query url.Values, salt string) string {\n\tfor _, q := range query {\n\t\tfor i, s := range q {\n\t\t\tif s != \"\" {\n\t\t\t\ts = Hash(s + \"|\" + salt)\n\t\t\t\tq[i] = s\n\t\t\t}\n\t\t}\n\t}\n\treturn query.Encode()\n}\n" }, { "path": "oryx/migratest/refresh.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build refresh\n// +build refresh\n\npackage migratest\n\nimport (\n\t\"encoding/json\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc WriteFixtureOnError(t *testing.T, err error, actual interface{}, location string) {\n\tcontent, err := json.MarshalIndent(actual, \"\", \" \")\n\trequire.NoError(t, err)\n\trequire.NoError(t, os.MkdirAll(filepath.Dir(location), 0777))\n\trequire.NoError(t, os.WriteFile(location, content, 0666))\n}\n" }, { "path": "oryx/migratest/run.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage migratest\n\nimport (\n\t\"encoding/json\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc ContainsExpectedIds(t *testing.T, path string, ids []string) {\n\tfiles, err := os.ReadDir(path)\n\trequire.NoError(t, err)\n\n\tfor _, f := range files {\n\t\tif filepath.Ext(f.Name()) == \".json\" {\n\t\t\texpected := strings.TrimSuffix(filepath.Base(f.Name()), \".json\")\n\t\t\tassert.Contains(t, ids, expected)\n\t\t}\n\t}\n}\n\nfunc CompareWithFixture(t *testing.T, actual interface{}, prefix string, id string) {\n\tlocation := filepath.Join(\"fixtures\", prefix, id+\".json\")\n\t//#nosec G304 -- false positive\n\texpected, err := os.ReadFile(location)\n\tWriteFixtureOnError(t, err, actual, location)\n\n\tactualJSON, err := json.Marshal(actual)\n\trequire.NoError(t, err)\n\n\tif !assert.JSONEq(t, string(expected), string(actualJSON)) {\n\t\tWriteFixtureOnError(t, nil, actual, location)\n\t}\n}\n" }, { "path": "oryx/migratest/strict.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build !refresh\n// +build !refresh\n\npackage migratest\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc WriteFixtureOnError(t *testing.T, err error, actual interface{}, location string) {\n\trequire.NoError(t, err)\n}\n" }, { "path": "oryx/networkx/listener.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage networkx\n\nimport (\n\t\"net\"\n\t\"strings\"\n\n\t\"github.com/ory/x/configx\"\n)\n\nfunc AddressIsUnixSocket(address string) bool {\n\treturn strings.HasPrefix(address, \"unix:\")\n}\n\nfunc MakeListener(address string, socketPermission *configx.UnixPermission) (net.Listener, error) {\n\tif AddressIsUnixSocket(address) {\n\t\taddr := strings.TrimPrefix(address, \"unix:\")\n\t\tl, err := net.Listen(\"unix\", addr)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\terr = socketPermission.SetPermission(addr)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn l, nil\n\t}\n\treturn net.Listen(\"tcp\", address)\n}\n" }, { "path": "oryx/networkx/manager.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage networkx\n\nimport (\n\t\"embed\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\n// Migrations of the network manager. Apply by merging with your local migrations using\n// fsx.Merge() and then passing all to the migration box.\n//\n//go:embed migrations/sql/*.sql\nvar Migrations embed.FS\n\nfunc Determine(c *pop.Connection) (*Network, error) {\n\tvar p Network\n\tif err := sqlcon.HandleError(c.Q().Order(\"created_at ASC\").First(&p)); err != nil {\n\t\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\tnp := NewNetwork()\n\t\t\tif err := c.Create(np); err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\treturn np, nil\n\t\t}\n\t\treturn nil, err\n\t}\n\treturn &p, nil\n}\n" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.cockroach.down.sql", "content": "DROP TABLE \"networks\";" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.cockroach.up.sql", "content": "CREATE TABLE \"networks\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.mysql.down.sql", "content": "DROP TABLE `networks`;" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.mysql.up.sql", "content": "CREATE TABLE `networks` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.postgres.down.sql", "content": "DROP TABLE \"networks\";" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.postgres.up.sql", "content": "CREATE TABLE \"networks\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.sqlite3.down.sql", "content": "DROP TABLE \"networks\";" }, { "path": "oryx/networkx/migrations/sql/20150100000001000000_networks.sqlite3.up.sql", "content": "CREATE TABLE \"networks\" (\n\"id\" TEXT PRIMARY KEY,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "oryx/networkx/migrations/templates/20150100000001_networks.down.fizz", "content": "drop_table(\"networks\")\n" }, { "path": "oryx/networkx/migrations/templates/20150100000001_networks.up.fizz", "content": "create_table(\"networks\") {\n t.Column(\"id\", \"uuid\", {primary: true})\n}\n" }, { "path": "oryx/networkx/network.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage networkx\n\nimport (\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n)\n\ntype Network struct {\n\tID uuid.UUID `json:\"id\" db:\"id\"`\n\n\t// CreatedAt is a helper struct field for gobuffalo.pop.\n\tCreatedAt time.Time `json:\"-\" db:\"created_at\"`\n\n\t// UpdatedAt is a helper struct field for gobuffalo.pop.\n\tUpdatedAt time.Time `json:\"-\" db:\"updated_at\"`\n}\n\nfunc (p Network) TableName() string {\n\treturn \"networks\"\n}\n\nfunc NewNetwork() *Network {\n\treturn &Network{\n\t\tID: uuid.Must(uuid.NewV4()),\n\t}\n}\n" }, { "path": "oryx/openapix/doc.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// Package openapi contains definitions commonly used in Ory's APIs\n// such as pagination, JSON patches, and more.\npackage openapix\n" }, { "path": "oryx/openapix/jsonpatch.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage openapix\n\n// A JSONPatchDocument request\n//\n// swagger:model jsonPatchDocument\ntype JSONPatchDocument []JSONPatch\n\n// A JSONPatch document as defined by RFC 6902\n//\n// swagger:model jsonPatch\ntype JSONPatch struct {\n\t// The operation to be performed. One of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\".\n\t//\n\t// required: true\n\t// example: replace\n\tOp string `json:\"op\"`\n\n\t// The path to the target path. Uses JSON pointer notation.\n\t//\n\t// Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).\n\t//\n\t// required: true\n\t// example: /name\n\tPath string `json:\"path\"`\n\n\t// The value to be used within the operations.\n\t//\n\t// Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).\n\t//\n\t// example: foobar\n\tValue interface{} `json:\"value\"`\n\n\t// This field is used together with operation \"move\" and uses JSON Pointer notation.\n\t//\n\t// Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).\n\t//\n\t// example: /name\n\tFrom string `json:\"from\"`\n}\n" }, { "path": "oryx/openapix/pagination.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage openapix\n\n// swagger:model tokenPaginationHeaders\ntype TokenPaginationHeaders struct {\n\t// The link header contains pagination links.\n\t//\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// in: header\n\tLink string `json:\"link\"`\n\n\t// The total number of clients.\n\t//\n\t// in: header\n\tXTotalCount string `json:\"x-total-count\"`\n}\n\n// swagger:model tokenPagination\ntype TokenPaginationParams struct {\n\t// Items per page\n\t//\n\t// This is the number of items per page to return.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 1000\n\tPageSize int `json:\"page_size\"`\n\n\t// Next Page Token\n\t//\n\t// The next page token.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\tPageToken string `json:\"page_token\"`\n}\n" }, { "path": "oryx/osx/env.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage osx\n\nimport (\n\t\"cmp\"\n\t\"os\"\n)\n\n// GetenvDefault returns an environment variable or the default value if it is empty.\nfunc GetenvDefault(key string, def string) string {\n\treturn cmp.Or(os.Getenv(key), def)\n}\n" }, { "path": "oryx/osx/file.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage osx\n\nimport (\n\t\"encoding/base64\"\n\t\"io\"\n\t\"net/url\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/hashicorp/go-retryablehttp\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/httpx\"\n)\n\ntype options struct {\n\tdisableFileLoader bool\n\tdisableHTTPLoader bool\n\tdisableBase64Loader bool\n\tbase64enc *base64.Encoding\n\tdisableResilientBase64Loader bool\n\thc *retryablehttp.Client\n}\n\ntype Option func(o *options)\n\nfunc (o *options) apply(opts []Option) *options {\n\tfor _, f := range opts {\n\t\tf(o)\n\t}\n\treturn o\n}\n\nfunc newOptions() *options {\n\treturn &options{\n\t\tdisableFileLoader: false,\n\t\tdisableHTTPLoader: false,\n\t\tdisableBase64Loader: false,\n\t\tbase64enc: base64.RawURLEncoding,\n\t\thc: httpx.NewResilientClient(),\n\t}\n}\n\n// WithDisabledFileLoader disables the file loader.\nfunc WithDisabledFileLoader() Option {\n\treturn func(o *options) {\n\t\to.disableFileLoader = true\n\t}\n}\n\n// WithEnabledFileLoader enables the file loader.\nfunc WithEnabledFileLoader() Option {\n\treturn func(o *options) {\n\t\to.disableFileLoader = false\n\t}\n}\n\n// WithDisabledHTTPLoader disables the HTTP loader.\nfunc WithDisabledHTTPLoader() Option {\n\treturn func(o *options) {\n\t\to.disableHTTPLoader = true\n\t}\n}\n\n// WithEnabledHTTPLoader enables the HTTP loader.\nfunc WithEnabledHTTPLoader() Option {\n\treturn func(o *options) {\n\t\to.disableHTTPLoader = false\n\t}\n}\n\n// WithDisabledBase64Loader disables the base64 loader.\nfunc WithDisabledBase64Loader() Option {\n\treturn func(o *options) {\n\t\to.disableBase64Loader = true\n\t}\n}\n\n// WithEnabledBase64Loader disables the base64 loader.\nfunc WithEnabledBase64Loader() Option {\n\treturn func(o *options) {\n\t\to.disableBase64Loader = false\n\t}\n}\n\n// WithBase64Encoding sets the base64 encoding.\nfunc WithBase64Encoding(enc *base64.Encoding) Option {\n\treturn func(o *options) {\n\t\to.base64enc = enc\n\t}\n}\n\n// WithoutResilientBase64Encoding sets the base64 encoding.\nfunc WithoutResilientBase64Encoding() Option {\n\treturn func(o *options) {\n\t\to.disableResilientBase64Loader = true\n\t}\n}\n\n// WithHTTPClient sets the HTTP client.\nfunc WithHTTPClient(hc *retryablehttp.Client) Option {\n\treturn func(o *options) {\n\t\to.hc = hc\n\t}\n}\n\n// RestrictedReadFile works similar to ReadFileFromAllSources but has all\n// sources disabled per default. You need to enable the loaders you wish to use\n// explicitly.\nfunc RestrictedReadFile(source string, opts ...Option) (bytes []byte, err error) {\n\to := newOptions()\n\to.disableFileLoader = true\n\to.disableBase64Loader = true\n\to.disableHTTPLoader = true\n\treturn readFile(source, o.apply(opts))\n}\n\n// ReadFileFromAllSources reads a file from base64, http, https, and file sources.\n//\n// Using options, you can disable individual loaders. For example, the following will\n// return an error:\n//\n//\tReadFileFromAllSources(\"https://foo.bar/baz.txt\", WithDisabledHTTPLoader())\n//\n// Possible formats are:\n//\n// - /path/to/file\n// - file:///path/to/file\n// - https://host.com/path/to/file\n// - http://host.com/path/to/file\n// - base64://\n//\n// For more options, check:\n//\n// - WithDisabledFileLoader\n// - WithDisabledHTTPLoader\n// - WithDisabledBase64Loader\n// - WithBase64Encoding\n// - WithHTTPClient\nfunc ReadFileFromAllSources(source string, opts ...Option) (bytes []byte, err error) {\n\treturn readFile(source, newOptions().apply(opts))\n}\n\nfunc readFile(source string, o *options) (bytes []byte, err error) {\n\tparsed, err := url.Parse(source)\n\tif err != nil {\n\t\treturn nil, errors.Wrap(err, \"failed to parse URL\")\n\t}\n\n\tswitch parsed.Scheme {\n\tcase \"\":\n\t\tif o.disableFileLoader {\n\t\t\treturn nil, errors.New(\"file loader disabled\")\n\t\t}\n\n\t\t//#nosec G304 -- false positive\n\t\tbytes, err = os.ReadFile(source)\n\t\tif err != nil {\n\t\t\treturn nil, errors.Wrap(err, \"unable to read the file\")\n\t\t}\n\tcase \"file\":\n\t\tif o.disableFileLoader {\n\t\t\treturn nil, errors.New(\"file loader disabled\")\n\t\t}\n\n\t\t//#nosec G304 -- false positive\n\t\tbytes, err = os.ReadFile(parsed.Host + parsed.Path)\n\t\tif err != nil {\n\t\t\treturn nil, errors.Wrap(err, \"unable to read the file\")\n\t\t}\n\tcase \"http\", \"https\":\n\t\tif o.disableHTTPLoader {\n\t\t\treturn nil, errors.New(\"http(s) loader disabled\")\n\t\t}\n\t\tresp, err := o.hc.Get(parsed.String())\n\t\tif err != nil {\n\t\t\treturn nil, errors.Wrap(err, \"unable to load remote file\")\n\t\t}\n\t\tdefer resp.Body.Close()\n\n\t\tbytes, err = io.ReadAll(resp.Body)\n\t\tif err != nil {\n\t\t\treturn nil, errors.Wrap(err, \"unable to read the HTTP response body\")\n\t\t}\n\tcase \"base64\":\n\t\tif o.disableBase64Loader {\n\t\t\treturn nil, errors.New(\"base64 loader disabled\")\n\t\t}\n\n\t\tif o.disableResilientBase64Loader {\n\t\t\tbytes, err = o.base64enc.DecodeString(strings.TrimPrefix(source, \"base64://\"))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, errors.Wrap(err, \"unable to base64 decode the location\")\n\t\t\t}\n\t\t\treturn bytes, nil\n\t\t}\n\n\t\tfor _, enc := range []*base64.Encoding{\n\t\t\tbase64.StdEncoding,\n\t\t\tbase64.URLEncoding,\n\t\t\tbase64.RawURLEncoding,\n\t\t\tbase64.RawStdEncoding,\n\t\t} {\n\t\t\tbytes, err = enc.DecodeString(strings.TrimPrefix(source, \"base64://\"))\n\t\t\tif err == nil {\n\t\t\t\treturn bytes, nil\n\t\t\t}\n\t\t}\n\n\t\treturn nil, errors.Wrap(err, \"unable to base64 decode the location\")\n\tdefault:\n\t\treturn nil, errors.Errorf(\"unsupported source `%s`\", parsed.Scheme)\n\t}\n\n\treturn bytes, nil\n\n}\n" }, { "path": "oryx/osx/stub/text.txt", "content": "hello world" }, { "path": "oryx/otelx/attribute.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"database/sql\"\n\t\"fmt\"\n\n\t\"go.opentelemetry.io/otel/attribute\"\n)\n\nconst nullString = \"\"\n\nfunc StringAttrs(attrs map[string]string) []attribute.KeyValue {\n\ts := make([]attribute.KeyValue, 0, len(attrs))\n\tfor k, v := range attrs {\n\t\ts = append(s, attribute.String(k, v))\n\t}\n\treturn s\n}\n\nfunc AutoInt[I int | int32 | int64](k string, v I) attribute.KeyValue {\n\t// Internally, the OpenTelemetry SDK uses int64 for all integer values anyway.\n\treturn attribute.Int64(k, int64(v))\n}\n\nfunc Nullable[V any, VN *V | sql.Null[V], A func(string, V) attribute.KeyValue](a A, k string, v VN) attribute.KeyValue {\n\tswitch v := any(v).(type) {\n\tcase *V:\n\t\tif v == nil {\n\t\t\treturn attribute.String(k, nullString)\n\t\t}\n\t\treturn a(k, *v)\n\tcase sql.Null[V]:\n\t\tif !v.Valid {\n\t\t\treturn attribute.String(k, nullString)\n\t\t}\n\t\treturn a(k, v.V)\n\t}\n\t// This should never happen, as the type switch above is exhaustive to the generic type VN.\n\treturn attribute.String(k, fmt.Sprintf(\"\", v))\n}\n\nfunc NullString[V *string | sql.Null[string]](k string, v V) attribute.KeyValue {\n\treturn Nullable(attribute.String, k, v)\n}\n\nfunc NullStringer(k string, v fmt.Stringer) attribute.KeyValue {\n\tif v == nil {\n\t\treturn attribute.String(k, nullString)\n\t}\n\treturn attribute.String(k, v.String())\n}\n" }, { "path": "oryx/otelx/config.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"bytes\"\n\t_ \"embed\"\n\t\"io\"\n)\n\ntype JaegerConfig struct {\n\tLocalAgentAddress string `json:\"local_agent_address\"`\n\tSampling JaegerSampling `json:\"sampling\"`\n}\n\ntype ZipkinConfig struct {\n\tServerURL string `json:\"server_url\"`\n\tSampling ZipkinSampling `json:\"sampling\"`\n}\n\ntype OTLPConfig struct {\n\tServerURL string `json:\"server_url\"`\n\tInsecure bool `json:\"insecure\"`\n\tSampling OTLPSampling `json:\"sampling\"`\n\tAuthorizationHeader string `json:\"authorization_header\"`\n}\n\ntype JaegerSampling struct {\n\tServerURL string `json:\"server_url\"`\n\tTraceIDRatio float64 `json:\"trace_id_ratio\"`\n}\n\ntype ZipkinSampling struct {\n\tSamplingRatio float64 `json:\"sampling_ratio\"`\n}\n\ntype OTLPSampling struct {\n\tSamplingRatio float64 `json:\"sampling_ratio\"`\n}\n\ntype ProvidersConfig struct {\n\tJaeger JaegerConfig `json:\"jaeger\"`\n\tZipkin ZipkinConfig `json:\"zipkin\"`\n\tOTLP OTLPConfig `json:\"otlp\"`\n}\n\ntype Config struct {\n\tServiceName string `json:\"service_name\"`\n\tDeploymentEnvironment string `json:\"deployment_environment\"`\n\tProvider string `json:\"provider\"`\n\tProviders ProvidersConfig `json:\"providers\"`\n}\n\n//go:embed config.schema.json\nvar ConfigSchema []byte\n\nconst ConfigSchemaID = \"ory://tracing-config\"\n\n// AddConfigSchema adds the tracing schema to the compiler.\n// The interface is specified instead of `jsonschema.Compiler` to allow the use of any jsonschema library fork or version.\nfunc AddConfigSchema(c interface {\n\tAddResource(url string, r io.Reader) error\n},\n) error {\n\treturn c.AddResource(ConfigSchemaID, bytes.NewReader(ConfigSchema))\n}\n" }, { "path": "oryx/otelx/config.schema.json", "content": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"ory://tracing-config\",\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configure distributed tracing using OpenTelemetry\",\n \"properties\": {\n \"provider\": {\n \"type\": \"string\",\n \"description\": \"Set this to the tracing backend you wish to use. Supports Jaeger, Zipkin, and OTEL.\",\n \"enum\": [\"jaeger\", \"otel\", \"zipkin\"],\n \"examples\": [\"jaeger\"]\n },\n \"service_name\": {\n \"type\": \"string\",\n \"description\": \"Specifies the service name to use on the tracer.\",\n \"examples\": [\"Ory Hydra\", \"Ory Kratos\", \"Ory Keto\", \"Ory Oathkeeper\"]\n },\n \"deployment_environment\": {\n \"type\": \"string\",\n \"description\": \"Specifies the deployment environment to use on the tracer.\",\n \"examples\": [\"development\", \"staging\", \"production\"]\n },\n \"providers\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"jaeger\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the jaeger tracing backend.\",\n \"properties\": {\n \"local_agent_address\": {\n \"type\": \"string\",\n \"description\": \"The address of the jaeger-agent where spans should be sent to.\",\n \"anyOf\": [\n {\n \"title\": \"IPv6 Address and Port\",\n \"pattern\": \"^\\\\[(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\\\\]:([0-9]*)$\"\n },\n {\n \"title\": \"IPv4 Address and Port\",\n \"pattern\": \"^([0-9]{1,3}\\\\.){3}[0-9]{1,3}:([0-9]*)$\"\n },\n {\n \"title\": \"Hostname and Port\",\n \"pattern\": \"^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\\\-]*[a-zA-Z0-9])\\\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\\\-]*[A-Za-z0-9]):([0-9]*)$\"\n }\n ],\n \"examples\": [\"127.0.0.1:6831\"]\n },\n \"sampling\": {\n \"type\": \"object\",\n \"propertyNames\": {\n \"enum\": [\"server_url\", \"trace_id_ratio\"]\n },\n \"additionalProperties\": false,\n \"properties\": {\n \"server_url\": {\n \"type\": \"string\",\n \"description\": \"The address of jaeger-agent's HTTP sampling server\",\n \"format\": \"uri\",\n \"examples\": [\"http://localhost:5778/sampling\"]\n },\n \"trace_id_ratio\": {\n \"type\": \"number\",\n \"description\": \"Trace Id ratio sample\",\n \"examples\": [0.5]\n }\n }\n }\n }\n },\n \"zipkin\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the zipkin tracing backend.\",\n \"properties\": {\n \"server_url\": {\n \"type\": \"string\",\n \"description\": \"The address of the Zipkin server where spans should be sent to.\",\n \"format\": \"uri\",\n \"examples\": [\"http://localhost:9411/api/v2/spans\"]\n },\n \"sampling\": {\n \"type\": \"object\",\n \"propertyNames\": {\n \"enum\": [\"sampling_ratio\"]\n },\n \"additionalProperties\": false,\n \"properties\": {\n \"sampling_ratio\": {\n \"type\": \"number\",\n \"description\": \"Sampling ratio for spans.\",\n \"examples\": [0.4]\n }\n }\n }\n }\n },\n \"otlp\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"description\": \"Configures the OTLP tracing backend.\",\n \"properties\": {\n \"server_url\": {\n \"type\": \"string\",\n \"description\": \"The endpoint of the OTLP exporter (HTTP) where spans should be sent to.\",\n \"anyOf\": [\n {\n \"title\": \"IPv6 Address and Port\",\n \"pattern\": \"^\\\\[(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\\\\]:([0-9]*)$\"\n },\n {\n \"title\": \"IPv4 Address and Port\",\n \"pattern\": \"^([0-9]{1,3}\\\\.){3}[0-9]{1,3}:([0-9]*)$\"\n },\n {\n \"title\": \"Hostname and Port\",\n \"pattern\": \"^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\\\-]*[a-zA-Z0-9])\\\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\\\-]*[A-Za-z0-9]):([0-9]*)$\"\n }\n ],\n \"examples\": [\"localhost:4318\"]\n },\n \"insecure\": {\n \"type\": \"boolean\",\n \"description\": \"Will use HTTP if set to true; defaults to HTTPS.\"\n },\n \"sampling\": {\n \"type\": \"object\",\n \"propertyNames\": {\n \"enum\": [\"sampling_ratio\"]\n },\n \"additionalProperties\": false,\n \"properties\": {\n \"sampling_ratio\": {\n \"type\": \"number\",\n \"description\": \"Sampling ratio for spans.\",\n \"examples\": [0.4]\n }\n }\n },\n \"authorization_header\": {\n \"type\": \"string\",\n \"examples\": [\"Bearer 2389s8fs9d8fus9f\"]\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "oryx/otelx/jaeger.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"net\"\n\n\t\"go.opentelemetry.io/contrib/propagators/b3\"\n\tjaegerPropagator \"go.opentelemetry.io/contrib/propagators/jaeger\"\n\t\"go.opentelemetry.io/contrib/samplers/jaegerremote\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/exporters/jaeger\"\n\t\"go.opentelemetry.io/otel/propagation\"\n\t\"go.opentelemetry.io/otel/sdk/resource\"\n\tsdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n\tsemconv \"go.opentelemetry.io/otel/semconv/v1.27.0\"\n\t\"go.opentelemetry.io/otel/trace\"\n)\n\n// SetupJaeger configures and returns a Jaeger tracer.\n//\n// The returned tracer will by default attempt to send spans to a local Jaeger agent.\n// Optionally, [otelx.JaegerConfig.LocalAgentAddress] can be set to specify a different target.\n//\n// By default, unless a parent sampler has taken a sampling decision, every span is sampled.\n// [otelx.JaegerSampling.TraceIDRatio] may be used to customize the sampling probability,\n// optionally alongside [otelx.JaegerSampling.ServerURL] to consult a remote server\n// for the sampling strategy to be used.\nfunc SetupJaeger(t *Tracer, tracerName string, c *Config) (trace.Tracer, error) {\n\thost, port, err := net.SplitHostPort(c.Providers.Jaeger.LocalAgentAddress)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\texp, err := jaeger.New(\n\t\tjaeger.WithAgentEndpoint(\n\t\t\tjaeger.WithAgentHost(host), jaeger.WithAgentPort(port),\n\t\t),\n\t)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\ttpOpts := []sdktrace.TracerProviderOption{\n\t\tsdktrace.WithBatcher(exp),\n\t\tsdktrace.WithResource(resource.NewWithAttributes(\n\t\t\tsemconv.SchemaURL,\n\t\t\tsemconv.ServiceName(c.ServiceName),\n\t\t\tsemconv.DeploymentEnvironmentName(c.DeploymentEnvironment))),\n\t}\n\n\tsamplingServerURL := c.Providers.Jaeger.Sampling.ServerURL\n\ttraceIdRatio := c.Providers.Jaeger.Sampling.TraceIDRatio\n\n\tsampler := sdktrace.TraceIDRatioBased(traceIdRatio)\n\n\tif samplingServerURL != \"\" {\n\t\tsampler = jaegerremote.New(\n\t\t\t\"jaegerremote\",\n\t\t\tjaegerremote.WithSamplingServerURL(samplingServerURL),\n\t\t\tjaegerremote.WithInitialSampler(sampler),\n\t\t)\n\t}\n\n\t// Respect any sampling decision taken by the client.\n\tsampler = sdktrace.ParentBased(sampler)\n\ttpOpts = append(tpOpts, sdktrace.WithSampler(sampler))\n\n\ttp := sdktrace.NewTracerProvider(tpOpts...)\n\totel.SetTracerProvider(tp)\n\n\t// At the moment, software across our cloud stack only support Zipkin (B3)\n\t// and Jaeger propagation formats. Proposals for standardized formats for\n\t// context propagation are in the works (ref: https://www.w3.org/TR/trace-context/\n\t// and https://www.w3.org/TR/baggage/).\n\t//\n\t// Simply add propagation.TraceContext{} and propagation.Baggage{}\n\t// here to enable those as well.\n\tprop := propagation.NewCompositeTextMapPropagator(\n\t\tpropagation.TraceContext{},\n\t\tjaegerPropagator.Jaeger{},\n\t\tb3.New(b3.WithInjectEncoding(b3.B3MultipleHeader|b3.B3SingleHeader)),\n\t\tpropagation.Baggage{},\n\t)\n\totel.SetTextMapPropagator(prop)\n\treturn tp.Tracer(tracerName), nil\n}\n" }, { "path": "oryx/otelx/middleware.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"cmp\"\n\t\"context\"\n\t\"net/http\"\n\t\"strings\"\n\n\t\"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n\nvar WithDefaultFilters otelhttp.Option = otelhttp.WithFilter(func(r *http.Request) bool {\n\treturn !(strings.HasPrefix(r.URL.Path, \"/health\") ||\n\t\tstrings.HasPrefix(r.URL.Path, \"/admin/health\") ||\n\t\tstrings.HasPrefix(r.URL.Path, \"/metrics\") ||\n\t\tstrings.HasPrefix(r.URL.Path, \"/admin/metrics\"))\n})\n\ntype contextKey int\n\nconst callbackContextKey contextKey = iota\n\nfunc SpanNameRecorderMiddleware(next http.Handler) http.Handler {\n\treturn http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n\t\tdefer func() {\n\t\t\tcb, _ := r.Context().Value(callbackContextKey).(func(string))\n\t\t\tif cb == nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t\tif r.Pattern != \"\" {\n\t\t\t\tcb(r.Pattern)\n\t\t\t}\n\t\t}()\n\t\tnext.ServeHTTP(w, r)\n\t})\n}\n\nfunc SpanNameRecorderNegroniFunc(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tdefer func() {\n\t\tcb, _ := r.Context().Value(callbackContextKey).(func(string))\n\t\tif cb == nil {\n\t\t\treturn\n\t\t}\n\t\tif r.Pattern != \"\" {\n\t\t\tcb(r.Pattern)\n\t\t}\n\t}()\n\tnext(w, r)\n}\n\nfunc NewMiddleware(next http.Handler, operation string, opts ...otelhttp.Option) http.Handler {\n\tmyOpts := []otelhttp.Option{\n\t\tWithDefaultFilters,\n\t\totelhttp.WithSpanNameFormatter(func(operation string, r *http.Request) string {\n\t\t\treturn cmp.Or(r.Pattern, operation, r.Method+\" \"+r.URL.Path)\n\t\t}),\n\t}\n\thandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n\t\tcallback := func(s string) {\n\t\t\tr.Pattern = cmp.Or(r.Pattern, s)\n\t\t}\n\t\tctx := context.WithValue(r.Context(), callbackContextKey, callback)\n\t\tr2 := r.WithContext(ctx)\n\t\tnext.ServeHTTP(w, r2)\n\t\tr.Pattern = cmp.Or(r2.Pattern, r.Pattern) // best-effort in case callback never is called\n\t})\n\treturn otelhttp.NewHandler(handler, operation, append(myOpts, opts...)...)\n}\n" }, { "path": "oryx/otelx/otel.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"context\"\n\n\t\"go.opentelemetry.io/otel/trace\"\n\t\"go.opentelemetry.io/otel/trace/embedded\"\n\t\"go.opentelemetry.io/otel/trace/noop\"\n\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/stringsx\"\n)\n\ntype (\n\tTracer struct {\n\t\ttracer trace.Tracer\n\t}\n\tProvider interface {\n\t\tTracer(ctx context.Context) *Tracer\n\t}\n)\n\n// New creates a new tracer. If name is empty, a default tracer name is used\n// instead. See: https://godocs.io/go.opentelemetry.io/otel/sdk/trace#TracerProvider.Tracer\nfunc New(name string, l *logrusx.Logger, c *Config) (*Tracer, error) {\n\tt := &Tracer{}\n\n\tif err := t.setup(name, l, c); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn t, nil\n}\n\n// NewNoop creates a new no-op tracer.\nfunc NewNoop() *Tracer {\n\ttp := noop.NewTracerProvider()\n\tt := &Tracer{tracer: tp.Tracer(\"\")}\n\treturn t\n}\n\n// setup constructs the tracer based on the given configuration.\nfunc (t *Tracer) setup(name string, l *logrusx.Logger, c *Config) error {\n\tswitch f := stringsx.SwitchExact(c.Provider); {\n\tcase f.AddCase(\"jaeger\"):\n\t\ttracer, err := SetupJaeger(t, name, c)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tt.tracer = tracer\n\t\tl.Infof(\"Jaeger tracer configured! Sending spans to %s\", c.Providers.Jaeger.LocalAgentAddress)\n\tcase f.AddCase(\"zipkin\"):\n\t\ttracer, err := SetupZipkin(t, name, c)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tt.tracer = tracer\n\t\tl.Infof(\"Zipkin tracer configured! Sending spans to %s\", c.Providers.Zipkin.ServerURL)\n\tcase f.AddCase(\"otel\"):\n\t\ttracer, err := SetupOTLP(t, name, c)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tt.tracer = tracer\n\t\tl.Infof(\"OTLP tracer configured! Sending spans to %s\", c.Providers.OTLP.ServerURL)\n\tcase f.AddCase(\"\"):\n\t\tl.Infof(\"No tracer configured - skipping tracing setup\")\n\t\tt.tracer = noop.NewTracerProvider().Tracer(name)\n\tdefault:\n\t\treturn f.ToUnknownCaseErr()\n\t}\n\n\treturn nil\n}\n\n// IsLoaded returns true if the tracer has been loaded.\nfunc (t *Tracer) IsLoaded() bool {\n\tif t == nil || t.tracer == nil {\n\t\treturn false\n\t}\n\treturn true\n}\n\n// Tracer returns the underlying OpenTelemetry tracer.\nfunc (t *Tracer) Tracer() trace.Tracer {\n\treturn t.tracer\n}\n\n// WithOTLP returns a new tracer with the underlying OpenTelemetry Tracer\n// replaced.\nfunc (t *Tracer) WithOTLP(other trace.Tracer) *Tracer {\n\treturn &Tracer{other}\n}\n\n// Provider returns a TracerProvider which in turn yields this tracer unmodified.\nfunc (t *Tracer) Provider() trace.TracerProvider {\n\treturn tracerProvider{t: t.Tracer()}\n}\n\ntype tracerProvider struct {\n\tembedded.TracerProvider\n\tt trace.Tracer\n}\n\nvar _ trace.TracerProvider = tracerProvider{}\n\n// Tracer implements trace.TracerProvider.\nfunc (tp tracerProvider) Tracer(name string, options ...trace.TracerOption) trace.Tracer {\n\treturn tp.t\n}\n" }, { "path": "oryx/otelx/otlp.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"context\"\n\n\t\"go.opentelemetry.io/contrib/propagators/b3\"\n\tjaegerPropagator \"go.opentelemetry.io/contrib/propagators/jaeger\"\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n\t\"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\"\n\t\"go.opentelemetry.io/otel/propagation\"\n\t\"go.opentelemetry.io/otel/sdk/resource\"\n\tsdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n\tsemconv \"go.opentelemetry.io/otel/semconv/v1.27.0\"\n\t\"go.opentelemetry.io/otel/trace\"\n)\n\nfunc SetupOTLP(t *Tracer, tracerName string, c *Config) (trace.Tracer, error) {\n\tctx := context.Background()\n\n\tclientOpts := []otlptracehttp.Option{\n\t\totlptracehttp.WithEndpoint(c.Providers.OTLP.ServerURL),\n\t}\n\n\tif c.Providers.OTLP.Insecure {\n\t\tclientOpts = append(clientOpts, otlptracehttp.WithInsecure())\n\t}\n\n\tif c.Providers.OTLP.AuthorizationHeader != \"\" {\n\t\tclientOpts = append(clientOpts,\n\t\t\totlptracehttp.WithHeaders(map[string]string{\"Authorization\": c.Providers.OTLP.AuthorizationHeader}),\n\t\t)\n\t}\n\n\texp, err := otlptrace.New(\n\t\tctx, otlptracehttp.NewClient(clientOpts...),\n\t)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\ttpOpts := []sdktrace.TracerProviderOption{\n\t\tsdktrace.WithBatcher(exp),\n\t\tsdktrace.WithResource(resource.NewWithAttributes(\n\t\t\tsemconv.SchemaURL,\n\t\t\tsemconv.ServiceName(c.ServiceName),\n\t\t\tsemconv.DeploymentEnvironmentName(c.DeploymentEnvironment),\n\t\t)),\n\t\tsdktrace.WithSampler(sdktrace.ParentBased(sdktrace.TraceIDRatioBased(\n\t\t\tc.Providers.OTLP.Sampling.SamplingRatio,\n\t\t))),\n\t}\n\n\ttp := sdktrace.NewTracerProvider(tpOpts...)\n\totel.SetTracerProvider(tp)\n\n\totel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(\n\t\tpropagation.TraceContext{},\n\t\tjaegerPropagator.Jaeger{},\n\t\tb3.New(b3.WithInjectEncoding(b3.B3MultipleHeader|b3.B3SingleHeader)),\n\t\tpropagation.Baggage{},\n\t))\n\n\treturn tp.Tracer(tracerName), nil\n}\n" }, { "path": "oryx/otelx/semconv/context.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage semconv\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\t\"go.opentelemetry.io/otel/attribute\"\n\n\t\"github.com/ory/x/httpx\"\n)\n\ntype contextKey int\n\nconst contextKeyAttributes contextKey = iota\n\nfunc ContextWithAttributes(ctx context.Context, attrs ...attribute.KeyValue) context.Context {\n\texisting, _ := ctx.Value(contextKeyAttributes).([]attribute.KeyValue)\n\treturn context.WithValue(ctx, contextKeyAttributes, append(existing, attrs...))\n}\n\nfunc AttributesFromContext(ctx context.Context) []attribute.KeyValue {\n\tfromCtx, _ := ctx.Value(contextKeyAttributes).([]attribute.KeyValue)\n\tuniq := make(map[attribute.Key]struct{})\n\tattrs := make([]attribute.KeyValue, 0)\n\tfor i := len(fromCtx) - 1; i >= 0; i-- {\n\t\tif _, ok := uniq[fromCtx[i].Key]; !ok {\n\t\t\tuniq[fromCtx[i].Key] = struct{}{}\n\t\t\tattrs = append(attrs, fromCtx[i])\n\t\t}\n\t}\n\treverse(attrs)\n\treturn attrs\n}\n\nfunc Middleware(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tctx := ContextWithAttributes(r.Context(),\n\t\tappend(\n\t\t\tAttrGeoLocation(*httpx.ClientGeoLocation(r)),\n\t\t\tAttrClientIP(httpx.ClientIP(r)),\n\t\t)...,\n\t)\n\n\tnext(rw, r.WithContext(ctx))\n}\n\nfunc reverse[S ~[]E, E any](s S) {\n\tfor i, j := 0, len(s)-1; i < j; i, j = i+1, j-1 {\n\t\ts[i], s[j] = s[j], s[i]\n\t}\n}\n" }, { "path": "oryx/otelx/semconv/deprecated.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage semconv\n\nimport (\n\t\"context\"\n\n\totelattr \"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n)\n\n// NewDeprecatedFeatureUsedEvent creates a new event indicating that a deprecated feature was used.\n// It returns the event name and a trace.EventOption that can be used to\n// add the event to a span.\n//\n//\tspan.AddEvent(NewDeprecatedFeatureUsedEvent(ctx, \"deprecated-feature-id\", otelattr.String(\"key\", \"value\")))\nfunc NewDeprecatedFeatureUsedEvent(ctx context.Context, deprecatedCodeFeatureID string, attrs ...otelattr.KeyValue) (string, trace.EventOption) {\n\treturn DeprecatedFeatureUsed.String(),\n\t\ttrace.WithAttributes(\n\t\t\tappend(\n\t\t\t\tappend(\n\t\t\t\t\tattrs,\n\t\t\t\t\tAttributesFromContext(ctx)...,\n\t\t\t\t),\n\t\t\t\tAttrDeprecatedFeatureID(deprecatedCodeFeatureID),\n\t\t\t)...,\n\t\t)\n}\n\nconst (\n\tAttributeKeyDeprecatedCodePathIDAttributeKey AttributeKey = \"DeprecatedFeatureID\"\n\tDeprecatedFeatureUsed Event = \"DeprecatedFeatureUsed\"\n)\n\nfunc AttrDeprecatedFeatureID(id string) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyDeprecatedCodePathIDAttributeKey.String(), id)\n}\n" }, { "path": "oryx/otelx/semconv/events.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// Package semconv contains OpenTelemetry semantic convention constants.\npackage semconv\n\nimport (\n\t\"github.com/gofrs/uuid\"\n\totelattr \"go.opentelemetry.io/otel/attribute\"\n\n\t\"github.com/ory/x/httpx\"\n)\n\ntype Event string\n\nfunc (e Event) String() string {\n\treturn string(e)\n}\n\ntype AttributeKey string\n\nfunc (a AttributeKey) String() string {\n\treturn string(a)\n}\n\nconst (\n\tAttributeKeyIdentityID AttributeKey = \"IdentityID\"\n\tAttributeKeyNID AttributeKey = \"ProjectID\"\n\tAttributeKeyClientIP AttributeKey = \"ClientIP\"\n\tAttributeKeyGeoLocationCity AttributeKey = \"GeoLocationCity\"\n\tAttributeKeyGeoLocationRegion AttributeKey = \"GeoLocationRegion\"\n\tAttributeKeyGeoLocationCountry AttributeKey = \"GeoLocationCountry\"\n\tAttributeKeyGeoLocationLatitude AttributeKey = \"GeoLocationLatitude\"\n\tAttributeKeyGeoLocationLongitude AttributeKey = \"GeoLocationLongitude\"\n\tAttributeKeyWorkspace AttributeKey = \"WorkspaceID\"\n\tAttributeKeySubscriptionID AttributeKey = \"SubscriptionID\"\n\tAttributeKeyProjectEnvironment AttributeKey = \"ProjectEnvironment\"\n\tAttributeKeyWorkspaceAPIKeyID AttributeKey = \"WorkspaceAPIKeyID\"\n\tAttributeKeyProjectAPIKeyID AttributeKey = \"ProjectAPIKeyID\"\n)\n\nfunc AttrIdentityID[V string | uuid.UUID](val V) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyIdentityID.String(), uuidOrString(val))\n}\n\nfunc AttrNID(val uuid.UUID) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyNID.String(), val.String())\n}\n\nfunc AttrWorkspace(val uuid.UUID) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyWorkspace.String(), val.String())\n}\n\nfunc AttrSubscription(val uuid.UUID) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeySubscriptionID.String(), val.String())\n}\n\nfunc AttrProjectEnvironment(val string) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyProjectEnvironment.String(), val)\n}\n\nfunc AttrClientIP(val string) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyClientIP.String(), val)\n}\n\nfunc AttrGeoLocation(val httpx.GeoLocation) []otelattr.KeyValue {\n\tgeoLocationAttributes := make([]otelattr.KeyValue, 0, 3)\n\n\tif val.City != \"\" {\n\t\tgeoLocationAttributes = append(geoLocationAttributes, otelattr.String(AttributeKeyGeoLocationCity.String(), val.City))\n\t}\n\tif val.Country != \"\" {\n\t\tgeoLocationAttributes = append(geoLocationAttributes, otelattr.String(AttributeKeyGeoLocationCountry.String(), val.Country))\n\t}\n\tif val.Region != \"\" {\n\t\tgeoLocationAttributes = append(geoLocationAttributes, otelattr.String(AttributeKeyGeoLocationRegion.String(), val.Region))\n\t}\n\tif val.Latitude != nil {\n\t\tgeoLocationAttributes = append(geoLocationAttributes, otelattr.Float64(AttributeKeyGeoLocationLatitude.String(), *val.Latitude))\n\t}\n\tif val.Longitude != nil {\n\t\tgeoLocationAttributes = append(geoLocationAttributes, otelattr.Float64(AttributeKeyGeoLocationLongitude.String(), *val.Longitude))\n\t}\n\n\treturn geoLocationAttributes\n}\n\nfunc AttrWorkspaceAPIKeyID[V string | uuid.UUID](val V) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyWorkspaceAPIKeyID.String(), uuidOrString(val))\n}\n\nfunc AttrProjectAPIKeyID[V string | uuid.UUID](val V) otelattr.KeyValue {\n\treturn otelattr.String(AttributeKeyProjectAPIKeyID.String(), uuidOrString(val))\n}\n\nfunc uuidOrString[V string | uuid.UUID](val V) string {\n\tswitch val := any(val).(type) {\n\tcase string:\n\t\treturn val\n\tcase uuid.UUID:\n\t\treturn val.String()\n\t}\n\tpanic(\"unreachable\")\n}\n" }, { "path": "oryx/otelx/semconv/warning.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage semconv\n\nimport (\n\t\"context\"\n\n\totelattr \"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n)\n\n// NewWarning creates a new warning event with the given ID and attributes.\n// It returns the event name and a trace.EventOption that can be used to\n// add the event to a span.\n//\n//\tspan.AddEvent(NewWarning(ctx, \"warning-id\", otelattr.String(\"key\", \"value\")))\nfunc NewWarning(ctx context.Context, id string, attrs ...otelattr.KeyValue) (string, trace.EventOption) {\n\treturn Warning.String(),\n\t\ttrace.WithAttributes(\n\t\t\tappend(\n\t\t\t\tappend(\n\t\t\t\t\tattrs,\n\t\t\t\t\tAttributesFromContext(ctx)...,\n\t\t\t\t),\n\t\t\t\totelattr.String(AttributeWarningID.String(), id),\n\t\t\t)...,\n\t\t)\n}\n\nconst (\n\tWarning Event = \"Warning\"\n\tAttributeWarningID AttributeKey = \"WarningID\"\n)\n\nfunc AttrWarningID(id string) otelattr.KeyValue {\n\treturn otelattr.String(AttributeWarningID.String(), id)\n}\n" }, { "path": "oryx/otelx/withspan.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"runtime\"\n\t\"strings\"\n\n\tpkgerrors \"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/codes\"\n\tsemconv \"go.opentelemetry.io/otel/semconv/v1.27.0\"\n\t\"go.opentelemetry.io/otel/trace\"\n)\n\n// WithSpan wraps execution of f in a span identified by name.\n//\n// If f returns an error or panics, the span status will be set to the error\n// state. The error (or panic) will be propagated unmodified.\n//\n// f will be wrapped in a child span by default. To make a new root span\n// instead, pass the trace.WithNewRoot() option.\nfunc WithSpan(ctx context.Context, name string, f func(context.Context) error, opts ...trace.SpanStartOption) (err error) {\n\tctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer(\"\").Start(ctx, name, opts...)\n\tdefer func() {\n\t\tdefer span.End()\n\t\tif r := recover(); r != nil {\n\t\t\tsetErrorStatusPanic(span, r)\n\t\t\tpanic(r)\n\t\t} else if err != nil {\n\t\t\tspan.SetStatus(codes.Error, err.Error())\n\t\t\tsetErrorTags(span, err)\n\t\t}\n\t}()\n\treturn f(ctx)\n}\n\n// End finishes span, and automatically sets the error state if *err is not nil\n// or during panicking.\n//\n// Usage:\n//\n//\tfunc Divide(ctx context.Context, numerator, denominator int) (ratio int, err error) {\n//\t\tctx, span := tracer.Start(ctx, \"Divide\")\n//\t\tdefer otelx.End(span, &err)\n//\t\tif denominator == 0 {\n//\t\t\treturn 0, errors.New(\"cannot divide by zero\")\n//\t\t}\n//\t\treturn numerator / denominator, nil\n//\t}\n//\n// During a panic, we don't fully conform to OpenTelemetry's semantic\n// conventions because that would require us to emit a span event to attach the\n// stacktrace and error type, and we don't want to do that. Instead, we set the\n// tags on the span directly.\n// https://opentelemetry.io/docs/specs/semconv/exceptions/exceptions-spans/\n//\n// For improved compatibility with Datadog, we also set some additional tags as\n// documented here:\n// https://docs.datadoghq.com/standard-attributes/?product=apm&search=error\nfunc End(span trace.Span, err *error) {\n\tdefer span.End()\n\tif r := recover(); r != nil {\n\t\tsetErrorStatusPanic(span, r)\n\t\tpanic(r)\n\t}\n\tif err == nil || *err == nil {\n\t\treturn\n\t}\n\tspan.SetStatus(codes.Error, (*err).Error())\n\tsetErrorTags(span, *err)\n}\n\nfunc setErrorStatusPanic(span trace.Span, recovered any) {\n\tspan.SetAttributes(\n\t\t// OpenTelemetry says to add these attributes to an event, not the span\n\t\t// itself. We don't want to do that, so we're adding them to the span\n\t\t// directly.\n\t\tsemconv.ExceptionEscaped(true),\n\t\t// OpenTelemetry describes \"exception.stacktrace\" We don't love that,\n\t\t// though, so we're using \"error.stack\" instead, like DataDog).\n\t\tattribute.String(\"error.stack\", stacktrace()),\n\t)\n\tif t := reflect.TypeOf(recovered); t != nil {\n\t\tspan.SetAttributes(semconv.ExceptionType(t.String()))\n\t}\n\tswitch e := recovered.(type) {\n\tcase error:\n\t\tspan.SetStatus(codes.Error, \"panic: \"+e.Error())\n\t\tsetErrorTags(span, e)\n\tcase string, fmt.Stringer:\n\t\tspan.SetStatus(codes.Error, fmt.Sprintf(\"panic: %v\", e))\n\tdefault:\n\t\tspan.SetStatus(codes.Error, \"panic\")\n\tcase nil:\n\t\t// nothing\n\t}\n}\n\nfunc setErrorTags(span trace.Span, err error) {\n\tspan.SetAttributes(\n\t\tattribute.String(\"error\", err.Error()),\n\t\tattribute.String(\"error.message\", err.Error()), // DataDog compat\n\t\tattribute.String(\"error.type\", fmt.Sprintf(\"%T\", errors.Unwrap(err))), // the innermost error type is the most useful here\n\t)\n\tif e := interface{ StackTrace() pkgerrors.StackTrace }(nil); errors.As(err, &e) {\n\t\tspan.SetAttributes(attribute.String(\"error.stack\", fmt.Sprintf(\"%+v\", e.StackTrace())))\n\t}\n\tif e := interface{ Reason() string }(nil); errors.As(err, &e) {\n\t\tspan.SetAttributes(attribute.String(\"error.reason\", e.Reason()))\n\t}\n\tif e := interface{ Debug() string }(nil); errors.As(err, &e) {\n\t\tspan.SetAttributes(attribute.String(\"error.debug\", e.Debug()))\n\t}\n\tif e := interface{ ID() string }(nil); errors.As(err, &e) {\n\t\tspan.SetAttributes(attribute.String(\"error.id\", e.ID()))\n\t}\n\tif e := interface{ Details() map[string]interface{} }(nil); errors.As(err, &e) {\n\t\tfor k, v := range e.Details() {\n\t\t\tspan.SetAttributes(attribute.String(\"error.details.\"+k, fmt.Sprintf(\"%v\", v)))\n\t\t}\n\t}\n}\n\nfunc stacktrace() string {\n\tpc := make([]uintptr, 5)\n\tn := runtime.Callers(4, pc)\n\tif n == 0 {\n\t\treturn \"\"\n\t}\n\tpc = pc[:n]\n\tframes := runtime.CallersFrames(pc)\n\n\tvar builder strings.Builder\n\tfor {\n\t\tframe, more := frames.Next()\n\t\tfmt.Fprintf(&builder, \"%s\\n\\t%s:%d\\n\", frame.Function, frame.File, frame.Line)\n\t\tif !more {\n\t\t\tbreak\n\t\t}\n\t}\n\treturn builder.String()\n}\n" }, { "path": "oryx/otelx/zipkin.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otelx\n\nimport (\n\t\"go.opentelemetry.io/otel\"\n\t\"go.opentelemetry.io/otel/exporters/zipkin\"\n\t\"go.opentelemetry.io/otel/sdk/resource\"\n\tsdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n\tsemconv \"go.opentelemetry.io/otel/semconv/v1.27.0\"\n\t\"go.opentelemetry.io/otel/trace\"\n)\n\nfunc SetupZipkin(t *Tracer, tracerName string, c *Config) (trace.Tracer, error) {\n\texp, err := zipkin.New(c.Providers.Zipkin.ServerURL)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\ttpOpts := []sdktrace.TracerProviderOption{\n\t\tsdktrace.WithBatcher(exp),\n\t\tsdktrace.WithResource(resource.NewWithAttributes(\n\t\t\tsemconv.SchemaURL,\n\t\t\tsemconv.ServiceName(c.ServiceName),\n\t\t\tsemconv.DeploymentEnvironmentName(c.DeploymentEnvironment),\n\t\t)),\n\t\tsdktrace.WithSampler(sdktrace.ParentBased(sdktrace.TraceIDRatioBased(\n\t\t\tc.Providers.Zipkin.Sampling.SamplingRatio,\n\t\t))),\n\t}\n\n\ttp := sdktrace.NewTracerProvider(tpOpts...)\n\totel.SetTracerProvider(tp)\n\n\treturn tp.Tracer(tracerName), nil\n}\n" }, { "path": "oryx/package.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage x\n" }, { "path": "oryx/package.json", "content": "{\n \"private\": true,\n \"prettier\": \"ory-prettier-styles\",\n \"devDependencies\": {\n \"license-checker\": \"^25.0.1\",\n \"ory-prettier-styles\": \"1.3.0\",\n \"prettier\": \"2.8.8\"\n }\n}\n" }, { "path": "oryx/pagination/README.md", "content": "# pagination\n\nA simple helper for dealing with pagination.\n\n```\ngo get github.com/ory/pagination\n```\n\n## Example\n\n```go\npackage main\n\nimport (\n\t\"github.com/ory/pagination\"\n \"net/http\"\n \"net/url\"\n \"fmt\"\n)\n\nfunc main() {\n\tu, _ := url.Parse(\"http://localhost/foo?offset=0&limit=10\")\n limit, offset := pagination.Parse(&http.Request{URL: u}, 5, 5, 10)\n\n items := []string{\"a\", \"b\", \"c\", \"d\"}\n start, end := pagination.Index(limit, offset, len(items))\n fmt.Printf(\"Got items: %v\", items[start:end])\n}\n```\n" }, { "path": "oryx/pagination/header.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pagination\n\nimport (\n\t\"fmt\"\n\t\"math\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n\t\"strings\"\n)\n\nfunc header(u *url.URL, rel string, limit, offset int64) string {\n\tq := u.Query()\n\tq.Set(\"limit\", fmt.Sprintf(\"%d\", limit))\n\tq.Set(\"offset\", fmt.Sprintf(\"%d\", offset))\n\tu.RawQuery = q.Encode()\n\treturn fmt.Sprintf(\"<%s>; rel=\\\"%s\\\"\", u.String(), rel)\n}\n\ntype formatter func(location *url.URL, rel string, itemsPerPage int64, offset int64) string\n\n// HeaderWithFormatter adds an HTTP header for pagination which uses a custom formatter for generating the URL links.\nfunc HeaderWithFormatter(w http.ResponseWriter, u *url.URL, total int64, page, itemsPerPage int, f formatter) {\n\tif itemsPerPage <= 0 {\n\t\titemsPerPage = 1\n\t}\n\n\titemsPerPage64 := int64(itemsPerPage)\n\toffset := int64(page) * itemsPerPage64\n\n\t// lastOffset will either equal the offset required to contain the remainder,\n\t// or the limit.\n\tvar lastOffset int64\n\tif total%itemsPerPage64 == 0 {\n\t\tlastOffset = total - itemsPerPage64\n\t} else {\n\t\tlastOffset = (total / itemsPerPage64) * itemsPerPage64\n\t}\n\n\tw.Header().Set(\"X-Total-Count\", strconv.FormatInt(total, 10))\n\n\t// Check for last page\n\tif offset >= lastOffset {\n\t\tif total == 0 {\n\t\t\tw.Header().Set(\"Link\", strings.Join([]string{\n\t\t\t\tf(u, \"first\", itemsPerPage64, 0),\n\t\t\t\tf(u, \"next\", itemsPerPage64, ((offset/itemsPerPage64)+1)*itemsPerPage64),\n\t\t\t\tf(u, \"prev\", itemsPerPage64, ((offset/itemsPerPage64)-1)*itemsPerPage64),\n\t\t\t}, \",\"))\n\t\t\treturn\n\t\t}\n\n\t\tif total <= itemsPerPage64 {\n\t\t\tw.Header().Set(\"link\", f(u, \"first\", total, 0))\n\t\t\treturn\n\t\t}\n\n\t\tw.Header().Set(\"Link\", strings.Join([]string{\n\t\t\tf(u, \"first\", itemsPerPage64, 0),\n\t\t\tf(u, \"prev\", itemsPerPage64, lastOffset-itemsPerPage64),\n\t\t}, \",\"))\n\t\treturn\n\t}\n\n\tif offset < itemsPerPage64 {\n\t\tw.Header().Set(\"Link\", strings.Join([]string{\n\t\t\tf(u, \"next\", itemsPerPage64, itemsPerPage64),\n\t\t\tf(u, \"last\", itemsPerPage64, lastOffset),\n\t\t}, \",\"))\n\t\treturn\n\t}\n\n\tw.Header().Set(\"Link\", strings.Join([]string{\n\t\tf(u, \"first\", itemsPerPage64, 0),\n\t\tf(u, \"next\", itemsPerPage64, ((offset/itemsPerPage64)+1)*itemsPerPage64),\n\t\tf(u, \"prev\", itemsPerPage64, ((offset/itemsPerPage64)-1)*itemsPerPage64),\n\t\tf(u, \"last\", itemsPerPage64, lastOffset),\n\t}, \",\"))\n}\n\n// Header adds an http header for pagination using a responsewriter where backwards compatibility is required.\n// The header will contain links any combination of the first, last, next, or previous (prev) pages in a paginated list (given a limit and an offset, and optionally a total).\n// If total is not set, then no \"last\" page will be calculated.\n// If no limit is provided, then it will default to 1.\nfunc Header(w http.ResponseWriter, u *url.URL, total int, limit, offset int) {\n\tvar page int\n\tif limit == 0 {\n\t\tlimit = 1\n\t}\n\n\tpage = int(math.Floor(float64(offset) / float64(limit)))\n\tHeaderWithFormatter(w, u, int64(total), page, limit, header)\n}\n" }, { "path": "oryx/pagination/items.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pagination\n\n// MaxItemsPerPage is used to prevent DoS attacks against large lists by limiting the items per page to 500.\nfunc MaxItemsPerPage(max, is int) int {\n\tif is > max {\n\t\treturn max\n\t}\n\treturn is\n}\n" }, { "path": "oryx/pagination/keysetpagination/header.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"cmp\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n)\n\n// Pagination Request Parameters\n//\n// The `Link` HTTP header contains multiple links (`first`, `next`) formatted as:\n// `; rel=\"first\"`\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model keysetPaginationRequestParameters\ntype RequestParameters struct {\n\t// Items per Page\n\t//\n\t// This is the number of items per page to return.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 1000\n\tPageSize int `json:\"page_size\"`\n\n\t// Next Page Token\n\t//\n\t// The next page token.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\tPageToken string `json:\"page_token\"`\n}\n\n// Pagination Response Header\n//\n// The `Link` HTTP header contains multiple links (`first`, `next`) formatted as:\n// `; rel=\"first\"`\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model keysetPaginationResponseHeaders\ntype ResponseHeaders struct {\n\t// The Link HTTP Header\n\t//\n\t// The `Link` header contains a comma-delimited list of links to the following pages:\n\t//\n\t// - first: The first page of results.\n\t// - next: The next page of results.\n\t//\n\t// Pages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted. Examples:\n\t//\n\t//\t; rel=\"next\"\n\t//\n\tLink string `json:\"link\"`\n}\n\nfunc header(u *url.URL, rel, token string, size int) string {\n\tq := u.Query()\n\tq.Set(\"page_token\", token)\n\tq.Set(\"page_size\", strconv.Itoa(size))\n\tu.RawQuery = q.Encode()\n\treturn fmt.Sprintf(\"<%s>; rel=\\\"%s\\\"\", u.String(), rel)\n}\n\n// Header adds the Link header for the page encoded by the paginator.\n// It contains links to the first and next page, if one exists.\nfunc Header(w http.ResponseWriter, u *url.URL, p *Paginator) {\n\tsize := p.Size()\n\tlink := []string{header(u, \"first\", p.defaultToken.Encode(), size)}\n\tif !p.isLast {\n\t\tlink = append(link, header(u, \"next\", p.Token().Encode(), size))\n\t}\n\tw.Header().Set(\"Link\", strings.Join(link, \",\"))\n}\n\n// Parse returns the pagination options from the URL query.\nfunc Parse(q url.Values, p PageTokenConstructor) ([]Option, error) {\n\tvar opts []Option\n\tif pt := cmp.Or(q[\"page_token\"]...); pt != \"\" {\n\t\tpageToken, err := url.QueryUnescape(pt)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\tparsed, err := p(pageToken)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\topts = append(opts, WithToken(parsed))\n\t}\n\tif ps := cmp.Or(q[\"page_size\"]...); ps != \"\" {\n\t\tsize, err := strconv.Atoi(ps)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\topts = append(opts, WithSize(size))\n\t}\n\treturn opts, nil\n}\n" }, { "path": "oryx/pagination/keysetpagination/page_token.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"strings\"\n)\n\ntype PageToken = interface {\n\tParse(string) map[string]string\n\tEncode() string\n}\n\nvar _ PageToken = new(StringPageToken)\nvar _ PageToken = new(MapPageToken)\n\ntype StringPageToken string\n\nfunc (s StringPageToken) Parse(idField string) map[string]string {\n\treturn map[string]string{idField: string(s)}\n}\n\nfunc (s StringPageToken) Encode() string {\n\treturn string(s)\n}\n\nfunc NewStringPageToken(s string) (PageToken, error) {\n\treturn StringPageToken(s), nil\n}\n\ntype MapPageToken map[string]string\n\nfunc (m MapPageToken) Parse(_ string) map[string]string {\n\treturn map[string]string(m)\n}\n\nconst pageTokenColumnDelim = \"/\"\n\nfunc (m MapPageToken) Encode() string {\n\telems := make([]string, 0, len(m))\n\tfor k, v := range m {\n\t\telems = append(elems, fmt.Sprintf(\"%s=%s\", k, v))\n\t}\n\n\t// For now: use Base64 instead of URL escaping, as the Timestamp format we need to use can contain a `+` sign,\n\t// which represents a space in URLs, so it's not properly encoded by the Go library.\n\treturn base64.RawStdEncoding.EncodeToString([]byte(strings.Join(elems, pageTokenColumnDelim)))\n}\n\nfunc NewMapPageToken(s string) (PageToken, error) {\n\tb, err := base64.RawStdEncoding.DecodeString(s)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\ttokens := strings.Split(string(b), pageTokenColumnDelim)\n\n\tr := map[string]string{}\n\n\tfor _, p := range tokens {\n\t\tif columnName, value, found := strings.Cut(p, \"=\"); found {\n\t\t\tr[columnName] = value\n\t\t}\n\t}\n\n\treturn MapPageToken(r), nil\n}\n\nvar _ PageTokenConstructor = NewMapPageToken\nvar _ PageTokenConstructor = NewStringPageToken\n\ntype PageTokenConstructor = func(string) (PageToken, error)\n" }, { "path": "oryx/pagination/keysetpagination/paginator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/pop/v6/columns\"\n)\n\ntype (\n\tItem = interface{ PageToken() PageToken }\n\n\tOrder string\n\n\tcolumnOrdering struct {\n\t\tname string\n\t\torder Order\n\t}\n\tPaginator struct {\n\t\ttoken, defaultToken PageToken\n\t\tsize, defaultSize, maxSize int\n\t\tisLast bool\n\t\tadditionalColumn columnOrdering\n\t}\n\tOption func(*Paginator) *Paginator\n)\n\nvar ErrUnknownOrder = errors.New(\"unknown order\")\n\nconst (\n\tOrderDescending Order = \"DESC\"\n\tOrderAscending Order = \"ASC\"\n\n\tDefaultSize = 100\n\tDefaultMaxSize = 500\n)\n\nfunc (o Order) extract() (string, string, error) {\n\tswitch o {\n\tcase OrderAscending:\n\t\treturn \">\", string(o), nil\n\tcase OrderDescending:\n\t\treturn \"<\", string(o), nil\n\tdefault:\n\t\treturn \"\", \"\", ErrUnknownOrder\n\t}\n}\n\nfunc (p *Paginator) Token() PageToken {\n\tif p.token == nil {\n\t\treturn p.defaultToken\n\t}\n\treturn p.token\n}\n\nfunc (p *Paginator) Size() int {\n\tsize := p.size\n\tif size <= 0 {\n\t\tsize = p.defaultSize\n\t\tif size == 0 {\n\t\t\tsize = 100\n\t\t}\n\t}\n\tif size > p.maxSize {\n\t\tsize = p.maxSize\n\t}\n\treturn size\n}\n\nfunc (p *Paginator) IsLast() bool {\n\treturn p.isLast\n}\n\nfunc (p *Paginator) ToOptions() []Option {\n\topts := make([]Option, 0, 7)\n\tif p.token != nil {\n\t\topts = append(opts, WithToken(p.token))\n\t}\n\tif p.defaultToken != nil {\n\t\topts = append(opts, WithDefaultToken(p.defaultToken))\n\t}\n\tif p.size > 0 {\n\t\topts = append(opts, WithSize(p.size))\n\t}\n\tif p.defaultSize != DefaultSize {\n\t\topts = append(opts, WithDefaultSize(p.defaultSize))\n\t}\n\tif p.maxSize != DefaultMaxSize {\n\t\topts = append(opts, WithMaxSize(p.maxSize))\n\t}\n\tif p.additionalColumn.name != \"\" {\n\t\topts = append(opts, WithColumn(p.additionalColumn.name, p.additionalColumn.order))\n\t}\n\tif p.isLast {\n\t\topts = append(opts, withIsLast(p.isLast))\n\t}\n\treturn opts\n}\n\nfunc (p *Paginator) multipleOrderFieldsQuery(q *pop.Query, idField string, cols map[string]*columns.Column, quoteAndContextualize func(string) string) {\n\ttokenParts := p.Token().Parse(idField)\n\tidValue := tokenParts[idField]\n\n\tcolumn, ok := cols[p.additionalColumn.name]\n\tif !ok {\n\t\tq.Where(fmt.Sprintf(`%s > ?`, quoteAndContextualize(idField)), idValue)\n\t\treturn\n\t}\n\n\tquoteName := quoteAndContextualize(column.Name)\n\n\tvalue, ok := tokenParts[column.Name]\n\n\tif !ok {\n\t\tq.Where(fmt.Sprintf(`%s > ?`, quoteAndContextualize(idField)), idValue)\n\t\treturn\n\t}\n\n\tsign, keyword, err := p.additionalColumn.order.extract()\n\tif err != nil {\n\t\tq.Where(fmt.Sprintf(`%s > ?`, quoteAndContextualize(idField)), idValue)\n\t\treturn\n\t}\n\n\tq.\n\t\tWhere(fmt.Sprintf(\"(%s %s ? OR (%s = ? AND %s > ?))\", quoteName, sign, quoteName, quoteAndContextualize(idField)), value, value, idValue).\n\t\tOrder(fmt.Sprintf(\"%s %s\", quoteName, keyword))\n\n}\n\n// Paginate returns a function that paginates a pop.Query.\n// Usage:\n//\n//\tq := c.Where(\"foo = ?\", foo).Scope(keysetpagination.Paginate[MyItemType](paginator))\n//\n// This function works regardless of whether your type implements the Item\n// interface with pointer or value receivers. To understand the type parameters,\n// see this document:\n// https://go.googlesource.com/proposal/+/refs/heads/master/design/43651-type-parameters.md#pointer-method-example\nfunc Paginate[I any, PI interface {\n\tItem\n\t*I\n}](p *Paginator) pop.ScopeFunc {\n\tmodel := pop.Model{Value: new(I)}\n\tid := model.IDField()\n\ttableName := model.Alias()\n\treturn func(q *pop.Query) *pop.Query {\n\t\tquote := q.Connection.Dialect.Quote\n\t\teid := quote(tableName) + \".\" + quote(id)\n\n\t\tquoteAndContextualize := func(name string) string {\n\t\t\treturn quote(tableName) + \".\" + quote(name)\n\t\t}\n\t\tp.multipleOrderFieldsQuery(q, id, model.Columns().Cols, quoteAndContextualize)\n\n\t\treturn q.\n\t\t\tLimit(p.Size() + 1).\n\t\t\t// we always need to order by the id field last\n\t\t\tOrder(fmt.Sprintf(`%s ASC`, eid))\n\t}\n}\n\n// Result removes the last item (if applicable) and returns the paginator for the next page.\n//\n// This function works regardless of whether your type implements the Item\n// interface with pointer or value receivers. To understand the type parameters,\n// see this document:\n// https://go.googlesource.com/proposal/+/refs/heads/master/design/43651-type-parameters.md#pointer-method-example\nfunc Result[I any, PI interface {\n\tItem\n\t*I\n}](items []I, p *Paginator) ([]I, *Paginator) {\n\tif len(items) > p.Size() {\n\t\titems = items[:p.Size()]\n\t\treturn items, &Paginator{\n\t\t\ttoken: PI(&items[len(items)-1]).PageToken(),\n\t\t\tdefaultToken: p.defaultToken,\n\t\t\tsize: p.size,\n\t\t\tdefaultSize: p.defaultSize,\n\t\t\tmaxSize: p.maxSize,\n\t\t}\n\t}\n\treturn items, &Paginator{\n\t\tdefaultToken: p.defaultToken,\n\t\tsize: p.size,\n\t\tdefaultSize: p.defaultSize,\n\t\tmaxSize: p.maxSize,\n\t\tisLast: true,\n\t}\n}\n\nfunc WithDefaultToken(t PageToken) Option {\n\treturn func(opts *Paginator) *Paginator {\n\t\topts.defaultToken = t\n\t\treturn opts\n\t}\n}\n\nfunc WithDefaultSize(size int) Option {\n\treturn func(opts *Paginator) *Paginator {\n\t\topts.defaultSize = size\n\t\treturn opts\n\t}\n}\n\nfunc WithMaxSize(size int) Option {\n\treturn func(opts *Paginator) *Paginator {\n\t\topts.maxSize = size\n\t\treturn opts\n\t}\n}\n\nfunc WithToken(t PageToken) Option {\n\treturn func(opts *Paginator) *Paginator {\n\t\topts.token = t\n\t\treturn opts\n\t}\n}\n\nfunc WithSize(size int) Option {\n\treturn func(opts *Paginator) *Paginator {\n\t\topts.size = size\n\t\treturn opts\n\t}\n}\n\nfunc WithColumn(name string, order Order) Option {\n\treturn func(opts *Paginator) *Paginator {\n\t\topts.additionalColumn = columnOrdering{\n\t\t\tname: name,\n\t\t\torder: order,\n\t\t}\n\t\treturn opts\n\t}\n}\n\nfunc withIsLast(isLast bool) Option {\n\treturn func(opts *Paginator) *Paginator {\n\t\topts.isLast = isLast\n\t\treturn opts\n\t}\n}\n\nfunc GetPaginator(modifiers ...Option) *Paginator {\n\topts := &Paginator{\n\t\t// these can still be overridden by the modifiers, but they should never be unset\n\t\tmaxSize: DefaultMaxSize,\n\t\tdefaultSize: DefaultSize,\n\t}\n\tfor _, f := range modifiers {\n\t\topts = f(opts)\n\t}\n\treturn opts\n}\n" }, { "path": "oryx/pagination/keysetpagination/parse_header.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"net/http\"\n\t\"net/url\"\n\n\t\"github.com/peterhellberg/link\"\n)\n\n// PaginationResult represents a parsed result of the link HTTP header.\ntype PaginationResult struct {\n\t// NextToken is the next page token. If it's empty, there is no next page.\n\tNextToken string\n\n\t// FirstToken is the first page token.\n\tFirstToken string\n}\n\n// ParseHeader parses the response header's Link.\nfunc ParseHeader(r *http.Response) *PaginationResult {\n\tlinks := link.ParseResponse(r)\n\treturn &PaginationResult{\n\t\tNextToken: findRel(links, \"next\"),\n\t\tFirstToken: findRel(links, \"first\"),\n\t}\n}\n\nfunc findRel(links link.Group, rel string) string {\n\tfor idx, l := range links {\n\t\tif idx == rel {\n\t\t\tparsed, err := url.Parse(l.URI)\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\treturn parsed.Query().Get(\"page_token\")\n\t\t}\n\t}\n\n\treturn \"\"\n}\n" }, { "path": "oryx/pagination/keysetpagination_v2/.snapshots/TestPageToken-Marshal_snapshot.json", "content": "{\n \"e\": \"2023-01-01T01:00:00Z\",\n \"c\": [\n {\n \"n\": \"id\",\n \"v\": \"token\"\n },\n {\n \"n\": \"string\",\n \"o\": 1,\n \"v\": \"str\"\n },\n {\n \"n\": \"string-zero\",\n \"o\": 1,\n \"v\": \"\"\n },\n {\n \"n\": \"time\",\n \"vt\": \"2023-01-01T00:00:00Z\"\n },\n {\n \"n\": \"uuid\",\n \"vu\": \"b652bbbd-1a84-4fb7-9437-6b78ba2686db\"\n },\n {\n \"n\": \"nulluuid\",\n \"vu\": \"b652bbbd-1a84-4fb7-9437-6b78ba2686da\"\n },\n {\n \"n\": \"int64\",\n \"vi\": 64\n },\n {\n \"n\": \"int64-zero\",\n \"vi\": 0\n },\n {\n \"n\": \"empty-nullint64\",\n \"vi\": 0\n },\n {\n \"n\": \"nullint64\",\n \"vi\": 64\n },\n {\n \"n\": \"nullstring\",\n \"v\": \"str\"\n },\n {\n \"n\": \"empty-nullstring\",\n \"v\": \"\"\n },\n {\n \"n\": \"null-nulluuid\",\n \"vn\": true\n },\n {\n \"n\": \"null-nullstring\",\n \"vn\": true\n },\n {\n \"n\": \"null-nullint64\",\n \"vn\": true\n }\n ]\n}\n" }, { "path": "oryx/pagination/keysetpagination_v2/page_token.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"database/sql\"\n\t\"encoding/json\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/ssoready/hyrumtoken\"\n\n\t\"github.com/ory/herodot\"\n)\n\nvar fallbackEncryptionKey = &[32]byte{}\n\ntype (\n\tPageToken struct {\n\t\ttestNow func() time.Time\n\t\tcols []Column\n\t}\n\tjsonPageToken = struct {\n\t\tExpiresAt time.Time `json:\"e\"`\n\t\tCols []jsonColumn `json:\"c\"`\n\t}\n\n\tjsonColumn = struct {\n\t\tName string `json:\"n\"`\n\t\tOrder Order `json:\"o,omitempty\"`\n\t\tNullable bool `json:\"nl,omitempty\"`\n\t\tHasConstraint bool `json:\"hc,omitempty\"`\n\n\t\tValueAny any `json:\"v,omitempty\"`\n\t\tValueTime *time.Time `json:\"vt,omitempty\"`\n\t\tValueUUID *uuid.UUID `json:\"vu,omitempty\"`\n\t\tValueInt64 *int64 `json:\"vi,omitempty\"`\n\t\tValueNull bool `json:\"vn,omitempty\"`\n\t}\n\tColumn struct {\n\t\tName string\n\t\tOrder Order\n\t\tValue any\n\t\tNullable bool\n\t\t// HasConstraint marks if the column is already constrained by WHERE condition.\n\t\tHasConstraint bool\n\t}\n)\n\nfunc (t PageToken) Columns() []Column { return t.cols }\n\n// Encrypt encrypts the page token using the first key in the provided keyset.\n// It uses a fallback key if no keys are provided.\nfunc (t PageToken) Encrypt(keys [][32]byte) string {\n\tkey := fallbackEncryptionKey\n\tif len(keys) > 0 {\n\t\tkey = &keys[0]\n\t}\n\treturn hyrumtoken.Marshal(key, t)\n}\n\nfunc (t PageToken) MarshalJSON() ([]byte, error) {\n\tnow := time.Now\n\tif t.testNow != nil {\n\t\tnow = t.testNow\n\t}\n\ttoEncode := jsonPageToken{\n\t\tExpiresAt: now().Add(time.Hour).UTC(),\n\t\tCols: make([]jsonColumn, len(t.cols)),\n\t}\n\tfor i, col := range t.cols {\n\t\ttoEncode.Cols[i] = jsonColumn{\n\t\t\tName: col.Name,\n\t\t\tOrder: col.Order,\n\t\t\tNullable: col.Nullable,\n\t\t\tHasConstraint: col.HasConstraint,\n\t\t}\n\t\tswitch v := col.Value.(type) {\n\t\tcase time.Time:\n\t\t\ttoEncode.Cols[i].ValueTime = new(v)\n\t\tcase uuid.UUID:\n\t\t\ttoEncode.Cols[i].ValueUUID = new(v)\n\t\tcase uuid.NullUUID:\n\t\t\tif v.Valid {\n\t\t\t\ttoEncode.Cols[i].ValueUUID = new(v.UUID)\n\t\t\t} else {\n\t\t\t\ttoEncode.Cols[i].ValueNull = true\n\t\t\t}\n\t\tcase sql.NullString:\n\t\t\tif v.Valid {\n\t\t\t\ttoEncode.Cols[i].ValueAny = new(v.String)\n\t\t\t} else {\n\t\t\t\ttoEncode.Cols[i].ValueNull = true\n\t\t\t}\n\t\tcase int64:\n\t\t\ttoEncode.Cols[i].ValueInt64 = new(v)\n\t\tcase sql.NullInt64:\n\t\t\tif v.Valid {\n\t\t\t\ttoEncode.Cols[i].ValueInt64 = new(v.Int64)\n\t\t\t} else {\n\t\t\t\ttoEncode.Cols[i].ValueNull = true\n\t\t\t}\n\t\tdefault:\n\t\t\ttoEncode.Cols[i].ValueAny = v\n\t\t}\n\t}\n\treturn json.Marshal(toEncode)\n}\n\nvar ErrPageTokenExpired = herodot.ErrBadRequest.WithReason(\"page token expired, do not persist page tokens\")\n\nfunc (t *PageToken) UnmarshalJSON(data []byte) error {\n\trawToken := jsonPageToken{}\n\tif err := json.Unmarshal(data, &rawToken); err != nil {\n\t\treturn err\n\t}\n\tt.cols = make([]Column, len(rawToken.Cols))\n\tfor i, col := range rawToken.Cols {\n\t\tt.cols[i] = Column{\n\t\t\tName: col.Name,\n\t\t\tOrder: col.Order,\n\t\t\tNullable: col.Nullable,\n\t\t\tHasConstraint: col.HasConstraint,\n\t\t}\n\t\tswitch {\n\t\tcase col.ValueNull:\n\t\t\tt.cols[i].Value = nil\n\t\tcase col.ValueAny != nil:\n\t\t\tt.cols[i].Value = col.ValueAny\n\t\tcase col.ValueUUID != nil:\n\t\t\tt.cols[i].Value = *col.ValueUUID\n\t\tcase col.ValueTime != nil:\n\t\t\tt.cols[i].Value = *col.ValueTime\n\t\tcase col.ValueInt64 != nil:\n\t\t\tt.cols[i].Value = *col.ValueInt64\n\t\t}\n\t}\n\n\tnow := time.Now\n\tif t.testNow != nil {\n\t\tnow = t.testNow\n\t}\n\tif rawToken.ExpiresAt.Before(now().UTC()) {\n\t\treturn errors.WithStack(ErrPageTokenExpired)\n\t}\n\treturn nil\n}\n\nfunc NewPageToken(cols ...Column) PageToken { return PageToken{cols: cols} }\n" }, { "path": "oryx/pagination/keysetpagination_v2/paginator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"cmp\"\n\t\"reflect\"\n\n\t\"github.com/jmoiron/sqlx/reflectx\"\n\t\"github.com/ory/herodot\"\n)\n\nvar ErrInvalidPaginationToken = herodot.ErrBadRequest.WithReason(\"invalid pagination token\")\n\ntype (\n\tPaginator struct {\n\t\ttoken, defaultToken PageToken\n\t\tsize, defaultSize, maxSize int\n\t\tisLast bool\n\t}\n\tOption func(*Paginator)\n)\n\nconst (\n\tDefaultSize = 100\n\tDefaultMaxSize = 500\n)\n\nvar dbStructTagMapper = reflectx.NewMapper(\"db\")\n\nfunc (p *Paginator) DefaultToken() PageToken { return p.defaultToken }\nfunc (p *Paginator) IsLast() bool { return p.isLast }\n\nfunc (p *Paginator) PageToken() PageToken {\n\tif p.token.cols != nil {\n\t\treturn p.token\n\t}\n\treturn p.defaultToken\n}\n\nfunc (p *Paginator) Size() int {\n\tdefaultSize := cmp.Or(p.defaultSize, DefaultSize)\n\tmaxSize := cmp.Or(p.maxSize, DefaultMaxSize)\n\n\tsize := p.size\n\tif size <= 0 {\n\t\tsize = defaultSize\n\t}\n\tif size > maxSize {\n\t\tsize = maxSize\n\t}\n\n\treturn size\n}\n\nfunc (p *Paginator) ToOptions() []Option {\n\topts := make([]Option, 0, 6)\n\tif p.token.cols != nil {\n\t\topts = append(opts, WithToken(p.token))\n\t}\n\tif p.defaultToken.cols != nil {\n\t\topts = append(opts, WithDefaultToken(p.defaultToken))\n\t}\n\tif p.size > 0 {\n\t\topts = append(opts, WithSize(p.size))\n\t}\n\tif p.defaultSize != DefaultSize {\n\t\topts = append(opts, WithDefaultSize(p.defaultSize))\n\t}\n\tif p.maxSize != DefaultMaxSize {\n\t\topts = append(opts, WithMaxSize(p.maxSize))\n\t}\n\tif p.isLast {\n\t\topts = append(opts, withIsLast(p.isLast))\n\t}\n\treturn opts\n}\n\n// Result removes the last item (if applicable) and returns the paginator for the next page.\nfunc Result[I any](items []I, p *Paginator) ([]I, *Paginator) {\n\treturn ResultFunc(items, p, func(last I, colName string) any {\n\t\tlastItemVal := reflect.ValueOf(last)\n\t\treturn dbStructTagMapper.FieldByName(lastItemVal, colName).Interface()\n\t})\n}\n\n// ResultFunc removes the last item (if applicable) and returns the paginator for the next page.\n// The extractor function is used to extract the column values from the last item.\nfunc ResultFunc[I any](items []I, p *Paginator, extractor func(last I, colName string) any) ([]I, *Paginator) {\n\tif len(items) <= p.Size() {\n\t\treturn items, &Paginator{\n\t\t\tisLast: true,\n\n\t\t\tdefaultToken: p.defaultToken,\n\t\t\tsize: p.size,\n\t\t\tdefaultSize: p.defaultSize,\n\t\t\tmaxSize: p.maxSize,\n\t\t}\n\t}\n\n\titems = items[:p.Size()]\n\tlastItem := items[len(items)-1]\n\n\tcurrentCols := p.PageToken().Columns()\n\tnewCols := make([]Column, len(currentCols))\n\tfor i, col := range currentCols {\n\t\tnewCols[i] = Column{\n\t\t\tName: col.Name,\n\t\t\tOrder: col.Order,\n\t\t\tNullable: col.Nullable,\n\t\t\tHasConstraint: col.HasConstraint,\n\t\t\tValue: extractor(lastItem, col.Name),\n\t\t}\n\t}\n\n\treturn items, &Paginator{\n\t\ttoken: NewPageToken(newCols...),\n\t\tdefaultToken: p.defaultToken,\n\t\tsize: p.size,\n\t\tdefaultSize: p.defaultSize,\n\t\tmaxSize: p.maxSize,\n\t}\n}\n\nfunc WithSize(size int) Option {\n\treturn func(p *Paginator) { p.size = size }\n}\n\nfunc WithDefaultSize(size int) Option {\n\treturn func(p *Paginator) { p.defaultSize = size }\n}\n\nfunc WithMaxSize(size int) Option {\n\treturn func(p *Paginator) { p.maxSize = size }\n}\n\nfunc WithToken(t PageToken) Option {\n\treturn func(p *Paginator) { p.token = t }\n}\n\nfunc WithDefaultToken(t PageToken) Option {\n\treturn func(p *Paginator) { p.defaultToken = t }\n}\n\nfunc withIsLast(isLast bool) Option {\n\treturn func(p *Paginator) { p.isLast = isLast }\n}\n\nfunc NewPaginator(modifiers ...Option) (*Paginator, error) {\n\tp := &Paginator{\n\t\t// these can still be overridden by the modifiers, but they should never be unset\n\t\tmaxSize: DefaultMaxSize,\n\t\tdefaultSize: DefaultSize,\n\t}\n\tfor _, f := range modifiers {\n\t\tf(p)\n\t}\n\tif err := p.validatePageToken(); err != nil {\n\t\treturn nil, err\n\t}\n\treturn p, nil\n}\n\n// validatePageToken ensures the page token columns strictly match DefaultToken's schema in order.\nfunc (p *Paginator) validatePageToken() error {\n\ttokenCols := p.PageToken().Columns()\n\tif len(tokenCols) == 0 {\n\t\treturn nil\n\t}\n\n\tif columnsMatch(tokenCols, p.defaultToken.Columns()) {\n\t\treturn nil\n\t}\n\treturn ErrInvalidPaginationToken\n}\n\nfunc columnsMatch(tokenCols, templateCols []Column) bool {\n\tif len(templateCols) == 0 || len(tokenCols) != len(templateCols) {\n\t\treturn false\n\t}\n\tfor i, col := range tokenCols {\n\t\tdef := templateCols[i]\n\t\tif def.Name != col.Name || def.Order != col.Order || def.Nullable != col.Nullable {\n\t\t\treturn false\n\t\t}\n\t}\n\treturn true\n}\n" }, { "path": "oryx/pagination/keysetpagination_v2/parse_header.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"net/http\"\n\t\"net/url\"\n\n\t\"github.com/peterhellberg/link\"\n)\n\n// ParseHeader parses the response header's Link and returns the first and next page tokens.\nfunc ParseHeader(r *http.Response) (first, next string, isLast bool) {\n\tlinks := link.ParseResponse(r)\n\tfirst, _ = findRel(links, \"first\")\n\tnext, hasNext := findRel(links, \"next\")\n\treturn first, next, !hasNext\n}\n\nfunc findRel(links link.Group, rel string) (string, bool) {\n\tfor idx, l := range links {\n\t\tif idx == rel {\n\t\t\tparsed, err := url.Parse(l.URI)\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tq := parsed.Query()\n\n\t\t\treturn q.Get(\"page_token\"), q.Has(\"page_token\")\n\t\t}\n\t}\n\n\treturn \"\", false\n}\n" }, { "path": "oryx/pagination/keysetpagination_v2/query_builder.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"database/sql/driver\"\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/ory/pop/v6\"\n)\n\ntype Order int\n\nconst (\n\tOrderAscending Order = iota\n\tOrderDescending\n)\n\nfunc (o Order) extract() (string, string) {\n\tswitch o {\n\tcase OrderAscending:\n\t\treturn \">\", \"ASC\"\n\tcase OrderDescending:\n\t\treturn \"<\", \"DESC\"\n\tdefault:\n\t\tpanic(fmt.Sprintf(\"keyset pagination: unknown order %d\", o))\n\t}\n}\n\n// Paginate returns a function that paginates a pop.Query.\n// Usage:\n//\n//\tq := c.Where(\"foo = ?\", foo).Scope(keysetpagination.Paginate[MyItemType](paginator))\nfunc Paginate[I any](p *Paginator) pop.ScopeFunc {\n\tmodel := pop.Model{Value: *new(I)}\n\ttableName := model.Alias()\n\treturn func(q *pop.Query) *pop.Query {\n\t\tquoteAndContextualize := func(name string) string {\n\t\t\tquote := q.Connection.Dialect.Quote\n\t\t\treturn quote(tableName) + \".\" + quote(name)\n\t\t}\n\t\tdialect := q.Connection.Dialect.Name()\n\t\twhere, args, order := BuildWhereAndOrder(p.PageToken().Columns(), quoteAndContextualize, dialect)\n\t\t// IMPORTANT: Ensures correct query logic by grouping conditions.\n\t\t// Without parentheses, `WHERE otherCond AND pageCond1 OR pageCond2` would be\n\t\t// evaluated as `(otherCond = ? AND pageCond1) OR pageCond2`, potentially returning\n\t\t// rows that do not match `otherCond`.\n\t\t// We fix it by forcing the query to be: `WHERE otherCond AND (paginationCond1 OR paginationCond2)`.\n\t\twhere = \"(\" + where + \")\"\n\n\t\treturn q.\n\t\t\tWhere(where, args...).\n\t\t\tOrder(order).\n\t\t\tLimit(p.Size() + 1)\n\t}\n}\n\nfunc BuildWhereAndOrder(columns []Column, quote func(string) string, dialect string) (string, []any, string) {\n\tvar whereBuilder, orderByBuilder, prevEqual strings.Builder\n\n\tkeysetCols := make([]Column, 0, len(columns))\n\n\t// ORDER BY includes all columns (even constrained ones)\n\tfor i, part := range columns {\n\t\tcolumn := quote(part.Name)\n\t\t_, keyword := part.Order.extract()\n\n\t\tif i > 0 {\n\t\t\torderByBuilder.WriteString(\", \")\n\t\t}\n\n\t\torderByBuilder.WriteString(column + \" \" + keyword)\n\n\t\t// Postgres orders NULLs differently depending on sort direction;\n\t\t// (ASC → NULLS LAST, DESC → NULLS FIRST), which does not match the\n\t\t// assumptions of our keyset pagination logic and other supported DBs.\n\t\t// We therefore make NULL ordering explicit on Postgres to keep pagination\n\t\t// stable and consistent with sqlite/mysql/cockroachdb.\n\t\tif dialect == \"postgres\" && part.Nullable {\n\t\t\tif part.Order == OrderAscending {\n\t\t\t\torderByBuilder.WriteString(\" NULLS FIRST\")\n\t\t\t} else {\n\t\t\t\torderByBuilder.WriteString(\" NULLS LAST\")\n\t\t\t}\n\t\t}\n\n\t\t// Build keyset WHERE only from unconstrained columns\n\t\tif !part.HasConstraint {\n\t\t\tkeysetCols = append(keysetCols, part)\n\t\t}\n\t}\n\n\t// If everything is constrained, no keyset predicate is needed.\n\tif len(keysetCols) == 0 {\n\t\treturn \"\", nil, orderByBuilder.String()\n\t}\n\n\targs := make([]any, 0, len(keysetCols)*(len(keysetCols)+1)/2)\n\tprevEqualArgs := make([]any, 0, len(keysetCols))\n\n\twhereBuilder.WriteRune('(')\n\n\tfor i, part := range keysetCols {\n\t\tcolumn := quote(part.Name)\n\t\tsign, _ := part.Order.extract()\n\n\t\tif i > 0 {\n\t\t\twhereBuilder.WriteString(\") OR (\")\n\t\t}\n\n\t\twhereBuilder.WriteString(prevEqual.String())\n\t\tif prevEqual.Len() > 0 {\n\t\t\twhereBuilder.WriteString(\" AND \")\n\t\t}\n\n\t\tisNull := part.Nullable && isSQLNull(part.Value)\n\n\t\tif !part.Nullable {\n\t\t\twhereBuilder.WriteString(column + \" \" + sign + \" ?\")\n\t\t} else if !isNull {\n\t\t\twhereBuilder.WriteString(column + \" IS NOT NULL AND \" + column + \" \" + sign + \" ?\")\n\t\t} else {\n\t\t\twhereBuilder.WriteString(column + \" IS NOT NULL\")\n\t\t}\n\n\t\tif i > 0 {\n\t\t\tprevEqual.WriteString(\" AND \")\n\t\t}\n\n\t\tif !part.Nullable {\n\t\t\tprevEqual.WriteString(column + \" = ?\")\n\t\t\tprevEqualArgs = append(prevEqualArgs, part.Value)\n\t\t} else if !isNull {\n\t\t\tprevEqual.WriteString(column + \" = ?\")\n\t\t\tprevEqualArgs = append(prevEqualArgs, part.Value)\n\t\t} else {\n\t\t\tprevEqual.WriteString(column + \" IS NULL\")\n\t\t}\n\n\t\targs = append(args, prevEqualArgs...)\n\t}\n\n\twhereBuilder.WriteRune(')')\n\n\treturn whereBuilder.String(), args, orderByBuilder.String()\n}\n\n// isSQLNull reports whether v represents a SQL NULL value.\nfunc isSQLNull(v any) bool {\n\tif v == nil {\n\t\treturn true\n\t}\n\n\tif valuer, ok := v.(driver.Valuer); ok {\n\t\tval, err := valuer.Value()\n\t\treturn err == nil && val == nil\n\t}\n\n\treturn false\n}\n" }, { "path": "oryx/pagination/keysetpagination_v2/request_params.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage keysetpagination\n\nimport (\n\t\"cmp\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/ssoready/hyrumtoken\"\n)\n\n// Pagination Request Parameters\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model keysetPaginationRequestParameters\ntype RequestParameters struct {\n\t// Items per Page\n\t//\n\t// This is the number of items per page to return.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 1000\n\tPageSize int `json:\"page_size\"`\n\n\t// Next Page Token\n\t//\n\t// The next page token.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\tPageToken string `json:\"page_token\"`\n}\n\n// Pagination Response Header\n//\n// The `Link` HTTP header contains multiple links (`first`, `next`) formatted as:\n// `; rel=\"first\"`\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model keysetPaginationResponseHeaders\ntype ResponseHeaders struct {\n\t// The Link HTTP Header\n\t//\n\t// The `Link` header contains a comma-delimited list of links to the following pages:\n\t//\n\t// - first: The first page of results.\n\t// - next: The next page of results.\n\t//\n\t// Pages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted. Examples:\n\t//\n\t//\t; rel=\"next\"\n\t//\n\tLink string `json:\"link\"`\n}\n\n// SetLinkHeader adds the Link header for the page encoded by the paginator.\n// It contains links to the first and next page, if one exists.\nfunc SetLinkHeader(w http.ResponseWriter, keys [][32]byte, u *url.URL, p *Paginator) {\n\tsize := p.Size()\n\tlink := []string{linkPart(u, \"first\", p.DefaultToken().Encrypt(keys), size)}\n\tif !p.isLast {\n\t\tlink = append(link, linkPart(u, \"next\", p.PageToken().Encrypt(keys), size))\n\t}\n\tw.Header().Set(\"Link\", strings.Join(link, \",\"))\n}\n\nfunc linkPart(u *url.URL, rel, token string, size int) string {\n\tq := u.Query()\n\tq.Set(\"page_token\", token)\n\tq.Set(\"page_size\", strconv.Itoa(size))\n\tu.RawQuery = q.Encode()\n\treturn fmt.Sprintf(\"<%s>; rel=%q\", u.String(), rel)\n}\n\n// ParseQueryParams extracts the pagination options from the URL query.\nfunc ParseQueryParams(keys [][32]byte, q url.Values) ([]Option, error) {\n\tvar opts []Option\n\tif t := cmp.Or(q[\"page_token\"]...); t != \"\" {\n\t\traw, err := url.QueryUnescape(t)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\ttoken, err := ParsePageToken(keys, raw)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\topts = append(opts, WithToken(token))\n\t}\n\tif s := cmp.Or(q[\"page_size\"]...); s != \"\" {\n\t\tsize, err := strconv.Atoi(s)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\topts = append(opts, WithSize(size))\n\t}\n\treturn opts, nil\n}\n\n// ParsePageToken parses a page token from the given raw string using the provided keys.\n// It panics if no keys are provided.\nfunc ParsePageToken(keys [][32]byte, raw string) (t PageToken, err error) {\n\tfor i := range keys {\n\t\terr = errors.WithStack(hyrumtoken.Unmarshal(&keys[i], raw, &t))\n\t\tif err == nil {\n\t\t\treturn\n\t\t}\n\t}\n\t// as a last resort, try the fallback key\n\terr = hyrumtoken.Unmarshal(fallbackEncryptionKey, raw, &t)\n\treturn t, errors.WithStack(err)\n}\n" }, { "path": "oryx/pagination/limit.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// Package pagination provides helpers for dealing with pagination.\npackage pagination\n\n// Index uses limit, offset, and a slice's length to compute start and end indices for said slice.\nfunc Index(limit, offset, length int) (start, end int) {\n\tif offset > length {\n\t\treturn length, length\n\t} else if limit+offset > length {\n\t\treturn offset, length\n\t}\n\n\treturn offset, offset + limit\n}\n" }, { "path": "oryx/pagination/migrationpagination/.snapshots/TestPaginationHeader-Create_next_and_last,_but_not_previous_or_first_if_at_the_beginning.json", "content": "[\n \"\\u003chttp://example.com?page=1\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiI1MCIsInYiOjJ9\\u0026per_page=50\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page=2\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIxMDAiLCJ2IjoyfQ\\u0026per_page=50\\u003e\",\n \"rel=\\\"last\\\"\"\n]\n" }, { "path": "oryx/pagination/migrationpagination/.snapshots/TestPaginationHeader-Create_only_first_if_the_limits_provided_exceeds_the_number_of_clients_found.json", "content": "[\n \"\\u003chttp://example.com?page=0\\u0026page_size=5\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u0026per_page=5\\u003e\",\n \"rel=\\\"first\\\"\"\n]\n" }, { "path": "oryx/pagination/migrationpagination/.snapshots/TestPaginationHeader-Create_previous,_next,_first,_and_last_if_in_the_middle.json", "content": "[\n \"\\u003chttp://example.com?page=0\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u0026per_page=50\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page=4\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIyMDAiLCJ2IjoyfQ\\u0026per_page=50\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page=2\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIxMDAiLCJ2IjoyfQ\\u0026per_page=50\\u003e\",\n \"rel=\\\"prev\\\",\\u003chttp://example.com?page=5\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIyNTAiLCJ2IjoyfQ\\u0026per_page=50\\u003e\",\n \"rel=\\\"last\\\"\"\n]\n" }, { "path": "oryx/pagination/migrationpagination/.snapshots/TestPaginationHeader-Create_previous,_next,_first,_but_not_last_if_in_the_middle_and_no_total_was_provided.json", "content": "[\n \"\\u003chttp://example.com?page=0\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u0026per_page=50\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page=4\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIyMDAiLCJ2IjoyfQ\\u0026per_page=50\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page=2\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIxMDAiLCJ2IjoyfQ\\u0026per_page=50\\u003e\",\n \"rel=\\\"prev\\\"\"\n]\n" }, { "path": "oryx/pagination/migrationpagination/.snapshots/TestPaginationHeader-Create_previous_and_first_but_not_next_or_last_if_at_the_end.json", "content": "[\n \"\\u003chttp://example.com?page=0\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u0026per_page=50\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page=1\\u0026page_size=50\\u0026page_token=eyJvZmZzZXQiOiI1MCIsInYiOjJ9\\u0026per_page=50\\u003e\",\n \"rel=\\\"prev\\\"\"\n]\n" }, { "path": "oryx/pagination/migrationpagination/.snapshots/TestPaginationHeader-Header_should_default_limit_to_1_no_limit_was_provided.json", "content": "[\n \"\\u003chttp://example.com?page=0\\u0026page_size=1\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u0026per_page=1\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page=21\\u0026page_size=1\\u0026page_token=eyJvZmZzZXQiOiIyMSIsInYiOjJ9\\u0026per_page=1\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page=19\\u0026page_size=1\\u0026page_token=eyJvZmZzZXQiOiIxOSIsInYiOjJ9\\u0026per_page=1\\u003e\",\n \"rel=\\\"prev\\\",\\u003chttp://example.com?page=99\\u0026page_size=1\\u0026page_token=eyJvZmZzZXQiOiI5OSIsInYiOjJ9\\u0026per_page=1\\u003e\",\n \"rel=\\\"last\\\"\"\n]\n" }, { "path": "oryx/pagination/migrationpagination/header.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage migrationpagination\n\n// swagger:model mixedPaginationRequestParameters\ntype RequestParameters struct {\n\t// Deprecated Items per Page\n\t//\n\t// DEPRECATED: Please use `page_token` instead. This parameter will be removed in the future.\n\t//\n\t// This is the number of items per page.\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 1000\n\tPerPage int `json:\"per_page\"`\n\n\t// Deprecated Pagination Page\n\t//\n\t// DEPRECATED: Please use `page_token` instead. This parameter will be removed in the future.\n\t//\n\t// This value is currently an integer, but it is not sequential. The value is not the page number, but a\n\t// reference. The next page can be any number and some numbers might return an empty list.\n\t//\n\t// For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.\n\t// The first page can be retrieved by omitting this parameter. Following page pointers will be returned in the\n\t// `Link` header.\n\t//\n\t// required: false\n\t// in: query\n\tPage int `json:\"page\"`\n\n\t// Page Size\n\t//\n\t// This is the number of items per page to return. For details on pagination please head over to the\n\t// [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 500\n\tPageSize int `json:\"page_size\"`\n\n\t// Next Page Token\n\t//\n\t// The next page token. For details on pagination please head over to the\n\t// [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\tPageToken string `json:\"page_token\"`\n}\n\n// Pagination Response Header\n//\n// The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as:\n// `; rel=\"{page}\"`\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model mixedPagePaginationResponseHeaders\ntype ResponseHeaderAnnotation struct {\n\t// The Link HTTP Header\n\t//\n\t// The `Link` header contains a comma-delimited list of links to the following pages:\n\t//\n\t// - first: The first page of results.\n\t// - next: The next page of results.\n\t// - prev: The previous page of results.\n\t// - last: The last page of results.\n\t//\n\t// Pages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted.\n\t//\n\t// The header value may look like follows:\n\t//\n\t//\t; rel=\"first\",; rel=\"next\",; rel=\"prev\",; rel=\"last\"\n\tLink string `json:\"link\"`\n\n\t// The X-Total-Count HTTP Header\n\t//\n\t// The `X-Total-Count` header contains the total number of items in the collection.\n\t//\n\t// DEPRECATED: This header will be removed eventually. Please use the `Link` header\n\t// instead to check whether you are on the last page.\n\tTotalCount int `json:\"x-total-count\"`\n}\n" }, { "path": "oryx/pagination/migrationpagination/pagination.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage migrationpagination\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\n\t\"github.com/ory/x/pagination\"\n\t\"github.com/ory/x/pagination/pagepagination\"\n\t\"github.com/ory/x/pagination/tokenpagination\"\n)\n\ntype Paginator struct {\n\tp *pagepagination.PagePaginator\n\tt *tokenpagination.TokenPaginator\n}\n\nfunc NewPaginator(p *pagepagination.PagePaginator, t *tokenpagination.TokenPaginator) *Paginator {\n\treturn &Paginator{p: p, t: t}\n}\n\nfunc NewDefaultPaginator() *Paginator {\n\treturn &Paginator{p: new(pagepagination.PagePaginator), t: new(tokenpagination.TokenPaginator)}\n}\n\nfunc (p *Paginator) ParsePagination(r *http.Request) (page, itemsPerPage int) {\n\tif r.URL.Query().Has(\"page_token\") || r.URL.Query().Has(\"page_size\") {\n\t\treturn p.t.ParsePagination(r)\n\t}\n\treturn p.p.ParsePagination(r)\n}\n\nfunc header(u *url.URL, rel string, itemsPerPage, offset int64) string {\n\tq := u.Query()\n\tq.Set(\"page_size\", fmt.Sprintf(\"%d\", itemsPerPage))\n\tq.Set(\"page_token\", tokenpagination.Encode(offset))\n\tq.Set(\"per_page\", fmt.Sprintf(\"%d\", itemsPerPage))\n\tq.Set(\"page\", fmt.Sprintf(\"%d\", offset/itemsPerPage))\n\tu.RawQuery = q.Encode()\n\treturn fmt.Sprintf(\"<%s>; rel=\\\"%s\\\"\", u.String(), rel)\n}\n\nfunc PaginationHeader(w http.ResponseWriter, u *url.URL, total int64, page, itemsPerPage int) {\n\tpagination.HeaderWithFormatter(w, u, total, page, itemsPerPage, header)\n}\n" }, { "path": "oryx/pagination/pagepagination/header.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pagepagination\n\n// Pagination Request Parameters\n//\n// The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as:\n// `; rel=\"{page}\"`\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model pagePaginationRequestParameters\ntype RequestParameters struct {\n\t// Legacy Items per Page\n\t//\n\t// A DEPRECATED alias for `page_size`. Please transition to using `page_size` going forward.\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 1000\n\tPerPage int `json:\"per_page\"`\n\n\t// Legacy Pagination Page\n\t//\n\t// A DEPRECATED alias for `page_token`. Please transition to using `page_token` going forward.\n\t//\n\t// required: false\n\t// in: query\n\t// default: 1\n\t// min: 1\n\tPage int `json:\"page\"`\n\n\t// Items per Page\n\t//\n\t// This is the number of items per page to return. For details on pagination please head over to the\n\t// [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 500\n\tPageSize int `json:\"page_size\"`\n\n\t// Next Page Token\n\t//\n\t// The next page token. For details on pagination please head over to the\n\t// [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\tPageToken string `json:\"page_token\"`\n}\n\n// swagger:model pagePaginationResponseHeaders\ntype ResponseHeaderAnnotation struct {\n\t// The Link HTTP Header\n\t//\n\t// The `Link` header contains a comma-delimited list of links to the following pages:\n\t//\n\t// - first: The first page of results.\n\t// - next: The next page of results.\n\t// - prev: The previous page of results.\n\t// - last: The last page of results.\n\t//\n\t// Pages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted.\n\t//\n\t// This header will include the `per_page` and `page` parameters for legacy reasons, but these parameters will eventually be removed.\n\t//\n\t//\tExample: Link: ; rel=\"first\",; rel=\"next\",; rel=\"prev\",; rel=\"last\"\n\tLink string `json:\"link\"`\n\n\t// The X-Total-Count HTTP Header\n\t//\n\t// The `X-Total-Count` header contains the total number of items in the collection.\n\t//\n\t// Example: 123\n\tTotalCount int `json:\"x-total-count\"`\n}\n" }, { "path": "oryx/pagination/pagepagination/pagination.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pagepagination\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n\n\t\"github.com/ory/x/pagination\"\n)\n\ntype PagePaginator struct {\n\tMaxItems int\n\tDefaultItems int\n}\n\nfunc (p *PagePaginator) defaults() {\n\tif p.MaxItems == 0 {\n\t\tp.MaxItems = 1000\n\t}\n\n\tif p.DefaultItems == 0 {\n\t\tp.DefaultItems = 250\n\t}\n}\n\n// ParsePagination parses limit and page from *http.Request with given limits and defaults.\nfunc (p *PagePaginator) ParsePagination(r *http.Request) (page, itemsPerPage int) {\n\tp.defaults()\n\n\tif offsetParam := r.URL.Query().Get(\"page\"); offsetParam == \"\" {\n\t\tpage = 0\n\t} else {\n\t\tif offset, err := strconv.ParseInt(offsetParam, 10, 0); err != nil {\n\t\t\tpage = 0\n\t\t} else {\n\t\t\tpage = int(offset)\n\t\t}\n\t}\n\n\tif limitParam := r.URL.Query().Get(\"per_page\"); limitParam == \"\" {\n\t\titemsPerPage = p.DefaultItems\n\t} else {\n\t\tif limit, err := strconv.ParseInt(limitParam, 10, 0); err != nil {\n\t\t\titemsPerPage = p.DefaultItems\n\t\t} else {\n\t\t\titemsPerPage = int(limit)\n\t\t}\n\t}\n\n\tif itemsPerPage > p.MaxItems {\n\t\titemsPerPage = p.MaxItems\n\t}\n\n\tif itemsPerPage < 1 {\n\t\titemsPerPage = 1\n\t}\n\n\tif page < 0 {\n\t\tpage = 0\n\t}\n\n\treturn\n}\n\nfunc header(u *url.URL, rel string, limit, offset int64) string {\n\tq := u.Query()\n\tq.Set(\"per_page\", fmt.Sprintf(\"%d\", limit))\n\tq.Set(\"page\", fmt.Sprintf(\"%d\", offset/limit))\n\tu.RawQuery = q.Encode()\n\treturn fmt.Sprintf(\"<%s>; rel=\\\"%s\\\"\", u.String(), rel)\n}\n\nfunc PaginationHeader(w http.ResponseWriter, u *url.URL, total int64, page, itemsPerPage int) {\n\tpagination.HeaderWithFormatter(w, u, total, page, itemsPerPage, header)\n}\n" }, { "path": "oryx/pagination/paginationplanner/planner.go", "content": "// Copyright © 2026 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage paginationplanner\n\nimport (\n\t\"github.com/pkg/errors\"\n\n\tkeysetpagination \"github.com/ory/x/pagination/keysetpagination_v2\"\n)\n\n// PaginationPlanner chooses the best [PaginationPlan] for a queriedColumns.\n// Plan is eligible when its required constraint set is satisfied (and an optional Condition matches).\n// If no plan matches, the FallbackPlan is used.\ntype PaginationPlanner struct {\n\tPlans []PaginationPlan\n\tFallbackPlan PaginationPlan\n}\n\nfunc NewPaginationPlanner(fallbackPlan PaginationPlan, plans []PaginationPlan) (*PaginationPlanner, error) {\n\tif len(fallbackPlan.DefaultPageToken.Columns()) == 0 {\n\t\treturn nil, errors.New(\"plan must define at least one PageTokenColumn\")\n\t}\n\n\tfor i := range plans {\n\t\tplan := &plans[i]\n\t\tif len(plan.ApplicableQueries) == 0 {\n\t\t\treturn nil, errors.New(\"plan must define at least one ApplicableQueries\")\n\t\t}\n\t\tif len(plan.DefaultPageToken.Columns()) == 0 {\n\t\t\treturn nil, errors.New(\"plan must define a DefaultPageToken\")\n\t\t}\n\t\tplan.populateInternals()\n\t}\n\n\treturn &PaginationPlanner{\n\t\tPlans: plans,\n\t\tFallbackPlan: fallbackPlan,\n\t}, nil\n}\n\n// GetPaginator selects the first eligible plan for the given queriedColumns constraints.\n// Eligibility requires an exact ColumnSet match and (if set) Condition match.\n// If none match, the FallbackPlan is used for building the Paginator.\nfunc (p *PaginationPlanner) GetPaginator(q Query, pageOpts ...keysetpagination.Option) (*keysetpagination.Paginator, error) {\n\tif len(q) == 0 {\n\t\treturn keysetpagination.NewPaginator(append(pageOpts, keysetpagination.WithDefaultToken(p.FallbackPlan.DefaultPageToken))...)\n\t}\n\n\tplan := p.pickPlan(q)\n\n\torigCols := plan.DefaultPageToken.Columns()\n\n\t// Make a fresh copy so we don't mutate the original backing array.\n\tcols := make([]keysetpagination.Column, len(origCols))\n\tcopy(cols, origCols)\n\n\tfor i, col := range cols {\n\t\tif val, ok := q.colByName(col.Name); ok && val.IsConstrained() {\n\t\t\tcols[i].HasConstraint = true\n\t\t}\n\t}\n\n\tdefaultToken := keysetpagination.WithDefaultToken(keysetpagination.NewPageToken(cols...))\n\treturn keysetpagination.NewPaginator(append(pageOpts, defaultToken)...)\n}\n\nfunc (p *PaginationPlanner) pickPlan(q Query) PaginationPlan {\n\tconstrainedCols := q.constrainedCols()\n\n\tfor _, plan := range p.Plans {\n\t\tif _, ok := plan.applicableQueries[constrainedCols]; !ok {\n\t\t\tcontinue\n\t\t}\n\t\tif plan.Condition != nil && !plan.Condition(q) {\n\t\t\tcontinue\n\t\t}\n\t\treturn plan\n\t}\n\n\treturn p.FallbackPlan\n}\n\ntype PaginationPlan struct {\n\tName string\n\n\t// DefaultPageToken defines the columns that the pagination will be made of\n\tDefaultPageToken keysetpagination.PageToken\n\n\t// ApplicableQueries defines the exact sets of columns that this pagination plan is applicable for.\n\tApplicableQueries [][]Column\n\tapplicableQueries map[uint]struct{}\n\n\t// Condition further restricts the Plan eligibility for given queriedColumns.\n\t// This can be used for plan-specific logic, e.g. verifying partial-index predicates match.\n\tCondition func(q Query) bool\n}\n\nfunc (pp *PaginationPlan) populateInternals() {\n\tpp.applicableQueries = make(map[uint]struct{}, len(pp.ApplicableQueries))\n\tfor _, cols := range pp.ApplicableQueries {\n\t\tvar colSet uint\n\t\tfor _, col := range cols {\n\t\t\tcolSet |= col.bit\n\t\t}\n\t\tpp.applicableQueries[colSet] = struct{}{}\n\t}\n}\n\ntype Table struct {\n\tnextBit uint\n\tusedNames map[string]struct{}\n}\n\nfunc NewTable() *Table {\n\treturn &Table{\n\t\tnextBit: 1,\n\t\tusedNames: make(map[string]struct{}),\n\t}\n}\n\nfunc (t *Table) NewColumn(name string) Column {\n\tdefer func() { t.nextBit = t.nextBit << 1 }()\n\tif _, exists := t.usedNames[name]; exists {\n\t\tpanic(\"column name already used: \" + name)\n\t}\n\tt.usedNames[name] = struct{}{}\n\treturn Column{\n\t\tname: name,\n\t\tbit: t.nextBit,\n\t}\n}\n\ntype Column struct {\n\tbit uint\n\tname string\n}\n\nfunc (c Column) Name() string {\n\treturn c.name\n}\n\ntype ColumnConstraint uint8\n\nconst (\n\tcolUnconstrained ColumnConstraint = iota\n\tcolConstraintEq // col = ?\n\tcolConstraintIsNull // col IS NULL\n)\n\nfunc (cs ColumnConstraint) IsConstrained() bool {\n\treturn cs == colConstraintEq || cs == colConstraintIsNull\n}\n\nfunc (cs ColumnConstraint) IsNull() bool {\n\treturn cs == colConstraintIsNull\n}\n\n// Query is used to track which column constraints are set.\ntype Query map[Column]ColumnConstraint\n\nfunc NewQuery() Query { return make(Query) }\n\nfunc (qc Query) SetEq(cols ...Column) Query {\n\treturn qc.set(colConstraintEq, cols...)\n}\n\nfunc (qc Query) SetIsNull(cols ...Column) Query {\n\treturn qc.set(colConstraintIsNull, cols...)\n}\n\nfunc (qc Query) set(c ColumnConstraint, cols ...Column) Query {\n\tfor _, col := range cols {\n\t\tqc[col] = c\n\t}\n\treturn qc\n}\n\nfunc (qc Query) colByName(name string) (ColumnConstraint, bool) {\n\tfor col, constraint := range qc {\n\t\tif col.name == name {\n\t\t\treturn constraint, true\n\t\t}\n\t}\n\treturn colUnconstrained, false\n}\n\nfunc (qc Query) constrainedCols() uint {\n\tvar cols uint\n\tfor col, state := range qc {\n\t\tif !state.IsConstrained() {\n\t\t\tcontinue\n\t\t}\n\t\tcols |= col.bit\n\t}\n\treturn cols\n}\n" }, { "path": "oryx/pagination/parse.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pagination\n\nimport (\n\t\"net/http\"\n\t\"strconv\"\n)\n\n// Parse parses limit and offset from *http.Request with given limits and defaults.\nfunc Parse(r *http.Request, defaultLimit, defaultOffset, maxLimit int) (int, int) {\n\tvar offset, limit int\n\n\tif offsetParam := r.URL.Query().Get(\"offset\"); offsetParam == \"\" {\n\t\toffset = defaultOffset\n\t} else {\n\t\tif offset64, err := strconv.ParseInt(offsetParam, 10, 64); err != nil {\n\t\t\toffset = defaultOffset\n\t\t} else {\n\t\t\toffset = int(offset64)\n\t\t}\n\t}\n\n\tif limitParam := r.URL.Query().Get(\"limit\"); limitParam == \"\" {\n\t\tlimit = defaultLimit\n\t} else {\n\t\tif limit64, err := strconv.ParseInt(limitParam, 10, 64); err != nil {\n\t\t\tlimit = defaultLimit\n\t\t} else {\n\t\t\tlimit = int(limit64)\n\t\t}\n\t}\n\n\tif limit > maxLimit {\n\t\tlimit = maxLimit\n\t}\n\n\tif limit < 0 {\n\t\tlimit = 0\n\t}\n\n\tif offset < 0 {\n\t\toffset = 0\n\t}\n\n\treturn limit, offset\n}\n" }, { "path": "oryx/pagination/tokenpagination/.snapshots/TestPaginationHeader-Create_next_and_last,_but_not_previous_or_first_if_at_the_beginning.json", "content": "[\n \"\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiI1MCIsInYiOjJ9\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIxMDAiLCJ2IjoyfQ\\u003e\",\n \"rel=\\\"last\\\"\"\n]\n" }, { "path": "oryx/pagination/tokenpagination/.snapshots/TestPaginationHeader-Create_only_first_if_the_limits_provided_exceeds_the_number_of_clients_found.json", "content": "[\n \"\\u003chttp://example.com?page_size=5\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u003e\",\n \"rel=\\\"first\\\"\"\n]\n" }, { "path": "oryx/pagination/tokenpagination/.snapshots/TestPaginationHeader-Create_previous,_next,_first,_and_last_if_in_the_middle.json", "content": "[\n \"\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIyMDAiLCJ2IjoyfQ\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIxMDAiLCJ2IjoyfQ\\u003e\",\n \"rel=\\\"prev\\\",\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIyNTAiLCJ2IjoyfQ\\u003e\",\n \"rel=\\\"last\\\"\"\n]\n" }, { "path": "oryx/pagination/tokenpagination/.snapshots/TestPaginationHeader-Create_previous,_next,_first,_but_not_last_if_in_the_middle_and_no_total_was_provided.json", "content": "[\n \"\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIyMDAiLCJ2IjoyfQ\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIxMDAiLCJ2IjoyfQ\\u003e\",\n \"rel=\\\"prev\\\"\"\n]\n" }, { "path": "oryx/pagination/tokenpagination/.snapshots/TestPaginationHeader-Create_previous_and_first_but_not_next_or_last_if_at_the_end.json", "content": "[\n \"\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page_size=50\\u0026page_token=eyJvZmZzZXQiOiI1MCIsInYiOjJ9\\u003e\",\n \"rel=\\\"prev\\\"\"\n]\n" }, { "path": "oryx/pagination/tokenpagination/.snapshots/TestPaginationHeader-Header_should_default_limit_to_1_no_limit_was_provided.json", "content": "[\n \"\\u003chttp://example.com?page_size=1\\u0026page_token=eyJvZmZzZXQiOiIwIiwidiI6Mn0\\u003e\",\n \"rel=\\\"first\\\",\\u003chttp://example.com?page_size=1\\u0026page_token=eyJvZmZzZXQiOiIyMSIsInYiOjJ9\\u003e\",\n \"rel=\\\"next\\\",\\u003chttp://example.com?page_size=1\\u0026page_token=eyJvZmZzZXQiOiIxOSIsInYiOjJ9\\u003e\",\n \"rel=\\\"prev\\\",\\u003chttp://example.com?page_size=1\\u0026page_token=eyJvZmZzZXQiOiI5OSIsInYiOjJ9\\u003e\",\n \"rel=\\\"last\\\"\"\n]\n" }, { "path": "oryx/pagination/tokenpagination/header.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage tokenpagination\n\n// Pagination Request Parameters\n//\n// The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as:\n// `; rel=\"{page}\"`\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model tokenPaginationRequestParameters\ntype RequestParameters struct {\n\t// Items per Page\n\t//\n\t// This is the number of items per page to return.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\t// default: 250\n\t// min: 1\n\t// max: 500\n\tPageSize int `json:\"page_size\"`\n\n\t// Next Page Token\n\t//\n\t// The next page token.\n\t// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\t//\n\t// required: false\n\t// in: query\n\tPageToken string `json:\"page_token\"`\n}\n\n// Pagination Response Header\n//\n// The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as:\n// `; rel=\"{page}\"`\n//\n// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n//\n// swagger:model tokenPaginationResponseHeaders\ntype ResponseHeaders struct {\n\t// The Link HTTP Header\n\t//\n\t// The `Link` header contains a comma-delimited list of links to the following pages:\n\t//\n\t// - first: The first page of results.\n\t// - next: The next page of results.\n\t// - prev: The previous page of results.\n\t// - last: The last page of results.\n\t//\n\t// Pages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted. Examples:\n\t//\n\t//\t; rel=\"first\",; rel=\"next\",; rel=\"prev\",; rel=\"last\"\n\t//\n\tLink string `json:\"link\"`\n\n\t// The X-Total-Count HTTP Header\n\t//\n\t// The `X-Total-Count` header contains the total number of items in the collection.\n\tTotalCount int `json:\"x-total-count\"`\n}\n" }, { "path": "oryx/pagination/tokenpagination/pagination.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage tokenpagination\n\nimport (\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/ory/x/pagination\"\n\n\t\"github.com/ory/herodot\"\n)\n\nfunc Encode(offset int64) string {\n\treturn base64.RawURLEncoding.EncodeToString([]byte(fmt.Sprintf(`{\"offset\":\"%d\",\"v\":2}`, offset)))\n}\n\nfunc decode(s string) (int, error) {\n\tb, err := base64.RawURLEncoding.DecodeString(s)\n\tif err != nil {\n\t\treturn 0, errors.WithStack(herodot.ErrBadRequest.WithWrap(err).WithReasonf(\"Unable to parse pagination token: %s\", err))\n\t}\n\n\treturn int(gjson.Get(string(b), \"offset\").Int()), nil\n}\n\ntype TokenPaginator struct {\n\tMaxItems int\n\tDefaultItems int\n}\n\nfunc (p *TokenPaginator) defaults() {\n\tif p.MaxItems == 0 {\n\t\tp.MaxItems = 1000\n\t}\n\n\tif p.DefaultItems == 0 {\n\t\tp.DefaultItems = 250\n\t}\n}\n\n// ParsePagination parses limit and page from *http.Request with given limits and defaults.\nfunc (p *TokenPaginator) ParsePagination(r *http.Request) (page, itemsPerPage int) {\n\tp.defaults()\n\n\tvar offset int\n\tif offsetParam := r.URL.Query().Get(\"page_token\"); len(offsetParam) > 0 {\n\t\toffset, _ = decode(offsetParam)\n\t}\n\n\tif gotLimit, err := strconv.ParseInt(r.URL.Query().Get(\"page_size\"), 10, 0); err == nil {\n\t\titemsPerPage = int(gotLimit)\n\t} else {\n\t\titemsPerPage = p.DefaultItems\n\t}\n\n\tif itemsPerPage > p.MaxItems {\n\t\titemsPerPage = p.MaxItems\n\t}\n\n\tif itemsPerPage < 1 {\n\t\titemsPerPage = 1\n\t}\n\n\tif offset > 0 {\n\t\tpage = offset / itemsPerPage\n\t}\n\n\tif page < 0 {\n\t\tpage = 0\n\t}\n\n\treturn\n}\n\nfunc header(u *url.URL, rel string, itemsPerPage, offset int64) string {\n\tq := u.Query()\n\tq.Set(\"page_size\", fmt.Sprintf(\"%d\", itemsPerPage))\n\tq.Set(\"page_token\", Encode(offset))\n\tu.RawQuery = q.Encode()\n\treturn fmt.Sprintf(\"<%s>; rel=\\\"%s\\\"\", u.String(), rel)\n}\n\nfunc PaginationHeader(w http.ResponseWriter, u *url.URL, total int64, page, itemsPerPage int) {\n\tpagination.HeaderWithFormatter(w, u, total, page, itemsPerPage, header)\n}\n" }, { "path": "oryx/pointerx/pointerx.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage pointerx\n\n// Deref returns the input values de-referenced value, or zero value if nil.\nfunc Deref[T any](p *T) T {\n\tif p == nil {\n\t\tvar zero T\n\t\treturn zero\n\t}\n\treturn *p\n}\n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-final_status.txt", "content": "stdout: Version\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\n20191100000002000000\trequests\t\t\t\tApplied\t\n20191100000002000001\trequests\t\t\t\tApplied\t\n20191100000002000002\trequests\t\t\t\tApplied\t\n20191100000002000003\trequests\t\t\t\tApplied\t\n20191100000002000004\trequests\t\t\t\tApplied\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tApplied\t\n20201201161451000000\tcredential_types_values\t\t\tApplied\t\n20201201161451000001\tcredential_types_values\t\t\tApplied\t\n\nstderr: \n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-migrate_down_but_do_not_confirm.txt", "content": "stdout: The migration plan is as follows:\nVersion\t\t\tName\t\t\t\t\tStatus\t\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\t\n20191100000002000000\trequests\t\t\t\tApplied\t\t\n20191100000002000001\trequests\t\t\t\tApplied\t\t\n20191100000002000002\trequests\t\t\t\tApplied\t\t\n20191100000002000003\trequests\t\t\t\tApplied\t\t\n20191100000002000004\trequests\t\t\t\tApplied\t\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tRollback\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tRollback\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\t\n\nThe SQL statements to be executed from top to bottom are:\n\n------------ 20200831110752000019 - identity_verifiable_address_remove_code ------------\nUPDATE identity_verifiable_addresses SET code = substr(hex(randomblob(32)), 0, 32) WHERE code IS NULL\n\n------------ 20200831110752000018 - identity_verifiable_address_remove_code ------------\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL\n\nDo you wish to execute this migration plan? [y/n]: ------------ WARNING ------------\nMigration aborted.\n\nstderr: To skip the next question use flag --yes (at your own risk).\n\n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-migrate_down_but_no_steps.txt", "content": "stdout: The migration plan is as follows:\nVersion\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\n20191100000002000000\trequests\t\t\t\tApplied\t\n20191100000002000001\trequests\t\t\t\tApplied\t\n20191100000002000002\trequests\t\t\t\tApplied\t\n20191100000002000003\trequests\t\t\t\tApplied\t\n20191100000002000004\trequests\t\t\t\tApplied\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\n\nstderr: \nThere are apparently no migrations to roll back.\nPlease provide the --steps argument with a value larger than 0.\n\n\n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-migrate_down_four_steps.txt", "content": "stdout: The migration plan is as follows:\nVersion\t\t\tName\t\t\t\t\tStatus\t\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\t\n20191100000002000000\trequests\t\t\t\tApplied\t\t\n20191100000002000001\trequests\t\t\t\tApplied\t\t\n20191100000002000002\trequests\t\t\t\tApplied\t\t\n20191100000002000003\trequests\t\t\t\tApplied\t\t\n20191100000002000004\trequests\t\t\t\tApplied\t\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tRollback\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tRollback\t\n20201201161451000000\tcredential_types_values\t\t\tRollback\t\n20201201161451000001\tcredential_types_values\t\t\tRollback\t\n\nThe SQL statements to be executed from top to bottom are:\n\n------------ 20201201161451000001 - credential_types_values ------------\n\n\n------------ 20201201161451000000 - credential_types_values ------------\nDELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';\n\n------------ 20200831110752000021 - identity_verifiable_address_remove_code ------------\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" TEXT\n\n------------ 20200831110752000020 - identity_verifiable_address_remove_code ------------\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" DATETIME\n\n------------ SUCCESS ------------\nSuccessfully applied migrations!\n\nstderr: \n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-migrate_down_two_steps.txt", "content": "stdout: The migration plan is as follows:\nVersion\t\t\tName\t\t\t\t\tStatus\t\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\t\n20191100000002000000\trequests\t\t\t\tApplied\t\t\n20191100000002000001\trequests\t\t\t\tApplied\t\t\n20191100000002000002\trequests\t\t\t\tApplied\t\t\n20191100000002000003\trequests\t\t\t\tApplied\t\t\n20191100000002000004\trequests\t\t\t\tApplied\t\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tRollback\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tRollback\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\t\n\nThe SQL statements to be executed from top to bottom are:\n\n------------ 20200831110752000019 - identity_verifiable_address_remove_code ------------\nUPDATE identity_verifiable_addresses SET code = substr(hex(randomblob(32)), 0, 32) WHERE code IS NULL\n\n------------ 20200831110752000018 - identity_verifiable_address_remove_code ------------\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL\n\nDo you wish to execute this migration plan? [y/n]: ------------ SUCCESS ------------\nSuccessfully applied migrations!\n\nstderr: To skip the next question use flag --yes (at your own risk).\n\n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-migrate_rollbacks_up_again.txt", "content": "stdout: The migration plan is as follows:\nVersion\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\n20191100000002000000\trequests\t\t\t\tApplied\t\n20191100000002000001\trequests\t\t\t\tApplied\t\n20191100000002000002\trequests\t\t\t\tApplied\t\n20191100000002000003\trequests\t\t\t\tApplied\t\n20191100000002000004\trequests\t\t\t\tApplied\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\n\nThe SQL statements to be executed from top to bottom are:\n\n------------ 20200831110752000018 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20200831110752000019 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20200831110752000020 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20200831110752000021 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20201201161451000000 - credential_types_values ------------\nINSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password')\n\n------------ 20201201161451000001 - credential_types_values ------------\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');\n\nDo you wish to execute this migration plan? [y/n]: ------------ SUCCESS ------------\nSuccessfully applied migrations!\n\nstderr: To skip the next question use flag --yes (at your own risk).\n\n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-migrate_rollbacks_up_without_confirm.txt", "content": "stdout: The migration plan is as follows:\nVersion\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\n20191100000002000000\trequests\t\t\t\tApplied\t\n20191100000002000001\trequests\t\t\t\tApplied\t\n20191100000002000002\trequests\t\t\t\tApplied\t\n20191100000002000003\trequests\t\t\t\tApplied\t\n20191100000002000004\trequests\t\t\t\tApplied\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tApplied\t\n20201201161451000000\tcredential_types_values\t\t\tApplied\t\n20201201161451000001\tcredential_types_values\t\t\tApplied\t\n\nThe SQL statements to be executed from top to bottom are:\n\nDo you wish to execute this migration plan? [y/n]: ------------ WARNING ------------\nMigration aborted.\n\nstderr: To skip the next question use flag --yes (at your own risk).\n\n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-migrate_up.txt", "content": "stdout: The migration plan is as follows:\nVersion\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tPending\t\n20191100000001000001\tidentities\t\t\t\tPending\t\n20191100000001000002\tidentities\t\t\t\tPending\t\n20191100000001000003\tidentities\t\t\t\tPending\t\n20191100000001000004\tidentities\t\t\t\tPending\t\n20191100000001000005\tidentities\t\t\t\tPending\t\n20191100000002000000\trequests\t\t\t\tPending\t\n20191100000002000001\trequests\t\t\t\tPending\t\n20191100000002000002\trequests\t\t\t\tPending\t\n20191100000002000003\trequests\t\t\t\tPending\t\n20191100000002000004\trequests\t\t\t\tPending\t\n20191100000003000000\tsessions\t\t\t\tPending\t\n20191100000004000000\terrors\t\t\t\t\tPending\t\n20191100000006000000\tcourier\t\t\t\t\tPending\t\n20191100000007000000\terrors\t\t\t\t\tPending\t\n20191100000007000001\terrors\t\t\t\t\tPending\t\n20191100000007000002\terrors\t\t\t\t\tPending\t\n20191100000007000003\terrors\t\t\t\t\tPending\t\n20191100000008000000\tselfservice_verification\t\tPending\t\n20191100000008000001\tselfservice_verification\t\tPending\t\n20191100000008000002\tselfservice_verification\t\tPending\t\n20191100000008000003\tselfservice_verification\t\tPending\t\n20191100000008000004\tselfservice_verification\t\tPending\t\n20191100000008000005\tselfservice_verification\t\tPending\t\n20191100000010000000\terrors\t\t\t\t\tPending\t\n20191100000010000001\terrors\t\t\t\t\tPending\t\n20191100000010000002\terrors\t\t\t\t\tPending\t\n20191100000010000003\terrors\t\t\t\t\tPending\t\n20191100000010000004\terrors\t\t\t\t\tPending\t\n20191100000011000000\tcourier_body_type\t\t\tPending\t\n20191100000011000001\tcourier_body_type\t\t\tPending\t\n20191100000011000002\tcourier_body_type\t\t\tPending\t\n20191100000011000003\tcourier_body_type\t\t\tPending\t\n20191100000012000000\tlogin_request_forced\t\t\tPending\t\n20191100000012000001\tlogin_request_forced\t\t\tPending\t\n20191100000012000002\tlogin_request_forced\t\t\tPending\t\n20191100000012000003\tlogin_request_forced\t\t\tPending\t\n20200317160354000000\tcreate_profile_request_forms\t\tPending\t\n20200317160354000001\tcreate_profile_request_forms\t\tPending\t\n20200317160354000002\tcreate_profile_request_forms\t\tPending\t\n20200317160354000003\tcreate_profile_request_forms\t\tPending\t\n20200317160354000004\tcreate_profile_request_forms\t\tPending\t\n20200317160354000005\tcreate_profile_request_forms\t\tPending\t\n20200317160354000006\tcreate_profile_request_forms\t\tPending\t\n20200401183443000000\tcontinuity_containers\t\t\tPending\t\n20200402142539000000\trename_profile_flows\t\t\tPending\t\n20200402142539000001\trename_profile_flows\t\t\tPending\t\n20200402142539000002\trename_profile_flows\t\t\tPending\t\n20200519101057000000\tcreate_recovery_addresses\t\tPending\t\n20200519101057000001\tcreate_recovery_addresses\t\tPending\t\n20200519101057000002\tcreate_recovery_addresses\t\tPending\t\n20200519101057000003\tcreate_recovery_addresses\t\tPending\t\n20200519101057000004\tcreate_recovery_addresses\t\tPending\t\n20200519101057000005\tcreate_recovery_addresses\t\tPending\t\n20200519101057000006\tcreate_recovery_addresses\t\tPending\t\n20200519101057000007\tcreate_recovery_addresses\t\tPending\t\n20200601101000000000\tcreate_messages\t\t\t\tPending\t\n20200601101000000001\tcreate_messages\t\t\t\tPending\t\n20200601101000000002\tcreate_messages\t\t\t\tPending\t\n20200601101000000003\tcreate_messages\t\t\t\tPending\t\n20200605111551000000\tmessages\t\t\t\tPending\t\n20200605111551000001\tmessages\t\t\t\tPending\t\n20200605111551000002\tmessages\t\t\t\tPending\t\n20200605111551000003\tmessages\t\t\t\tPending\t\n20200605111551000004\tmessages\t\t\t\tPending\t\n20200605111551000005\tmessages\t\t\t\tPending\t\n20200605111551000006\tmessages\t\t\t\tPending\t\n20200605111551000007\tmessages\t\t\t\tPending\t\n20200605111551000008\tmessages\t\t\t\tPending\t\n20200605111551000009\tmessages\t\t\t\tPending\t\n20200605111551000010\tmessages\t\t\t\tPending\t\n20200605111551000011\tmessages\t\t\t\tPending\t\n20200607165100000000\tsettings\t\t\t\tPending\t\n20200607165100000001\tsettings\t\t\t\tPending\t\n20200607165100000002\tsettings\t\t\t\tPending\t\n20200607165100000003\tsettings\t\t\t\tPending\t\n20200607165100000004\tsettings\t\t\t\tPending\t\n20200705105359000000\trename_identities_schema\t\tPending\t\n20200810141652000000\tflow_type\t\t\t\tPending\t\n20200810141652000001\tflow_type\t\t\t\tPending\t\n20200810141652000002\tflow_type\t\t\t\tPending\t\n20200810141652000003\tflow_type\t\t\t\tPending\t\n20200810141652000004\tflow_type\t\t\t\tPending\t\n20200810141652000005\tflow_type\t\t\t\tPending\t\n20200810141652000006\tflow_type\t\t\t\tPending\t\n20200810141652000007\tflow_type\t\t\t\tPending\t\n20200810141652000008\tflow_type\t\t\t\tPending\t\n20200810141652000009\tflow_type\t\t\t\tPending\t\n20200810141652000010\tflow_type\t\t\t\tPending\t\n20200810141652000011\tflow_type\t\t\t\tPending\t\n20200810141652000012\tflow_type\t\t\t\tPending\t\n20200810141652000013\tflow_type\t\t\t\tPending\t\n20200810141652000014\tflow_type\t\t\t\tPending\t\n20200810141652000015\tflow_type\t\t\t\tPending\t\n20200810141652000016\tflow_type\t\t\t\tPending\t\n20200810141652000017\tflow_type\t\t\t\tPending\t\n20200810141652000018\tflow_type\t\t\t\tPending\t\n20200810141652000019\tflow_type\t\t\t\tPending\t\n20200810161022000000\tflow_rename\t\t\t\tPending\t\n20200810161022000001\tflow_rename\t\t\t\tPending\t\n20200810161022000002\tflow_rename\t\t\t\tPending\t\n20200810161022000003\tflow_rename\t\t\t\tPending\t\n20200810161022000004\tflow_rename\t\t\t\tPending\t\n20200810161022000005\tflow_rename\t\t\t\tPending\t\n20200810161022000006\tflow_rename\t\t\t\tPending\t\n20200810161022000007\tflow_rename\t\t\t\tPending\t\n20200810161022000008\tflow_rename\t\t\t\tPending\t\n20200810162450000000\tflow_fields_rename\t\t\tPending\t\n20200810162450000001\tflow_fields_rename\t\t\tPending\t\n20200810162450000002\tflow_fields_rename\t\t\tPending\t\n20200810162450000003\tflow_fields_rename\t\t\tPending\t\n20200812124254000000\tadd_session_token\t\t\tPending\t\n20200812124254000001\tadd_session_token\t\t\tPending\t\n20200812124254000002\tadd_session_token\t\t\tPending\t\n20200812124254000003\tadd_session_token\t\t\tPending\t\n20200812124254000004\tadd_session_token\t\t\tPending\t\n20200812124254000005\tadd_session_token\t\t\tPending\t\n20200812124254000006\tadd_session_token\t\t\tPending\t\n20200812124254000007\tadd_session_token\t\t\tPending\t\n20200812160551000000\tadd_session_revoke\t\t\tPending\t\n20200812160551000001\tadd_session_revoke\t\t\tPending\t\n20200812160551000002\tadd_session_revoke\t\t\tPending\t\n20200812160551000003\tadd_session_revoke\t\t\tPending\t\n20200812160551000004\tadd_session_revoke\t\t\tPending\t\n20200812160551000005\tadd_session_revoke\t\t\tPending\t\n20200812160551000006\tadd_session_revoke\t\t\tPending\t\n20200812160551000007\tadd_session_revoke\t\t\tPending\t\n20200830121710000000\tupdate_recovery_token\t\t\tPending\t\n20200830130642000000\tadd_verification_methods\t\tPending\t\n20200830130642000001\tadd_verification_methods\t\tPending\t\n20200830130642000002\tadd_verification_methods\t\tPending\t\n20200830130642000003\tadd_verification_methods\t\tPending\t\n20200830130642000004\tadd_verification_methods\t\tPending\t\n20200830130642000005\tadd_verification_methods\t\tPending\t\n20200830130642000006\tadd_verification_methods\t\tPending\t\n20200830130642000007\tadd_verification_methods\t\tPending\t\n20200830130642000008\tadd_verification_methods\t\tPending\t\n20200830130642000009\tadd_verification_methods\t\tPending\t\n20200830130642000010\tadd_verification_methods\t\tPending\t\n20200830130643000000\tadd_verification_methods\t\tPending\t\n20200830130644000000\tadd_verification_methods\t\tPending\t\n20200830130644000001\tadd_verification_methods\t\tPending\t\n20200830130645000000\tadd_verification_methods\t\tPending\t\n20200830130646000000\tadd_verification_methods\t\tPending\t\n20200830130646000001\tadd_verification_methods\t\tPending\t\n20200830130646000002\tadd_verification_methods\t\tPending\t\n20200830130646000003\tadd_verification_methods\t\tPending\t\n20200830130646000004\tadd_verification_methods\t\tPending\t\n20200830130646000005\tadd_verification_methods\t\tPending\t\n20200830130646000006\tadd_verification_methods\t\tPending\t\n20200830130646000007\tadd_verification_methods\t\tPending\t\n20200830130646000008\tadd_verification_methods\t\tPending\t\n20200830130646000009\tadd_verification_methods\t\tPending\t\n20200830130646000010\tadd_verification_methods\t\tPending\t\n20200830130646000011\tadd_verification_methods\t\tPending\t\n20200830154602000000\tadd_verification_token\t\t\tPending\t\n20200830154602000001\tadd_verification_token\t\t\tPending\t\n20200830154602000002\tadd_verification_token\t\t\tPending\t\n20200830154602000003\tadd_verification_token\t\t\tPending\t\n20200830154602000004\tadd_verification_token\t\t\tPending\t\n20200830172221000000\trecovery_token_expires\t\t\tPending\t\n20200830172221000001\trecovery_token_expires\t\t\tPending\t\n20200830172221000002\trecovery_token_expires\t\t\tPending\t\n20200830172221000003\trecovery_token_expires\t\t\tPending\t\n20200830172221000004\trecovery_token_expires\t\t\tPending\t\n20200830172221000005\trecovery_token_expires\t\t\tPending\t\n20200830172221000006\trecovery_token_expires\t\t\tPending\t\n20200830172221000007\trecovery_token_expires\t\t\tPending\t\n20200830172221000008\trecovery_token_expires\t\t\tPending\t\n20200830172221000009\trecovery_token_expires\t\t\tPending\t\n20200830172221000010\trecovery_token_expires\t\t\tPending\t\n20200830172221000011\trecovery_token_expires\t\t\tPending\t\n20200830172221000012\trecovery_token_expires\t\t\tPending\t\n20200830172221000013\trecovery_token_expires\t\t\tPending\t\n20200830172221000014\trecovery_token_expires\t\t\tPending\t\n20200830172221000015\trecovery_token_expires\t\t\tPending\t\n20200830172221000016\trecovery_token_expires\t\t\tPending\t\n20200830172221000017\trecovery_token_expires\t\t\tPending\t\n20200830172221000018\trecovery_token_expires\t\t\tPending\t\n20200830172221000019\trecovery_token_expires\t\t\tPending\t\n20200830172221000020\trecovery_token_expires\t\t\tPending\t\n20200830172221000021\trecovery_token_expires\t\t\tPending\t\n20200830172221000022\trecovery_token_expires\t\t\tPending\t\n20200830172221000023\trecovery_token_expires\t\t\tPending\t\n20200830172221000024\trecovery_token_expires\t\t\tPending\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\n\nThe SQL statements to be executed from top to bottom are:\n\n------------ 20191100000001000000 - identities ------------\nCREATE TABLE \"identities\" (\n\"id\" TEXT PRIMARY KEY,\n\"traits_schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)\n\n------------ 20191100000001000001 - identities ------------\nCREATE TABLE \"identity_credential_types\" (\n\"id\" TEXT PRIMARY KEY,\n\"name\" TEXT NOT NULL\n)\n\n------------ 20191100000001000002 - identities ------------\nCREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name)\n\n------------ 20191100000001000003 - identities ------------\nCREATE TABLE \"identity_credentials\" (\n\"id\" TEXT PRIMARY KEY,\n\"config\" TEXT NOT NULL,\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade,\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON DELETE cascade\n)\n\n------------ 20191100000001000004 - identities ------------\nCREATE TABLE \"identity_credential_identifiers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON DELETE cascade\n)\n\n------------ 20191100000001000005 - identities ------------\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);\n\n------------ 20191100000002000000 - requests ------------\nCREATE TABLE \"selfservice_login_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)\n\n------------ 20191100000002000001 - requests ------------\nCREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_login_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_login_request_id) REFERENCES selfservice_login_requests (id) ON DELETE cascade\n)\n\n------------ 20191100000002000002 - requests ------------\nCREATE TABLE \"selfservice_registration_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)\n\n------------ 20191100000002000003 - requests ------------\nCREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_registration_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_registration_request_id) REFERENCES selfservice_registration_requests (id) ON DELETE cascade\n)\n\n------------ 20191100000002000004 - requests ------------\nCREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);\n\n------------ 20191100000003000000 - sessions ------------\nCREATE TABLE \"sessions\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);\n\n------------ 20191100000004000000 - errors ------------\nCREATE TABLE \"selfservice_errors\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\n\n------------ 20191100000006000000 - courier ------------\nCREATE TABLE \"courier_messages\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\n\n------------ 20191100000007000000 - errors ------------\nALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" TEXT NOT NULL DEFAULT '';\n\n------------ 20191100000007000001 - errors ------------\n\n\n------------ 20191100000007000002 - errors ------------\n\n\n------------ 20191100000007000003 - errors ------------\n\n\n------------ 20191100000008000000 - selfservice_verification ------------\nCREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"code\" TEXT NOT NULL,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n)\n\n------------ 20191100000008000001 - selfservice_verification ------------\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code)\n\n------------ 20191100000008000002 - selfservice_verification ------------\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code)\n\n------------ 20191100000008000003 - selfservice_verification ------------\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value)\n\n------------ 20191100000008000004 - selfservice_verification ------------\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value)\n\n------------ 20191100000008000005 - selfservice_verification ------------\nCREATE TABLE \"selfservice_verification_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\n\n------------ 20191100000010000000 - errors ------------\nCREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n)\n\n------------ 20191100000010000001 - errors ------------\nINSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\"\n\n------------ 20191100000010000002 - errors ------------\nDROP TABLE \"selfservice_errors\"\n\n------------ 20191100000010000003 - errors ------------\nALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";\n\n------------ 20191100000010000004 - errors ------------\n\n\n------------ 20191100000011000000 - courier_body_type ------------\nCREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)\n\n------------ 20191100000011000001 - courier_body_type ------------\nINSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at) SELECT id, type, status, body, subject, recipient, created_at, updated_at FROM \"courier_messages\"\n\n------------ 20191100000011000002 - courier_body_type ------------\nDROP TABLE \"courier_messages\"\n\n------------ 20191100000011000003 - courier_body_type ------------\nALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";\n\n------------ 20191100000012000000 - login_request_forced ------------\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';\n\n------------ 20191100000012000001 - login_request_forced ------------\n\n\n------------ 20191100000012000002 - login_request_forced ------------\n\n\n------------ 20191100000012000003 - login_request_forced ------------\n\n\n------------ 20200317160354000000 - create_profile_request_forms ------------\nCREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_profile_management_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)\n\n------------ 20200317160354000001 - create_profile_request_forms ------------\nALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" TEXT\n\n------------ 20200317160354000002 - create_profile_request_forms ------------\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests\n\n------------ 20200317160354000003 - create_profile_request_forms ------------\nCREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)\n\n------------ 20200317160354000004 - create_profile_request_forms ------------\nINSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) SELECT id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method FROM \"selfservice_profile_management_requests\"\n\n------------ 20200317160354000005 - create_profile_request_forms ------------\n\nDROP TABLE \"selfservice_profile_management_requests\"\n\n------------ 20200317160354000006 - create_profile_request_forms ------------\nALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";\n\n------------ 20200401183443000000 - continuity_containers ------------\nCREATE TABLE \"continuity_containers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identity_id\" char(36),\n\"name\" TEXT NOT NULL,\n\"payload\" TEXT,\n\"expires_at\" DATETIME NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);\n\n------------ 20200402142539000000 - rename_profile_flows ------------\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\"\n\n------------ 20200402142539000001 - rename_profile_flows ------------\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\"\n\n------------ 20200402142539000002 - rename_profile_flows ------------\nALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";\n\n------------ 20200519101057000000 - create_recovery_addresses ------------\nCREATE TABLE \"identity_recovery_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"via\" TEXT NOT NULL,\n\"value\" TEXT NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n)\n\n------------ 20200519101057000001 - create_recovery_addresses ------------\nCREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value)\n\n------------ 20200519101057000002 - create_recovery_addresses ------------\nCREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value)\n\n------------ 20200519101057000003 - create_recovery_addresses ------------\nCREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON DELETE cascade\n)\n\n------------ 20200519101057000004 - create_recovery_addresses ------------\nCREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"config\" TEXT NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n)\n\n------------ 20200519101057000005 - create_recovery_addresses ------------\nCREATE TABLE \"identity_recovery_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n)\n\n------------ 20200519101057000006 - create_recovery_addresses ------------\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token)\n\n------------ 20200519101057000007 - create_recovery_addresses ------------\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);\n\n------------ 20200601101000000000 - create_messages ------------\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" TEXT;\n\n------------ 20200601101000000001 - create_messages ------------\n\n\n------------ 20200601101000000002 - create_messages ------------\n\n\n------------ 20200601101000000003 - create_messages ------------\n\n\n------------ 20200605111551000000 - messages ------------\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" TEXT\n\n------------ 20200605111551000001 - messages ------------\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" TEXT\n\n------------ 20200605111551000002 - messages ------------\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" TEXT;\n\n------------ 20200605111551000003 - messages ------------\n\n\n------------ 20200605111551000004 - messages ------------\n\n\n------------ 20200605111551000005 - messages ------------\n\n\n------------ 20200605111551000006 - messages ------------\n\n\n------------ 20200605111551000007 - messages ------------\n\n\n------------ 20200605111551000008 - messages ------------\n\n\n------------ 20200605111551000009 - messages ------------\n\n\n------------ 20200605111551000010 - messages ------------\n\n\n------------ 20200605111551000011 - messages ------------\n\n\n------------ 20200607165100000000 - settings ------------\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form'\n\n------------ 20200607165100000001 - settings ------------\nCREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)\n\n------------ 20200607165100000002 - settings ------------\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\"\n\n------------ 20200607165100000003 - settings ------------\n\nDROP TABLE \"selfservice_settings_requests\"\n\n------------ 20200607165100000004 - settings ------------\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";\n\n------------ 20200705105359000000 - rename_identities_schema ------------\nALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";\n\n------------ 20200810141652000000 - flow_type ------------\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'\n\n------------ 20200810141652000001 - flow_type ------------\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'\n\n------------ 20200810141652000002 - flow_type ------------\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'\n\n------------ 20200810141652000003 - flow_type ------------\nALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'\n\n------------ 20200810141652000004 - flow_type ------------\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\n\n------------ 20200810141652000005 - flow_type ------------\n\n\n------------ 20200810141652000006 - flow_type ------------\n\n\n------------ 20200810141652000007 - flow_type ------------\n\n\n------------ 20200810141652000008 - flow_type ------------\n\n\n------------ 20200810141652000009 - flow_type ------------\n\n\n------------ 20200810141652000010 - flow_type ------------\n\n\n------------ 20200810141652000011 - flow_type ------------\n\n\n------------ 20200810141652000012 - flow_type ------------\n\n\n------------ 20200810141652000013 - flow_type ------------\n\n\n------------ 20200810141652000014 - flow_type ------------\n\n\n------------ 20200810141652000015 - flow_type ------------\n\n\n------------ 20200810141652000016 - flow_type ------------\n\n\n------------ 20200810141652000017 - flow_type ------------\n\n\n------------ 20200810141652000018 - flow_type ------------\n\n\n------------ 20200810141652000019 - flow_type ------------\n\n\n------------ 20200810161022000000 - flow_rename ------------\nALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\"\n\n------------ 20200810161022000001 - flow_rename ------------\nALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\"\n\n------------ 20200810161022000002 - flow_rename ------------\nALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\"\n\n------------ 20200810161022000003 - flow_rename ------------\nALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\"\n\n------------ 20200810161022000004 - flow_rename ------------\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\"\n\n------------ 20200810161022000005 - flow_rename ------------\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\"\n\n------------ 20200810161022000006 - flow_rename ------------\nALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\"\n\n------------ 20200810161022000007 - flow_rename ------------\nALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\"\n\n------------ 20200810161022000008 - flow_rename ------------\nALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";\n\n------------ 20200810162450000000 - flow_fields_rename ------------\nALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\"\n\n------------ 20200810162450000001 - flow_fields_rename ------------\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\"\n\n------------ 20200810162450000002 - flow_fields_rename ------------\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\"\n\n------------ 20200810162450000003 - flow_fields_rename ------------\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";\n\n------------ 20200812124254000000 - add_session_token ------------\nDELETE FROM sessions\n\n------------ 20200812124254000001 - add_session_token ------------\nALTER TABLE \"sessions\" ADD COLUMN \"token\" TEXT\n\n------------ 20200812124254000002 - add_session_token ------------\nCREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)\n\n------------ 20200812124254000003 - add_session_token ------------\nINSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\"\n\n------------ 20200812124254000004 - add_session_token ------------\nDROP TABLE \"sessions\"\n\n------------ 20200812124254000005 - add_session_token ------------\nALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\"\n\n------------ 20200812124254000006 - add_session_token ------------\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token)\n\n------------ 20200812124254000007 - add_session_token ------------\nCREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);\n\n------------ 20200812160551000000 - add_session_revoke ------------\nALTER TABLE \"sessions\" ADD COLUMN \"active\" NUMERIC DEFAULT 'false';\n\n------------ 20200812160551000001 - add_session_revoke ------------\n\n\n------------ 20200812160551000002 - add_session_revoke ------------\n\n\n------------ 20200812160551000003 - add_session_revoke ------------\n\n\n------------ 20200812160551000004 - add_session_revoke ------------\n\n\n------------ 20200812160551000005 - add_session_revoke ------------\n\n\n------------ 20200812160551000006 - add_session_revoke ------------\n\n\n------------ 20200812160551000007 - add_session_revoke ------------\n\n\n------------ 20200830121710000000 - update_recovery_token ------------\nALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";\n\n------------ 20200830130642000000 - add_verification_methods ------------\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';\n\n------------ 20200830130642000001 - add_verification_methods ------------\n\n\n------------ 20200830130642000002 - add_verification_methods ------------\n\n\n------------ 20200830130642000003 - add_verification_methods ------------\n\n\n------------ 20200830130642000004 - add_verification_methods ------------\n\n\n------------ 20200830130642000005 - add_verification_methods ------------\n\n\n------------ 20200830130642000006 - add_verification_methods ------------\n\n\n------------ 20200830130642000007 - add_verification_methods ------------\n\n\n------------ 20200830130642000008 - add_verification_methods ------------\n\n\n------------ 20200830130642000009 - add_verification_methods ------------\n\n\n------------ 20200830130642000010 - add_verification_methods ------------\n\n\n------------ 20200830130643000000 - add_verification_methods ------------\nUPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;\n\n------------ 20200830130644000000 - add_verification_methods ------------\nCREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_verification_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)\n\n------------ 20200830130644000001 - add_verification_methods ------------\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" TEXT;\n\n------------ 20200830130645000000 - add_verification_methods ------------\nINSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;\n\n------------ 20200830130646000000 - add_verification_methods ------------\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n)\n\n------------ 20200830130646000001 - add_verification_methods ------------\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\"\n\n------------ 20200830130646000002 - add_verification_methods ------------\n\nDROP TABLE \"selfservice_verification_flows\"\n\n------------ 20200830130646000003 - add_verification_methods ------------\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\"\n\n------------ 20200830130646000004 - add_verification_methods ------------\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n)\n\n------------ 20200830130646000005 - add_verification_methods ------------\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\"\n\n------------ 20200830130646000006 - add_verification_methods ------------\n\nDROP TABLE \"selfservice_verification_flows\"\n\n------------ 20200830130646000007 - add_verification_methods ------------\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\"\n\n------------ 20200830130646000008 - add_verification_methods ------------\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n)\n\n------------ 20200830130646000009 - add_verification_methods ------------\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\"\n\n------------ 20200830130646000010 - add_verification_methods ------------\n\nDROP TABLE \"selfservice_verification_flows\"\n\n------------ 20200830130646000011 - add_verification_methods ------------\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\n\n------------ 20200830154602000000 - add_verification_token ------------\nCREATE TABLE \"identity_verification_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON DELETE cascade\n)\n\n------------ 20200830154602000001 - add_verification_token ------------\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token)\n\n------------ 20200830154602000002 - add_verification_token ------------\nCREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token)\n\n------------ 20200830154602000003 - add_verification_token ------------\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id)\n\n------------ 20200830154602000004 - add_verification_token ------------\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);\n\n------------ 20200830172221000000 - recovery_token_expires ------------\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00'\n\n------------ 20200830172221000001 - recovery_token_expires ------------\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00'\n\n------------ 20200830172221000002 - recovery_token_expires ------------\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\"\n\n------------ 20200830172221000003 - recovery_token_expires ------------\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\"\n\n------------ 20200830172221000004 - recovery_token_expires ------------\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)\n\n------------ 20200830172221000005 - recovery_token_expires ------------\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token)\n\n------------ 20200830172221000006 - recovery_token_expires ------------\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token)\n\n------------ 20200830172221000007 - recovery_token_expires ------------\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\"\n\n------------ 20200830172221000008 - recovery_token_expires ------------\nDROP TABLE \"identity_recovery_tokens\"\n\n------------ 20200830172221000009 - recovery_token_expires ------------\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";\n\n------------ 20200830172221000010 - recovery_token_expires ------------\n\n\n------------ 20200830172221000011 - recovery_token_expires ------------\n\n\n------------ 20200830172221000012 - recovery_token_expires ------------\n\n\n------------ 20200830172221000013 - recovery_token_expires ------------\n\n\n------------ 20200830172221000014 - recovery_token_expires ------------\n\n\n------------ 20200830172221000015 - recovery_token_expires ------------\n\n\n------------ 20200830172221000016 - recovery_token_expires ------------\n\n\n------------ 20200830172221000017 - recovery_token_expires ------------\n\n\n------------ 20200830172221000018 - recovery_token_expires ------------\n\n\n------------ 20200830172221000019 - recovery_token_expires ------------\n\n\n------------ 20200830172221000020 - recovery_token_expires ------------\n\n\n------------ 20200830172221000021 - recovery_token_expires ------------\n\n\n------------ 20200830172221000022 - recovery_token_expires ------------\n\n\n------------ 20200830172221000023 - recovery_token_expires ------------\n\n\n------------ 20200830172221000024 - recovery_token_expires ------------\n\n\n------------ 20200831110752000000 - identity_verifiable_address_remove_code ------------\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\"\n\n------------ 20200831110752000001 - identity_verifiable_address_remove_code ------------\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\"\n\n------------ 20200831110752000002 - identity_verifiable_address_remove_code ------------\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\"\n\n------------ 20200831110752000003 - identity_verifiable_address_remove_code ------------\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\"\n\n------------ 20200831110752000004 - identity_verifiable_address_remove_code ------------\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)\n\n------------ 20200831110752000005 - identity_verifiable_address_remove_code ------------\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)\n\n------------ 20200831110752000006 - identity_verifiable_address_remove_code ------------\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)\n\n------------ 20200831110752000007 - identity_verifiable_address_remove_code ------------\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\"\n\n------------ 20200831110752000008 - identity_verifiable_address_remove_code ------------\n\nDROP TABLE \"identity_verifiable_addresses\"\n\n------------ 20200831110752000009 - identity_verifiable_address_remove_code ------------\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\"\n\n------------ 20200831110752000010 - identity_verifiable_address_remove_code ------------\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\"\n\n------------ 20200831110752000011 - identity_verifiable_address_remove_code ------------\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\"\n\n------------ 20200831110752000012 - identity_verifiable_address_remove_code ------------\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)\n\n------------ 20200831110752000013 - identity_verifiable_address_remove_code ------------\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)\n\n------------ 20200831110752000014 - identity_verifiable_address_remove_code ------------\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)\n\n------------ 20200831110752000015 - identity_verifiable_address_remove_code ------------\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\"\n\n------------ 20200831110752000016 - identity_verifiable_address_remove_code ------------\n\nDROP TABLE \"identity_verifiable_addresses\"\n\n------------ 20200831110752000017 - identity_verifiable_address_remove_code ------------\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";\n\n------------ 20200831110752000018 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20200831110752000019 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20200831110752000020 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20200831110752000021 - identity_verifiable_address_remove_code ------------\n\n\n------------ 20201201161451000000 - credential_types_values ------------\nINSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password')\n\n------------ 20201201161451000001 - credential_types_values ------------\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');\n\n------------ SUCCESS ------------\nSuccessfully applied migrations!\n\nstderr: \n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-status_migrated.txt", "content": "stdout: Version\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\n20191100000002000000\trequests\t\t\t\tApplied\t\n20191100000002000001\trequests\t\t\t\tApplied\t\n20191100000002000002\trequests\t\t\t\tApplied\t\n20191100000002000003\trequests\t\t\t\tApplied\t\n20191100000002000004\trequests\t\t\t\tApplied\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tApplied\t\n20201201161451000000\tcredential_types_values\t\t\tApplied\t\n20201201161451000001\tcredential_types_values\t\t\tApplied\t\n\nstderr: \n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-status_pre.txt", "content": "stdout: Version\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tPending\t\n20191100000001000001\tidentities\t\t\t\tPending\t\n20191100000001000002\tidentities\t\t\t\tPending\t\n20191100000001000003\tidentities\t\t\t\tPending\t\n20191100000001000004\tidentities\t\t\t\tPending\t\n20191100000001000005\tidentities\t\t\t\tPending\t\n20191100000002000000\trequests\t\t\t\tPending\t\n20191100000002000001\trequests\t\t\t\tPending\t\n20191100000002000002\trequests\t\t\t\tPending\t\n20191100000002000003\trequests\t\t\t\tPending\t\n20191100000002000004\trequests\t\t\t\tPending\t\n20191100000003000000\tsessions\t\t\t\tPending\t\n20191100000004000000\terrors\t\t\t\t\tPending\t\n20191100000006000000\tcourier\t\t\t\t\tPending\t\n20191100000007000000\terrors\t\t\t\t\tPending\t\n20191100000007000001\terrors\t\t\t\t\tPending\t\n20191100000007000002\terrors\t\t\t\t\tPending\t\n20191100000007000003\terrors\t\t\t\t\tPending\t\n20191100000008000000\tselfservice_verification\t\tPending\t\n20191100000008000001\tselfservice_verification\t\tPending\t\n20191100000008000002\tselfservice_verification\t\tPending\t\n20191100000008000003\tselfservice_verification\t\tPending\t\n20191100000008000004\tselfservice_verification\t\tPending\t\n20191100000008000005\tselfservice_verification\t\tPending\t\n20191100000010000000\terrors\t\t\t\t\tPending\t\n20191100000010000001\terrors\t\t\t\t\tPending\t\n20191100000010000002\terrors\t\t\t\t\tPending\t\n20191100000010000003\terrors\t\t\t\t\tPending\t\n20191100000010000004\terrors\t\t\t\t\tPending\t\n20191100000011000000\tcourier_body_type\t\t\tPending\t\n20191100000011000001\tcourier_body_type\t\t\tPending\t\n20191100000011000002\tcourier_body_type\t\t\tPending\t\n20191100000011000003\tcourier_body_type\t\t\tPending\t\n20191100000012000000\tlogin_request_forced\t\t\tPending\t\n20191100000012000001\tlogin_request_forced\t\t\tPending\t\n20191100000012000002\tlogin_request_forced\t\t\tPending\t\n20191100000012000003\tlogin_request_forced\t\t\tPending\t\n20200317160354000000\tcreate_profile_request_forms\t\tPending\t\n20200317160354000001\tcreate_profile_request_forms\t\tPending\t\n20200317160354000002\tcreate_profile_request_forms\t\tPending\t\n20200317160354000003\tcreate_profile_request_forms\t\tPending\t\n20200317160354000004\tcreate_profile_request_forms\t\tPending\t\n20200317160354000005\tcreate_profile_request_forms\t\tPending\t\n20200317160354000006\tcreate_profile_request_forms\t\tPending\t\n20200401183443000000\tcontinuity_containers\t\t\tPending\t\n20200402142539000000\trename_profile_flows\t\t\tPending\t\n20200402142539000001\trename_profile_flows\t\t\tPending\t\n20200402142539000002\trename_profile_flows\t\t\tPending\t\n20200519101057000000\tcreate_recovery_addresses\t\tPending\t\n20200519101057000001\tcreate_recovery_addresses\t\tPending\t\n20200519101057000002\tcreate_recovery_addresses\t\tPending\t\n20200519101057000003\tcreate_recovery_addresses\t\tPending\t\n20200519101057000004\tcreate_recovery_addresses\t\tPending\t\n20200519101057000005\tcreate_recovery_addresses\t\tPending\t\n20200519101057000006\tcreate_recovery_addresses\t\tPending\t\n20200519101057000007\tcreate_recovery_addresses\t\tPending\t\n20200601101000000000\tcreate_messages\t\t\t\tPending\t\n20200601101000000001\tcreate_messages\t\t\t\tPending\t\n20200601101000000002\tcreate_messages\t\t\t\tPending\t\n20200601101000000003\tcreate_messages\t\t\t\tPending\t\n20200605111551000000\tmessages\t\t\t\tPending\t\n20200605111551000001\tmessages\t\t\t\tPending\t\n20200605111551000002\tmessages\t\t\t\tPending\t\n20200605111551000003\tmessages\t\t\t\tPending\t\n20200605111551000004\tmessages\t\t\t\tPending\t\n20200605111551000005\tmessages\t\t\t\tPending\t\n20200605111551000006\tmessages\t\t\t\tPending\t\n20200605111551000007\tmessages\t\t\t\tPending\t\n20200605111551000008\tmessages\t\t\t\tPending\t\n20200605111551000009\tmessages\t\t\t\tPending\t\n20200605111551000010\tmessages\t\t\t\tPending\t\n20200605111551000011\tmessages\t\t\t\tPending\t\n20200607165100000000\tsettings\t\t\t\tPending\t\n20200607165100000001\tsettings\t\t\t\tPending\t\n20200607165100000002\tsettings\t\t\t\tPending\t\n20200607165100000003\tsettings\t\t\t\tPending\t\n20200607165100000004\tsettings\t\t\t\tPending\t\n20200705105359000000\trename_identities_schema\t\tPending\t\n20200810141652000000\tflow_type\t\t\t\tPending\t\n20200810141652000001\tflow_type\t\t\t\tPending\t\n20200810141652000002\tflow_type\t\t\t\tPending\t\n20200810141652000003\tflow_type\t\t\t\tPending\t\n20200810141652000004\tflow_type\t\t\t\tPending\t\n20200810141652000005\tflow_type\t\t\t\tPending\t\n20200810141652000006\tflow_type\t\t\t\tPending\t\n20200810141652000007\tflow_type\t\t\t\tPending\t\n20200810141652000008\tflow_type\t\t\t\tPending\t\n20200810141652000009\tflow_type\t\t\t\tPending\t\n20200810141652000010\tflow_type\t\t\t\tPending\t\n20200810141652000011\tflow_type\t\t\t\tPending\t\n20200810141652000012\tflow_type\t\t\t\tPending\t\n20200810141652000013\tflow_type\t\t\t\tPending\t\n20200810141652000014\tflow_type\t\t\t\tPending\t\n20200810141652000015\tflow_type\t\t\t\tPending\t\n20200810141652000016\tflow_type\t\t\t\tPending\t\n20200810141652000017\tflow_type\t\t\t\tPending\t\n20200810141652000018\tflow_type\t\t\t\tPending\t\n20200810141652000019\tflow_type\t\t\t\tPending\t\n20200810161022000000\tflow_rename\t\t\t\tPending\t\n20200810161022000001\tflow_rename\t\t\t\tPending\t\n20200810161022000002\tflow_rename\t\t\t\tPending\t\n20200810161022000003\tflow_rename\t\t\t\tPending\t\n20200810161022000004\tflow_rename\t\t\t\tPending\t\n20200810161022000005\tflow_rename\t\t\t\tPending\t\n20200810161022000006\tflow_rename\t\t\t\tPending\t\n20200810161022000007\tflow_rename\t\t\t\tPending\t\n20200810161022000008\tflow_rename\t\t\t\tPending\t\n20200810162450000000\tflow_fields_rename\t\t\tPending\t\n20200810162450000001\tflow_fields_rename\t\t\tPending\t\n20200810162450000002\tflow_fields_rename\t\t\tPending\t\n20200810162450000003\tflow_fields_rename\t\t\tPending\t\n20200812124254000000\tadd_session_token\t\t\tPending\t\n20200812124254000001\tadd_session_token\t\t\tPending\t\n20200812124254000002\tadd_session_token\t\t\tPending\t\n20200812124254000003\tadd_session_token\t\t\tPending\t\n20200812124254000004\tadd_session_token\t\t\tPending\t\n20200812124254000005\tadd_session_token\t\t\tPending\t\n20200812124254000006\tadd_session_token\t\t\tPending\t\n20200812124254000007\tadd_session_token\t\t\tPending\t\n20200812160551000000\tadd_session_revoke\t\t\tPending\t\n20200812160551000001\tadd_session_revoke\t\t\tPending\t\n20200812160551000002\tadd_session_revoke\t\t\tPending\t\n20200812160551000003\tadd_session_revoke\t\t\tPending\t\n20200812160551000004\tadd_session_revoke\t\t\tPending\t\n20200812160551000005\tadd_session_revoke\t\t\tPending\t\n20200812160551000006\tadd_session_revoke\t\t\tPending\t\n20200812160551000007\tadd_session_revoke\t\t\tPending\t\n20200830121710000000\tupdate_recovery_token\t\t\tPending\t\n20200830130642000000\tadd_verification_methods\t\tPending\t\n20200830130642000001\tadd_verification_methods\t\tPending\t\n20200830130642000002\tadd_verification_methods\t\tPending\t\n20200830130642000003\tadd_verification_methods\t\tPending\t\n20200830130642000004\tadd_verification_methods\t\tPending\t\n20200830130642000005\tadd_verification_methods\t\tPending\t\n20200830130642000006\tadd_verification_methods\t\tPending\t\n20200830130642000007\tadd_verification_methods\t\tPending\t\n20200830130642000008\tadd_verification_methods\t\tPending\t\n20200830130642000009\tadd_verification_methods\t\tPending\t\n20200830130642000010\tadd_verification_methods\t\tPending\t\n20200830130643000000\tadd_verification_methods\t\tPending\t\n20200830130644000000\tadd_verification_methods\t\tPending\t\n20200830130644000001\tadd_verification_methods\t\tPending\t\n20200830130645000000\tadd_verification_methods\t\tPending\t\n20200830130646000000\tadd_verification_methods\t\tPending\t\n20200830130646000001\tadd_verification_methods\t\tPending\t\n20200830130646000002\tadd_verification_methods\t\tPending\t\n20200830130646000003\tadd_verification_methods\t\tPending\t\n20200830130646000004\tadd_verification_methods\t\tPending\t\n20200830130646000005\tadd_verification_methods\t\tPending\t\n20200830130646000006\tadd_verification_methods\t\tPending\t\n20200830130646000007\tadd_verification_methods\t\tPending\t\n20200830130646000008\tadd_verification_methods\t\tPending\t\n20200830130646000009\tadd_verification_methods\t\tPending\t\n20200830130646000010\tadd_verification_methods\t\tPending\t\n20200830130646000011\tadd_verification_methods\t\tPending\t\n20200830154602000000\tadd_verification_token\t\t\tPending\t\n20200830154602000001\tadd_verification_token\t\t\tPending\t\n20200830154602000002\tadd_verification_token\t\t\tPending\t\n20200830154602000003\tadd_verification_token\t\t\tPending\t\n20200830154602000004\tadd_verification_token\t\t\tPending\t\n20200830172221000000\trecovery_token_expires\t\t\tPending\t\n20200830172221000001\trecovery_token_expires\t\t\tPending\t\n20200830172221000002\trecovery_token_expires\t\t\tPending\t\n20200830172221000003\trecovery_token_expires\t\t\tPending\t\n20200830172221000004\trecovery_token_expires\t\t\tPending\t\n20200830172221000005\trecovery_token_expires\t\t\tPending\t\n20200830172221000006\trecovery_token_expires\t\t\tPending\t\n20200830172221000007\trecovery_token_expires\t\t\tPending\t\n20200830172221000008\trecovery_token_expires\t\t\tPending\t\n20200830172221000009\trecovery_token_expires\t\t\tPending\t\n20200830172221000010\trecovery_token_expires\t\t\tPending\t\n20200830172221000011\trecovery_token_expires\t\t\tPending\t\n20200830172221000012\trecovery_token_expires\t\t\tPending\t\n20200830172221000013\trecovery_token_expires\t\t\tPending\t\n20200830172221000014\trecovery_token_expires\t\t\tPending\t\n20200830172221000015\trecovery_token_expires\t\t\tPending\t\n20200830172221000016\trecovery_token_expires\t\t\tPending\t\n20200830172221000017\trecovery_token_expires\t\t\tPending\t\n20200830172221000018\trecovery_token_expires\t\t\tPending\t\n20200830172221000019\trecovery_token_expires\t\t\tPending\t\n20200830172221000020\trecovery_token_expires\t\t\tPending\t\n20200830172221000021\trecovery_token_expires\t\t\tPending\t\n20200830172221000022\trecovery_token_expires\t\t\tPending\t\n20200830172221000023\trecovery_token_expires\t\t\tPending\t\n20200830172221000024\trecovery_token_expires\t\t\tPending\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\n\nstderr: \n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-status_two_steps_rolled_back.txt", "content": "stdout: Version\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\n20191100000002000000\trequests\t\t\t\tApplied\t\n20191100000002000001\trequests\t\t\t\tApplied\t\n20191100000002000002\trequests\t\t\t\tApplied\t\n20191100000002000003\trequests\t\t\t\tApplied\t\n20191100000002000004\trequests\t\t\t\tApplied\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\n\nstderr: \n" }, { "path": "oryx/popx/.snapshots/TestMigrateSQLUp-status_two_versions_rolled_back.txt", "content": "stdout: Version\t\t\tName\t\t\t\t\tStatus\t\n20191100000001000000\tidentities\t\t\t\tApplied\t\n20191100000001000001\tidentities\t\t\t\tApplied\t\n20191100000001000002\tidentities\t\t\t\tApplied\t\n20191100000001000003\tidentities\t\t\t\tApplied\t\n20191100000001000004\tidentities\t\t\t\tApplied\t\n20191100000001000005\tidentities\t\t\t\tApplied\t\n20191100000002000000\trequests\t\t\t\tApplied\t\n20191100000002000001\trequests\t\t\t\tApplied\t\n20191100000002000002\trequests\t\t\t\tApplied\t\n20191100000002000003\trequests\t\t\t\tApplied\t\n20191100000002000004\trequests\t\t\t\tApplied\t\n20191100000003000000\tsessions\t\t\t\tApplied\t\n20191100000004000000\terrors\t\t\t\t\tApplied\t\n20191100000006000000\tcourier\t\t\t\t\tApplied\t\n20191100000007000000\terrors\t\t\t\t\tApplied\t\n20191100000007000001\terrors\t\t\t\t\tApplied\t\n20191100000007000002\terrors\t\t\t\t\tApplied\t\n20191100000007000003\terrors\t\t\t\t\tApplied\t\n20191100000008000000\tselfservice_verification\t\tApplied\t\n20191100000008000001\tselfservice_verification\t\tApplied\t\n20191100000008000002\tselfservice_verification\t\tApplied\t\n20191100000008000003\tselfservice_verification\t\tApplied\t\n20191100000008000004\tselfservice_verification\t\tApplied\t\n20191100000008000005\tselfservice_verification\t\tApplied\t\n20191100000010000000\terrors\t\t\t\t\tApplied\t\n20191100000010000001\terrors\t\t\t\t\tApplied\t\n20191100000010000002\terrors\t\t\t\t\tApplied\t\n20191100000010000003\terrors\t\t\t\t\tApplied\t\n20191100000010000004\terrors\t\t\t\t\tApplied\t\n20191100000011000000\tcourier_body_type\t\t\tApplied\t\n20191100000011000001\tcourier_body_type\t\t\tApplied\t\n20191100000011000002\tcourier_body_type\t\t\tApplied\t\n20191100000011000003\tcourier_body_type\t\t\tApplied\t\n20191100000012000000\tlogin_request_forced\t\t\tApplied\t\n20191100000012000001\tlogin_request_forced\t\t\tApplied\t\n20191100000012000002\tlogin_request_forced\t\t\tApplied\t\n20191100000012000003\tlogin_request_forced\t\t\tApplied\t\n20200317160354000000\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000001\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000002\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000003\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000004\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000005\tcreate_profile_request_forms\t\tApplied\t\n20200317160354000006\tcreate_profile_request_forms\t\tApplied\t\n20200401183443000000\tcontinuity_containers\t\t\tApplied\t\n20200402142539000000\trename_profile_flows\t\t\tApplied\t\n20200402142539000001\trename_profile_flows\t\t\tApplied\t\n20200402142539000002\trename_profile_flows\t\t\tApplied\t\n20200519101057000000\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000001\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000002\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000003\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000004\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000005\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000006\tcreate_recovery_addresses\t\tApplied\t\n20200519101057000007\tcreate_recovery_addresses\t\tApplied\t\n20200601101000000000\tcreate_messages\t\t\t\tApplied\t\n20200601101000000001\tcreate_messages\t\t\t\tApplied\t\n20200601101000000002\tcreate_messages\t\t\t\tApplied\t\n20200601101000000003\tcreate_messages\t\t\t\tApplied\t\n20200605111551000000\tmessages\t\t\t\tApplied\t\n20200605111551000001\tmessages\t\t\t\tApplied\t\n20200605111551000002\tmessages\t\t\t\tApplied\t\n20200605111551000003\tmessages\t\t\t\tApplied\t\n20200605111551000004\tmessages\t\t\t\tApplied\t\n20200605111551000005\tmessages\t\t\t\tApplied\t\n20200605111551000006\tmessages\t\t\t\tApplied\t\n20200605111551000007\tmessages\t\t\t\tApplied\t\n20200605111551000008\tmessages\t\t\t\tApplied\t\n20200605111551000009\tmessages\t\t\t\tApplied\t\n20200605111551000010\tmessages\t\t\t\tApplied\t\n20200605111551000011\tmessages\t\t\t\tApplied\t\n20200607165100000000\tsettings\t\t\t\tApplied\t\n20200607165100000001\tsettings\t\t\t\tApplied\t\n20200607165100000002\tsettings\t\t\t\tApplied\t\n20200607165100000003\tsettings\t\t\t\tApplied\t\n20200607165100000004\tsettings\t\t\t\tApplied\t\n20200705105359000000\trename_identities_schema\t\tApplied\t\n20200810141652000000\tflow_type\t\t\t\tApplied\t\n20200810141652000001\tflow_type\t\t\t\tApplied\t\n20200810141652000002\tflow_type\t\t\t\tApplied\t\n20200810141652000003\tflow_type\t\t\t\tApplied\t\n20200810141652000004\tflow_type\t\t\t\tApplied\t\n20200810141652000005\tflow_type\t\t\t\tApplied\t\n20200810141652000006\tflow_type\t\t\t\tApplied\t\n20200810141652000007\tflow_type\t\t\t\tApplied\t\n20200810141652000008\tflow_type\t\t\t\tApplied\t\n20200810141652000009\tflow_type\t\t\t\tApplied\t\n20200810141652000010\tflow_type\t\t\t\tApplied\t\n20200810141652000011\tflow_type\t\t\t\tApplied\t\n20200810141652000012\tflow_type\t\t\t\tApplied\t\n20200810141652000013\tflow_type\t\t\t\tApplied\t\n20200810141652000014\tflow_type\t\t\t\tApplied\t\n20200810141652000015\tflow_type\t\t\t\tApplied\t\n20200810141652000016\tflow_type\t\t\t\tApplied\t\n20200810141652000017\tflow_type\t\t\t\tApplied\t\n20200810141652000018\tflow_type\t\t\t\tApplied\t\n20200810141652000019\tflow_type\t\t\t\tApplied\t\n20200810161022000000\tflow_rename\t\t\t\tApplied\t\n20200810161022000001\tflow_rename\t\t\t\tApplied\t\n20200810161022000002\tflow_rename\t\t\t\tApplied\t\n20200810161022000003\tflow_rename\t\t\t\tApplied\t\n20200810161022000004\tflow_rename\t\t\t\tApplied\t\n20200810161022000005\tflow_rename\t\t\t\tApplied\t\n20200810161022000006\tflow_rename\t\t\t\tApplied\t\n20200810161022000007\tflow_rename\t\t\t\tApplied\t\n20200810161022000008\tflow_rename\t\t\t\tApplied\t\n20200810162450000000\tflow_fields_rename\t\t\tApplied\t\n20200810162450000001\tflow_fields_rename\t\t\tApplied\t\n20200810162450000002\tflow_fields_rename\t\t\tApplied\t\n20200810162450000003\tflow_fields_rename\t\t\tApplied\t\n20200812124254000000\tadd_session_token\t\t\tApplied\t\n20200812124254000001\tadd_session_token\t\t\tApplied\t\n20200812124254000002\tadd_session_token\t\t\tApplied\t\n20200812124254000003\tadd_session_token\t\t\tApplied\t\n20200812124254000004\tadd_session_token\t\t\tApplied\t\n20200812124254000005\tadd_session_token\t\t\tApplied\t\n20200812124254000006\tadd_session_token\t\t\tApplied\t\n20200812124254000007\tadd_session_token\t\t\tApplied\t\n20200812160551000000\tadd_session_revoke\t\t\tApplied\t\n20200812160551000001\tadd_session_revoke\t\t\tApplied\t\n20200812160551000002\tadd_session_revoke\t\t\tApplied\t\n20200812160551000003\tadd_session_revoke\t\t\tApplied\t\n20200812160551000004\tadd_session_revoke\t\t\tApplied\t\n20200812160551000005\tadd_session_revoke\t\t\tApplied\t\n20200812160551000006\tadd_session_revoke\t\t\tApplied\t\n20200812160551000007\tadd_session_revoke\t\t\tApplied\t\n20200830121710000000\tupdate_recovery_token\t\t\tApplied\t\n20200830130642000000\tadd_verification_methods\t\tApplied\t\n20200830130642000001\tadd_verification_methods\t\tApplied\t\n20200830130642000002\tadd_verification_methods\t\tApplied\t\n20200830130642000003\tadd_verification_methods\t\tApplied\t\n20200830130642000004\tadd_verification_methods\t\tApplied\t\n20200830130642000005\tadd_verification_methods\t\tApplied\t\n20200830130642000006\tadd_verification_methods\t\tApplied\t\n20200830130642000007\tadd_verification_methods\t\tApplied\t\n20200830130642000008\tadd_verification_methods\t\tApplied\t\n20200830130642000009\tadd_verification_methods\t\tApplied\t\n20200830130642000010\tadd_verification_methods\t\tApplied\t\n20200830130643000000\tadd_verification_methods\t\tApplied\t\n20200830130644000000\tadd_verification_methods\t\tApplied\t\n20200830130644000001\tadd_verification_methods\t\tApplied\t\n20200830130645000000\tadd_verification_methods\t\tApplied\t\n20200830130646000000\tadd_verification_methods\t\tApplied\t\n20200830130646000001\tadd_verification_methods\t\tApplied\t\n20200830130646000002\tadd_verification_methods\t\tApplied\t\n20200830130646000003\tadd_verification_methods\t\tApplied\t\n20200830130646000004\tadd_verification_methods\t\tApplied\t\n20200830130646000005\tadd_verification_methods\t\tApplied\t\n20200830130646000006\tadd_verification_methods\t\tApplied\t\n20200830130646000007\tadd_verification_methods\t\tApplied\t\n20200830130646000008\tadd_verification_methods\t\tApplied\t\n20200830130646000009\tadd_verification_methods\t\tApplied\t\n20200830130646000010\tadd_verification_methods\t\tApplied\t\n20200830130646000011\tadd_verification_methods\t\tApplied\t\n20200830154602000000\tadd_verification_token\t\t\tApplied\t\n20200830154602000001\tadd_verification_token\t\t\tApplied\t\n20200830154602000002\tadd_verification_token\t\t\tApplied\t\n20200830154602000003\tadd_verification_token\t\t\tApplied\t\n20200830154602000004\tadd_verification_token\t\t\tApplied\t\n20200830172221000000\trecovery_token_expires\t\t\tApplied\t\n20200830172221000001\trecovery_token_expires\t\t\tApplied\t\n20200830172221000002\trecovery_token_expires\t\t\tApplied\t\n20200830172221000003\trecovery_token_expires\t\t\tApplied\t\n20200830172221000004\trecovery_token_expires\t\t\tApplied\t\n20200830172221000005\trecovery_token_expires\t\t\tApplied\t\n20200830172221000006\trecovery_token_expires\t\t\tApplied\t\n20200830172221000007\trecovery_token_expires\t\t\tApplied\t\n20200830172221000008\trecovery_token_expires\t\t\tApplied\t\n20200830172221000009\trecovery_token_expires\t\t\tApplied\t\n20200830172221000010\trecovery_token_expires\t\t\tApplied\t\n20200830172221000011\trecovery_token_expires\t\t\tApplied\t\n20200830172221000012\trecovery_token_expires\t\t\tApplied\t\n20200830172221000013\trecovery_token_expires\t\t\tApplied\t\n20200830172221000014\trecovery_token_expires\t\t\tApplied\t\n20200830172221000015\trecovery_token_expires\t\t\tApplied\t\n20200830172221000016\trecovery_token_expires\t\t\tApplied\t\n20200830172221000017\trecovery_token_expires\t\t\tApplied\t\n20200830172221000018\trecovery_token_expires\t\t\tApplied\t\n20200830172221000019\trecovery_token_expires\t\t\tApplied\t\n20200830172221000020\trecovery_token_expires\t\t\tApplied\t\n20200830172221000021\trecovery_token_expires\t\t\tApplied\t\n20200830172221000022\trecovery_token_expires\t\t\tApplied\t\n20200830172221000023\trecovery_token_expires\t\t\tApplied\t\n20200830172221000024\trecovery_token_expires\t\t\tApplied\t\n20200831110752000000\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000001\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000002\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000003\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000004\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000005\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000006\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000007\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000008\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000009\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000010\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000011\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000012\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000013\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000014\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000015\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000016\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000017\tidentity_verifiable_address_remove_code\tApplied\t\n20200831110752000018\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000019\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000020\tidentity_verifiable_address_remove_code\tPending\t\n20200831110752000021\tidentity_verifiable_address_remove_code\tPending\t\n20201201161451000000\tcredential_types_values\t\t\tPending\t\n20201201161451000001\tcredential_types_values\t\t\tPending\t\n\nstderr: \n" }, { "path": "oryx/popx/cmd.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/errorsx\"\n\t\"github.com/ory/x/flagx\"\n)\n\ntype MigrationProvider interface {\n\tMigrationStatus(context.Context) (MigrationStatuses, error)\n\tMigrateUp(context.Context) error\n\tMigrateDown(context.Context, int) error\n}\n\ntype MigrationPreparer interface {\n\tPrepareMigration(context.Context) error\n}\n\nfunc RegisterMigrateSQLUpFlags(cmd *cobra.Command) *cobra.Command {\n\tcmd.Flags().BoolP(\"yes\", \"y\", false, \"If set all confirmation requests are accepted without user interaction.\")\n\treturn cmd\n}\n\nfunc NewMigrateSQLUpCmd(runE func(cmd *cobra.Command, args []string) error) *cobra.Command {\n\treturn RegisterMigrateSQLUpFlags(&cobra.Command{\n\t\tUse: \"up [database_url]\",\n\t\tArgs: cobra.RangeArgs(0, 1),\n\t\tShort: \"Apply all pending SQL migrations\",\n\t\tLong: `This command applies all pending SQL migrations for Ory {{ title .Root.Name }}.\n\n:::warning\n\nBefore running this command, create a backup of your database. This command can be destructive as it may apply changes that cannot be easily reverted. Run this command close to the SQL instance (same VPC / same machine).\n\n:::\n\nIt is recommended to review the migrations before running them. You can do this by running the command without the --yes flag:\n\n\tDSN=... {{ .CommandPath }} -e`,\n\t\tExample: `Apply all pending migrations:\n\tDSN=... {{ .CommandPath }} -e\n\nApply all pending migrations:\n\tDSN=... {{ .CommandPath }} -e --yes`,\n\t\tRunE: runE,\n\t})\n}\n\nfunc MigrateSQLUp(cmd *cobra.Command, p MigrationProvider) (err error) {\n\t// convert migration tables\n\tif prep, ok := p.(MigrationPreparer); ok {\n\t\tif err := prep.PrepareMigration(cmd.Context()); err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not convert the migration table:\\n%+v\\n\", err)\n\t\t\treturn cmdx.FailSilently(cmd)\n\t\t}\n\t}\n\n\t// print migration status\n\t_, _ = fmt.Fprintln(cmd.OutOrStdout(), \"The migration plan is as follows:\")\n\n\t// print migration status\n\tstatus, err := p.MigrationStatus(cmd.Context())\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not get the migration status:\\n%+v\\n\", errorsx.WithStack(err))\n\t\treturn cmdx.FailSilently(cmd)\n\t}\n\tcmdx.PrintTable(cmd, status)\n\n\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"\\nThe SQL statements to be executed from top to bottom are:\\n\\n\")\n\tfor i := range status {\n\t\tif status[i].State == Pending {\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ %s - %s ------------\\n\", status[i].Version, status[i].Name)\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"%s\\n\\n\", status[i].ContentUp)\n\t\t}\n\t}\n\n\tif !flagx.MustGetBool(cmd, \"yes\") {\n\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"To skip the next question use flag --yes (at your own risk).\")\n\t\tif !cmdx.AskForConfirmation(\"Do you wish to execute this migration plan?\", cmd.InOrStdin(), cmd.OutOrStdout()) {\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ WARNING ------------\\n\")\n\t\t\t_, _ = fmt.Fprintln(cmd.OutOrStdout(), \"Migration aborted.\")\n\t\t\treturn nil\n\t\t}\n\t}\n\n\t// apply migrations\n\tif err := p.MigrateUp(cmd.Context()); err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ ERROR ------------\\n\")\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not apply migrations:\\n%+v\\n\", errorsx.WithStack(err))\n\t\treturn cmdx.FailSilently(cmd)\n\t}\n\n\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ SUCCESS ------------\\n\")\n\t_, _ = fmt.Fprintln(cmd.OutOrStdout(), \"Successfully applied migrations!\")\n\treturn nil\n}\n\nfunc RegisterMigrateSQLDownFlags(cmd *cobra.Command) *cobra.Command {\n\tcmd.Flags().BoolP(\"yes\", \"y\", false, \"If set all confirmation requests are accepted without user interaction.\")\n\tcmd.Flags().Int(\"steps\", 0, \"The number of migrations to roll back.\")\n\treturn cmd\n}\n\nfunc NewMigrateSQLDownCmd(runE func(cmd *cobra.Command, args []string) error) *cobra.Command {\n\treturn RegisterMigrateSQLDownFlags(&cobra.Command{\n\t\tUse: \"down [database_url]\",\n\t\tArgs: cobra.RangeArgs(0, 1),\n\t\tShort: \"Rollback the last applied SQL migrations\",\n\t\tLong: `This command rolls back the last applied SQL migrations for Ory {{ title .Root.Name }}.\n\n:::warning\n\nBefore running this command, create a backup of your database. This command can be destructive as it may revert changes made by previous migrations. Run this command close to the SQL instance (same VPC / same machine).\n\n:::\n\nIt is recommended to review the migrations before running them. You can do this by running the command without the --yes flag:\n\n\tDSN=... {{ .CommandPath }} -e`,\n\t\tExample: `See the current migration status:\n\tDSN=... {{ .CommandPath }} -e\n\nRollback the last 10 migrations:\n\t{{ .CommandPath }} $DSN --steps 10\n\nRollback the last 10 migrations without confirmation:\n\tDSN=... {{ .CommandPath }} -e --yes --steps 10`,\n\t\tRunE: runE,\n\t})\n}\n\nfunc MigrateSQLDown(cmd *cobra.Command, p MigrationProvider) (err error) {\n\tsteps := flagx.MustGetInt(cmd, \"steps\")\n\tif steps < 0 {\n\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"Flag --steps must be larger than 0.\")\n\t\treturn cmdx.FailSilently(cmd)\n\t}\n\n\t// convert migration tables\n\tif prep, ok := p.(MigrationPreparer); ok {\n\t\tif err := prep.PrepareMigration(cmd.Context()); err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not convert the migration table:\\n%+v\\n\", err)\n\t\t\treturn cmdx.FailSilently(cmd)\n\t\t}\n\t}\n\n\tstatus, err := p.MigrationStatus(cmd.Context())\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not get the migration status:\\n%+v\\n\", errorsx.WithStack(err))\n\t\treturn cmdx.FailSilently(cmd)\n\t}\n\n\t// Now we need to rollback the last `steps` migrations that have a status of \"Applied\":\n\tvar count int\n\tvar rollingBack int\n\tfor i := len(status) - 1; i >= 0; i-- {\n\t\tif status[i].State == Applied {\n\t\t\tcount++\n\t\t\tif steps > 0 && count <= steps {\n\t\t\t\tstatus[i].State = \"Rollback\"\n\t\t\t\trollingBack++\n\t\t\t}\n\t\t}\n\t}\n\n\t// print migration status\n\t_, _ = fmt.Fprintln(cmd.OutOrStdout(), \"The migration plan is as follows:\")\n\tcmdx.PrintTable(cmd, status)\n\n\tif rollingBack < 1 {\n\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"\")\n\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"There are apparently no migrations to roll back.\")\n\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"Please provide the --steps argument with a value larger than 0.\")\n\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"\")\n\t\treturn cmdx.FailSilently(cmd)\n\t}\n\n\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"\\nThe SQL statements to be executed from top to bottom are:\\n\\n\")\n\n\tfor i := len(status) - 1; i >= 0; i-- {\n\t\tif status[i].State == \"Rollback\" {\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ %s - %s ------------\\n\", status[i].Version, status[i].Name)\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"%s\\n\\n\", status[i].ContentDown)\n\t\t}\n\t}\n\n\tif !flagx.MustGetBool(cmd, \"yes\") {\n\t\t_, _ = fmt.Fprintln(cmd.ErrOrStderr(), \"To skip the next question use flag --yes (at your own risk).\")\n\t\tif !cmdx.AskForConfirmation(\"Do you wish to execute this migration plan?\", cmd.InOrStdin(), cmd.OutOrStdout()) {\n\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ WARNING ------------\\n\")\n\t\t\t_, _ = fmt.Fprintln(cmd.OutOrStdout(), \"Migration aborted.\")\n\t\t\treturn nil\n\t\t}\n\t}\n\n\t// apply migrations\n\tif err := p.MigrateDown(cmd.Context(), rollingBack); err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ ERROR ------------\\n\")\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not apply migrations:\\n%+v\\n\", errorsx.WithStack(err))\n\t\treturn cmdx.FailSilently(cmd)\n\t}\n\n\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"------------ SUCCESS ------------\\n\")\n\t_, _ = fmt.Fprintln(cmd.OutOrStdout(), \"Successfully applied migrations!\")\n\treturn nil\n}\n\nfunc RegisterMigrateStatusFlags(cmd *cobra.Command) *cobra.Command {\n\tcmdx.RegisterFormatFlags(cmd.PersistentFlags())\n\tcmd.Flags().BoolP(\"read-from-env\", \"e\", false, \"If set, reads the database connection string from the environment variable DSN or config file key dsn.\")\n\tcmd.Flags().Bool(\"block\", false, \"Block until all migrations have been applied\")\n\treturn cmd\n}\n\nfunc NewMigrateSQLStatusCmd(runE func(cmd *cobra.Command, args []string) error) *cobra.Command {\n\treturn RegisterMigrateStatusFlags(&cobra.Command{\n\t\tUse: \"status [database_url]\",\n\t\tShort: \"Display the current migration status\",\n\t\tLong: `This command shows the current migration status for Ory {{ title .Root.Name }}.\n\nYou can use this command to check which migrations have been applied and which are pending.\n\nTo block until all migrations are applied, use the --block flag:\n\n\tDSN=... {{ .CommandPath }} -e --block`,\n\t\tExample: `See the current migration status:\n\tDSN=... {{ .CommandPath }} -e\n\nBlock until all migrations are applied:\n\tDSN=... {{ .CommandPath }} -e --block`,\n\t\tRunE: runE,\n\t})\n}\n\nfunc MigrateStatus(cmd *cobra.Command, p MigrationProvider) (err error) {\n\tblock := flagx.MustGetBool(cmd, \"block\")\n\tctx := cmd.Context()\n\ts, err := p.MigrationStatus(ctx)\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not get migration status: %+v\\n\", err)\n\t\treturn cmdx.FailSilently(cmd)\n\t}\n\n\tfor block && s.HasPending() {\n\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \"Waiting for migrations to finish...\\n\")\n\t\tfor _, m := range s {\n\t\t\tif m.State == Pending {\n\t\t\t\t_, _ = fmt.Fprintf(cmd.OutOrStdout(), \" - %s\\n\", m.Name)\n\t\t\t}\n\t\t}\n\t\ttime.Sleep(time.Second)\n\t\ts, err = p.MigrationStatus(ctx)\n\t\tif err != nil {\n\t\t\t_, _ = fmt.Fprintf(cmd.ErrOrStderr(), \"Could not get migration status: %+v\\n\", err)\n\t\t\treturn cmdx.FailSilently(cmd)\n\t\t}\n\t}\n\n\tcmdx.PrintTable(cmd, s)\n\treturn nil\n}\n" }, { "path": "oryx/popx/db_columns.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/ory/pop/v6\"\n)\n\nfunc DBColumns[T any](quoter Quoter) string {\n\treturn (&pop.Model{Value: new(T)}).Columns().QuotedString(quoter)\n}\n\n// IndexHint returns the table name including the index hint, if the database\n// supports it.\nfunc IndexHint(conn *pop.Connection, table string, index string) string {\n\tif conn.Dialect.Name() == \"cockroach\" {\n\t\treturn table + \"@\" + index\n\t}\n\treturn table\n}\n\nfunc DBColumnsExcluding[T any](quoter Quoter, exclude ...string) string {\n\tcols := (&pop.Model{Value: new(T)}).Columns()\n\tfor _, e := range exclude {\n\t\tcols.Remove(e)\n\t}\n\treturn cols.QuotedString(quoter)\n}\n\ntype (\n\tAliasQuoter struct {\n\t\tAlias string\n\t\tQuoter Quoter\n\t}\n\tQuoter interface {\n\t\tQuote(key string) string\n\t}\n)\n\nfunc (pq *AliasQuoter) Quote(key string) string {\n\treturn fmt.Sprintf(\"%s.%s\", pq.Quoter.Quote(pq.Alias), pq.Quoter.Quote(key))\n}\n" }, { "path": "oryx/popx/loggers.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"fmt\"\n\t\"testing\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/pop/v6/logging\"\n)\n\nfunc formatter(lvl logging.Level, s string, args ...interface{}) string {\n\tif pop.Debug == false {\n\t\treturn \"\"\n\t}\n\n\tif lvl == logging.SQL {\n\t\tif len(args) > 0 {\n\t\t\txargs := make([]string, len(args))\n\t\t\tfor i, a := range args {\n\t\t\t\tswitch a.(type) {\n\t\t\t\tcase string:\n\t\t\t\t\txargs[i] = fmt.Sprintf(\"%q\", a)\n\t\t\t\tdefault:\n\t\t\t\t\txargs[i] = fmt.Sprintf(\"%v\", a)\n\t\t\t\t}\n\t\t\t}\n\t\t\ts = fmt.Sprintf(\"%s - %s | %s\", lvl, s, xargs)\n\t\t} else {\n\t\t\ts = fmt.Sprintf(\"%s - %s\", lvl, s)\n\t\t}\n\t} else {\n\t\ts = fmt.Sprintf(s, args...)\n\t\ts = fmt.Sprintf(\"%s - %s\", lvl, s)\n\t}\n\treturn s\n}\n\nfunc TestingLogger(t testing.TB) func(lvl logging.Level, s string, args ...interface{}) {\n\treturn func(lvl logging.Level, s string, args ...interface{}) {\n\t\tif line := formatter(lvl, s, args...); len(line) > 0 {\n\t\t\tt.Log(line)\n\t\t}\n\t}\n}\n\nfunc NullLogger() func(lvl logging.Level, s string, args ...interface{}) {\n\treturn func(lvl logging.Level, s string, args ...interface{}) {\n\t\t// do nothing\n\t}\n}\n" }, { "path": "oryx/popx/match.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"regexp\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/pop/v6\"\n)\n\nvar MigrationFileRegexp = regexp.MustCompile(\n\t`^(\\d+)_([^.]+)(\\.[a-z0-9]+)?(\\.autocommit)?\\.(up|down)\\.(sql)$`,\n)\n\nconst (\n\t// Human-readable constants for the regex capture groups\n\tversionIdx = iota + 1\n\tnameIdx\n\tdbTypeIdx\n\tautocommitIdx\n\tdirectionIdx\n\ttypeIdx\n)\n\n// match holds the information parsed from a migration filename.\ntype match struct {\n\tVersion string\n\tName string\n\tDBType string\n\tDirection string\n\tType string\n\tAutocommit bool\n}\n\n// parseMigrationFilename parses a migration filename.\nfunc parseMigrationFilename(filename string) (*match, error) {\n\tmatches := MigrationFileRegexp.FindAllStringSubmatch(filename, -1)\n\tif len(matches) == 0 {\n\t\treturn nil, nil\n\t}\n\tm := matches[0]\n\n\tvar (\n\t\tautocommit bool\n\t\tdbType string\n\t)\n\n\tif m[dbTypeIdx] == \".autocommit\" {\n\t\t// A special case where autocommit group moves forward to the 3rd index.\n\t\tautocommit = true\n\t\tdbType = \"all\"\n\t} else if m[dbTypeIdx] == \"\" {\n\t\tdbType = \"all\"\n\t} else {\n\t\tdbType = pop.CanonicalDialect(m[dbTypeIdx][1:])\n\t\tif !pop.DialectSupported(dbType) {\n\t\t\treturn nil, errors.Errorf(\"unsupported dialect %s\", dbType)\n\t\t}\n\t}\n\n\tif m[typeIdx] == \"fizz\" && dbType != \"all\" {\n\t\treturn nil, errors.Errorf(\"invalid database type %q, expected \\\"all\\\" because fizz is database type independent\", dbType)\n\t}\n\n\tif m[autocommitIdx] == \".autocommit\" {\n\t\tautocommit = true\n\t} else if m[autocommitIdx] != \"\" {\n\t\treturn nil, errors.Errorf(\"invalid autocommit flag %q\", m[autocommitIdx])\n\t}\n\n\treturn &match{\n\t\tVersion: m[versionIdx],\n\t\tName: m[nameIdx],\n\t\tDBType: dbType,\n\t\tAutocommit: autocommit,\n\t\tDirection: m[directionIdx],\n\t\tType: m[typeIdx],\n\t}, nil\n}\n" }, { "path": "oryx/popx/migration_box.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"database/sql\"\n\t\"fmt\"\n\t\"io/fs\"\n\t\"path\"\n\t\"regexp\"\n\t\"slices\"\n\t\"sort\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/pop/v6\"\n\n\t\"github.com/ory/x/logrusx\"\n)\n\ntype (\n\t// MigrationBox is a embed migration box.\n\tMigrationBox struct {\n\t\tc *pop.Connection\n\t\tmigrationsUp Migrations\n\t\tmigrationsDown Migrations\n\t\tperMigrationTimeout time.Duration\n\t\tl *logrusx.Logger\n\t\tmigrationContent MigrationContent\n\t}\n\tMigrationContent func(mf Migration, c *pop.Connection, r []byte, usingTemplate bool) (string, error)\n\tMigrationBoxOption func(*MigrationBox)\n)\n\nfunc WithTemplateValues(v map[string]interface{}) MigrationBoxOption {\n\treturn func(m *MigrationBox) {\n\t\tm.migrationContent = ParameterizedMigrationContent(v)\n\t}\n}\n\nfunc WithMigrationContentMiddleware(middleware func(content string, err error) (string, error)) MigrationBoxOption {\n\treturn func(m *MigrationBox) {\n\t\tprev := m.migrationContent\n\t\tm.migrationContent = func(mf Migration, c *pop.Connection, r []byte, usingTemplate bool) (string, error) {\n\t\t\treturn middleware(prev(mf, c, r, usingTemplate))\n\t\t}\n\t}\n}\n\n// WithGoMigrations adds migrations that have a custom migration runner.\n// TEST THEM THOROUGHLY!\n// It will be very hard to fix a buggy migration.\nfunc WithGoMigrations(migrations Migrations) MigrationBoxOption {\n\treturn func(mb *MigrationBox) {\n\t\tfor _, m := range migrations {\n\t\t\tswitch m.Direction {\n\t\t\tcase \"up\":\n\t\t\t\tmb.migrationsUp = append(mb.migrationsUp, m)\n\t\t\tcase \"down\":\n\t\t\t\tmb.migrationsDown = append(mb.migrationsDown, m)\n\t\t\tdefault:\n\t\t\t\tpanic(fmt.Sprintf(\"unknown migration direction %q for %q\", m.Direction, m.Version))\n\t\t\t}\n\t\t}\n\t}\n}\n\nfunc WithPerMigrationTimeout(timeout time.Duration) MigrationBoxOption {\n\treturn func(m *MigrationBox) {\n\t\tm.perMigrationTimeout = timeout\n\t}\n}\n\nvar testdataPattern = regexp.MustCompile(`^(\\d+)_testdata(|\\.[a-zA-Z0-9]+).sql$`)\n\n// WithTestdata adds testdata to the migration box.\nfunc WithTestdata(t *testing.T, testdata fs.FS) MigrationBoxOption {\n\treturn func(m *MigrationBox) {\n\t\trequire.NoError(t, fs.WalkDir(testdata, \".\", func(path string, info fs.DirEntry, err error) error {\n\t\t\tif err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\t\t\tif !info.Type().IsRegular() {\n\t\t\t\tt.Logf(\"skipping testdata entry that is not a file: %s\", path)\n\t\t\t\treturn nil\n\t\t\t}\n\n\t\t\tmatch := testdataPattern.FindStringSubmatch(info.Name())\n\t\t\tif len(match) != 2 && len(match) != 3 {\n\t\t\t\tt.Logf(`WARNING! Found a test migration which does not match the test data pattern: %s`, info.Name())\n\t\t\t\treturn nil\n\t\t\t}\n\n\t\t\tversion := match[1]\n\t\t\tflavor := \"all\"\n\t\t\tif len(match) == 3 && len(match[2]) > 0 {\n\t\t\t\tflavor = pop.CanonicalDialect(strings.TrimPrefix(match[2], \".\"))\n\t\t\t}\n\n\t\t\t// t.Logf(\"Found test migration \\\"%s\\\" (%s, %+v): %s\", flavor, match, err, info.Name())\n\n\t\t\tm.migrationsUp = append(m.migrationsUp, Migration{\n\t\t\t\tVersion: version + \"9\", // run testdata after version\n\t\t\t\tPath: path,\n\t\t\t\tName: info.Name(),\n\t\t\t\tDBType: flavor,\n\t\t\t\tDirection: \"up\",\n\t\t\t\tType: \"sql\",\n\t\t\t\tRunner: func(m Migration, c *pop.Connection) error {\n\t\t\t\t\tb, err := fs.ReadFile(testdata, m.Path)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t\t}\n\t\t\t\t\tif isMigrationEmpty(string(b)) {\n\t\t\t\t\t\treturn nil\n\t\t\t\t\t}\n\t\t\t\t\t_, err = c.Store.SQLDB().Exec(string(b))\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t},\n\t\t\t})\n\n\t\t\tm.migrationsDown = append(m.migrationsDown, Migration{\n\t\t\t\tVersion: version + \"9\", // run testdata after version\n\t\t\t\tPath: path,\n\t\t\t\tName: info.Name(),\n\t\t\t\tDBType: flavor,\n\t\t\t\tDirection: \"down\",\n\t\t\t\tType: \"sql\",\n\t\t\t\tRunner: func(m Migration, _ *pop.Connection) error { return nil },\n\t\t\t})\n\n\t\t\treturn nil\n\t\t}))\n\t}\n}\n\nvar emptySQLReplace = regexp.MustCompile(`(?m)^(\\s*--.*|\\s*)$`)\n\nfunc isMigrationEmpty(content string) bool {\n\treturn len(strings.ReplaceAll(emptySQLReplace.ReplaceAllString(content, \"\"), \"\\n\", \"\")) == 0\n}\n\ntype queryExecutor interface {\n\tExec(query string, args ...any) (sql.Result, error)\n}\n\n// NewMigrationBox creates a new migration box.\nfunc NewMigrationBox(dir fs.FS, c *pop.Connection, l *logrusx.Logger, opts ...MigrationBoxOption) (*MigrationBox, error) {\n\tmb := &MigrationBox{\n\t\tc: c,\n\t\tl: l,\n\t\tmigrationContent: ParameterizedMigrationContent(nil),\n\t}\n\n\tfor _, o := range opts {\n\t\to(mb)\n\t}\n\n\ttxRunner := func(b []byte) func(Migration, *pop.Connection) error {\n\t\treturn func(mf Migration, c *pop.Connection) error {\n\t\t\tcontent, err := mb.migrationContent(mf, c, b, true)\n\t\t\tif err != nil {\n\t\t\t\treturn errors.Wrapf(err, \"error processing %s\", mf.Path)\n\t\t\t}\n\t\t\tif isMigrationEmpty(content) {\n\t\t\t\tl.WithField(\"migration\", mf.Path).Trace(\"This is usually ok - ignoring migration because content is empty. This is ok!\")\n\t\t\t\treturn nil\n\t\t\t}\n\n\t\t\tvar q queryExecutor = c.Store.SQLDB()\n\t\t\tif c.TX != nil {\n\t\t\t\tq = c.TX\n\t\t\t}\n\n\t\t\tif _, err = q.Exec(content); err != nil {\n\t\t\t\treturn errors.Wrapf(err, \"error executing %s, sql: %s\", mf.Path, content)\n\t\t\t}\n\t\t\treturn nil\n\t\t}\n\t}\n\n\terr := mb.findMigrations(dir, txRunner)\n\tif err != nil {\n\t\treturn mb, err\n\t}\n\n\tif err := mb.check(); err != nil {\n\t\treturn nil, err\n\t}\n\treturn mb, nil\n}\n\nfunc (mb *MigrationBox) findMigrations(\n\tdir fs.FS,\n\trunner func([]byte) func(m Migration, c *pop.Connection) error,\n) error {\n\terr := fs.WalkDir(dir, \".\", func(p string, info fs.DirEntry, err error) error {\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tif !info.Type().IsRegular() {\n\t\t\tmb.l.Tracef(\"ignoring non file: %s\", info.Name())\n\t\t\treturn nil\n\t\t}\n\n\t\tif path.Ext(info.Name()) != \".sql\" {\n\t\t\tmb.l.Tracef(\"ignoring non SQL file: %s\", info.Name())\n\t\t\treturn nil\n\t\t}\n\n\t\tdetails, err := parseMigrationFilename(info.Name())\n\t\tif err != nil {\n\t\t\tif strings.HasPrefix(err.Error(), \"unsupported dialect\") {\n\t\t\t\tmb.l.Tracef(\"This is usually ok - ignoring migration file %s because dialect is not supported: %s\", info.Name(), err.Error())\n\t\t\t\treturn nil\n\t\t\t}\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tif details == nil {\n\t\t\treturn errors.Errorf(\"Found a migration file that does not match the file pattern: filename=%s pattern=%s\", info.Name(), MigrationFileRegexp)\n\t\t}\n\n\t\tcontent, err := fs.ReadFile(dir, p)\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\n\t\tmf := Migration{\n\t\t\tPath: p,\n\t\t\tVersion: details.Version,\n\t\t\tName: details.Name,\n\t\t\tDBType: details.DBType,\n\t\t\tDirection: details.Direction,\n\t\t\tType: details.Type,\n\t\t\tContent: string(content),\n\t\t\tAutocommit: details.Autocommit,\n\t\t}\n\n\t\tmf.Runner = runner(content)\n\n\t\tswitch details.Direction {\n\t\tcase \"up\":\n\t\t\tmb.migrationsUp = append(mb.migrationsUp, mf)\n\t\tcase \"down\":\n\t\t\tmb.migrationsDown = append(mb.migrationsDown, mf)\n\t\tdefault:\n\t\t\treturn errors.Errorf(\"unknown migration direction %q for %q\", details.Direction, info.Name())\n\t\t}\n\t\treturn nil\n\t})\n\n\t// Sort descending.\n\tsort.Sort(mb.migrationsDown)\n\tslices.Reverse(mb.migrationsDown)\n\n\t// Sort ascending.\n\tsort.Sort(mb.migrationsUp)\n\n\treturn errors.WithStack(err)\n}\n\n// hasDownMigrationWithVersion checks if there is a migration with the given\n// version.\nfunc (mb *MigrationBox) hasDownMigrationWithVersion(version string) bool {\n\tfor _, down := range mb.migrationsDown {\n\t\tif version == down.Version {\n\t\t\treturn true\n\t\t}\n\t}\n\treturn false\n}\n\n// check checks that every \"up\" migration has a corresponding \"down\" migration.\nfunc (mb *MigrationBox) check() error {\n\tfor _, up := range mb.migrationsUp {\n\t\tif !mb.hasDownMigrationWithVersion(up.Version) {\n\t\t\treturn errors.Errorf(\"migration %s has no corresponding down migration\", up.Version)\n\t\t}\n\t}\n\n\tfor _, n := range mb.migrationsUp {\n\t\tif err := n.Valid(); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t}\n\tfor _, n := range mb.migrationsDown {\n\t\tif err := n.Valid(); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t}\n\treturn nil\n}\n" }, { "path": "oryx/popx/migration_content.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"bytes\"\n\t\"text/template\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/pop/v6\"\n)\n\nfunc ParameterizedMigrationContent(params map[string]interface{}) func(mf Migration, c *pop.Connection, r []byte, usingTemplate bool) (string, error) {\n\treturn func(mf Migration, c *pop.Connection, b []byte, usingTemplate bool) (string, error) {\n\t\tcontent := \"\"\n\t\tif usingTemplate {\n\t\t\tt := template.New(\"migration\")\n\t\t\tt.Funcs(SQLTemplateFuncs)\n\t\t\tt, err := t.Parse(string(b))\n\t\t\tif err != nil {\n\t\t\t\treturn \"\", errors.Wrapf(err, \"could not parse template %s\", mf.Path)\n\t\t\t}\n\t\t\tvar bb bytes.Buffer\n\t\t\terr = t.Execute(&bb, struct {\n\t\t\t\tIsSQLite bool\n\t\t\t\tIsCockroach bool\n\t\t\t\tIsMySQL bool\n\t\t\t\tIsMariaDB bool\n\t\t\t\tIsPostgreSQL bool\n\t\t\t\tDialectDetails *pop.ConnectionDetails\n\t\t\t\tParameters map[string]interface{}\n\t\t\t}{\n\t\t\t\tIsSQLite: c.Dialect.Name() == \"sqlite3\",\n\t\t\t\tIsCockroach: c.Dialect.Name() == \"cockroach\",\n\t\t\t\tIsMySQL: c.Dialect.Name() == \"mysql\",\n\t\t\t\tIsMariaDB: c.Dialect.Name() == \"mariadb\",\n\t\t\t\tIsPostgreSQL: c.Dialect.Name() == \"postgres\",\n\t\t\t\tDialectDetails: c.Dialect.Details(),\n\t\t\t\tParameters: params,\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn \"\", errors.Wrapf(err, \"could not execute migration template %s\", mf.Path)\n\t\t\t}\n\t\t\tcontent = bb.String()\n\t\t} else {\n\t\t\tcontent = string(b)\n\t\t}\n\n\t\treturn content, nil\n\t}\n}\n" }, { "path": "oryx/popx/migration_info.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"sort\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/pop/v6\"\n)\n\n// Migration handles the data for a given database migration\ntype Migration struct {\n\t// Path to the migration (./migrations/123_create_widgets.up.sql)\n\tPath string\n\t// Version of the migration (123)\n\tVersion string\n\t// Name of the migration (create_widgets)\n\tName string\n\t// Direction of the migration (up|down)\n\tDirection string\n\t// Type of migration (sql|go)\n\tType string\n\t// DB type (all|postgres|mysql...)\n\tDBType string\n\t// Runner function to run/execute the migration. Will be wrapped in a\n\t// database transaction. Mutually exclusive with RunnerNoTx\n\tRunner func(Migration, *pop.Connection) error\n\t// Content is the raw content of the migration file\n\tContent string\n\t// Autocommit indicates whether the migration should be run in autocommit mode\n\tAutocommit bool\n}\n\nfunc (m Migration) Valid() error {\n\tif m.Runner == nil {\n\t\treturn errors.Errorf(\"no runner defined for %s\", m.Path)\n\t}\n\n\treturn nil\n}\n\n// Migrations is a collection of Migration\ntype Migrations []Migration\n\nfunc (mfs Migrations) Len() int { return len(mfs) }\nfunc (mfs Migrations) Less(i, j int) bool { return compareMigration(mfs[i], mfs[j]) < 0 }\nfunc (mfs Migrations) Swap(i, j int) { mfs[i], mfs[j] = mfs[j], mfs[i] }\n\nfunc compareMigration(a, b Migration) int {\n\tif a.Version != b.Version {\n\t\treturn strings.Compare(a.Version, b.Version)\n\t}\n\t// Force \"all\" to be greater.\n\tif a.DBType == \"all\" && b.DBType != \"all\" {\n\t\treturn 1\n\t} else if a.DBType != \"all\" && b.DBType == \"all\" {\n\t\treturn -1\n\t}\n\treturn strings.Compare(a.DBType, b.DBType)\n}\n\n// specificity returns an integer representing how specific the migration is.\n// Higher numbers indicate a more specific migration.\nfunc specificity(m *Migration) int {\n\tspecificity := 0\n\tif m.DBType != \"all\" {\n\t\tspecificity += 1\n\t}\n\n\treturn specificity\n}\n\n// isApplicable checks whether the migration is applicable for the given dialect.\nfunc isApplicable(m Migration, dialect string) bool {\n\treturn m.DBType == dialect || m.DBType == \"all\"\n}\n\nfunc (mfs Migrations) sortAndFilter(dialect string) Migrations {\n\tbyVersion := make(map[string]Migration, len(mfs))\n\tfor _, migration := range mfs {\n\t\tif !isApplicable(migration, dialect) {\n\t\t\tcontinue\n\t\t}\n\t\tif previousMigration, ok := byVersion[migration.Version]; ok {\n\t\t\tif specificity(&migration) < specificity(&previousMigration) {\n\t\t\t\t// Previous migration is more specific, skip this one.\n\t\t\t\tcontinue\n\t\t\t}\n\t\t}\n\t\tbyVersion[migration.Version] = migration\n\t}\n\n\tfiltered := make(Migrations, 0, len(byVersion))\n\tfor k := range byVersion {\n\t\tfiltered = append(filtered, byVersion[k])\n\t}\n\tsort.Sort(filtered)\n\treturn filtered\n}\n\nfunc (mfs Migrations) find(version, dbType string) *Migration {\n\tvar candidate *Migration\n\tfor _, m := range mfs {\n\t\tif m.Version == version {\n\t\t\tswitch m.DBType {\n\t\t\tcase \"all\":\n\t\t\t\t// there might still be a more specific migration for the dbType\n\t\t\t\tcandidate = &m\n\t\t\tcase dbType:\n\t\t\t\treturn &m\n\t\t\t}\n\t\t}\n\t}\n\treturn candidate\n}\n" }, { "path": "oryx/popx/migrator.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"math\"\n\t\"os\"\n\t\"regexp\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/cockroachdb/cockroach-go/v2/crdb\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/cmdx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nconst (\n\tPending = \"Pending\"\n\tApplied = \"Applied\"\n\ttracingComponent = \"github.com/ory/x/popx\"\n)\n\nfunc (mb *MigrationBox) shouldNotUseTransaction(m Migration) bool {\n\treturn m.Autocommit || mb.c.Dialect.Name() == \"cockroach\" || mb.c.Dialect.Name() == \"mysql\"\n}\n\n// Up runs pending \"up\" migrations and applies them to the database.\nfunc (mb *MigrationBox) Up(ctx context.Context) error {\n\t_, err := mb.UpTo(ctx, 0)\n\treturn errors.WithStack(err)\n}\n\n// UpTo runs up to step \"up\" migrations and applies them to the database.\n// If step <= 0 all pending migrations are run.\nfunc (mb *MigrationBox) UpTo(ctx context.Context, step int) (applied int, err error) {\n\tctx, span := startSpan(ctx, MigrationUpOpName, trace.WithAttributes(attribute.Int(\"step\", step)))\n\tdefer otelx.End(span, &err)\n\n\tc := mb.c.WithContext(ctx)\n\terr = mb.exec(ctx, func() error {\n\t\tmtn := sanitizedMigrationTableName(c)\n\t\tmfs := mb.migrationsUp.sortAndFilter(c.Dialect.Name())\n\t\tfor _, mi := range mfs {\n\t\t\tl := mb.l.WithField(\"version\", mi.Version).WithField(\"migration_name\", mi.Name).WithField(\"migration_file\", mi.Path)\n\n\t\t\tappliedMigrations := make([]string, 0, 2)\n\t\t\tlegacyVersion := mi.Version\n\t\t\tif len(legacyVersion) > 14 {\n\t\t\t\tlegacyVersion = legacyVersion[:14]\n\t\t\t}\n\t\t\terr := c.RawQuery(fmt.Sprintf(\"SELECT version FROM %s WHERE version IN (?, ?)\", mtn), mi.Version, legacyVersion).All(&appliedMigrations)\n\t\t\tif err != nil {\n\t\t\t\treturn errors.Wrapf(err, \"problem checking for migration version %s\", mi.Version)\n\t\t\t}\n\n\t\t\tif slices.Contains(appliedMigrations, mi.Version) {\n\t\t\t\tl.Debug(\"Migration has already been applied, skipping.\")\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tif slices.Contains(appliedMigrations, legacyVersion) {\n\t\t\t\tl.WithField(\"legacy_version\", legacyVersion).WithField(\"migration_table\", mtn).Debug(\"Migration has already been applied in a legacy migration run. Updating version in migration table.\")\n\t\t\t\tif err := mb.isolatedTransaction(ctx, \"init-migrate\", func(conn *pop.Connection) error {\n\t\t\t\t\t// We do not want to remove the legacy migration version or subsequent migrations might be applied twice.\n\t\t\t\t\t//\n\t\t\t\t\t// Do not activate the following - it is just for reference.\n\t\t\t\t\t//\n\t\t\t\t\t// if _, err := tx.Store.Exec(fmt.Sprintf(\"DELETE FROM %s WHERE version = ?\", mtn), legacyVersion); err != nil {\n\t\t\t\t\t//\treturn errors.Wrapf(err, \"problem removing legacy version %s\", mi.Version)\n\t\t\t\t\t// }\n\n\t\t\t\t\t// #nosec G201 - mtn is a system-wide const\n\t\t\t\t\terr := conn.RawQuery(fmt.Sprintf(\"INSERT INTO %s (version) VALUES (?)\", mtn), mi.Version).Exec()\n\t\t\t\t\treturn errors.Wrapf(err, \"problem inserting migration version %s\", mi.Version)\n\t\t\t\t}); err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tl.Info(\"Migration has not yet been applied, running migration.\")\n\n\t\t\tif err := mi.Valid(); err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\n\t\t\tnoTx := mb.shouldNotUseTransaction(mi)\n\t\t\tif noTx {\n\t\t\t\tl.Info(\"NOT running migrations inside a transaction\")\n\t\t\t\tif err := mi.Runner(mi, c); err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\n\t\t\t\t// #nosec G201 - mtn is a system-wide const\n\t\t\t\tif err := c.RawQuery(fmt.Sprintf(\"INSERT INTO %s (version) VALUES (?)\", mtn), mi.Version).Exec(); err != nil {\n\t\t\t\t\treturn errors.Wrapf(err, \"problem inserting migration version %s. YOUR DATABASE MAY BE IN AN INCONSISTENT STATE! MANUAL INTERVENTION REQUIRED!\", mi.Version)\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif err := mb.isolatedTransaction(ctx, \"up\", func(conn *pop.Connection) error {\n\t\t\t\t\tif err := mi.Runner(mi, conn); err != nil {\n\t\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t\t}\n\n\t\t\t\t\t// #nosec G201 - mtn is a system-wide const\n\t\t\t\t\tif err := conn.RawQuery(fmt.Sprintf(\"INSERT INTO %s (version) VALUES (?)\", mtn), mi.Version).Exec(); err != nil {\n\t\t\t\t\t\treturn errors.Wrapf(err, \"problem inserting migration version %s\", mi.Version)\n\t\t\t\t\t}\n\t\t\t\t\treturn nil\n\t\t\t\t}); err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tl.WithField(\"autocommit\", noTx).Infof(\"> %s applied successfully\", mi.Name)\n\t\t\tapplied++\n\t\t\tif step > 0 && applied >= step {\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t\tif applied == 0 {\n\t\t\tmb.l.Infof(\"Migrations already up to date, nothing to apply\")\n\t\t} else {\n\t\t\tmb.l.Infof(\"Successfully applied %d migrations.\", applied)\n\t\t}\n\t\treturn nil\n\t})\n\treturn applied, errors.WithStack(err)\n}\n\n// Down runs pending \"down\" migrations and rolls back the\n// database by the specified number of steps.\n// If step <= 0, all down migrations are run.\nfunc (mb *MigrationBox) Down(ctx context.Context, steps int) (err error) {\n\tctx, span := startSpan(ctx, MigrationDownOpName, trace.WithAttributes(attribute.Int(\"steps\", steps)))\n\tdefer otelx.End(span, &err)\n\n\tif steps <= 0 {\n\t\tsteps = math.MaxInt\n\t}\n\n\tc := mb.c.WithContext(ctx)\n\treturn errors.WithStack(mb.exec(ctx, func() (err error) {\n\t\tmtn := sanitizedMigrationTableName(c)\n\t\tcount, err := c.Count(mtn)\n\t\tif err != nil {\n\t\t\treturn errors.Wrap(err, \"migration down: unable count existing migration\")\n\t\t}\n\t\tsteps = min(steps, count)\n\n\t\tmfs := mb.migrationsDown.sortAndFilter(c.Dialect.Name())\n\t\tslices.Reverse(mfs)\n\t\tif len(mfs) > count {\n\t\t\t// skip all migrations that were not yet applied\n\t\t\tmfs = mfs[len(mfs)-count:]\n\t\t}\n\n\t\treverted := 0\n\t\tdefer func() {\n\t\t\tmigrationsToRevertCount := min(steps, len(mfs))\n\t\t\tmb.l.Debugf(\"Successfully reverted %d/%d migrations.\", reverted, migrationsToRevertCount)\n\t\t\tif err != nil {\n\t\t\t\tmb.l.WithError(err).Error(\"Problem reverting migrations.\")\n\t\t\t}\n\t\t}()\n\t\tfor i, mi := range mfs {\n\t\t\tif i >= steps {\n\t\t\t\tbreak\n\t\t\t}\n\t\t\tl := mb.l.WithField(\"version\", mi.Version).WithField(\"migration_name\", mi.Name).WithField(\"migration_file\", mi.Path)\n\t\t\tl.Debugf(\"handling migration %s\", mi.Name)\n\t\t\texists, err := c.Where(\"version = ?\", mi.Version).Exists(mtn)\n\t\t\tif err != nil {\n\t\t\t\treturn errors.Wrapf(err, \"problem checking for migration version %s\", mi.Version)\n\t\t\t}\n\n\t\t\tif !exists && len(mi.Version) > 14 {\n\t\t\t\tlegacyVersion := mi.Version[:14]\n\t\t\t\tlegacyVersionExists, err := c.Where(\"version = ?\", legacyVersion).Exists(mtn)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.Wrapf(err, \"problem checking for legacy migration version %s\", legacyVersion)\n\t\t\t\t}\n\n\t\t\t\tif !legacyVersionExists {\n\t\t\t\t\treturn errors.Errorf(\"neither normal (%s) nor legacy migration (%s) exist\", mi.Version, legacyVersion)\n\t\t\t\t}\n\t\t\t} else if !exists {\n\t\t\t\treturn errors.Errorf(\"migration version %s does not exist\", mi.Version)\n\t\t\t}\n\n\t\t\tif err := mi.Valid(); err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\n\t\t\tif mb.shouldNotUseTransaction(mi) {\n\t\t\t\terr := mi.Runner(mi, c)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\n\t\t\t\t// #nosec G201 - mtn is a system-wide const\n\t\t\t\tif err := c.RawQuery(fmt.Sprintf(\"DELETE FROM %s WHERE version = ?\", mtn), mi.Version).Exec(); err != nil {\n\t\t\t\t\treturn errors.Wrapf(err, \"problem deleting migration version %s. YOUR DATABASE MAY BE IN AN INCONSISTENT STATE! MANUAL INTERVENTION REQUIRED!\", mi.Version)\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif err := mb.isolatedTransaction(ctx, \"down\", func(conn *pop.Connection) error {\n\t\t\t\t\terr := mi.Runner(mi, conn)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t\t}\n\n\t\t\t\t\t// #nosec G201 - mtn is a system-wide const\n\t\t\t\t\tif err := conn.RawQuery(fmt.Sprintf(\"DELETE FROM %s WHERE version = ?\", mtn), mi.Version).Exec(); err != nil {\n\t\t\t\t\t\treturn errors.Wrapf(err, \"problem deleting migration version %s\", mi.Version)\n\t\t\t\t\t}\n\n\t\t\t\t\treturn nil\n\t\t\t\t}); err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tl.Infof(\"%s applied successfully\", mi.Name)\n\t\t\treverted++\n\t\t}\n\t\treturn nil\n\t}))\n}\n\nfunc (mb *MigrationBox) createTransactionalMigrationTable(ctx context.Context, c *pop.Connection, l *logrusx.Logger) error {\n\tmtn := sanitizedMigrationTableName(c)\n\n\tif err := mb.createMigrationStatusTableTransaction(ctx, []string{\n\t\tfmt.Sprintf(`CREATE TABLE %s (version VARCHAR (48) NOT NULL, version_self INT NOT NULL DEFAULT 0)`, mtn),\n\t\tfmt.Sprintf(`CREATE UNIQUE INDEX %s_version_idx ON %s (version)`, mtn, mtn),\n\t\tfmt.Sprintf(`CREATE INDEX %s_version_self_idx ON %s (version_self)`, mtn, mtn),\n\t}); err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tl.WithField(\"migration_table\", mtn).Debug(\"Transactional migration table created successfully.\")\n\n\treturn nil\n}\n\nfunc (mb *MigrationBox) migrateToTransactionalMigrationTable(ctx context.Context, c *pop.Connection, l *logrusx.Logger) error {\n\t// This means the new pop migrator has also not yet been applied, do that now.\n\tmtn := sanitizedMigrationTableName(c)\n\n\twithOn := fmt.Sprintf(\" ON %s\", mtn)\n\tif c.Dialect.Name() != \"mysql\" {\n\t\twithOn = \"\"\n\t}\n\n\tinterimTable := fmt.Sprintf(\"%s_transactional\", mtn)\n\tworkload := [][]string{\n\t\t{\n\t\t\tfmt.Sprintf(`DROP INDEX %s_version_idx%s`, mtn, withOn),\n\t\t\tfmt.Sprintf(`CREATE TABLE %s (version VARCHAR (48) NOT NULL, version_self INT NOT NULL DEFAULT 0)`, interimTable),\n\t\t\tfmt.Sprintf(`CREATE UNIQUE INDEX %s_version_idx ON %s (version)`, mtn, interimTable),\n\t\t\tfmt.Sprintf(`CREATE INDEX %s_version_self_idx ON %s (version_self)`, mtn, interimTable),\n\t\t\t// #nosec G201 - mtn is a system-wide const\n\t\t\tfmt.Sprintf(`INSERT INTO %s (version) SELECT version FROM %s`, interimTable, mtn),\n\t\t\tfmt.Sprintf(`ALTER TABLE %s RENAME TO %s_pop_legacy`, mtn, mtn),\n\t\t},\n\t\t{\n\t\t\tfmt.Sprintf(`ALTER TABLE %s RENAME TO %s`, interimTable, mtn),\n\t\t},\n\t}\n\n\tif err := mb.createMigrationStatusTableTransaction(ctx, workload...); err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tl.WithField(\"migration_table\", mtn).Debug(\"Successfully migrated legacy schema_migration to new transactional schema_migration table.\")\n\n\treturn nil\n}\n\nfunc (mb *MigrationBox) isolatedTransaction(ctx context.Context, direction string, fn func(c *pop.Connection) error) (err error) {\n\tctx, span := startSpan(ctx, MigrationRunTransactionOpName, trace.WithAttributes(attribute.String(\"migration_direction\", direction)))\n\tdefer otelx.End(span, &err)\n\n\tif mb.perMigrationTimeout > 0 {\n\t\tvar cancel context.CancelFunc\n\t\tctx, cancel = context.WithTimeoutCause(ctx, mb.perMigrationTimeout, errors.Errorf(\"failed to run all SQL migrations: direction=%s timeout=%s\", direction, mb.perMigrationTimeout))\n\t\tdefer cancel()\n\t}\n\n\treturn Transaction(ctx, mb.c.WithContext(ctx), func(ctx context.Context, connection *pop.Connection) error {\n\t\treturn errors.WithStack(fn(connection))\n\t})\n}\n\nfunc (mb *MigrationBox) createMigrationStatusTableTransaction(ctx context.Context, transactions ...[]string) error {\n\tfor _, statements := range transactions {\n\t\t// CockroachDB does not support transactional schema changes, so we have to run\n\t\t// the statements outside of a transaction.\n\t\tif mb.c.Dialect.Name() == \"cockroach\" || mb.c.Dialect.Name() == \"mysql\" {\n\t\t\tfor _, statement := range statements {\n\t\t\t\tif err := mb.c.WithContext(ctx).RawQuery(statement).Exec(); err != nil {\n\t\t\t\t\treturn errors.Wrapf(err, \"unable to execute statement: %s\", statement)\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tif err := mb.isolatedTransaction(ctx, \"init\", func(conn *pop.Connection) error {\n\t\t\t\tfor _, statement := range statements {\n\t\t\t\t\tif err := conn.WithContext(ctx).RawQuery(statement).Exec(); err != nil {\n\t\t\t\t\t\treturn errors.Wrapf(err, \"unable to execute statement: %s\", statement)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn nil\n\t\t\t}); err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n\n// CreateSchemaMigrations sets up a table to track migrations. This is an idempotent\n// operation.\nfunc (mb *MigrationBox) CreateSchemaMigrations(ctx context.Context) error {\n\tctx, span := startSpan(ctx, MigrationInitOpName)\n\tdefer span.End()\n\n\tc := mb.c.WithContext(ctx)\n\n\tmtn := sanitizedMigrationTableName(c)\n\tmb.l.WithField(\"migration_table\", mtn).Debug(\"Checking if legacy migration table exists.\")\n\t_, err := c.Store.Exec(fmt.Sprintf(\"select version from %s\", mtn))\n\tif err != nil {\n\t\tmb.l.WithError(err).WithField(\"migration_table\", mtn).Debug(\"An error occurred while checking for the legacy migration table, maybe it does not exist yet? Trying to create.\")\n\t\t// This means that the legacy pop migrator has not yet been applied\n\t\treturn errors.WithStack(mb.createTransactionalMigrationTable(ctx, c, mb.l))\n\t}\n\n\tmb.l.WithField(\"migration_table\", mtn).Debug(\"A migration table exists, checking if it is a transactional migration table.\")\n\t_, err = c.Store.Exec(fmt.Sprintf(\"select version, version_self from %s\", mtn))\n\tif err != nil {\n\t\tmb.l.WithError(err).WithField(\"migration_table\", mtn).Debug(\"An error occurred while checking for the transactional migration table, maybe it does not exist yet? Trying to create.\")\n\t\treturn errors.WithStack(mb.migrateToTransactionalMigrationTable(ctx, c, mb.l))\n\t}\n\n\tmb.l.WithField(\"migration_table\", mtn).Debug(\"Migration tables exist and are up to date.\")\n\treturn nil\n}\n\ntype MigrationStatus struct {\n\tState string `json:\"state\"`\n\tVersion string `json:\"version\"`\n\tName string `json:\"name\"`\n\tContentUp string `json:\"content\"`\n\tContentDown string `json:\"content_down\"`\n}\n\ntype MigrationStatuses []MigrationStatus\n\nvar _ cmdx.Table = (MigrationStatuses)(nil)\n\nfunc (m MigrationStatuses) Header() []string {\n\treturn []string{\"Version\", \"Name\", \"Status\"}\n}\n\nfunc (m MigrationStatuses) Table() [][]string {\n\tt := make([][]string, len(m))\n\tfor i, s := range m {\n\t\tt[i] = []string{s.Version, s.Name, s.State}\n\t}\n\treturn t\n}\n\nfunc (m MigrationStatuses) Interface() interface{} {\n\treturn m\n}\n\nfunc (m MigrationStatuses) Len() int {\n\treturn len(m)\n}\n\nfunc (m MigrationStatuses) IDs() []string {\n\tids := make([]string, len(m))\n\tfor i, s := range m {\n\t\tids[i] = s.Version\n\t}\n\treturn ids\n}\n\nfunc (m MigrationStatuses) HasPending() bool {\n\tfor _, mm := range m {\n\t\tif mm.State == Pending {\n\t\t\treturn true\n\t\t}\n\t}\n\treturn false\n}\n\nfunc sanitizedMigrationTableName(con *pop.Connection) string {\n\treturn regexp.MustCompile(`\\W`).ReplaceAllString(con.MigrationTableName(), \"\")\n}\n\nfunc errIsTableNotFound(err error) bool {\n\treturn strings.Contains(err.Error(), \"no such table:\") || // sqlite\n\t\tstrings.Contains(err.Error(), \"Error 1146\") || // MySQL\n\t\tstrings.Contains(err.Error(), \"SQLSTATE 42P01\") // PostgreSQL / CockroachDB\n}\n\n// Status prints out the status of applied/pending migrations.\nfunc (mb *MigrationBox) Status(ctx context.Context) (MigrationStatuses, error) {\n\tctx, span := startSpan(ctx, MigrationStatusOpName)\n\tdefer span.End()\n\n\tcon := mb.c.WithContext(ctx)\n\n\tmigrationsUp := mb.migrationsUp.sortAndFilter(con.Dialect.Name())\n\n\tif len(migrationsUp) == 0 {\n\t\treturn nil, errors.Errorf(\"unable to find any migrations for dialect: %s\", con.Dialect.Name())\n\t}\n\n\talreadyApplied := make([]string, 0, len(migrationsUp))\n\terr := con.RawQuery(fmt.Sprintf(\"SELECT version FROM %s\", sanitizedMigrationTableName(con))).All(&alreadyApplied)\n\tif err != nil {\n\t\tif errIsTableNotFound(err) {\n\t\t\t// This means that no migrations have been applied and we need to apply all of them first!\n\t\t\t//\n\t\t\t// It also means that we can ignore this state and act as if no migrations have been applied yet.\n\t\t} else {\n\t\t\t// On any other error, we fail.\n\t\t\treturn nil, errors.Wrap(err, \"problem with migration\")\n\t\t}\n\t}\n\n\tstatuses := make(MigrationStatuses, len(migrationsUp))\n\tfor k, mf := range migrationsUp {\n\t\tdownContent := \"-- error: no down migration defined for this migration\"\n\t\tif mDown := mb.migrationsDown.find(mf.Version, con.Dialect.Name()); mDown != nil {\n\t\t\tdownContent = mDown.Content\n\t\t}\n\t\tstatuses[k] = MigrationStatus{\n\t\t\tState: Pending,\n\t\t\tVersion: mf.Version,\n\t\t\tName: mf.Name,\n\t\t\tContentUp: mf.Content,\n\t\t\tContentDown: downContent,\n\t\t}\n\n\t\tif slices.ContainsFunc(alreadyApplied, func(applied string) bool {\n\t\t\treturn applied == mf.Version || (len(mf.Version) > 14 && applied == mf.Version[:14])\n\t\t}) {\n\t\t\tstatuses[k].State = Applied\n\t\t\tcontinue\n\t\t}\n\t}\n\n\treturn statuses, nil\n}\n\n// DumpMigrationSchema will generate a file of the current database schema\nfunc (mb *MigrationBox) DumpMigrationSchema(ctx context.Context) error {\n\tc := mb.c.WithContext(ctx)\n\tschema := \"schema.sql\"\n\tf, err := os.Create(schema) //#nosec:G304\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\terr = c.Dialect.DumpSchema(f)\n\tif err != nil {\n\t\t_ = os.RemoveAll(schema)\n\t\treturn errors.WithStack(err)\n\t}\n\treturn nil\n}\n\nfunc (mb *MigrationBox) exec(ctx context.Context, fn func() error) error {\n\tnow := time.Now()\n\tdefer mb.printTimer(now)\n\n\terr := mb.CreateSchemaMigrations(ctx)\n\tif err != nil {\n\t\treturn errors.Wrap(err, \"migrator: problem creating schema migrations\")\n\t}\n\n\tif mb.c.Dialect.Name() == \"sqlite3\" {\n\t\tif err := mb.c.RawQuery(\"PRAGMA foreign_keys=OFF\").Exec(); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\t}\n\n\tif mb.c.Dialect.Name() == \"cockroach\" {\n\t\touter := fn\n\t\tfn = func() error {\n\t\t\treturn errors.WithStack(crdb.Execute(outer))\n\t\t}\n\t}\n\n\tif err := fn(); err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tif mb.c.Dialect.Name() == \"sqlite3\" {\n\t\tif err := mb.c.RawQuery(\"PRAGMA foreign_keys=ON\").Exec(); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (mb *MigrationBox) printTimer(timerStart time.Time) {\n\tdiff := time.Since(timerStart).Seconds()\n\tif diff > 60 {\n\t\tmb.l.Debugf(\"%.4f minutes\", diff/60)\n\t} else {\n\t\tmb.l.Debugf(\"%.4f seconds\", diff)\n\t}\n}\n" }, { "path": "oryx/popx/span.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"context\"\n\n\t\"go.opentelemetry.io/otel/trace\"\n)\n\nconst (\n\tMigrationStatusOpName = \"migration-status\"\n\tMigrationInitOpName = \"migration-init\"\n\tMigrationUpOpName = \"migration-up\"\n\tMigrationRunTransactionOpName = \"migration-run-transaction\"\n\tMigrationDownOpName = \"migration-down\"\n)\n\nfunc startSpan(ctx context.Context, opName string, opts ...trace.SpanStartOption) (context.Context, trace.Span) {\n\treturn trace.SpanFromContext(ctx).TracerProvider().Tracer(tracingComponent).Start(ctx, opName, opts...)\n}\n" }, { "path": "oryx/popx/sql_template_funcs.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"regexp\"\n\n\t\"github.com/pkg/errors\"\n)\n\nvar SQLTemplateFuncs = map[string]interface{}{\n\t\"identifier\": Identifier,\n}\n\nvar identifierPattern = regexp.MustCompile(\"^[a-zA-Z][a-zA-Z0-9_]*$\")\n\nfunc Identifier(i string) (string, error) {\n\tif !identifierPattern.MatchString(i) {\n\t\treturn \"\", errors.Errorf(\"invalid SQL identifier '%s'\", i)\n\t}\n\treturn i, nil\n}\n" }, { "path": "oryx/popx/stub/migrations/check/valid/123_a.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/check/valid/123_a.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/check/valid/123_a.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_credentials\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_credential_types\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identities\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.cockroach.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" json NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credentials_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_credentials_identity_credential_types_id_fk\" FOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credential_identifiers_identity_credentials_id_fk\" FOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.mysql.down.sql", "content": "DROP TABLE `identity_credential_identifiers`;\nDROP TABLE `identity_credentials`;\nDROP TABLE `identity_credential_types`;\nDROP TABLE `identities`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.mysql.up.sql", "content": "CREATE TABLE `identities` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`traits_schema_id` VARCHAR (2048) NOT NULL,\n`traits` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nCREATE TABLE `identity_credential_types` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`name` VARCHAR (32) NOT NULL\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_credential_types_name_idx` ON `identity_credential_types` (`name`);\nCREATE TABLE `identity_credentials` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`config` JSON NOT NULL,\n`identity_credential_type_id` char(36) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade,\nFOREIGN KEY (`identity_credential_type_id`) REFERENCES `identity_credential_types` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `identity_credential_identifiers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identifier` VARCHAR (255) NOT NULL,\n`identity_credential_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_credential_id`) REFERENCES `identity_credentials` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_credential_identifiers_identifier_idx` ON `identity_credential_identifiers` (`identifier`);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";\nDROP TABLE \"identity_credentials\";\nDROP TABLE \"identity_credential_types\";\nDROP TABLE \"identities\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.postgres.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nCREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n);\nCREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);\nCREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" jsonb NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";\nDROP TABLE \"identity_credentials\";\nDROP TABLE \"identity_credential_types\";\nDROP TABLE \"identities\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000001_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" TEXT PRIMARY KEY,\n\"traits_schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nCREATE TABLE \"identity_credential_types\" (\n\"id\" TEXT PRIMARY KEY,\n\"name\" TEXT NOT NULL\n);\nCREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);\nCREATE TABLE \"identity_credentials\" (\n\"id\" TEXT PRIMARY KEY,\n\"config\" TEXT NOT NULL,\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade,\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON DELETE cascade\n);\nCREATE TABLE \"identity_credential_identifiers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_login_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_registration_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_registration_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_profile_management_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_login_request_methods_selfservice_login_requests_id_fk\" FOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_registration_request_methods_selfservice_registration_requests_id_fk\" FOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_profile_management_requests_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_login_request_methods`;\nDROP TABLE `selfservice_login_requests`;\nDROP TABLE `selfservice_registration_request_methods`;\nDROP TABLE `selfservice_registration_requests`;\nDROP TABLE `selfservice_profile_management_requests`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_login_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_login_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_login_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_login_request_id`) REFERENCES `selfservice_login_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_registration_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_registration_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_registration_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_registration_request_id`) REFERENCES `selfservice_registration_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_profile_management_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`update_successful` bool NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";\nDROP TABLE \"selfservice_login_requests\";\nDROP TABLE \"selfservice_registration_request_methods\";\nDROP TABLE \"selfservice_registration_requests\";\nDROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nCREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nCREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";\nDROP TABLE \"selfservice_login_requests\";\nDROP TABLE \"selfservice_registration_request_methods\";\nDROP TABLE \"selfservice_registration_requests\";\nDROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000002_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nCREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_login_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_login_request_id) REFERENCES selfservice_login_requests (id) ON DELETE cascade\n);\nCREATE TABLE \"selfservice_registration_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nCREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_registration_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_registration_request_id) REFERENCES selfservice_registration_requests (id) ON DELETE cascade\n);\nCREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.cockroach.down.sql", "content": "DROP TABLE \"sessions\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.cockroach.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"sessions_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.mysql.down.sql", "content": "DROP TABLE `sessions`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.mysql.up.sql", "content": "CREATE TABLE `sessions` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`authenticated_at` DATETIME NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.postgres.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.postgres.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.sqlite3.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000003_sessions.sqlite3.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.cockroach.down.sql", "content": "DROP TABLE \"selfservice_errors\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" json NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.mysql.down.sql", "content": "DROP TABLE `selfservice_errors`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.mysql.up.sql", "content": "CREATE TABLE `selfservice_errors` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`errors` JSON NOT NULL,\n`seen_at` DATETIME NOT NULL,\n`was_seen` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.postgres.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.postgres.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" jsonb NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000004_errors.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000005_identities.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255);\n" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000005_identities.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.cockroach.down.sql", "content": "DROP TABLE \"courier_messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.cockroach.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.mysql.down.sql", "content": "DROP TABLE `courier_messages`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.mysql.up.sql", "content": "CREATE TABLE `courier_messages` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`type` INTEGER NOT NULL,\n`status` INTEGER NOT NULL,\n`body` VARCHAR (255) NOT NULL,\n`subject` VARCHAR (255) NOT NULL,\n`recipient` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.postgres.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.postgres.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.sqlite3.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000006_courier.sqlite3.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` DROP COLUMN `csrf_token`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` ADD COLUMN `csrf_token` VARCHAR (255) NOT NULL DEFAULT \"\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at) SELECT id, errors, seen_at, was_seen, created_at, updated_at FROM \"selfservice_errors\";\n\nDROP TABLE \"selfservice_errors\";\nALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000007_errors.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" TEXT NOT NULL DEFAULT '';" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.cockroach.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_verifiable_addresses\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.cockroach.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verifiable_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.mysql.down.sql", "content": "DROP TABLE `selfservice_verification_requests`;\nDROP TABLE `identity_verifiable_addresses`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.mysql.up.sql", "content": "CREATE TABLE `identity_verifiable_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`code` VARCHAR (32) NOT NULL,\n`status` VARCHAR (16) NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`verified` bool NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`verified_at` DATETIME,\n`expires_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`);\nCREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`);\nCREATE UNIQUE INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses` (`via`, `value`);\nCREATE INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses` (`via`, `value`);\nCREATE TABLE `selfservice_verification_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`success` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.postgres.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";\nDROP TABLE \"identity_verifiable_addresses\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.postgres.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";\nDROP TABLE \"identity_verifiable_addresses\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000008_selfservice_verification.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"code\" TEXT NOT NULL,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE TABLE \"selfservice_verification_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000009_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255);\n" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000009_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.cockroach.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.mysql.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.postgres.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.sqlite3.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nCREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n);\nINSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\";\nDROP TABLE \"selfservice_errors\";\nALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000010_errors.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n);\nINSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\";\nDROP TABLE \"selfservice_errors\";\nALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000011_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" RENAME COLUMN \"body\" TO \"_body_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"courier_messages\" ADD COLUMN \"body\" text;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"courier_messages\" SET \"body\" = \"_body_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" SET NOT NULL;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"courier_messages\" DROP COLUMN \"_body_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000011_courier_body_type.mysql.up.sql", "content": "ALTER TABLE `courier_messages` MODIFY `body` text NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000011_courier_body_type.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" TYPE text, ALTER COLUMN \"body\" SET NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000011_courier_body_type.sqlite3.up.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at) SELECT id, type, status, body, subject, recipient, created_at, updated_at FROM \"courier_messages\";\nDROP TABLE \"courier_messages\";\nALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `forced`;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `forced` bool NOT NULL DEFAULT false;" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_login_requests\";\n\nDROP TABLE \"selfservice_login_requests\";\nALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20191100000012_login_request_forced.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}';COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_profile_management_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `form` JSON;\nUPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);\nALTER TABLE `selfservice_profile_management_requests` MODIFY `form` JSON;\nDROP TABLE `selfservice_profile_management_request_methods`;\nALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `active_method`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.mysql.up.sql", "content": "CREATE TABLE `selfservice_profile_management_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_profile_management_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `active_method` VARCHAR (32);\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `form`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" jsonb;\nUPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);\nALTER TABLE \"selfservice_profile_management_requests\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL;\nDROP TABLE \"selfservice_profile_management_request_methods\";\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.postgres.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32);\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\";\nCREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful FROM \"selfservice_profile_management_requests\";\n\nDROP TABLE \"selfservice_profile_management_requests\";\nALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200317160354_create_profile_request_forms.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_profile_management_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" TEXT;\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nCREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) SELECT id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method FROM \"selfservice_profile_management_requests\";\n\nDROP TABLE \"selfservice_profile_management_requests\";\nALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.cockroach.down.sql", "content": "DROP TABLE \"continuity_containers\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.cockroach.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" json,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"continuity_containers_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.mysql.down.sql", "content": "DROP TABLE `continuity_containers`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.mysql.up.sql", "content": "CREATE TABLE `continuity_containers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identity_id` char(36),\n`name` VARCHAR (255) NOT NULL,\n`payload` JSON,\n`expires_at` DATETIME NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.postgres.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.postgres.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" jsonb,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.sqlite3.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200401183443_continuity_containers.sqlite3.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identity_id\" char(36),\n\"name\" TEXT NOT NULL,\n\"payload\" TEXT,\n\"expires_at\" DATETIME NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` CHANGE `selfservice_settings_request_id` `selfservice_profile_management_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_profile_management_request_methods`;\nALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_profile_management_requests`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_request_methods` CHANGE `selfservice_profile_management_request_id` `selfservice_settings_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_profile_management_request_methods` RENAME TO `selfservice_settings_request_methods`;\nALTER TABLE `selfservice_profile_management_requests` RENAME TO `selfservice_settings_requests`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200402142539_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_recovery_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_recovery_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_recovery_addresses\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" json,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_requests_identities_id_fk\" FOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" json NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_request_methods_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\" FOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `identity_recovery_tokens`;\nDROP TABLE `selfservice_recovery_request_methods`;\nDROP TABLE `selfservice_recovery_requests`;\nDROP TABLE `identity_recovery_addresses`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `identity_recovery_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`via` VARCHAR (16) NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses` (`via`, `value`);\nCREATE INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses` (`via`, `value`);\nCREATE TABLE `selfservice_recovery_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`messages` JSON,\n`active_method` VARCHAR (32),\n`csrf_token` VARCHAR (255) NOT NULL,\n`state` VARCHAR (32) NOT NULL,\n`recovered_identity_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`recovered_identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_recovery_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`config` JSON NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `identity_recovery_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`identity_recovery_address_id` char(36) NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_recovery_address_id`) REFERENCES `identity_recovery_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_recovery_addresses_code_uq_idx` ON `identity_recovery_tokens` (`token`);\nCREATE INDEX `identity_recovery_addresses_code_idx` ON `identity_recovery_tokens` (`token`);" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";\nDROP TABLE \"selfservice_recovery_request_methods\";\nDROP TABLE \"selfservice_recovery_requests\";\nDROP TABLE \"identity_recovery_addresses\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" jsonb,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" jsonb NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";\nDROP TABLE \"selfservice_recovery_request_methods\";\nDROP TABLE \"selfservice_recovery_requests\";\nDROP TABLE \"identity_recovery_addresses\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101057_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"via\" TEXT NOT NULL,\n\"value\" TEXT NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON DELETE cascade\n);\nCREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"config\" TEXT NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n);\nCREATE TABLE \"identity_recovery_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101058_create_recovery_addresses.mysql.down.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64);\n" }, { "path": "oryx/popx/stub/migrations/legacy/20200519101058_create_recovery_addresses.mysql.up.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `messages`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `messages` JSON;" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101000_create_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101001_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/legacy/20200601101001_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(32) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_requests` DROP COLUMN `messages`;\nALTER TABLE `selfservice_login_requests` DROP COLUMN `messages`;\nALTER TABLE `selfservice_registration_requests` DROP COLUMN `messages`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` ADD COLUMN `messages` JSON;\nALTER TABLE `selfservice_login_requests` ADD COLUMN `messages` JSON;\nALTER TABLE `selfservice_registration_requests` ADD COLUMN `messages` JSON;" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\";\nALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\";\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" jsonb;\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" jsonb;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n);\nINSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, via, success FROM \"selfservice_verification_requests\";\n\nDROP TABLE \"selfservice_verification_requests\";\nALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\";\nCREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false'\n);\nINSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced FROM \"selfservice_login_requests\";\n\nDROP TABLE \"selfservice_login_requests\";\nALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";\nCREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_registration_requests\";\n\nDROP TABLE \"selfservice_registration_requests\";\nALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200605111551_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" TEXT;\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" TEXT;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `state`;\nALTER TABLE `selfservice_settings_requests` ADD COLUMN `update_successful` bool NOT NULL DEFAULT false;" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form';\nALTER TABLE `selfservice_settings_requests` DROP COLUMN `update_successful`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\";\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/legacy/20200607165100_settings.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';\nCREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.cockroach.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.cockroach.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.mysql.down.sql", "content": "ALTER TABLE `identities` CHANGE `schema_id` `traits_schema_id` varchar(2048) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.mysql.up.sql", "content": "ALTER TABLE `identities` CHANGE `traits_schema_id` `schema_id` varchar(2048) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.postgres.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.postgres.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.sqlite3.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200705105359_rename_identities_schema.sqlite3.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_registration_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_settings_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_recovery_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_verification_requests` DROP COLUMN `type`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_registration_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_settings_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_recovery_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_verification_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"messages\" TEXT\n);\nINSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages FROM \"selfservice_login_requests\";\n\nDROP TABLE \"selfservice_login_requests\";\nALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";\nCREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT\n);\nINSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages FROM \"selfservice_registration_requests\";\n\nDROP TABLE \"selfservice_registration_requests\";\nALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\";\nCREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";\nCREATE TABLE \"_selfservice_recovery_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_recovery_requests_tmp\" (id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at FROM \"selfservice_recovery_requests\";\n\nDROP TABLE \"selfservice_recovery_requests\";\nALTER TABLE \"_selfservice_recovery_requests_tmp\" RENAME TO \"selfservice_recovery_requests\";\nCREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n);\nINSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, via, success FROM \"selfservice_verification_requests\";\n\nDROP TABLE \"selfservice_verification_requests\";\nALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810141652_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` RENAME TO `selfservice_login_requests`;\nALTER TABLE `selfservice_login_flow_methods` RENAME TO `selfservice_login_request_methods`;\nALTER TABLE `selfservice_registration_flow_methods` RENAME TO `selfservice_registration_request_methods`;\nALTER TABLE `selfservice_registration_flows` RENAME TO `selfservice_registration_requests`;\nALTER TABLE `selfservice_settings_flow_methods` RENAME TO `selfservice_settings_request_methods`;\nALTER TABLE `selfservice_settings_flows` RENAME TO `selfservice_settings_requests`;\nALTER TABLE `selfservice_recovery_flow_methods` RENAME TO `selfservice_recovery_request_methods`;\nALTER TABLE `selfservice_recovery_flows` RENAME TO `selfservice_recovery_requests`;\nALTER TABLE `selfservice_verification_flows` RENAME TO `selfservice_verification_requests`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_request_methods` RENAME TO `selfservice_login_flow_methods`;\nALTER TABLE `selfservice_login_requests` RENAME TO `selfservice_login_flows`;\nALTER TABLE `selfservice_registration_request_methods` RENAME TO `selfservice_registration_flow_methods`;\nALTER TABLE `selfservice_registration_requests` RENAME TO `selfservice_registration_flows`;\nALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_settings_flow_methods`;\nALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_settings_flows`;\nALTER TABLE `selfservice_recovery_request_methods` RENAME TO `selfservice_recovery_flow_methods`;\nALTER TABLE `selfservice_recovery_requests` RENAME TO `selfservice_recovery_flows`;\nALTER TABLE `selfservice_verification_requests` RENAME TO `selfservice_verification_flows`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";\nALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";\nALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";\nALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";\nALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";\nALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";\nALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";\nALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";\nALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";\nALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";\nALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";\nALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";\nALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";\nALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";\nALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810161022_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";\nALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";\nALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";\nALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";\nALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";\nALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";\nALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_flow_id` `selfservice_login_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_flow_id` `selfservice_registration_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_flow_id` `selfservice_settings_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_request_id` `selfservice_login_flow_id` char(36) NOT NULL;\nALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_request_id` `selfservice_registration_flow_id` char(36) NOT NULL;\nALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL;\nALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_request_id` `selfservice_settings_flow_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200810162450_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.cockroach.up.sql", "content": "DELETE FROM sessions;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" RENAME COLUMN \"token\" TO \"_token_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"sessions\" SET \"token\" = \"_token_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" DROP COLUMN \"_token_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `token`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.mysql.up.sql", "content": "DELETE FROM sessions;\nALTER TABLE `sessions` ADD COLUMN `token` VARCHAR (32);\nALTER TABLE `sessions` MODIFY `token` VARCHAR (32);\nCREATE UNIQUE INDEX `sessions_token_uq_idx` ON `sessions` (`token`);\nCREATE INDEX `sessions_token_idx` ON `sessions` (`token`);" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.postgres.up.sql", "content": "DELETE FROM sessions;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);\nALTER TABLE \"sessions\" ALTER COLUMN \"token\" TYPE VARCHAR (32), ALTER COLUMN \"token\" DROP NOT NULL;\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);\nCREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";\nDROP INDEX IF EXISTS \"sessions_token_idx\";\nCREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at FROM \"sessions\";\n\nDROP TABLE \"sessions\";\nALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200812124254_add_session_token.sqlite3.up.sql", "content": "DELETE FROM sessions;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" TEXT;\nCREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\";\nDROP TABLE \"sessions\";\nALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);\nCREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `active`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `active` boolean DEFAULT false;" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";\nDROP INDEX IF EXISTS \"sessions_token_uq_idx\";\nCREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);\nINSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\";\n\nDROP TABLE \"sessions\";\nALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200812160551_add_session_revoke.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" NUMERIC DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.sqlite3.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830121710_update_recovery_token.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}';COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_verification_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `form` JSON;\nUPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);\nALTER TABLE `selfservice_verification_flows` MODIFY `form` JSON;\nDROP TABLE `selfservice_verification_flow_methods`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `active_method`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `state`;\nALTER TABLE `selfservice_verification_flows` ADD COLUMN `via` VARCHAR (16) NOT NULL DEFAULT 'email';\nALTER TABLE `selfservice_verification_flows` ADD COLUMN `success` bool NOT NULL DEFAULT FALSE;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" jsonb;\nUPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);\nALTER TABLE \"selfservice_verification_flows\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL;\nDROP TABLE \"selfservice_verification_flow_methods\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\";\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email';\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form'\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser'\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" TEXT NOT NULL DEFAULT 'email';\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130642_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130643_add_verification_methods.cockroach.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130643_add_verification_methods.mysql.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130643_add_verification_methods.postgres.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130643_add_verification_methods.sqlite3.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130644_add_verification_methods.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130644_add_verification_methods.mysql.up.sql", "content": "CREATE TABLE `selfservice_verification_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_verification_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nALTER TABLE `selfservice_verification_flows` ADD COLUMN `active_method` VARCHAR (32);" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130644_add_verification_methods.postgres.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130644_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_verification_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" TEXT;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130645_add_verification_methods.cockroach.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130645_add_verification_methods.mysql.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130645_add_verification_methods.postgres.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130645_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130646_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130646_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `form`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `via`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `success`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130646_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830130646_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.cockroach.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.cockroach.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verification_tokens_identity_verifiable_addresses_id_fk\" FOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_verification_tokens_selfservice_verification_flows_id_fk\" FOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.mysql.down.sql", "content": "DROP TABLE `identity_verification_tokens`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.mysql.up.sql", "content": "CREATE TABLE `identity_verification_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`expires_at` DATETIME NOT NULL,\n`issued_at` DATETIME NOT NULL,\n`identity_verifiable_address_id` char(36) NOT NULL,\n`selfservice_verification_flow_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_verifiable_address_id`) REFERENCES `identity_verifiable_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_verification_flow_id`) REFERENCES `selfservice_verification_flows` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_verification_tokens_token_uq_idx` ON `identity_verification_tokens` (`token`);\nCREATE INDEX `identity_verification_tokens_token_idx` ON `identity_verification_tokens` (`token`);\nCREATE INDEX `identity_verification_tokens_verifiable_address_id_idx` ON `identity_verification_tokens` (`identity_verifiable_address_id`);\nCREATE INDEX `identity_verification_tokens_verification_flow_id_idx` ON `identity_verification_tokens` (`selfservice_verification_flow_id`);" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.postgres.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.postgres.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.sqlite3.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830154602_add_verification_token.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.cockroach.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.mysql.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36) NOT NULL;\nALTER TABLE `identity_recovery_tokens` DROP COLUMN `expires_at`;\nALTER TABLE `identity_recovery_tokens` DROP COLUMN `issued_at`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `expires_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE `identity_recovery_tokens` ADD COLUMN `issued_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36);" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.postgres.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\";\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" DROP NOT NULL;" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.sqlite3.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\";\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at FROM \"identity_recovery_tokens\";\n\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at FROM \"identity_recovery_tokens\";\n\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200830172221_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\";\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE identity_verifiable_addresses SET code = substr(md5(uuid_v4()), 0, 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"code\" TO \"_code_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_verifiable_addresses\" SET \"code\" = \"_code_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" SET NOT NULL;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_code_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"expires_at\" TO \"_expires_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_verifiable_addresses\" SET \"expires_at\" = \"_expires_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_expires_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD COLUMN `code` VARCHAR (32);\nALTER TABLE `identity_verifiable_addresses` ADD COLUMN `expires_at` DATETIME;\nUPDATE identity_verifiable_addresses SET code = LEFT(SHA2(RANDOM_BYTES(32), 256), 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nALTER TABLE `identity_verifiable_addresses` MODIFY `code` VARCHAR (32) NOT NULL;\nALTER TABLE `identity_verifiable_addresses` MODIFY `expires_at` DATETIME;\nCREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`);\nCREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`);\n" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses`;\nDROP INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses`;\nALTER TABLE `identity_verifiable_addresses` DROP COLUMN `code`;\nALTER TABLE `identity_verifiable_addresses` DROP COLUMN `expires_at`;" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;\nUPDATE identity_verifiable_addresses SET code = substr(md5(random()::text), 0, 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" TYPE VARCHAR (32), ALTER COLUMN \"code\" SET NOT NULL;\nALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"expires_at\" TYPE timestamp, ALTER COLUMN \"expires_at\" DROP NOT NULL;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_code_uq_idx\";\nDROP INDEX \"identity_verifiable_addresses_code_idx\";\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\";\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" TEXT;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" DATETIME;\nUPDATE identity_verifiable_addresses SET code = substr(hex(randomblob(32)), 0, 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\";\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\";\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "oryx/popx/stub/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\";\n\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\";\n\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.cockroach.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.mysql.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.postgres.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.sqlite3.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/legacy/20201201161451_credential_types_values.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/stub/migrations/notx/20241031_notx.autocommit.down.sql", "content": "BEGIN;ROLLBACK;" }, { "path": "oryx/popx/stub/migrations/notx/20241031_notx.autocommit.up.sql", "content": "BEGIN;ROLLBACK;" }, { "path": "oryx/popx/stub/migrations/source/20191100000001_identities.down.fizz", "content": "drop_table(\"identity_credential_identifiers\")\ndrop_table(\"identity_credentials\")\ndrop_table(\"identity_credential_types\")\ndrop_table(\"identities\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000001_identities.up.fizz", "content": "create_table(\"identities\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"traits_schema_id\", \"string\", {\"size\": 2048})\n t.Column(\"traits\", \"json\")\n}\n\ncreate_table(\"identity_credential_types\") {\n \tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"name\", \"string\", { \"size\": 32 })\n\n t.DisableTimestamps()\n}\n\nadd_index(\"identity_credential_types\", \"name\", {\"unique\": true})\n\ncreate_table(\"identity_credentials\") {\n \tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"config\", \"json\")\n\n t.Column(\"identity_credential_type_id\", \"uuid\")\n t.Column(\"identity_id\", \"uuid\")\n\n t.ForeignKey(\"identity_id\", {\"identities\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n t.ForeignKey(\"identity_credential_type_id\", {\"identity_credential_types\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\ncreate_table(\"identity_credential_identifiers\") {\n \tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"identifier\", \"string\", {\"size\": 255})\n t.Column(\"identity_credential_id\", \"uuid\")\n t.ForeignKey(\"identity_credential_id\", {\"identity_credentials\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\nadd_index(\"identity_credential_identifiers\", \"identifier\", {\"unique\": true})\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000002_requests.down.fizz", "content": "drop_table(\"selfservice_login_request_methods\")\ndrop_table(\"selfservice_login_requests\")\n\ndrop_table(\"selfservice_registration_request_methods\")\ndrop_table(\"selfservice_registration_requests\")\n\ndrop_table(\"selfservice_profile_management_requests\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000002_requests.up.fizz", "content": "create_table(\"selfservice_login_requests\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"request_url\", \"string\", {\"size\": 2048})\n t.Column(\"issued_at\", \"timestamp\", { \"default_raw\": \"CURRENT_TIMESTAMP\" })\n t.Column(\"expires_at\", \"timestamp\")\n t.Column(\"active_method\", \"string\", {\"size\": 32})\n t.Column(\"csrf_token\", \"string\")\n}\n\ncreate_table(\"selfservice_login_request_methods\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"method\", \"string\", {\"size\": 32})\n t.Column(\"selfservice_login_request_id\", \"uuid\")\n t.Column(\"config\", \"json\")\n\n t.ForeignKey(\"selfservice_login_request_id\", {\"selfservice_login_requests\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\ncreate_table(\"selfservice_registration_requests\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"request_url\", \"string\", {\"size\": 2048})\n t.Column(\"issued_at\", \"timestamp\", { \"default_raw\": \"CURRENT_TIMESTAMP\" })\n t.Column(\"expires_at\", \"timestamp\")\n t.Column(\"active_method\", \"string\", {\"size\": 32})\n t.Column(\"csrf_token\", \"string\")\n}\n\ncreate_table(\"selfservice_registration_request_methods\") {\n t.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"method\", \"string\", {\"size\": 32})\n t.Column(\"selfservice_registration_request_id\", \"uuid\")\n t.Column(\"config\", \"json\")\n\n t.ForeignKey(\"selfservice_registration_request_id\", {\"selfservice_registration_requests\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\ncreate_table(\"selfservice_profile_management_requests\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"request_url\", \"string\", {\"size\": 2048})\n t.Column(\"issued_at\", \"timestamp\", { \"default_raw\": \"CURRENT_TIMESTAMP\" })\n t.Column(\"expires_at\", \"timestamp\")\n t.Column(\"form\", \"json\")\n t.Column(\"update_successful\", \"bool\")\n t.Column(\"identity_id\", \"uuid\")\n\n t.ForeignKey(\"identity_id\", {\"identities\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000003_sessions.down.fizz", "content": "drop_table(\"sessions\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000003_sessions.up.fizz", "content": "create_table(\"sessions\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"issued_at\", \"timestamp\", { \"default_raw\": \"CURRENT_TIMESTAMP\" })\n t.Column(\"expires_at\", \"timestamp\")\n t.Column(\"authenticated_at\", \"timestamp\")\n t.Column(\"identity_id\", \"uuid\")\n\n t.ForeignKey(\"identity_id\", {\"identities\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000004_errors.down.fizz", "content": "drop_table(\"selfservice_errors\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000004_errors.up.fizz", "content": "create_table(\"selfservice_errors\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"errors\", \"json\")\n t.Column(\"seen_at\", \"timestamp\")\n t.Column(\"was_seen\", \"bool\")\n}\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000005_identities.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255);\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000005_identities.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000006_courier.down.fizz", "content": "drop_table(\"courier_messages\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000006_courier.up.fizz", "content": "create_table(\"courier_messages\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n\n t.Column(\"type\", \"int\")\n t.Column(\"status\", \"int\")\n\n t.Column(\"body\", \"string\")\n t.Column(\"subject\", \"string\")\n t.Column(\"recipient\", \"string\")\n}\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000007_errors.down.fizz", "content": "drop_column(\"selfservice_errors\", \"csrf_token\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000007_errors.up.fizz", "content": "add_column(\"selfservice_errors\", \"csrf_token\", \"string\", {\"default\": \"\"})\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000008_selfservice_verification.down.fizz", "content": "drop_table(\"selfservice_verification_requests\")\ndrop_table(\"identity_verifiable_addresses\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000008_selfservice_verification.up.fizz", "content": "create_table(\"identity_verifiable_addresses\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n\n t.Column(\"code\", \"string\", {\"size\": 32})\n t.Column(\"status\", \"string\", {\"size\": 16})\n t.Column(\"via\", \"string\", {\"size\": 16})\n t.Column(\"verified\", \"bool\")\n\n t.Column(\"value\", \"string\", {\"size\": 400})\n\n t.Column(\"verified_at\", \"timestamp\", {\"null\": true})\n t.Column(\"expires_at\", \"timestamp\", { \"default_raw\": \"CURRENT_TIMESTAMP\" })\n\n t.Column(\"identity_id\", \"uuid\")\n t.ForeignKey(\"identity_id\", {\"identities\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\nadd_index(\"identity_verifiable_addresses\", [\"code\"], { \"unique\": true, \"name\": \"identity_verifiable_addresses_code_uq_idx\" })\nadd_index(\"identity_verifiable_addresses\", [\"code\"], { \"name\": \"identity_verifiable_addresses_code_idx\" })\n\nadd_index(\"identity_verifiable_addresses\", [\"via\", \"value\"], { \"unique\": true, \"name\": \"identity_verifiable_addresses_status_via_uq_idx\" })\nadd_index(\"identity_verifiable_addresses\", [\"via\", \"value\"], { \"name\": \"identity_verifiable_addresses_status_via_idx\" })\n\ncreate_table(\"selfservice_verification_requests\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n\n t.Column(\"request_url\", \"string\", {\"size\": 2048})\n t.Column(\"issued_at\", \"timestamp\", { \"default_raw\": \"CURRENT_TIMESTAMP\" })\n t.Column(\"expires_at\", \"timestamp\")\n\n t.Column(\"form\", \"json\")\n t.Column(\"via\", \"string\", {\"size\": 16})\n t.Column(\"csrf_token\", \"string\")\n t.Column(\"success\", \"bool\")\n}\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000009_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255);\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000009_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000010_errors.down.fizz", "content": "sql(\"UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\")\nchange_column(\"selfservice_errors\", \"seen_at\", \"timestamp\", { null: false })\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000010_errors.up.fizz", "content": "change_column(\"selfservice_errors\", \"seen_at\", \"timestamp\", { \"null\": true })\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000011_courier_body_type.down.fizz", "content": "<%#\n\nDo nothing because the change will not be able to preserve data and the change is insignificant as it's compatible\nwith both code bases (prior and after this change).\n\nWARNING: https://github.com/gobuffalo/fizz/issues/45#issuecomment-586833728\n%>\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000011_courier_body_type.up.fizz", "content": "change_column(\"courier_messages\", \"body\", \"text\", {})\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000012_login_request_forced.down.fizz", "content": "drop_column(\"selfservice_login_requests\", \"forced\")\n" }, { "path": "oryx/popx/stub/migrations/source/20191100000012_login_request_forced.up.fizz", "content": "add_column(\"selfservice_login_requests\", \"forced\", \"bool\", {\"default\": false})\n" }, { "path": "oryx/popx/stub/migrations/source/20200317160354_create_profile_request_forms.down.fizz", "content": "{{ if or .IsPostgreSQL .IsMySQL .IsMariaDB }}\n add_column(\"selfservice_profile_management_requests\", \"form\", \"json\", { \"null\": true })\n sql(\"UPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);\")\n change_column(\"selfservice_profile_management_requests\", \"form\", \"json\", { \"null\": false })\n{{ end }}\n\n{{ if .IsCockroach }}\n add_column(\"selfservice_profile_management_requests\", \"form\", \"json\", { \"default\": \"{}\" })\n{{ end }}\n\ndrop_table(\"selfservice_profile_management_request_methods\")\ndrop_column(\"selfservice_profile_management_requests\", \"active_method\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200317160354_create_profile_request_forms.up.fizz", "content": "create_table(\"selfservice_profile_management_request_methods\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"method\", \"string\", {\"size\": 32})\n t.Column(\"selfservice_profile_management_request_id\", \"uuid\")\n t.Column(\"config\", \"json\")\n}\n\nadd_column(\"selfservice_profile_management_requests\", \"active_method\", \"string\", {\"size\": 32, null: true})\n\nsql(\"INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\")\n\ndrop_column(\"selfservice_profile_management_requests\", \"form\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200401183443_continuity_containers.down.fizz", "content": "drop_table(\"continuity_containers\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200401183443_continuity_containers.up.fizz", "content": "create_table(\"continuity_containers\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n\n\tt.Column(\"identity_id\", \"uuid\", {null: true})\n\n t.Column(\"name\", \"string\")\n t.Column(\"payload\", \"json\", {null: true})\n t.Column(\"expires_at\", \"timestamp\")\n\n t.ForeignKey(\"identity_id\", {\"identities\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n" }, { "path": "oryx/popx/stub/migrations/source/20200402142539_rename_profile_flows.down.fizz", "content": "rename_column(\"selfservice_settings_request_methods\", \"selfservice_settings_request_id\", \"selfservice_profile_management_request_id\")\n\nrename_table(\"selfservice_settings_request_methods\", \"selfservice_profile_management_request_methods\")\nrename_table(\"selfservice_settings_requests\", \"selfservice_profile_management_requests\")\n\n" }, { "path": "oryx/popx/stub/migrations/source/20200402142539_rename_profile_flows.up.fizz", "content": "rename_column(\"selfservice_profile_management_request_methods\", \"selfservice_profile_management_request_id\", \"selfservice_settings_request_id\")\n\nrename_table(\"selfservice_profile_management_request_methods\", \"selfservice_settings_request_methods\")\nrename_table(\"selfservice_profile_management_requests\", \"selfservice_settings_requests\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200519101057_create_recovery_addresses.down.fizz", "content": "drop_table(\"identity_recovery_tokens\")\ndrop_table(\"selfservice_recovery_request_methods\")\ndrop_table(\"selfservice_recovery_requests\")\ndrop_table(\"identity_recovery_addresses\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200519101057_create_recovery_addresses.up.fizz", "content": "create_table(\"identity_recovery_addresses\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n\n t.Column(\"via\", \"string\", {\"size\": 16})\n t.Column(\"value\", \"string\", {\"size\": 400})\n\n t.Column(\"identity_id\", \"uuid\")\n t.ForeignKey(\"identity_id\", {\"identities\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\nadd_index(\"identity_recovery_addresses\", [\"via\", \"value\"], { \"unique\": true, \"name\": \"identity_recovery_addresses_status_via_uq_idx\" })\nadd_index(\"identity_recovery_addresses\", [\"via\", \"value\"], { \"name\": \"identity_recovery_addresses_status_via_idx\" })\n\ncreate_table(\"selfservice_recovery_requests\") {\n t.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"request_url\", \"string\", {\"size\": 2048})\n t.Column(\"issued_at\", \"timestamp\", { \"default_raw\": \"CURRENT_TIMESTAMP\" })\n t.Column(\"expires_at\", \"timestamp\")\n t.Column(\"messages\", \"json\", {\"null\": true})\n t.Column(\"active_method\", \"string\", {\"size\": 32, \"null\": true})\n t.Column(\"csrf_token\", \"string\")\n t.Column(\"state\", \"string\", {\"size\": 32})\n\n t.Column(\"recovered_identity_id\", \"uuid\", { \"null\": true })\n t.ForeignKey(\"recovered_identity_id\", {\"identities\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\ncreate_table(\"selfservice_recovery_request_methods\") {\n t.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"method\", \"string\", {\"size\": 32})\n t.Column(\"config\", \"json\")\n\n t.Column(\"selfservice_recovery_request_id\", \"uuid\")\n t.ForeignKey(\"selfservice_recovery_request_id\", {\"selfservice_recovery_requests\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\ncreate_table(\"identity_recovery_tokens\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n\n t.Column(\"token\", \"string\", {\"size\": 64})\n t.Column(\"used\", \"bool\", {\"default\": false})\n t.Column(\"used_at\", \"timestamp\", {\"null\": true})\n\n t.Column(\"identity_recovery_address_id\", \"uuid\")\n t.ForeignKey(\"identity_recovery_address_id\", {\"identity_recovery_addresses\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n\n t.Column(\"selfservice_recovery_request_id\", \"uuid\")\n t.ForeignKey(\"selfservice_recovery_request_id\", {\"selfservice_recovery_requests\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\nadd_index(\"identity_recovery_tokens\", [\"token\"], { \"unique\": true, \"name\": \"identity_recovery_addresses_code_uq_idx\" })\nadd_index(\"identity_recovery_tokens\", [\"token\"], { \"name\": \"identity_recovery_addresses_code_idx\" })\n" }, { "path": "oryx/popx/stub/migrations/source/20200519101058_create_recovery_addresses.mysql.down.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64);\n" }, { "path": "oryx/popx/stub/migrations/source/20200519101058_create_recovery_addresses.mysql.up.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/source/20200601101000_create_messages.down.fizz", "content": "drop_column(\"selfservice_settings_requests\", \"messages\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200601101000_create_messages.up.fizz", "content": "add_column(\"selfservice_settings_requests\", \"messages\", \"json\", {\"null\": true})\n" }, { "path": "oryx/popx/stub/migrations/source/20200601101001_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/source/20200601101001_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(32) BINARY;\n" }, { "path": "oryx/popx/stub/migrations/source/20200605111551_messages.down.fizz", "content": "drop_column(\"selfservice_verification_requests\", \"messages\")\ndrop_column(\"selfservice_login_requests\", \"messages\")\ndrop_column(\"selfservice_registration_requests\", \"messages\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200605111551_messages.up.fizz", "content": "add_column(\"selfservice_verification_requests\", \"messages\", \"json\", {\"null\": true})\nadd_column(\"selfservice_login_requests\", \"messages\", \"json\", {\"null\": true})\nadd_column(\"selfservice_registration_requests\", \"messages\", \"json\", {\"null\": true})\n" }, { "path": "oryx/popx/stub/migrations/source/20200607165100_settings.down.fizz", "content": "drop_column(\"selfservice_settings_requests\", \"state\")\nadd_column(\"selfservice_settings_requests\", \"update_successful\", \"bool\", {\"default\": false})\n" }, { "path": "oryx/popx/stub/migrations/source/20200607165100_settings.up.fizz", "content": "add_column(\"selfservice_settings_requests\", \"state\", \"string\", {\"default\": \"show_form\"})\ndrop_column(\"selfservice_settings_requests\", \"update_successful\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200705105359_rename_identities_schema.down.fizz", "content": "rename_column(\"identities\", \"schema_id\", \"traits_schema_id\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200705105359_rename_identities_schema.up.fizz", "content": "rename_column(\"identities\", \"traits_schema_id\", \"schema_id\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200810141652_flow_type.down.fizz", "content": "drop_column(\"selfservice_login_requests\", \"type\")\ndrop_column(\"selfservice_registration_requests\", \"type\")\ndrop_column(\"selfservice_settings_requests\", \"type\")\ndrop_column(\"selfservice_recovery_requests\", \"type\")\ndrop_column(\"selfservice_verification_requests\", \"type\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200810141652_flow_type.up.fizz", "content": "add_column(\"selfservice_login_requests\", \"type\", \"string\", {\"default\": \"browser\", \"size\": 16})\nadd_column(\"selfservice_registration_requests\", \"type\", \"string\", {\"default\": \"browser\", \"size\": 16})\nadd_column(\"selfservice_settings_requests\", \"type\", \"string\", {\"default\": \"browser\", \"size\": 16})\nadd_column(\"selfservice_recovery_requests\", \"type\", \"string\", {\"default\": \"browser\", \"size\": 16})\nadd_column(\"selfservice_verification_requests\", \"type\", \"string\", {\"default\": \"browser\", \"size\": 16})\n" }, { "path": "oryx/popx/stub/migrations/source/20200810161022_flow_rename.down.fizz", "content": "rename_table(\"selfservice_login_flows\", \"selfservice_login_requests\")\nrename_table(\"selfservice_login_flow_methods\", \"selfservice_login_request_methods\")\n\nrename_table(\"selfservice_registration_flow_methods\", \"selfservice_registration_request_methods\")\nrename_table(\"selfservice_registration_flows\", \"selfservice_registration_requests\")\n\nrename_table(\"selfservice_settings_flow_methods\", \"selfservice_settings_request_methods\")\nrename_table(\"selfservice_settings_flows\", \"selfservice_settings_requests\")\n\nrename_table(\"selfservice_recovery_flow_methods\", \"selfservice_recovery_request_methods\")\nrename_table(\"selfservice_recovery_flows\", \"selfservice_recovery_requests\")\n\nrename_table(\"selfservice_verification_flows\", \"selfservice_verification_requests\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200810161022_flow_rename.up.fizz", "content": "rename_table(\"selfservice_login_request_methods\", \"selfservice_login_flow_methods\")\nrename_table(\"selfservice_login_requests\", \"selfservice_login_flows\")\n\nrename_table(\"selfservice_registration_request_methods\", \"selfservice_registration_flow_methods\")\nrename_table(\"selfservice_registration_requests\", \"selfservice_registration_flows\")\n\nrename_table(\"selfservice_settings_request_methods\", \"selfservice_settings_flow_methods\")\nrename_table(\"selfservice_settings_requests\", \"selfservice_settings_flows\")\n\nrename_table(\"selfservice_recovery_request_methods\", \"selfservice_recovery_flow_methods\")\nrename_table(\"selfservice_recovery_requests\", \"selfservice_recovery_flows\")\n\nrename_table(\"selfservice_verification_requests\", \"selfservice_verification_flows\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200810162450_flow_fields_rename.down.fizz", "content": "rename_column(\"selfservice_login_flow_methods\", \"selfservice_login_flow_id\", \"selfservice_login_request_id\")\n\nrename_column(\"selfservice_registration_flow_methods\", \"selfservice_registration_flow_id\", \"selfservice_registration_request_id\")\n\nrename_column(\"selfservice_settings_flow_methods\", \"selfservice_settings_flow_id\", \"selfservice_settings_request_id\")\n\nrename_column(\"selfservice_recovery_flow_methods\", \"selfservice_recovery_flow_id\", \"selfservice_recovery_request_id\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200810162450_flow_fields_rename.up.fizz", "content": "rename_column(\"selfservice_login_flow_methods\", \"selfservice_login_request_id\", \"selfservice_login_flow_id\")\n\nrename_column(\"selfservice_registration_flow_methods\", \"selfservice_registration_request_id\", \"selfservice_registration_flow_id\")\n\nrename_column(\"selfservice_recovery_flow_methods\", \"selfservice_recovery_request_id\", \"selfservice_recovery_flow_id\")\n\nrename_column(\"selfservice_settings_flow_methods\", \"selfservice_settings_request_id\", \"selfservice_settings_flow_id\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200812124254_add_session_token.down.fizz", "content": "drop_column(\"sessions\", \"token\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200812124254_add_session_token.up.fizz", "content": "sql(\"DELETE FROM sessions\")\n\nadd_column(\"sessions\", \"token\", \"string\", {\"size\": 32, \"null\": true})\nchange_column(\"sessions\", \"token\", \"string\", {\"size\": 32, \"null\": false})\n\nadd_index(\"sessions\", \"token\", {\"unique\": true, \"name\": \"sessions_token_uq_idx\"})\nadd_index(\"sessions\", \"token\", {\"name\": \"sessions_token_idx\" })\n" }, { "path": "oryx/popx/stub/migrations/source/20200812160551_add_session_revoke.down.fizz", "content": "drop_column(\"sessions\", \"active\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200812160551_add_session_revoke.up.fizz", "content": "add_column(\"sessions\", \"active\", \"boolean\", {\"null\": false, \"default\": false})\n" }, { "path": "oryx/popx/stub/migrations/source/20200830121710_update_recovery_token.down.fizz", "content": "rename_column(\"identity_recovery_tokens\", \"selfservice_recovery_flow_id\", \"selfservice_recovery_request_id\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200830121710_update_recovery_token.up.fizz", "content": "rename_column(\"identity_recovery_tokens\", \"selfservice_recovery_request_id\", \"selfservice_recovery_flow_id\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200830130642_add_verification_methods.down.fizz", "content": "{{ if or .IsPostgreSQL .IsMySQL .IsMariaDB }}\n add_column(\"selfservice_verification_flows\", \"form\", \"json\", { \"null\": true })\n sql(\"UPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);\")\n change_column(\"selfservice_verification_flows\", \"form\", \"json\", { \"null\": false })\n{{ end }}\n\n{{ if .IsCockroach }}\n add_column(\"selfservice_verification_flows\", \"form\", \"json\", { \"default\": \"{}\" })\n{{ end }}\n\ndrop_table(\"selfservice_verification_flow_methods\")\ndrop_column(\"selfservice_verification_flows\", \"active_method\")\ndrop_column(\"selfservice_verification_flows\", \"state\")\n\nadd_column(\"selfservice_verification_flows\", \"via\", \"string\", {\"size\": 16, \"default\": \"email\"})\nadd_column(\"selfservice_verification_flows\", \"success\", \"bool\", {\"default_raw\": \"FALSE\"})\n" }, { "path": "oryx/popx/stub/migrations/source/20200830130642_add_verification_methods.up.fizz", "content": "add_column(\"selfservice_verification_flows\", \"state\", \"string\", {\"default\": \"show_form\"})\n" }, { "path": "oryx/popx/stub/migrations/source/20200830130643_add_verification_methods.down.fizz", "content": "" }, { "path": "oryx/popx/stub/migrations/source/20200830130643_add_verification_methods.up.fizz", "content": "sql(\"UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200830130644_add_verification_methods.down.fizz", "content": "" }, { "path": "oryx/popx/stub/migrations/source/20200830130644_add_verification_methods.up.fizz", "content": "create_table(\"selfservice_verification_flow_methods\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n t.Column(\"method\", \"string\", {\"size\": 32})\n t.Column(\"selfservice_verification_flow_id\", \"uuid\")\n t.Column(\"config\", \"json\")\n}\n\nadd_column(\"selfservice_verification_flows\", \"active_method\", \"string\", {\"size\": 32, null: true})\n" }, { "path": "oryx/popx/stub/migrations/source/20200830130645_add_verification_methods.down.fizz", "content": "" }, { "path": "oryx/popx/stub/migrations/source/20200830130645_add_verification_methods.up.fizz", "content": "sql(\"INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200830130646_add_verification_methods.down.fizz", "content": "" }, { "path": "oryx/popx/stub/migrations/source/20200830130646_add_verification_methods.up.fizz", "content": "drop_column(\"selfservice_verification_flows\", \"form\")\ndrop_column(\"selfservice_verification_flows\", \"via\")\ndrop_column(\"selfservice_verification_flows\", \"success\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200830154602_add_verification_token.down.fizz", "content": "drop_table(\"identity_verification_tokens\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200830154602_add_verification_token.up.fizz", "content": "create_table(\"identity_verification_tokens\") {\n\tt.Column(\"id\", \"uuid\", {primary: true})\n\n t.Column(\"token\", \"string\", {\"size\": 64})\n t.Column(\"used\", \"bool\", {\"default\": false})\n t.Column(\"used_at\", \"timestamp\", {\"null\": true})\n t.Column(\"expires_at\", \"timestamp\")\n t.Column(\"issued_at\", \"timestamp\")\n\n t.Column(\"identity_verifiable_address_id\", \"uuid\")\n t.ForeignKey(\"identity_verifiable_address_id\", {\"identity_verifiable_addresses\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n\n t.Column(\"selfservice_verification_flow_id\", \"uuid\", {\"null\": true})\n t.ForeignKey(\"selfservice_verification_flow_id\", {\"selfservice_verification_flows\": [\"id\"]}, {\"on_delete\": \"cascade\"})\n}\n\nadd_index(\"identity_verification_tokens\", [\"token\"], { \"unique\": true, \"name\": \"identity_verification_tokens_token_uq_idx\" })\nadd_index(\"identity_verification_tokens\", [\"token\"], { \"name\": \"identity_verification_tokens_token_idx\" })\n\nadd_index(\"identity_verification_tokens\", [\"identity_verifiable_address_id\"], { \"name\": \"identity_verification_tokens_verifiable_address_id_idx\" })\nadd_index(\"identity_verification_tokens\", [\"selfservice_verification_flow_id\"], { \"name\": \"identity_verification_tokens_verification_flow_id_idx\" })\n" }, { "path": "oryx/popx/stub/migrations/source/20200830172221_recovery_token_expires.down.fizz", "content": "sql(\"DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL\")\nchange_column(\"identity_recovery_tokens\", \"selfservice_recovery_flow_id\", \"uuid\")\ndrop_column(\"identity_recovery_tokens\", \"expires_at\")\ndrop_column(\"identity_recovery_tokens\", \"issued_at\")\n" }, { "path": "oryx/popx/stub/migrations/source/20200830172221_recovery_token_expires.up.fizz", "content": "add_column(\"identity_recovery_tokens\", \"expires_at\", \"timestamp\", { \"default\": \"2000-01-01 00:00:00\" })\nadd_column(\"identity_recovery_tokens\", \"issued_at\", \"timestamp\", { \"default\": \"2000-01-01 00:00:00\" })\nchange_column(\"identity_recovery_tokens\", \"selfservice_recovery_flow_id\", \"uuid\", {\"null\": true})\n" }, { "path": "oryx/popx/stub/migrations/source/20200831110752_identity_verifiable_address_remove_code.down.fizz", "content": "add_column(\"identity_verifiable_addresses\", \"code\", \"string\", {\"size\": 32, \"null\": true})\nadd_column(\"identity_verifiable_addresses\", \"expires_at\", \"timestamp\", { \"null\": true })\n\n{{ if .IsSQLite }}\n sql(\"UPDATE identity_verifiable_addresses SET code = substr(hex(randomblob(32)), 0, 32) WHERE code IS NULL\")\n sql(\"UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL\")\n{{ end }}\n\n{{ if or .IsMySQL .IsMariaDB }}\n sql(\"UPDATE identity_verifiable_addresses SET code = LEFT(SHA2(RANDOM_BYTES(32), 256), 32) WHERE code IS NULL\")\n sql(\"UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL\")\n{{ end }}\n\n{{ if .IsPostgreSQL }}\n sql(\"UPDATE identity_verifiable_addresses SET code = substr(md5(random()::text), 0, 32) WHERE code IS NULL\")\n sql(\"UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL\")\n{{ end }}\n\n{{ if .IsCockroach }}\n sql(\"UPDATE identity_verifiable_addresses SET code = substr(md5(uuid_v4()), 0, 32) WHERE code IS NULL\")\n sql(\"UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL\")\n{{ end }}\n\nchange_column(\"identity_verifiable_addresses\", \"code\", \"string\", {\"size\": 32})\nchange_column(\"identity_verifiable_addresses\", \"expires_at\", \"timestamp\", { \"null\": false })\n\nadd_index(\"identity_verifiable_addresses\", [\"code\"], { \"unique\": true, \"name\": \"identity_verifiable_addresses_code_uq_idx\" })\nadd_index(\"identity_verifiable_addresses\", [\"code\"], { \"name\": \"identity_verifiable_addresses_code_idx\" })\n" }, { "path": "oryx/popx/stub/migrations/source/20200831110752_identity_verifiable_address_remove_code.up.fizz", "content": "drop_index(\"identity_verifiable_addresses\", \"identity_verifiable_addresses_code_uq_idx\")\ndrop_index(\"identity_verifiable_addresses\", \"identity_verifiable_addresses_code_idx\")\n\ndrop_column(\"identity_verifiable_addresses\", \"code\")\ndrop_column(\"identity_verifiable_addresses\", \"expires_at\")\n" }, { "path": "oryx/popx/stub/migrations/source/20201201161451_credential_types_values.down.fizz", "content": "sql(\"DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc'\")\n" }, { "path": "oryx/popx/stub/migrations/source/20201201161451_credential_types_values.up.fizz", "content": "sql(\"INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password')\")\nsql(\"INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc')\")\n\n" }, { "path": "oryx/popx/stub/migrations/templating/0_sql_create_tablename_template.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/templating/0_sql_create_tablename_template.up.sql", "content": "CREATE TABLE {{ identifier .Parameters.tableName }} ( \"id\" UUID NOT NULL, PRIMARY KEY (\"id\"));\n" }, { "path": "oryx/popx/stub/migrations/testdata/20220513_testdata.invalid", "content": "" }, { "path": "oryx/popx/stub/migrations/testdata/20220513_testdata.sql", "content": "INSERT INTO testdata (Data) VALUES ('testdata');" }, { "path": "oryx/popx/stub/migrations/testdata/20220514_testdata.sql", "content": "-- empty migrations should not error" }, { "path": "oryx/popx/stub/migrations/testdata/invalid", "content": "" }, { "path": "oryx/popx/stub/migrations/testdata/invalid_testdata.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/testdata_migrations/20220513_create_table.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/testdata_migrations/20220513_create_table.up.sql", "content": "CREATE TABLE \"testdata\" (\n \"data\" character varying(255) NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.cockroach.down.sql", "content": "DROP TABLE \"identities\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.cockroach.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.mysql.down.sql", "content": "DROP TABLE `identities`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.mysql.up.sql", "content": "CREATE TABLE `identities` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`traits_schema_id` VARCHAR (2048) NOT NULL,\n`traits` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.postgres.down.sql", "content": "DROP TABLE \"identities\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.postgres.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.sqlite3.down.sql", "content": "DROP TABLE \"identities\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000000_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" TEXT PRIMARY KEY,\n\"traits_schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credential_types\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.cockroach.up.sql", "content": "CREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.mysql.down.sql", "content": "DROP TABLE `identity_credential_types`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.mysql.up.sql", "content": "CREATE TABLE `identity_credential_types` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`name` VARCHAR (32) NOT NULL\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credential_types\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.postgres.up.sql", "content": "CREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credential_types\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000001_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identity_credential_types\" (\n\"id\" TEXT PRIMARY KEY,\n\"name\" TEXT NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credentials\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.mysql.down.sql", "content": "DROP TABLE `identity_credentials`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_credential_types_name_idx` ON `identity_credential_types` (`name`)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credentials\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credentials\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000002_identities.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.cockroach.up.sql", "content": "CREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" json NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credentials_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_credentials_identity_credential_types_id_fk\" FOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.mysql.down.sql", "content": "DROP TABLE `identity_credential_identifiers`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.mysql.up.sql", "content": "CREATE TABLE `identity_credentials` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`config` JSON NOT NULL,\n`identity_credential_type_id` char(36) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade,\nFOREIGN KEY (`identity_credential_type_id`) REFERENCES `identity_credential_types` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.postgres.up.sql", "content": "CREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" jsonb NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000003_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identity_credentials\" (\n\"id\" TEXT PRIMARY KEY,\n\"config\" TEXT NOT NULL,\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade,\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.cockroach.up.sql", "content": "CREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credential_identifiers_identity_credentials_id_fk\" FOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.mysql.up.sql", "content": "CREATE TABLE `identity_credential_identifiers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identifier` VARCHAR (255) NOT NULL,\n`identity_credential_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_credential_id`) REFERENCES `identity_credentials` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.postgres.up.sql", "content": "CREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000004_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identity_credential_identifiers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_idx` ON `identity_credential_identifiers` (`identifier`);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000001000005_identities.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_profile_management_requests`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_login_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000000_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_login_request_methods_selfservice_login_requests_id_fk\" FOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_registration_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_login_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_login_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_login_request_id`) REFERENCES `selfservice_login_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000001_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_login_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_login_request_id) REFERENCES selfservice_login_requests (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_registration_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_registration_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_registration_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_registration_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_registration_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000002_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_registration_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_registration_request_methods_selfservice_registration_requests_id_fk\" FOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_login_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_registration_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_registration_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_registration_request_id`) REFERENCES `selfservice_registration_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000003_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_registration_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_registration_request_id) REFERENCES selfservice_registration_requests (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_profile_management_requests_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_login_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_profile_management_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`update_successful` bool NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000002000004_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.cockroach.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.cockroach.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"sessions_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.mysql.down.sql", "content": "DROP TABLE `sessions`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.mysql.up.sql", "content": "CREATE TABLE `sessions` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`authenticated_at` DATETIME NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.postgres.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.postgres.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.sqlite3.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000003000000_sessions.sqlite3.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.cockroach.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" json NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.mysql.down.sql", "content": "DROP TABLE `selfservice_errors`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.mysql.up.sql", "content": "CREATE TABLE `selfservice_errors` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`errors` JSON NOT NULL,\n`seen_at` DATETIME NOT NULL,\n`was_seen` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.postgres.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.postgres.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" jsonb NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000004000000_errors.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000005000000_identities.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000005000000_identities.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000005000001_identities.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000005000001_identities.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.cockroach.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.cockroach.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.mysql.down.sql", "content": "DROP TABLE `courier_messages`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.mysql.up.sql", "content": "CREATE TABLE `courier_messages` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`type` INTEGER NOT NULL,\n`status` INTEGER NOT NULL,\n`body` VARCHAR (255) NOT NULL,\n`subject` VARCHAR (255) NOT NULL,\n`recipient` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.postgres.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.postgres.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.sqlite3.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000006000000_courier.sqlite3.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` DROP COLUMN `csrf_token`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` ADD COLUMN `csrf_token` VARCHAR (255) NOT NULL DEFAULT \"\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000000_errors.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" TEXT NOT NULL DEFAULT '';" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000001_errors.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_errors\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000001_errors.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000002_errors.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at) SELECT id, errors, seen_at, was_seen, created_at, updated_at FROM \"selfservice_errors\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000002_errors.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000003_errors.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000007000003_errors.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.cockroach.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.cockroach.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verifiable_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.mysql.down.sql", "content": "DROP TABLE `identity_verifiable_addresses`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.mysql.up.sql", "content": "CREATE TABLE `identity_verifiable_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`code` VARCHAR (32) NOT NULL,\n`status` VARCHAR (16) NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`verified` bool NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`verified_at` DATETIME,\n`expires_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.postgres.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.postgres.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.sqlite3.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000000_selfservice_verification.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"code\" TEXT NOT NULL,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.cockroach.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.mysql.down.sql", "content": "DROP TABLE `selfservice_verification_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.postgres.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000001_selfservice_verification.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.cockroach.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.mysql.up.sql", "content": "CREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.postgres.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000002_selfservice_verification.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses` (`via`, `value`)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000003_selfservice_verification.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.cockroach.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.mysql.up.sql", "content": "CREATE INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses` (`via`, `value`)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.postgres.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000004_selfservice_verification.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.mysql.up.sql", "content": "CREATE TABLE `selfservice_verification_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`success` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.postgres.up.sql", "content": "CREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000008000005_selfservice_verification.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_verification_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000009000000_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000009000000_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000009000001_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000009000001_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000000_errors.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.cockroach.down.sql", "content": "UPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.mysql.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.postgres.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_errors\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000001_errors.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000002_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000002_errors.cockroach.up.sql", "content": "UPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000002_errors.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000002_errors.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_errors\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000003_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000003_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000003_errors.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000003_errors.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000004_errors.cockroach.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000004_errors.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000004_errors.sqlite3.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000010000004_errors.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" RENAME COLUMN \"body\" TO \"_body_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.mysql.up.sql", "content": "ALTER TABLE `courier_messages` MODIFY `body` text NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" TYPE text, ALTER COLUMN \"body\" SET NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000000_courier_body_type.sqlite3.up.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000001_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000001_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"body\" text" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000001_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000001_courier_body_type.sqlite3.up.sql", "content": "INSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at) SELECT id, type, status, body, subject, recipient, created_at, updated_at FROM \"courier_messages\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000002_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000002_courier_body_type.cockroach.up.sql", "content": "UPDATE \"courier_messages\" SET \"body\" = \"_body_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000002_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000002_courier_body_type.sqlite3.up.sql", "content": "DROP TABLE \"courier_messages\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000003_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000003_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" SET NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000003_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000003_courier_body_type.sqlite3.up.sql", "content": "ALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000004_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000011000004_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"_body_tmp\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `forced`;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `forced` bool NOT NULL DEFAULT false;" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000000_login_request_forced.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000001_login_request_forced.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000001_login_request_forced.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000002_login_request_forced.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000002_login_request_forced.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000003_login_request_forced.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20191100000012000003_login_request_forced.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `active_method`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.mysql.up.sql", "content": "CREATE TABLE `selfservice_profile_management_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_profile_management_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.postgres.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000000_create_profile_request_forms.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_profile_management_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.cockroach.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.mysql.down.sql", "content": "DROP TABLE `selfservice_profile_management_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `active_method` VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.postgres.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_profile_management_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000001_create_profile_request_forms.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" TEXT" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}'" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.cockroach.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` MODIFY `form` JSON" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.mysql.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.postgres.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful FROM \"selfservice_profile_management_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000002_create_profile_request_forms.sqlite3.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.mysql.down.sql", "content": "UPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `form`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.postgres.down.sql", "content": "UPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000003_create_profile_request_forms.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000004_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `form` JSON" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000004_create_profile_request_forms.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000004_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" jsonb" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000004_create_profile_request_forms.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000004_create_profile_request_forms.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000004_create_profile_request_forms.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) SELECT id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method FROM \"selfservice_profile_management_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000005_create_profile_request_forms.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000005_create_profile_request_forms.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_profile_management_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000006_create_profile_request_forms.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200317160354000006_create_profile_request_forms.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.cockroach.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.cockroach.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" json,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"continuity_containers_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.mysql.down.sql", "content": "DROP TABLE `continuity_containers`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.mysql.up.sql", "content": "CREATE TABLE `continuity_containers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identity_id` char(36),\n`name` VARCHAR (255) NOT NULL,\n`payload` JSON,\n`expires_at` DATETIME NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.postgres.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.postgres.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" jsonb,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.sqlite3.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200401183443000000_continuity_containers.sqlite3.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identity_id\" char(36),\n\"name\" TEXT NOT NULL,\n\"payload\" TEXT,\n\"expires_at\" DATETIME NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_profile_management_requests`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_request_methods` CHANGE `selfservice_profile_management_request_id` `selfservice_settings_request_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000000_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_profile_management_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_request_methods` RENAME TO `selfservice_settings_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000001_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` CHANGE `selfservice_settings_request_id` `selfservice_profile_management_request_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` RENAME TO `selfservice_settings_requests`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200402142539000002_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"identity_recovery_addresses\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `identity_recovery_addresses`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `identity_recovery_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`via` VARCHAR (16) NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"identity_recovery_addresses\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_addresses\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000000_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"via\" TEXT NOT NULL,\n\"value\" TEXT NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `selfservice_recovery_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses` (`via`, `value`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000001_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"selfservice_recovery_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `selfservice_recovery_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.mysql.up.sql", "content": "CREATE INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses` (`via`, `value`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"selfservice_recovery_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_recovery_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000002_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" json,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_requests_identities_id_fk\" FOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `identity_recovery_tokens`" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `selfservice_recovery_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`messages` JSON,\n`active_method` VARCHAR (32),\n`csrf_token` VARCHAR (255) NOT NULL,\n`state` VARCHAR (32) NOT NULL,\n`recovered_identity_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`recovered_identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" jsonb,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000003_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" json NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_request_methods_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `selfservice_recovery_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`config` JSON NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" jsonb NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000004_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"config\" TEXT NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\" FOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `identity_recovery_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`identity_recovery_address_id` char(36) NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_recovery_address_id`) REFERENCES `identity_recovery_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000005_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"identity_recovery_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_recovery_addresses_code_uq_idx` ON `identity_recovery_tokens` (`token`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000006_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.mysql.up.sql", "content": "CREATE INDEX `identity_recovery_addresses_code_idx` ON `identity_recovery_tokens` (`token`);" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101057000007_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101058000000_create_recovery_addresses.mysql.down.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101058000000_create_recovery_addresses.mysql.up.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101058000001_create_recovery_addresses.mysql.down.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64)" }, { "path": "oryx/popx/stub/migrations/transactional/20200519101058000001_create_recovery_addresses.mysql.up.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" json;" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `messages`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `messages` JSON;" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000000_create_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000001_create_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000001_create_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000002_create_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful FROM \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000002_create_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000003_create_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101000000003_create_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101001000000_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101001000000_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(32) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101001000001_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20200601101001000001_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(32) BINARY" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" json" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_requests` DROP COLUMN `messages`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` ADD COLUMN `messages` JSON" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" jsonb" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000000_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" TEXT" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" json" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `messages`" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `messages` JSON" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" jsonb" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000001_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" TEXT" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" json;" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_requests` DROP COLUMN `messages`" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_requests` ADD COLUMN `messages` JSON;" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000002_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000003_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000003_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000004_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000004_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000005_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000005_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000006_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced FROM \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000006_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000007_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false'\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000007_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000008_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000008_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000009_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000009_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000010_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, via, success FROM \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000010_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000011_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200605111551000011_messages.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form'" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `update_successful` bool NOT NULL DEFAULT false;" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form'" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form'" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000000_settings.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form'" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `state`" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `update_successful`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000001_settings.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000002_settings.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000002_settings.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000003_settings.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages FROM \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000003_settings.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000004_settings.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200607165100000004_settings.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.cockroach.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.cockroach.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.mysql.down.sql", "content": "ALTER TABLE `identities` CHANGE `schema_id` `traits_schema_id` varchar(2048) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.mysql.up.sql", "content": "ALTER TABLE `identities` CHANGE `traits_schema_id` `schema_id` varchar(2048) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.postgres.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.postgres.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.sqlite3.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200705105359000000_rename_identities_schema.sqlite3.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_requests` DROP COLUMN `type`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000000_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_requests` DROP COLUMN `type`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000001_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `type`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, via, success FROM \"selfservice_verification_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000002_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_requests` DROP COLUMN `type`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000003_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser'" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `type`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_recovery_requests_tmp\" RENAME TO \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000004_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000005_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000005_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000006_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_recovery_requests_tmp\" (id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at FROM \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000006_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000007_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_recovery_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000007_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000008_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000008_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000009_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000009_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000010_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000010_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000011_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000011_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000012_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000012_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000013_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000013_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000014_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages FROM \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000014_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000015_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000015_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000016_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000016_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000017_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000017_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000018_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages FROM \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000018_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000019_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"messages\" TEXT\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200810141652000019_flow_type.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` RENAME TO `selfservice_verification_requests`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_request_methods` RENAME TO `selfservice_login_flow_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000000_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flows` RENAME TO `selfservice_recovery_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` RENAME TO `selfservice_login_flows`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000001_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flow_methods` RENAME TO `selfservice_recovery_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_request_methods` RENAME TO `selfservice_registration_flow_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000002_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flows` RENAME TO `selfservice_settings_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_requests` RENAME TO `selfservice_registration_flows`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000003_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flow_methods` RENAME TO `selfservice_settings_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_settings_flow_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000004_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flows` RENAME TO `selfservice_registration_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_settings_flows`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000005_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flow_methods` RENAME TO `selfservice_registration_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_request_methods` RENAME TO `selfservice_recovery_flow_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000006_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` RENAME TO `selfservice_login_request_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_requests` RENAME TO `selfservice_recovery_flows`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000007_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` RENAME TO `selfservice_login_requests`" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` RENAME TO `selfservice_verification_flows`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810161022000008_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_request_id` `selfservice_login_flow_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000000_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_flow_id` `selfservice_settings_request_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_request_id` `selfservice_registration_flow_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000001_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_flow_id` `selfservice_registration_request_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000002_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_flow_id` `selfservice_login_request_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_request_id` `selfservice_settings_flow_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200810162450000003_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.cockroach.up.sql", "content": "DELETE FROM sessions" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `token`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.mysql.up.sql", "content": "DELETE FROM sessions" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.postgres.up.sql", "content": "DELETE FROM sessions" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.sqlite3.down.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000000_add_session_token.sqlite3.up.sql", "content": "DELETE FROM sessions" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `token` VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.sqlite3.down.sql", "content": "\nDROP TABLE \"sessions\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000001_add_session_token.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" TEXT" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" RENAME COLUMN \"token\" TO \"_token_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.mysql.up.sql", "content": "ALTER TABLE `sessions` MODIFY `token` VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ALTER COLUMN \"token\" TYPE VARCHAR (32), ALTER COLUMN \"token\" DROP NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.sqlite3.down.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at FROM \"sessions\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000002_add_session_token.sqlite3.up.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.mysql.up.sql", "content": "CREATE UNIQUE INDEX `sessions_token_uq_idx` ON `sessions` (`token`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.sqlite3.down.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000003_add_session_token.sqlite3.up.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.cockroach.up.sql", "content": "UPDATE \"sessions\" SET \"token\" = \"_token_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.mysql.up.sql", "content": "CREATE INDEX `sessions_token_idx` ON `sessions` (`token`);" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.postgres.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000004_add_session_token.sqlite3.up.sql", "content": "DROP TABLE \"sessions\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000005_add_session_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000005_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"_token_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000005_add_session_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000005_add_session_token.sqlite3.up.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000006_add_session_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000006_add_session_token.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000006_add_session_token.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000006_add_session_token.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000007_add_session_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000007_add_session_token.cockroach.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000007_add_session_token.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812124254000007_add_session_token.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `active`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `active` boolean DEFAULT false;" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.sqlite3.down.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000000_add_session_revoke.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" NUMERIC DEFAULT 'false';" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000001_add_session_revoke.sqlite3.down.sql", "content": "\nDROP TABLE \"sessions\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000001_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000002_add_session_revoke.sqlite3.down.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000002_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000003_add_session_revoke.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000003_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000004_add_session_revoke.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000004_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000005_add_session_revoke.sqlite3.down.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000005_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000006_add_session_revoke.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000006_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000007_add_session_revoke.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200812160551000007_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.sqlite3.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830121710000000_update_recovery_token.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `success` bool NOT NULL DEFAULT FALSE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000000_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `via` VARCHAR (16) NOT NULL DEFAULT 'email'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" TEXT NOT NULL DEFAULT 'email'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000001_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `state`" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000002_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `active_method`" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000003_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.cockroach.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.mysql.down.sql", "content": "DROP TABLE `selfservice_verification_flow_methods`" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.postgres.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type FROM \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000004_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` MODIFY `form` JSON" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser'\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000005_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000006_add_verification_methods.mysql.down.sql", "content": "UPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000006_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000006_add_verification_methods.postgres.down.sql", "content": "UPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000006_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000006_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000006_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000007_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `form` JSON" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000007_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000007_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" jsonb" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000007_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000007_add_verification_methods.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000007_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000008_add_verification_methods.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state FROM \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000008_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000009_add_verification_methods.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form'\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000009_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000010_add_verification_methods.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130642000010_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.cockroach.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.mysql.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.postgres.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130643000000_add_verification_methods.sqlite3.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.mysql.up.sql", "content": "CREATE TABLE `selfservice_verification_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_verification_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.postgres.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000000_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_verification_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `active_method` VARCHAR (32);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130644000001_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" TEXT;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.cockroach.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.mysql.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.postgres.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130645000000_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `form`" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000000_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `via`" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000001_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `success`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000002_add_verification_methods.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000003_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000003_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000004_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000004_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000005_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000005_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000006_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000006_add_verification_methods.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000007_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000007_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000008_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000008_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000009_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000009_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000010_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000010_add_verification_methods.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000011_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830130646000011_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.cockroach.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.cockroach.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verification_tokens_identity_verifiable_addresses_id_fk\" FOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_verification_tokens_selfservice_verification_flows_id_fk\" FOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.mysql.down.sql", "content": "DROP TABLE `identity_verification_tokens`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.mysql.up.sql", "content": "CREATE TABLE `identity_verification_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`expires_at` DATETIME NOT NULL,\n`issued_at` DATETIME NOT NULL,\n`identity_verifiable_address_id` char(36) NOT NULL,\n`selfservice_verification_flow_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_verifiable_address_id`) REFERENCES `identity_verifiable_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_verification_flow_id`) REFERENCES `selfservice_verification_flows` (`id`) ON DELETE cascade\n) ENGINE=InnoDB" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.postgres.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.postgres.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.sqlite3.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000000_add_verification_token.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON DELETE cascade\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_verification_tokens_token_uq_idx` ON `identity_verification_tokens` (`token`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000001_add_verification_token.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.cockroach.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.mysql.up.sql", "content": "CREATE INDEX `identity_verification_tokens_token_idx` ON `identity_verification_tokens` (`token`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.postgres.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000002_add_verification_token.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.cockroach.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.mysql.up.sql", "content": "CREATE INDEX `identity_verification_tokens_verifiable_address_id_idx` ON `identity_verification_tokens` (`identity_verifiable_address_id`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.postgres.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000003_add_verification_token.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.cockroach.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.mysql.up.sql", "content": "CREATE INDEX `identity_verification_tokens_verification_flow_id_idx` ON `identity_verification_tokens` (`selfservice_verification_flow_id`);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.postgres.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830154602000004_add_verification_token.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` DROP COLUMN `issued_at`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `expires_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000000_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` DROP COLUMN `expires_at`" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `issued_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000001_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00'" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36);" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" DROP NOT NULL;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at FROM \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000002_recovery_token_expires.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.mysql.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.postgres.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000003_recovery_token_expires.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000004_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000004_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000004_recovery_token_expires.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000004_recovery_token_expires.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000005_recovery_token_expires.cockroach.down.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000005_recovery_token_expires.cockroach.up.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000005_recovery_token_expires.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000005_recovery_token_expires.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000006_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000006_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000006_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000006_recovery_token_expires.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000007_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000007_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000007_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000007_recovery_token_expires.sqlite3.up.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000008_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000008_recovery_token_expires.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000008_recovery_token_expires.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000008_recovery_token_expires.sqlite3.up.sql", "content": "DROP TABLE \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000009_recovery_token_expires.cockroach.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000009_recovery_token_expires.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000009_recovery_token_expires.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000009_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000010_recovery_token_expires.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at FROM \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000010_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000011_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000011_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000012_recovery_token_expires.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000012_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000013_recovery_token_expires.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000013_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000014_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000014_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000015_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000015_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000016_recovery_token_expires.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000016_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000017_recovery_token_expires.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000017_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000018_recovery_token_expires.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000018_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000019_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000019_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000020_recovery_token_expires.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000020_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000021_recovery_token_expires.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000021_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000022_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000022_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000023_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000023_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000024_recovery_token_expires.sqlite3.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200830172221000024_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.mysql.down.sql", "content": "CREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`);" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses`" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.postgres.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_code_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000000_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.mysql.down.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses`" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.postgres.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_code_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000001_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_expires_at_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` MODIFY `expires_at` DATETIME" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.mysql.up.sql", "content": "ALTER TABLE `identity_verifiable_addresses` DROP COLUMN `code`" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"expires_at\" TYPE timestamp, ALTER COLUMN \"expires_at\" DROP NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.postgres.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000002_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE \"identity_verifiable_addresses\" SET \"expires_at\" = \"_expires_at_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` MODIFY `code` VARCHAR (32) NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.mysql.up.sql", "content": "ALTER TABLE `identity_verifiable_addresses` DROP COLUMN `expires_at`;" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" TYPE VARCHAR (32), ALTER COLUMN \"code\" SET NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.postgres.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000003_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.mysql.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.postgres.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000004_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"expires_at\" TO \"_expires_at_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.mysql.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = LEFT(SHA2(RANDOM_BYTES(32), 256), 32) WHERE code IS NULL\n" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.postgres.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = substr(md5(random()::text), 0, 32) WHERE code IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000005_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_code_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD COLUMN `expires_at` DATETIME" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000006_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" SET NOT NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD COLUMN `code` VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000007_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000008_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE \"identity_verifiable_addresses\" SET \"code\" = \"_code_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000008_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000008_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000008_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "\nDROP TABLE \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000009_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000009_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000009_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000009_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000010_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"code\" TO \"_code_tmp\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000010_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000010_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000010_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000011_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000011_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000011_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000011_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000012_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = substr(md5(uuid_v4()), 0, 32) WHERE code IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000012_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000012_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000012_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000013_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000013_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000013_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000013_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000014_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000014_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000014_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000014_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000015_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n)" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000015_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000016_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000016_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "\nDROP TABLE \"identity_verifiable_addresses\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000017_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\"" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000017_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000018_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000018_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000019_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = substr(hex(randomblob(32)), 0, 32) WHERE code IS NULL" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000019_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000020_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" DATETIME" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000020_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000021_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" TEXT" }, { "path": "oryx/popx/stub/migrations/transactional/20200831110752000021_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.cockroach.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password')" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.mysql.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password')" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.postgres.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password')" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.sqlite3.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000000_credential_types_values.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password')" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.cockroach.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.mysql.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.postgres.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.sqlite3.down.sql", "content": "" }, { "path": "oryx/popx/stub/migrations/transactional/20201201161451000001_credential_types_values.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "oryx/popx/transaction.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage popx\n\nimport (\n\t\"context\"\n\t\"runtime\"\n\t\"strings\"\n\n\t\"github.com/cockroachdb/cockroach-go/v2/crdb\"\n\t\"github.com/jackc/pgconn\"\n\tpgxconn \"github.com/jackc/pgx/v5/pgconn\"\n\t\"github.com/jmoiron/sqlx\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/prometheus/client_golang/prometheus\"\n\n\t\"github.com/ory/pop/v6\"\n)\n\ntype transactionContextKey int\n\nconst transactionKey transactionContextKey = 0\n\nfunc WithTransaction(ctx context.Context, tx *pop.Connection) context.Context {\n\treturn context.WithValue(ctx, transactionKey, tx)\n}\n\nfunc InTransaction(ctx context.Context) bool {\n\treturn ctx.Value(transactionKey) != nil\n}\n\nfunc Transaction(ctx context.Context, connection *pop.Connection, callback func(context.Context, *pop.Connection) error) error {\n\tc := ctx.Value(transactionKey)\n\tif c != nil {\n\t\tif conn, ok := c.(*pop.Connection); ok {\n\t\t\treturn errors.WithStack(callback(ctx, conn.WithContext(ctx)))\n\t\t}\n\t}\n\n\tif connection.Dialect.Name() == \"cockroach\" {\n\t\treturn connection.WithContext(ctx).Dialect.Lock(func() error {\n\t\t\ttransaction, err := connection.NewTransaction()\n\t\t\tif err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\n\t\t\tattempt := 0\n\t\t\treturn errors.WithStack(crdb.ExecuteInTx(ctx, sqlxTxAdapter{transaction.TX.Tx}, func() error {\n\t\t\t\tattempt++\n\t\t\t\tif attempt > 1 {\n\t\t\t\t\tcaller := caller()\n\t\t\t\t\ttransactionRetries.WithLabelValues(caller).Inc()\n\t\t\t\t}\n\t\t\t\treturn errors.WithStack(callback(WithTransaction(ctx, transaction), transaction))\n\t\t\t}))\n\t\t})\n\t}\n\tif strings.HasPrefix(connection.Dialect.Name(), \"postgres\") {\n\t\tvar err error\n\t\tfor attempt := range 10 {\n\t\t\t_ = attempt\n\t\t\terr = connection.WithContext(ctx).Transaction(func(tx *pop.Connection) error {\n\t\t\t\treturn callback(WithTransaction(ctx, tx), tx)\n\t\t\t})\n\t\t\tif err == nil {\n\t\t\t\treturn nil\n\t\t\t}\n\t\t\tif e := new(pgconn.PgError); errors.As(err, &e) && e.Code == \"40001\" {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif e := new(pgxconn.PgError); errors.As(err, &e) && e.Code == \"40001\" {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\treturn err\n\t\t}\n\t\treturn err\n\t}\n\n\treturn errors.WithStack(connection.WithContext(ctx).Transaction(func(tx *pop.Connection) error {\n\t\treturn errors.WithStack(callback(WithTransaction(ctx, tx), tx))\n\t}))\n}\n\nfunc GetConnection(ctx context.Context, connection *pop.Connection) *pop.Connection {\n\tc := ctx.Value(transactionKey)\n\tif c != nil {\n\t\tif conn, ok := c.(*pop.Connection); ok {\n\t\t\treturn conn.WithContext(ctx)\n\t\t}\n\t}\n\treturn connection.WithContext(ctx)\n}\n\ntype sqlxTxAdapter struct {\n\t*sqlx.Tx\n}\n\nvar _ crdb.Tx = sqlxTxAdapter{}\n\nfunc (s sqlxTxAdapter) Exec(ctx context.Context, query string, args ...interface{}) error {\n\t_, err := s.Tx.ExecContext(ctx, query, args...)\n\treturn errors.WithStack(err)\n}\n\nfunc (s sqlxTxAdapter) Commit(ctx context.Context) error {\n\treturn errors.WithStack(s.Tx.Commit())\n}\n\nfunc (s sqlxTxAdapter) Rollback(ctx context.Context) error {\n\treturn errors.WithStack(s.Tx.Rollback())\n}\n\nvar (\n\ttransactionRetries = prometheus.NewCounterVec(prometheus.CounterOpts{\n\t\tName: \"ory_x_popx_cockroach_transaction_retries_total\",\n\t\tHelp: \"Counts the number of automatic CockroachDB transaction retries\",\n\t}, []string{\"caller\"})\n\tTransactionRetries prometheus.Collector = transactionRetries\n\t_ = transactionRetries.WithLabelValues(unknownCaller) // make sure the metric is always present\n\tunknownCaller = \"unknown\"\n)\n\nfunc caller() string {\n\tpc := make([]uintptr, 3)\n\t// The number stack frames to skip was determined by putting a breakpoint in\n\t// ory/kratos and looking for the topmost frame which isn't from ory/x or\n\t// ory/pop.\n\tn := runtime.Callers(8, pc)\n\tif n == 0 {\n\t\treturn unknownCaller\n\t}\n\tpc = pc[:n]\n\tframes := runtime.CallersFrames(pc)\n\tfor {\n\t\tframe, more := frames.Next()\n\t\tif frame.Function != \"\" {\n\t\t\treturn frame.Function\n\t\t}\n\t\tif !more {\n\t\t\tbreak\n\t\t}\n\t}\n\treturn unknownCaller\n}\n" }, { "path": "oryx/profilex/profiling.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage profilex\n\nimport (\n\t\"os\"\n\n\t\"github.com/pkg/profile\"\n)\n\ntype noop struct{}\n\n// Stop is a noop.\nfunc (p *noop) Stop() {}\n\n// Profile parses the PROFILING environment variable and executes the proper profiling task.\nfunc Profile() interface {\n\tStop()\n} {\n\tswitch os.Getenv(\"PROFILING\") {\n\tcase \"cpu\":\n\t\treturn profile.Start(profile.CPUProfile, profile.NoShutdownHook)\n\tcase \"mem\":\n\t\treturn profile.Start(profile.MemProfile, profile.NoShutdownHook)\n\tcase \"mutex\":\n\t\treturn profile.Start(profile.MutexProfile, profile.NoShutdownHook)\n\tcase \"block\":\n\t\treturn profile.Start(profile.BlockProfile, profile.NoShutdownHook)\n\t}\n\treturn new(noop)\n}\n\n// HelpMessage returns a string explaining how profiling works.\nfunc HelpMessage() string {\n\treturn `- PROFILING: Set \"PROFILING=cpu\" to enable cpu profiling and \"PROFILING=mem\" to enable memory profiling.\n\tIt is not possible to do both at the same time. Profiling is disabled per default.\n\n\tExample: PROFILING=cpu`\n}\n" }, { "path": "oryx/prometheusx/handler.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage prometheusx\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/prometheus/client_golang/prometheus/promhttp\"\n)\n\nconst (\n\tMetricsPrometheusPath = \"/metrics/prometheus\"\n)\n\ntype muxrouter interface {\n\tGET(path string, handle http.HandlerFunc)\n}\n\n// SetMuxRoutes registers the prometheus handler.\nfunc SetMuxRoutes(mux muxrouter) {\n\tmux.GET(MetricsPrometheusPath, promhttp.Handler().ServeHTTP)\n}\n" }, { "path": "oryx/prometheusx/metrics.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage prometheusx\n\nimport (\n\t\"net/http\"\n\t\"regexp\"\n\t\"strings\"\n\n\tgrpcPrometheus \"github.com/grpc-ecosystem/go-grpc-prometheus\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/prometheus/client_golang/prometheus\"\n\t\"github.com/prometheus/client_golang/prometheus/promhttp\"\n\t\"github.com/urfave/negroni\"\n)\n\ntype HTTPMetrics struct {\n\tresponseTime *prometheus.HistogramVec\n\ttotalRequests *prometheus.CounterVec\n\tduration *prometheus.HistogramVec\n\tresponseSize *prometheus.HistogramVec\n\trequestSize *prometheus.HistogramVec\n\thandlerStatuses *prometheus.CounterVec\n}\n\nconst HTTPPrefix = \"http\"\n\nfunc NewHTTPMetrics(app, metricsPrefix, version, hash, date string) *HTTPMetrics {\n\tlabels := map[string]string{\n\t\t\"app\": app,\n\t\t\"version\": version,\n\t\t\"hash\": hash,\n\t\t\"buildTime\": date,\n\t}\n\n\tif metricsPrefix != \"\" {\n\t\tmetricsPrefix += \"_\"\n\t}\n\n\tpm := &HTTPMetrics{\n\t\tresponseTime: prometheus.NewHistogramVec(\n\t\t\tprometheus.HistogramOpts{\n\t\t\t\tName: metricsPrefix + \"response_time_seconds\",\n\t\t\t\tHelp: \"Description\",\n\t\t\t\tConstLabels: labels,\n\t\t\t},\n\t\t\t[]string{\"endpoint\"},\n\t\t),\n\t\ttotalRequests: prometheus.NewCounterVec(prometheus.CounterOpts{\n\t\t\tName: metricsPrefix + \"requests_total\",\n\t\t\tHelp: \"number of requests\",\n\t\t\tConstLabels: labels,\n\t\t}, []string{\"code\", \"method\", \"endpoint\"}),\n\t\tduration: prometheus.NewHistogramVec(prometheus.HistogramOpts{\n\t\t\tName: metricsPrefix + \"requests_duration_seconds\",\n\t\t\tHelp: \"duration of a requests in seconds\",\n\t\t\tConstLabels: labels,\n\t\t}, []string{\"code\", \"method\", \"endpoint\"}),\n\t\tresponseSize: prometheus.NewHistogramVec(prometheus.HistogramOpts{\n\t\t\tName: metricsPrefix + \"response_size_bytes\",\n\t\t\tHelp: \"size of the responses in bytes\",\n\t\t\tConstLabels: labels,\n\t\t}, []string{\"code\", \"method\"}),\n\t\trequestSize: prometheus.NewHistogramVec(prometheus.HistogramOpts{\n\t\t\tName: metricsPrefix + \"requests_size_bytes\",\n\t\t\tHelp: \"size of the requests in bytes\",\n\t\t\tConstLabels: labels,\n\t\t}, []string{\"code\", \"method\"}),\n\t\thandlerStatuses: prometheus.NewCounterVec(prometheus.CounterOpts{\n\t\t\tName: metricsPrefix + \"requests_statuses_total\",\n\t\t\tHelp: \"count number of responses per status\",\n\t\t\tConstLabels: labels,\n\t\t}, []string{\"method\", \"status_bucket\"}),\n\t}\n\n\terr := prometheus.Register(pm)\n\tif e := new(prometheus.AlreadyRegisteredError); errors.As(err, e) {\n\t\treturn pm\n\t} else if err != nil {\n\t\tpanic(err)\n\t}\n\n\tgrpcPrometheus.EnableHandlingTimeHistogram()\n\n\treturn pm\n}\n\n// Describe implements prometheus Collector interface.\nfunc (h *HTTPMetrics) Describe(in chan<- *prometheus.Desc) {\n\th.duration.Describe(in)\n\th.totalRequests.Describe(in)\n\th.requestSize.Describe(in)\n\th.responseSize.Describe(in)\n\th.handlerStatuses.Describe(in)\n\th.responseTime.Describe(in)\n}\n\n// Collect implements prometheus Collector interface.\nfunc (h *HTTPMetrics) Collect(in chan<- prometheus.Metric) {\n\th.duration.Collect(in)\n\th.totalRequests.Collect(in)\n\th.requestSize.Collect(in)\n\th.responseSize.Collect(in)\n\th.handlerStatuses.Collect(in)\n\th.responseTime.Collect(in)\n}\n\nfunc (h *HTTPMetrics) instrumentHandlerStatusBucket(next http.Handler) http.HandlerFunc {\n\treturn func(rw http.ResponseWriter, r *http.Request) {\n\t\trr := negroni.NewResponseWriter(rw)\n\t\tnext.ServeHTTP(rr, r)\n\n\t\tstatusBucket := \"unknown\"\n\t\tswitch status := rr.Status(); {\n\t\tcase status >= 200 && status <= 299:\n\t\t\tstatusBucket = \"2xx\"\n\t\tcase status >= 300 && status <= 399:\n\t\t\tstatusBucket = \"3xx\"\n\t\tcase status >= 400 && status <= 499:\n\t\t\tstatusBucket = \"4xx\"\n\t\tcase status >= 500 && status <= 599:\n\t\t\tstatusBucket = \"5xx\"\n\t\t}\n\n\t\th.handlerStatuses.With(prometheus.Labels{\"method\": r.Method, \"status_bucket\": statusBucket}).\n\t\t\tInc()\n\t}\n}\n\n// Instrument will instrument any http.Handler with custom metrics\nfunc (h *HTTPMetrics) Instrument(next http.Handler, endpoint string) http.Handler {\n\tlabels := prometheus.Labels{}\n\tlabelsWithEndpoint := prometheus.Labels{\"endpoint\": endpoint}\n\twrapped := promhttp.InstrumentHandlerResponseSize(h.responseSize.MustCurryWith(labels), next)\n\twrapped = promhttp.InstrumentHandlerCounter(h.totalRequests.MustCurryWith(labelsWithEndpoint), wrapped)\n\twrapped = promhttp.InstrumentHandlerDuration(h.duration.MustCurryWith(labelsWithEndpoint), wrapped)\n\twrapped = promhttp.InstrumentHandlerDuration(h.responseTime.MustCurryWith(prometheus.Labels{\"endpoint\": endpoint}), wrapped)\n\twrapped = promhttp.InstrumentHandlerRequestSize(h.requestSize.MustCurryWith(labels), wrapped)\n\twrapped = h.instrumentHandlerStatusBucket(wrapped)\n\n\treturn wrapped\n}\n\nvar paramPlaceHolderRE = regexp.MustCompile(`\\{[a-zA-Z0-9_-]+}`)\n\nfunc GetLabelForPattern(pattern string) string {\n\treturn paramPlaceHolderRE.ReplaceAllString(strings.TrimSuffix(pattern, \"/{$}\"), \"{param}\")\n}\n" }, { "path": "oryx/proxy/proxy.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage proxy\n\nimport (\n\t\"context\"\n\t\"log\"\n\t\"net/http\"\n\t\"net/http/httputil\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/rs/cors\"\n\t\"go.opentelemetry.io/otel\"\n)\n\ntype (\n\tRespMiddleware func(resp *http.Response, config *HostConfig, body []byte) ([]byte, error)\n\tReqMiddleware func(req *httputil.ProxyRequest, config *HostConfig, body []byte) ([]byte, error)\n\tHostMapper func(ctx context.Context, r *http.Request) (context.Context, *HostConfig, error)\n\toptions struct {\n\t\thostMapper HostMapper\n\t\tonResError func(*http.Response, error) error\n\t\tonReqError func(*http.Request, error)\n\t\trespMiddlewares []RespMiddleware\n\t\treqMiddlewares []ReqMiddleware\n\t\ttransport http.RoundTripper\n\t\terrHandler func(http.ResponseWriter, *http.Request, error)\n\t}\n\tHostConfig struct {\n\t\t// CorsEnabled is a flag to enable or disable CORS\n\t\t// Default: false\n\t\tCorsEnabled bool\n\t\t// CorsOptions allows to configure CORS\n\t\t// If left empty, no CORS headers will be set even when CorsEnabled is true\n\t\tCorsOptions *cors.Options\n\t\t// CookieDomain is the host under which cookies are set.\n\t\t// If left empty, no cookie domain will be set\n\t\tCookieDomain string\n\t\t// UpstreamHost is the next upstream host the proxy will pass the request to.\n\t\t// e.g. fluffy-bear-afiu23iaysd.oryapis.com\n\t\tUpstreamHost string\n\t\t// UpstreamScheme is the protocol used by the upstream service.\n\t\tUpstreamScheme string\n\t\t// TargetHost is the final target of the request. Should be the same as UpstreamHost\n\t\t// if the request is directly passed to the target service.\n\t\tTargetHost string\n\t\t// TargetScheme is the final target's scheme\n\t\t// (i.e. the scheme the target thinks it is running under)\n\t\tTargetScheme string\n\t\t// PathPrefix is a prefix that is prepended on the original host,\n\t\t// but removed before forwarding.\n\t\tPathPrefix string\n\t\t// TrustForwardedHosts is a flag that indicates whether the proxy should trust the\n\t\t// X-Forwarded-* headers or not.\n\t\tTrustForwardedHeaders bool\n\t\t// originalHost the original hostname the request is coming from.\n\t\t// This value will be maintained internally by the proxy.\n\t\toriginalHost string\n\t\t// originalScheme is the original scheme of the request.\n\t\t// This value will be maintained internally by the proxy.\n\t\toriginalScheme string\n\t\t// ForceOriginalSchemeHTTP forces the original scheme to be https if enabled.\n\t\tForceOriginalSchemeHTTPS bool\n\t}\n\tOptions func(*options)\n\tcontextKey string\n)\n\nconst (\n\thostConfigKey contextKey = \"host config\"\n)\n\nfunc (c *HostConfig) setScheme(r *httputil.ProxyRequest) {\n\tif c.ForceOriginalSchemeHTTPS {\n\t\tc.originalScheme = \"https\"\n\t} else if forwardedProto := r.In.Header.Get(\"X-Forwarded-Proto\"); forwardedProto != \"\" {\n\t\tc.originalScheme = forwardedProto\n\t} else if r.In.TLS == nil {\n\t\tc.originalScheme = \"http\"\n\t} else {\n\t\tc.originalScheme = \"https\"\n\t}\n}\n\nfunc (c *HostConfig) setHost(r *httputil.ProxyRequest) {\n\tif forwardedHost := r.In.Header.Get(\"X-Forwarded-Host\"); forwardedHost != \"\" {\n\t\tc.originalHost = forwardedHost\n\t} else {\n\t\tc.originalHost = r.In.Host\n\t}\n}\n\n// rewriter is a custom internal function for altering a http.Request\nfunc rewriter(o *options) func(*httputil.ProxyRequest) {\n\treturn func(r *httputil.ProxyRequest) {\n\t\tctx := r.Out.Context()\n\t\tctx, span := otel.GetTracerProvider().Tracer(\"\").Start(ctx, \"x.proxy\")\n\t\tdefer span.End()\n\n\t\t_, c, err := o.getHostConfig(ctx, r.In)\n\t\tif err != nil {\n\t\t\to.onReqError(r.Out, err)\n\t\t\treturn\n\t\t}\n\n\t\tif c.TrustForwardedHeaders {\n\t\t\theaders := []string{\n\t\t\t\t\"X-Forwarded-Host\",\n\t\t\t\t\"X-Forwarded-Proto\",\n\t\t\t\t\"X-Forwarded-For\",\n\t\t\t}\n\t\t\tfor _, h := range headers {\n\t\t\t\tif v := r.In.Header.Get(h); v != \"\" {\n\t\t\t\t\tr.Out.Header.Set(h, v)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tc.setScheme(r)\n\t\tc.setHost(r)\n\n\t\theaderRequestRewrite(r.Out, c)\n\n\t\tvar body []byte\n\t\tvar cb *compressableBody\n\n\t\tif r.Out.ContentLength != 0 {\n\t\t\tbody, cb, err = readBody(r.Out.Header, r.Out.Body)\n\t\t\tif err != nil {\n\t\t\t\to.onReqError(r.Out, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\n\t\tfor _, m := range o.reqMiddlewares {\n\t\t\tif body, err = m(r, c, body); err != nil {\n\t\t\t\to.onReqError(r.Out, err)\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\n\t\tn, err := cb.Write(body)\n\t\tif err != nil {\n\t\t\to.onReqError(r.Out, err)\n\t\t\treturn\n\t\t}\n\n\t\tr.Out.Header.Del(\"Content-Length\")\n\t\tr.Out.ContentLength = int64(n)\n\t\tr.Out.Body = cb\n\t}\n}\n\n// modifyResponse is a custom internal function for altering a http.Response\nfunc modifyResponse(o *options) func(*http.Response) error {\n\treturn func(r *http.Response) error {\n\t\t_, c, err := o.getHostConfig(r.Request.Context(), r.Request)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif err := headerResponseRewrite(r, c); err != nil {\n\t\t\treturn o.onResError(r, err)\n\t\t}\n\n\t\tbody, cb, err := bodyResponseRewrite(r, c)\n\t\tif err != nil {\n\t\t\treturn o.onResError(r, err)\n\t\t}\n\n\t\tfor _, m := range o.respMiddlewares {\n\t\t\tif body, err = m(r, c, body); err != nil {\n\t\t\t\treturn o.onResError(r, err)\n\t\t\t}\n\t\t}\n\n\t\tn, err := cb.Write(body)\n\t\tif err != nil {\n\t\t\treturn o.onResError(r, err)\n\t\t}\n\n\t\tn, t, err := handleWebsocketResponse(n, cb, r.Body)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tr.Header.Del(\"Content-Length\")\n\t\tr.ContentLength = int64(n)\n\t\tr.Body = t\n\t\treturn nil\n\t}\n}\n\nfunc WithOnError(onReqErr func(*http.Request, error), onResErr func(*http.Response, error) error) Options {\n\treturn func(o *options) {\n\t\to.onReqError = onReqErr\n\t\to.onResError = onResErr\n\t}\n}\n\nfunc WithReqMiddleware(middlewares ...ReqMiddleware) Options {\n\treturn func(o *options) {\n\t\to.reqMiddlewares = append(o.reqMiddlewares, middlewares...)\n\t}\n}\n\nfunc WithRespMiddleware(middlewares ...RespMiddleware) Options {\n\treturn func(o *options) {\n\t\to.respMiddlewares = append(o.respMiddlewares, middlewares...)\n\t}\n}\n\nfunc WithTransport(t http.RoundTripper) Options {\n\treturn func(o *options) {\n\t\to.transport = t\n\t}\n}\n\nfunc WithErrorHandler(eh func(w http.ResponseWriter, r *http.Request, err error)) Options {\n\treturn func(o *options) {\n\t\to.errHandler = eh\n\t}\n}\n\nfunc (o *options) getHostConfig(ctx context.Context, r *http.Request) (context.Context, *HostConfig, error) {\n\tif cached, ok := ctx.Value(hostConfigKey).(*HostConfig); ok && cached != nil {\n\t\treturn ctx, cached, nil\n\t}\n\tctx, c, err := o.hostMapper(ctx, r)\n\tif err != nil {\n\t\treturn nil, nil, err\n\t}\n\t// cache the host config in the request context\n\t// this will be passed on to the request and response proxy functions\n\tctx = context.WithValue(ctx, hostConfigKey, c)\n\treturn ctx, c, nil\n}\n\nfunc (o *options) beforeProxyMiddleware(h http.Handler) http.Handler {\n\treturn http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {\n\t\t// get the hostmapper configurations before the request is proxied\n\t\tctx, c, err := o.getHostConfig(request.Context(), request)\n\t\tif err != nil {\n\t\t\to.onReqError(request, err)\n\t\t\treturn\n\t\t}\n\n\t\t// Add our Cors middleware.\n\t\t// This middleware will only trigger if the host config has cors enabled on that request.\n\t\tif c.CorsEnabled && c.CorsOptions != nil {\n\t\t\tcors.New(*c.CorsOptions).HandlerFunc(writer, request)\n\t\t}\n\n\t\th.ServeHTTP(writer, request.WithContext(ctx))\n\t})\n}\n\nfunc defaultErrorHandler(w http.ResponseWriter, r *http.Request, err error) {\n\tswitch {\n\tcase errors.Is(err, context.Canceled):\n\t\tw.WriteHeader(499) // http://nginx.org/en/docs/dev/development_guide.html\n\tcase isTimeoutError(err):\n\t\tw.WriteHeader(http.StatusGatewayTimeout)\n\tdefault:\n\t\tlog.Printf(\"http: proxy error: %v\", err)\n\t\tw.WriteHeader(http.StatusBadGateway)\n\t}\n}\n\nfunc isTimeoutError(err error) bool {\n\tvar te interface{ Timeout() bool } = nil\n\treturn errors.As(err, &te) && te.Timeout() || errors.Is(err, context.DeadlineExceeded)\n}\n\n// New creates a new Proxy\n// A Proxy sets up a middleware with custom request and response modification handlers\nfunc New(hostMapper HostMapper, opts ...Options) http.Handler {\n\to := &options{\n\t\thostMapper: hostMapper,\n\t\tonReqError: func(*http.Request, error) {},\n\t\tonResError: func(_ *http.Response, err error) error { return err },\n\t\ttransport: http.DefaultTransport,\n\t\terrHandler: defaultErrorHandler,\n\t}\n\n\tfor _, op := range opts {\n\t\top(o)\n\t}\n\n\trp := &httputil.ReverseProxy{\n\t\tRewrite: rewriter(o),\n\t\tModifyResponse: modifyResponse(o),\n\t\tTransport: o.transport,\n\t\tErrorHandler: o.errHandler,\n\t}\n\n\treturn o.beforeProxyMiddleware(rp)\n}\n" }, { "path": "oryx/proxy/rewrites.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage proxy\n\nimport (\n\t\"bytes\"\n\t\"compress/gzip\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"path\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n)\n\ntype compressableBody struct {\n\tbuf bytes.Buffer\n\tw io.WriteCloser\n}\n\n// we require a read and write for websocket connections\nvar _ io.ReadWriteCloser = new(compressableBody)\n\nfunc (b *compressableBody) Close() error {\n\tif b != nil {\n\t\tb.buf.Reset()\n\t\tif b.w != nil {\n\t\t\treturn b.w.Close()\n\t\t}\n\t}\n\treturn nil\n}\n\nfunc (b *compressableBody) Write(d []byte) (int, error) {\n\tif b == nil {\n\t\t// this happens when the body is empty\n\t\treturn 0, nil\n\t}\n\n\tvar w io.Writer = &b.buf\n\tif b.w != nil {\n\t\tw = b.w\n\t\tdefer b.w.Close()\n\t}\n\treturn w.Write(d)\n}\n\nfunc (b *compressableBody) Read(p []byte) (n int, err error) {\n\tif b == nil {\n\t\t// this happens when the body is empty\n\t\treturn 0, io.EOF\n\t}\n\treturn b.buf.Read(p)\n}\n\nfunc headerRequestRewrite(req *http.Request, c *HostConfig) {\n\treq.URL.Scheme = c.UpstreamScheme\n\treq.URL.Host = c.UpstreamHost\n\treq.URL.Path = strings.TrimPrefix(req.URL.Path, c.PathPrefix)\n\n\tif _, ok := req.Header[\"User-Agent\"]; !ok {\n\t\t// explicitly disable User-Agent so it's not set to default value\n\t\treq.Header.Set(\"User-Agent\", \"\")\n\t}\n}\n\nfunc headerResponseRewrite(resp *http.Response, c *HostConfig) error {\n\tredir, err := resp.Location()\n\tif err != nil {\n\t\tif !errors.Is(err, http.ErrNoLocation) {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t} else if redir.Host == c.TargetHost {\n\t\tredir.Scheme = c.originalScheme\n\t\tredir.Host = c.originalHost\n\t\tredir.Path = path.Join(c.PathPrefix, redir.Path)\n\t\tresp.Header.Set(\"Location\", redir.String())\n\t}\n\n\tReplaceCookieDomainAndSecure(resp, c.TargetHost, c.CookieDomain, c.originalScheme == \"https\")\n\n\treturn nil\n}\n\n// ReplaceCookieDomainAndSecure replaces the domain of all matching Set-Cookie headers in the response.\nfunc ReplaceCookieDomainAndSecure(resp *http.Response, original, replacement string, secure bool) {\n\toriginal, replacement = stripPort(original), stripPort(replacement) // cookies don't distinguish ports\n\n\tcookies := resp.Cookies()\n\tresp.Header.Del(\"Set-Cookie\")\n\tfor _, co := range cookies {\n\t\tco.Domain = replacement\n\t\tco.Secure = secure\n\t\tif !secure {\n\t\t\tco.SameSite = http.SameSiteLaxMode\n\t\t}\n\t\tresp.Header.Add(\"Set-Cookie\", co.String())\n\t}\n}\n\nfunc bodyResponseRewrite(resp *http.Response, c *HostConfig) ([]byte, *compressableBody, error) {\n\tif resp.ContentLength == 0 {\n\t\treturn nil, nil, nil\n\t}\n\n\tbody, cb, err := readBody(resp.Header, resp.Body)\n\tif err != nil {\n\t\treturn nil, nil, err\n\t}\n\n\tif c.TargetScheme == \"\" {\n\t\tc.TargetScheme = \"https\"\n\t}\n\n\treturn bytes.ReplaceAll(body, []byte(c.TargetScheme+\"://\"+c.TargetHost), []byte(c.originalScheme+\"://\"+c.originalHost+c.PathPrefix)), cb, nil\n}\n\nfunc readBody(h http.Header, body io.ReadCloser) ([]byte, *compressableBody, error) {\n\tdefer body.Close()\n\n\tcb := &compressableBody{}\n\n\tswitch h.Get(\"Content-Encoding\") {\n\tcase \"gzip\":\n\t\tvar err error\n\t\tbody, err = gzip.NewReader(body)\n\t\tif err != nil {\n\t\t\treturn nil, nil, errors.WithStack(err)\n\t\t}\n\n\t\tcb.w = gzip.NewWriter(&cb.buf)\n\tdefault:\n\t\t// do nothing, we can read directly\n\t}\n\n\tb, err := io.ReadAll(body)\n\tif err != nil {\n\t\treturn nil, nil, errors.WithStack(err)\n\t}\n\treturn b, cb, nil\n}\n\nfunc handleWebsocketResponse(n int, cb *compressableBody, body io.ReadCloser) (int, io.ReadWriteCloser, error) {\n\tvar err error\n\treadWriteCloser, ok := body.(io.ReadWriteCloser)\n\tif ok {\n\t\tif cb != nil {\n\t\t\tn, err = readWriteCloser.Write(cb.buf.Bytes())\n\t\t\tif err != nil {\n\t\t\t\treturn 0, nil, errors.WithStack(err)\n\t\t\t}\n\t\t}\n\t\treturn n, readWriteCloser, nil\n\t}\n\treturn n, cb, nil\n}\n\n// stripPort removes the optional port from the host.\nfunc stripPort(host string) string {\n\treturn (&url.URL{Host: host}).Hostname()\n}\n" }, { "path": "oryx/proxy/stubs/auth.example.com.json", "content": "{\n \"ui\": {\n \"action\": \"https://auth.example.com\"\n },\n \"callbacks\": [\n \"https://auth.example.com/path/to/resource\",\n \"https://auth.example.com/path?q=https://localhost:8000\"\n ]\n}\n" }, { "path": "oryx/randx/README.md", "content": "`randx.RuneSequence` generates even distributions for the given character set\nand length. All results are therefore also evenly distributed.\n\n## AlphaNum\n\n[Alphabet and Numeric](../docs/alpha_num.png)\n\n## AlphaNum\n\n[Alphabet and Numeric](../docs/num.png)\n" }, { "path": "oryx/randx/sequence.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage randx\n\nimport (\n\t\"crypto/rand\"\n\t\"math/big\"\n)\n\nvar rander = rand.Reader // random function\n\nvar (\n\t// AlphaNum contains runes [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789].\n\tAlphaNum = []rune(\"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\")\n\t// Alpha contains runes [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ].\n\tAlpha = []rune(\"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\")\n\t// AlphaLowerNum contains runes [abcdefghijklmnopqrstuvwxyz0123456789].\n\tAlphaLowerNum = []rune(\"abcdefghijklmnopqrstuvwxyz0123456789\")\n\t// AlphaUpperNum contains runes [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789].\n\tAlphaUpperNum = []rune(\"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\")\n\t// AlphaLower contains runes [abcdefghijklmnopqrstuvwxyz].\n\tAlphaLower = []rune(\"abcdefghijklmnopqrstuvwxyz\")\n\t// AlphaUpperVowels contains runes [AEIOUY].\n\tAlphaUpperVowels = []rune(\"AEIOUY\")\n\t// AlphaUpperNoVowels contains runes [BCDFGHJKLMNPQRSTVWXZ].\n\tAlphaUpperNoVowels = []rune(\"BCDFGHJKLMNPQRSTVWXZ\")\n\t// AlphaUpper contains runes [ABCDEFGHIJKLMNOPQRSTUVWXYZ].\n\tAlphaUpper = []rune(\"ABCDEFGHIJKLMNOPQRSTUVWXYZ\")\n\t// Numeric contains runes [0123456789].\n\tNumeric = []rune(\"0123456789\")\n\t// AlphaNumNoAmbiguous is equivalent to AlphaNum but without visually ambiguous characters [0Oo1IlB8S5Z2].\n\tAlphaNumNoAmbiguous = []rune(\"abcdefghijkmnpqrstuvwxyzACDEFGHJKLMNPQRTUVWXY34679\")\n)\n\n// RuneSequence returns a random sequence using the defined allowed runes.\nfunc RuneSequence(l int, allowedRunes []rune) (seq []rune, err error) {\n\tc := big.NewInt(int64(len(allowedRunes)))\n\tseq = make([]rune, l)\n\n\tfor i := 0; i < l; i++ {\n\t\tr, err := rand.Int(rander, c)\n\t\tif err != nil {\n\t\t\treturn seq, err\n\t\t}\n\t\trn := allowedRunes[r.Uint64()]\n\t\tseq[i] = rn\n\t}\n\n\treturn seq, nil\n}\n\n// MustString returns a random string sequence using the defined runes. Panics on error.\nfunc MustString(l int, allowedRunes []rune) string {\n\tseq, err := RuneSequence(l, allowedRunes)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\treturn string(seq)\n}\n" }, { "path": "oryx/randx/strength/go.mod", "content": "module github.com/ory/x/randx/strength\n\ngo 1.26\n\nreplace github.com/ory/x => ../..\n\nrequire (\n\tgithub.com/ory/x v0.0.729\n\tgonum.org/v1/plot v0.16.0\n)\n\nrequire (\n\tcodeberg.org/go-fonts/liberation v0.5.0 // indirect\n\tcodeberg.org/go-latex/latex v0.1.0 // indirect\n\tcodeberg.org/go-pdf/fpdf v0.11.1 // indirect\n\tgit.sr.ht/~sbinet/gg v0.6.0 // indirect\n\tgithub.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b // indirect\n\tgithub.com/campoy/embedmd v1.0.0 // indirect\n\tgithub.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect\n\tgithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect\n\tgolang.org/x/image v0.30.0 // indirect\n\tgolang.org/x/text v0.31.0 // indirect\n)\n" }, { "path": "oryx/randx/strength/go.sum", "content": "codeberg.org/go-fonts/dejavu v0.4.0 h1:2yn58Vkh4CFK3ipacWUAIE3XVBGNa0y1bc95Bmfx91I=\ncodeberg.org/go-fonts/dejavu v0.4.0/go.mod h1:abni088lmhQJvso2Lsb7azCKzwkfcnttl6tL1UTWKzg=\ncodeberg.org/go-fonts/latin-modern v0.4.0 h1:vkRCc1y3whKA7iL9Ep0fSGVuJfqjix0ica9UflHORO8=\ncodeberg.org/go-fonts/latin-modern v0.4.0/go.mod h1:BF68mZznJ9QHn+hic9ks2DaFl4sR5YhfM6xTYaP9vNw=\ncodeberg.org/go-fonts/liberation v0.5.0 h1:SsKoMO1v1OZmzkG2DY+7ZkCL9U+rrWI09niOLfQ5Bo0=\ncodeberg.org/go-fonts/liberation v0.5.0/go.mod h1:zS/2e1354/mJ4pGzIIaEtm/59VFCFnYC7YV6YdGl5GU=\ncodeberg.org/go-latex/latex v0.1.0 h1:hoGO86rIbWVyjtlDLzCqZPjNykpWQ9YuTZqAzPcfL3c=\ncodeberg.org/go-latex/latex v0.1.0/go.mod h1:LA0q/AyWIYrqVd+A9Upkgsb+IqPcmSTKc9Dny04MHMw=\ncodeberg.org/go-pdf/fpdf v0.11.1 h1:U8+coOTDVLxHIXZgGvkfQEi/q0hYHYvEHFuGNX2GzGs=\ncodeberg.org/go-pdf/fpdf v0.11.1/go.mod h1:Y0DGRAdZ0OmnZPvjbMp/1bYxmIPxm0ws4tfoPOc4LjU=\ngit.sr.ht/~sbinet/cmpimg v0.1.0 h1:E0zPRk2muWuCqSKSVZIWsgtU9pjsw3eKHi8VmQeScxo=\ngit.sr.ht/~sbinet/cmpimg v0.1.0/go.mod h1:FU12psLbF4TfNXkKH2ZZQ29crIqoiqTZmeQ7dkp/pxE=\ngit.sr.ht/~sbinet/gg v0.6.0 h1:RIzgkizAk+9r7uPzf/VfbJHBMKUr0F5hRFxTUGMnt38=\ngit.sr.ht/~sbinet/gg v0.6.0/go.mod h1:uucygbfC9wVPQIfrmwM2et0imr8L7KQWywX0xpFMm94=\ngithub.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=\ngithub.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY=\ngithub.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk=\ngithub.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b h1:slYM766cy2nI3BwyRiyQj/Ud48djTMtMebDqepE95rw=\ngithub.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM=\ngithub.com/campoy/embedmd v1.0.0 h1:V4kI2qTJJLf4J29RzI/MAt2c3Bl4dQSYPuflzwFH2hY=\ngithub.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=\ngithub.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=\ngithub.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=\ngithub.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=\ngithub.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=\ngithub.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngolang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\ngolang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=\ngolang.org/x/image v0.30.0 h1:jD5RhkmVAnjqaCUXfbGBrn3lpxbknfN9w2UhHHU+5B4=\ngolang.org/x/image v0.30.0/go.mod h1:SAEUTxCCMWSrJcCy/4HwavEsfZZJlYxeHLc6tTiAe/c=\ngolang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=\ngolang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=\ngolang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=\ngolang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=\ngolang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=\ngonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=\ngonum.org/v1/plot v0.16.0 h1:dK28Qx/Ky4VmPUN/2zeW0ELyM6ucDnBAj5yun7M9n1g=\ngonum.org/v1/plot v0.16.0/go.mod h1:Xz6U1yDMi6Ni6aaXILqmVIb6Vro8E+K7Q/GeeH+Pn0c=\ngopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=\ngopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\nhonnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=\nrsc.io/pdf v0.1.1 h1:k1MczvYDUvJBe93bYd7wrZLLUEcLZAuF824/I4e5Xr4=\nrsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=\n" }, { "path": "oryx/randx/strength/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"fmt\"\n\t\"sort\"\n\n\t\"gonum.org/v1/plot\"\n\t\"gonum.org/v1/plot/plotter\"\n\t\"gonum.org/v1/plot/plotutil\"\n\t\"gonum.org/v1/plot/vg\"\n\n\t\"github.com/ory/x/randx\"\n)\n\nconst iterations = 1000 * 100\n\ntype generate func(int, []rune) ([]rune, error)\n\nfunc main() {\n\tdraw(measureDistribution(iterations, randx.AlphaNum, randx.RuneSequence), \"AlphaNum Distribution\", \"docs/alpha_num.png\")\n\tdraw(measureDistribution(iterations, randx.Numeric, randx.RuneSequence), \"Num Distribution\", \"docs/num.png\")\n\tdraw(measureResultDistribution(100, 6, randx.Numeric, randx.RuneSequence), \"Num Distribution\", \"docs/result_num.png\")\n}\n\nfunc measureResultDistribution(iterations int, length int, characters []rune, fn generate) map[string]int {\n\tdist := make(map[string]int)\n\tfor index := 1; index <= iterations; index++ {\n\t\t// status output to cli\n\t\tif index%1000 == 0 {\n\t\t\tfmt.Printf(\"\\r%d / %d\", index, iterations)\n\t\t}\n\t\traw, err := fn(length, characters)\n\t\tif err != nil {\n\t\t\tpanic(err)\n\t\t}\n\t\tdist[string(raw)] = dist[string(raw)] + 1\n\t}\n\treturn dist\n}\n\nfunc measureDistribution(iterations int, characters []rune, fn generate) map[string]int {\n\tdist := make(map[string]int)\n\tfor index := 1; index <= iterations; index++ {\n\t\t// status output to cli\n\t\tif index%1000 == 0 {\n\t\t\tfmt.Printf(\"\\r%d / %d\", index, iterations)\n\t\t}\n\t\traw, err := fn(100, characters)\n\t\tif err != nil {\n\t\t\tpanic(err)\n\t\t}\n\t\tfor _, s := range raw {\n\t\t\tc := string(s)\n\t\t\ti := dist[c]\n\t\t\tdist[c] = i + 1\n\t\t}\n\t}\n\treturn dist\n}\n\nfunc draw(distribution map[string]int, title, filename string) {\n\tkeys, values := orderMap(distribution)\n\tgroup := plotter.Values{}\n\tfor _, v := range values {\n\t\tgroup = append(group, float64(v))\n\t}\n\n\tp := plot.New()\n\tp.Title.Text = title\n\tp.Y.Label.Text = \"N\"\n\n\tbars, err := plotter.NewBarChart(group, vg.Points(4))\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\tbars.LineStyle.Width = vg.Length(0)\n\tbars.Color = plotutil.Color(0)\n\n\tp.Add(bars)\n\tp.NominalX(keys...)\n\n\tif err := p.Save(300*vg.Millimeter, 150*vg.Millimeter, filename); err != nil {\n\t\tpanic(err)\n\t}\n}\n\nfunc orderMap(m map[string]int) (keys []string, values []int) {\n\tkeys = []string{}\n\tvalues = []int{}\n\tfor k := range m {\n\t\tkeys = append(keys, k)\n\t}\n\tsort.Strings(keys)\n\tfor _, key := range keys {\n\t\tvalues = append(values, m[key])\n\t}\n\treturn keys, values\n}\n" }, { "path": "oryx/reqlog/LICENSE", "content": "The MIT License (MIT)\n\nCopyright (c) 2017 Dan Buch and contributors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "oryx/reqlog/external_latency.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage reqlog\n\nimport (\n\t\"context\"\n\t\"sync/atomic\"\n\t\"time\"\n)\n\nfunc withEnableExternalLatencyMeasurement(ctx context.Context) context.Context {\n\treturn context.WithValue(ctx, externalLatencyKey, new(int64))\n}\n\nfunc AccumulateExternalLatency(ctx context.Context, dur time.Duration) {\n\ttotal, ok := ctx.Value(externalLatencyKey).(*int64)\n\tif !ok {\n\t\treturn\n\t}\n\tatomic.AddInt64(total, int64(dur))\n}\n\nfunc getExternalLatency(ctx context.Context) time.Duration {\n\ttotal, ok := ctx.Value(externalLatencyKey).(*int64)\n\tif !ok {\n\t\treturn 0\n\t}\n\treturn time.Duration(atomic.LoadInt64(total))\n}\n\ntype contextKey int\n\nconst externalLatencyKey contextKey = 1\n" }, { "path": "oryx/reqlog/middleware.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage reqlog\n\nimport (\n\t\"net/http\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/urfave/negroni\"\n\n\t\"github.com/ory/x/logrusx\"\n)\n\ntype timer interface {\n\tNow() time.Time\n\tSince(time.Time) time.Duration\n}\n\ntype realClock struct{}\n\nfunc (rc *realClock) Now() time.Time {\n\treturn time.Now()\n}\n\nfunc (rc *realClock) Since(t time.Time) time.Duration {\n\treturn time.Since(t)\n}\n\n// Middleware is a middleware handler that logs the request as it goes in and the response as it goes out.\ntype Middleware struct {\n\t// Logger is the log.Logger instance used to log messages with the Logger middleware\n\tLogger *logrusx.Logger\n\t// Name is the name of the application as recorded in latency metrics\n\tName string\n\tBefore func(*logrusx.Logger, *http.Request, string) *logrusx.Logger\n\tAfter func(*logrusx.Logger, *http.Request, negroni.ResponseWriter, time.Duration, string) *logrusx.Logger\n\n\tlogStarting bool\n\n\tclock timer\n\n\tlogLevel logrus.Level\n\n\t// Silence log for specific URL paths\n\tsilencePaths map[string]bool\n\n\tsync.RWMutex\n}\n\n// NewMiddleware returns a reqlog middleware with default settings\nfunc NewMiddleware() *Middleware {\n\treturn NewCustomMiddleware(logrus.InfoLevel, &logrus.TextFormatter{}, \"web\")\n}\n\n// NewCustomMiddleware returns a reqlog middleware with the given level and formatter\nfunc NewCustomMiddleware(level logrus.Level, formatter logrus.Formatter, name string) *Middleware {\n\tlog := logrusx.New(name, \"\", logrusx.ForceFormatter(formatter), logrusx.ForceLevel(level))\n\treturn &Middleware{\n\t\tLogger: log,\n\t\tName: name,\n\t\tBefore: DefaultBefore,\n\t\tAfter: DefaultAfter,\n\n\t\tlogLevel: logrus.InfoLevel,\n\t\tlogStarting: true,\n\t\tclock: &realClock{},\n\t\tsilencePaths: map[string]bool{},\n\t}\n}\n\n// NewMiddlewareFromLogger returns a reqlog middleware which writes to a given logrus logger.\nfunc NewMiddlewareFromLogger(logger *logrusx.Logger, name string) *Middleware {\n\treturn &Middleware{\n\t\tLogger: logger,\n\t\tName: name,\n\t\tBefore: DefaultBefore,\n\t\tAfter: DefaultAfter,\n\n\t\tlogLevel: logrus.InfoLevel,\n\t\tlogStarting: true,\n\t\tclock: &realClock{},\n\t\tsilencePaths: map[string]bool{},\n\t}\n}\n\n// SetLogStarting accepts a bool to control the logging of \"started handling\n// request\" prior to passing to the next middleware\nfunc (m *Middleware) SetLogStarting(v bool) {\n\tm.logStarting = v\n}\n\n// ExcludePaths adds new URL paths to be ignored during logging. The URL u is parsed, hence the returned error\nfunc (m *Middleware) ExcludePaths(paths ...string) *Middleware {\n\tfor _, path := range paths {\n\t\tm.Lock()\n\t\tm.silencePaths[path] = true\n\t\tm.Unlock()\n\t}\n\treturn m\n}\n\nfunc (m *Middleware) Wrap(handler http.Handler) http.Handler {\n\treturn http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {\n\t\tm.ServeHTTP(rw, r, handler.ServeHTTP)\n\t})\n}\n\nfunc (m *Middleware) WrapFunc(handler http.HandlerFunc) http.HandlerFunc {\n\treturn func(rw http.ResponseWriter, r *http.Request) {\n\t\tm.ServeHTTP(rw, r, handler)\n\t}\n}\n\nfunc (m *Middleware) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\tif m.Before == nil {\n\t\tm.Before = DefaultBefore\n\t}\n\n\tif m.After == nil {\n\t\tm.After = DefaultAfter\n\t}\n\n\tlogLevel := m.logLevel\n\tm.RLock()\n\tif _, ok := m.silencePaths[r.URL.Path]; ok {\n\t\tlogLevel = logrus.TraceLevel\n\t}\n\tm.RUnlock()\n\n\tstart := m.clock.Now()\n\n\t// Try to get the real IP\n\tremoteAddr := r.RemoteAddr\n\tif realIP := r.Header.Get(\"X-Real-IP\"); realIP != \"\" {\n\t\tremoteAddr = realIP\n\t}\n\n\tentry := m.Logger.NewEntry()\n\n\tentry = m.Before(entry, r, remoteAddr)\n\n\tif m.logStarting {\n\t\tentry.Log(logLevel, \"started handling request\")\n\t}\n\n\tnrw, ok := rw.(negroni.ResponseWriter)\n\tif !ok {\n\t\tnrw = negroni.NewResponseWriter(rw)\n\t}\n\n\tr = r.WithContext(withEnableExternalLatencyMeasurement(r.Context()))\n\tnext(nrw, r)\n\n\tlatency := m.clock.Since(start)\n\n\tm.After(entry, r, nrw, latency, m.Name).Log(logLevel, \"completed handling request\")\n}\n\n// BeforeFunc is the func type used to modify or replace the *logrusx.Logger prior\n// to calling the next func in the middleware chain\ntype BeforeFunc func(*logrusx.Logger, *http.Request, string) *logrusx.Logger\n\n// AfterFunc is the func type used to modify or replace the *logrusx.Logger after\n// calling the next func in the middleware chain\ntype AfterFunc func(*logrusx.Logger, negroni.ResponseWriter, time.Duration, string) *logrusx.Logger\n\n// DefaultBefore is the default func assigned to *Middleware.Before\nfunc DefaultBefore(entry *logrusx.Logger, req *http.Request, remoteAddr string) *logrusx.Logger {\n\treturn entry.WithRequest(req)\n}\n\n// DefaultAfter is the default func assigned to *Middleware.After\nfunc DefaultAfter(entry *logrusx.Logger, req *http.Request, res negroni.ResponseWriter, latency time.Duration, name string) *logrusx.Logger {\n\te := entry.WithRequest(req).WithField(\"http_response\", map[string]any{\n\t\t\"status\": res.Status(),\n\t\t\"size\": res.Size(),\n\t\t\"text_status\": http.StatusText(res.Status()),\n\t\t\"took\": latency,\n\t\t\"headers\": entry.HTTPHeadersRedacted(res.Header()),\n\t})\n\tif el := getExternalLatency(req.Context()); el > 0 {\n\t\te = e.WithFields(map[string]any{\n\t\t\t\"took_internal\": latency - el,\n\t\t\t\"took_external\": el,\n\t\t})\n\t}\n\treturn e\n}\n" }, { "path": "oryx/resilience/retry.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// Package resilience provides helpers for dealing with resilience.\npackage resilience\n\nimport (\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/logrusx\"\n)\n\n// Retry executes a f until no error is returned or failAfter is reached.\nfunc Retry(logger *logrusx.Logger, maxWait time.Duration, failAfter time.Duration, f func() error) (err error) {\n\tvar lastStart time.Time\n\terr = errors.New(\"did not connect\")\n\tloopWait := time.Millisecond * 100\n\tretryStart := time.Now().UTC()\n\tfor retryStart.Add(failAfter).After(time.Now().UTC()) {\n\t\tlastStart = time.Now().UTC()\n\t\tif err = f(); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\tif lastStart.Add(maxWait * 2).Before(time.Now().UTC()) {\n\t\t\tretryStart = time.Now().UTC()\n\t\t}\n\n\t\tlogger.WithError(err).Infof(\"Retrying in %f seconds...\", loopWait.Seconds())\n\t\ttime.Sleep(loopWait)\n\t\tloopWait = loopWait * time.Duration(int64(2))\n\t\tif loopWait > maxWait {\n\t\t\tloopWait = maxWait\n\t\t}\n\t}\n\treturn err\n}\n" }, { "path": "oryx/safecast/safecast.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage safecast\n\nimport \"math\"\n\n// Clamp if needed.\nfunc Uint64ToInt64(in uint64) int64 {\n\tif in > math.MaxInt64 {\n\t\treturn math.MaxInt64\n\t}\n\treturn int64(in)\n}\n" }, { "path": "oryx/serverx/404.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage serverx\n\nimport (\n\t_ \"embed\"\n\t\"net/http\"\n\n\t\"github.com/ory/herodot/httputil\"\n)\n\n//go:embed 404.html\nvar page404HTML string\n\n//go:embed 404.json\nvar page404JSON string\n\n// DefaultNotFoundHandler is a default handler for handling 404 errors.\nvar DefaultNotFoundHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n\tvar contentType, body string\n\tswitch httputil.NegotiateContentType(r, []string{\n\t\t\"text/html\",\n\t\t\"text/plain\",\n\t\t\"application/json\",\n\t}, \"text/html\") {\n\tcase \"text/plain\":\n\t\tcontentType = \"text/plain\"\n\t\tbody = \"Error 404 - The requested route does not exist. Make sure you are using the right path, domain, and port.\"\n\tcase \"application/json\":\n\t\tcontentType = \"application/json\"\n\t\tbody = page404JSON\n\tdefault:\n\t\tfallthrough\n\tcase \"text/html\":\n\t\tcontentType = \"text/html\"\n\t\tbody = page404HTML\n\t}\n\n\tw.Header().Set(\"Content-Type\", contentType+\"; charset=utf-8\")\n\tw.WriteHeader(http.StatusNotFound)\n\t_, _ = w.Write([]byte(body))\n})\n" }, { "path": "oryx/serverx/404.html", "content": "\n\n \n \n 404 - Route not found\n \n \n \n
\n
\n

Error 404

\n

\n The requested route does not exist. Make sure you are using the right\n path, domain, and port.\n

\n
\n
\n \n\n" }, { "path": "oryx/serverx/404.json", "content": "{\n \"error\": {\n \"code\": 404,\n \"message\": \"Not Found\",\n \"reason\": \"The requested route does not exist. Make sure you are using the right path, domain, and port.\"\n }\n}\n" }, { "path": "oryx/servicelocatorx/options.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage servicelocatorx\n\nimport (\n\t\"github.com/urfave/negroni\"\n\t\"google.golang.org/grpc\"\n\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/logrusx\"\n)\n\ntype (\n\tOptions struct {\n\t\tlogger *logrusx.Logger\n\t\tcontextualizer contextx.Contextualizer\n\t\thttpMiddlewares []negroni.Handler\n\t\tgrpcUnaryInterceptors []grpc.UnaryServerInterceptor\n\t\tgrpcStreamInterceptors []grpc.StreamServerInterceptor\n\t}\n\tOption func(o *Options)\n)\n\nfunc WithLogger(l *logrusx.Logger) Option {\n\treturn func(o *Options) {\n\t\to.logger = l\n\t}\n}\n\nfunc WithContextualizer(ctxer contextx.Contextualizer) Option {\n\treturn func(o *Options) {\n\t\to.contextualizer = ctxer\n\t}\n}\n\nfunc WithHTTPMiddlewares(m ...negroni.Handler) Option {\n\treturn func(o *Options) {\n\t\to.httpMiddlewares = m\n\t}\n}\n\nfunc WithGRPCUnaryInterceptors(i ...grpc.UnaryServerInterceptor) Option {\n\treturn func(o *Options) {\n\t\to.grpcUnaryInterceptors = i\n\t}\n}\n\nfunc WithGRPCStreamInterceptors(i ...grpc.StreamServerInterceptor) Option {\n\treturn func(o *Options) {\n\t\to.grpcStreamInterceptors = i\n\t}\n}\n\nfunc (o *Options) Logger() *logrusx.Logger {\n\treturn o.logger\n}\n\nfunc (o *Options) Contextualizer() contextx.Contextualizer {\n\treturn o.contextualizer\n}\n\nfunc (o *Options) HTTPMiddlewares() []negroni.Handler {\n\treturn o.httpMiddlewares\n}\n\nfunc (o *Options) GRPCUnaryInterceptors() []grpc.UnaryServerInterceptor {\n\treturn o.grpcUnaryInterceptors\n}\n\nfunc (o *Options) GRPCStreamInterceptors() []grpc.StreamServerInterceptor {\n\treturn o.grpcStreamInterceptors\n}\n\nfunc NewOptions(options ...Option) *Options {\n\to := &Options{\n\t\tcontextualizer: &contextx.Default{},\n\t}\n\tfor _, opt := range options {\n\t\topt(o)\n\t}\n\treturn o\n}\n" }, { "path": "oryx/snapshotx/.snapshots/TestDeleteMatches-file=1.json-fn.json", "content": "{\n \"foo\": {\n \"other\": \"fdsa\"\n },\n \"nested\": {\n \"nested\": {\n \"arr\": [\n {\n },\n {\n }\n ]\n }\n },\n \"arr\": [\n {\n },\n {\n \"arr\": [\n {\n },\n {\n }\n ]\n }\n ]\n}\n" }, { "path": "oryx/snapshotx/.snapshots/TestDeleteMatches-file=2.json-fn.json", "content": "{\n \"created_at\": \"1234\",\n \"updated_at\": \"1234\",\n \"nested\": {\n \"created_at\": 1234,\n \"nested\": {\n \"created_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n },\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n ]\n}\n" }, { "path": "oryx/snapshotx/.snapshots/TestDeleteMatches-file=3.json-fn.json", "content": "{\n \"updated_at\": \"1234\",\n \"nested\": {\n \"nested\": {\n \"arr\": [\n {\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n },\n \"arr\": [\n {\n },\n {\n \"updated_at\": 1234,\n \"arr\": [\n {\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n ]\n}\n" }, { "path": "oryx/snapshotx/fixtures/1.json", "content": "{\n \"ignore_nested\": [\n \"updated_at\",\n \"created_at\"\n ],\n \"ignore_exact\": [\n \"foo.id\"\n ],\n \"content\": {\n \"foo\": {\n \"id\": \"asdf\",\n \"other\": \"fdsa\"\n },\n \"created_at\": \"1234\",\n \"updated_at\": \"1234\",\n \"nested\":{\n \"created_at\": 1234,\n \"nested\": {\n \"created_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n },\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n ]\n }\n}" }, { "path": "oryx/snapshotx/fixtures/2.json", "content": "{\n \"ignore_nested\": [\n ],\n \"content\": {\n \"created_at\": \"1234\",\n \"updated_at\": \"1234\",\n \"nested\":{\n \"created_at\": 1234,\n \"nested\": {\n \"created_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n },\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n ]\n }\n}" }, { "path": "oryx/snapshotx/fixtures/3.json", "content": "{\n \"ignore_nested\": [\n \"created_at\"\n ],\n \"content\": {\n \"created_at\": \"1234\",\n \"updated_at\": \"1234\",\n \"nested\": {\n \"created_at\": 1234,\n \"nested\": {\n \"created_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n },\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234,\n \"arr\": [\n {\n \"created_at\": 1234\n },\n {\n \"updated_at\": 1234\n }\n ]\n }\n ]\n }\n}" }, { "path": "oryx/snapshotx/snapshot.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage snapshotx\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"slices\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/bradleyjkemp/cupaloy/v2\"\n\t\"github.com/stretchr/testify/require\"\n\t\"github.com/tidwall/gjson\"\n\t\"github.com/tidwall/sjson\"\n)\n\ntype (\n\tOpt = func(*options)\n\toptions struct {\n\t\tmodifiers []func(t *testing.T, raw []byte) []byte\n\t\tname string\n\t}\n)\n\nfunc ExceptPaths(keys ...string) Opt {\n\treturn func(o *options) {\n\t\to.modifiers = append(o.modifiers, func(t *testing.T, raw []byte) []byte {\n\t\t\tfor _, key := range keys {\n\t\t\t\tvar err error\n\t\t\t\traw, err = sjson.DeleteBytes(raw, key)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t}\n\t\t\treturn raw\n\t\t})\n\t}\n}\n\nfunc ExceptNestedKeys(nestedKeys ...string) Opt {\n\treturn func(o *options) {\n\t\to.modifiers = append(o.modifiers, func(t *testing.T, raw []byte) []byte {\n\t\t\tparsed := gjson.ParseBytes(raw)\n\t\t\trequire.True(t, parsed.IsObject() || parsed.IsArray())\n\t\t\treturn deleteMatches(t, \"\", parsed, nestedKeys, []string{}, raw)\n\t\t})\n\t}\n}\n\nfunc WithReplacement(str, replace string) Opt {\n\treturn func(o *options) {\n\t\to.modifiers = append(o.modifiers, func(t *testing.T, raw []byte) []byte {\n\t\t\treturn bytes.ReplaceAll(raw, []byte(str), []byte(replace))\n\t\t})\n\t}\n}\n\nfunc WithName(name string) Opt {\n\treturn func(o *options) {\n\t\to.name = name\n\t}\n}\n\nfunc newOptions(opts ...Opt) *options {\n\to := &options{}\n\tfor _, opt := range opts {\n\t\topt(o)\n\t}\n\treturn o\n}\n\nfunc (o *options) applyModifiers(t *testing.T, compare []byte) []byte {\n\tfor _, modifier := range o.modifiers {\n\t\tcompare = modifier(t, compare)\n\t}\n\treturn compare\n}\n\nvar snapshot = cupaloy.New(cupaloy.SnapshotFileExtension(\".json\"))\n\nfunc SnapshotTJSON[C ~string | ~[]byte](t *testing.T, compare C, opts ...Opt) {\n\tSnapshotT(t, json.RawMessage(compare), opts...)\n}\n\nfunc SnapshotT(t *testing.T, actual any, opts ...Opt) {\n\tt.Helper()\n\tcompare, err := json.MarshalIndent(actual, \"\", \" \")\n\trequire.NoErrorf(t, err, \"%+v\", actual)\n\n\to := newOptions(opts...)\n\tcompare = o.applyModifiers(t, compare)\n\n\tif o.name == \"\" {\n\t\tsnapshot.SnapshotT(t, compare)\n\t} else {\n\t\tname := strings.ReplaceAll(t.Name()+\"_\"+o.name, \"/\", \"-\")\n\t\trequire.NoError(t, snapshot.SnapshotWithName(name, compare))\n\t}\n}\n\n// SnapshotTExcept is deprecated in favor of SnapshotT with Opt.\n//\n// DEPRECATED: please use SnapshotT instead\nfunc SnapshotTExcept(t *testing.T, actual interface{}, except []string) {\n\tt.Helper()\n\tcompare, err := json.MarshalIndent(actual, \"\", \" \")\n\trequire.NoError(t, err, \"%+v\", actual)\n\tfor _, e := range except {\n\t\tcompare, err = sjson.DeleteBytes(compare, e)\n\t\trequire.NoError(t, err, \"%s\", e)\n\t}\n\n\tsnapshot.SnapshotT(t, compare)\n}\n\nfunc deleteMatches(t *testing.T, key string, result gjson.Result, matches []string, parents []string, content []byte) []byte {\n\tpath := parents\n\tif key != \"\" {\n\t\tpath = append(parents, key)\n\t}\n\n\tif result.IsObject() {\n\t\tresult.ForEach(func(key, value gjson.Result) bool {\n\t\t\tcontent = deleteMatches(t, key.String(), value, matches, path, content)\n\t\t\treturn true\n\t\t})\n\t} else if result.IsArray() {\n\t\tvar i int\n\t\tresult.ForEach(func(_, value gjson.Result) bool {\n\t\t\tcontent = deleteMatches(t, fmt.Sprintf(\"%d\", i), value, matches, path, content)\n\t\t\ti++\n\t\t\treturn true\n\t\t})\n\t}\n\n\tif slices.Contains(matches, key) {\n\t\tcontent, err := sjson.DeleteBytes(content, strings.Join(path, \".\"))\n\t\trequire.NoError(t, err)\n\t\treturn content\n\t}\n\n\treturn content\n}\n" }, { "path": "oryx/sqlcon/connector.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// Package sqlcon provides helpers for dealing with SQL connectivity.\npackage sqlcon\n\nimport (\n\t\"runtime\"\n\t\"strings\"\n)\n\n// GetDriverName returns the driver name of a given DSN.\nfunc GetDriverName(dsn string) string {\n\treturn strings.Split(dsn, \"://\")[0]\n}\nfunc maxParallelism() int {\n\tmaxProcs := runtime.GOMAXPROCS(0)\n\tnumCPU := runtime.NumCPU()\n\tif maxProcs < numCPU {\n\t\treturn maxProcs\n\t}\n\treturn numCPU\n}\n" }, { "path": "oryx/sqlcon/dockertest/cockroach.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage dockertest\n\nimport (\n\t\"testing\"\n\n\t\"github.com/cockroachdb/cockroach-go/v2/testserver\"\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc NewLocalTestCRDBServer(t testing.TB) string {\n\tts, err := testserver.NewTestServer(testserver.CustomVersionOpt(\"25.3.3\"))\n\trequire.NoError(t, err)\n\tt.Cleanup(ts.Stop)\n\n\trequire.NoError(t, ts.WaitForInit())\n\n\tts.PGURL().Scheme = \"cockroach\"\n\treturn ts.PGURL().String()\n}\n" }, { "path": "oryx/sqlcon/dockertest/test_helper.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage dockertest\n\nimport (\n\t\"cmp\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"regexp\"\n\t\"strings\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/docker/docker/api/types/container\"\n\t\"github.com/docker/docker/api/types/filters\"\n\t\"github.com/docker/docker/client\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/pop/v6\"\n\n\t\"github.com/ory/dockertest/v4\"\n\t\"github.com/ory/x/stringsx\"\n)\n\nfunc ConnectPop(t require.TestingT, url string) (c *pop.Connection) {\n\trequire.EventuallyWithT(t, func(t *assert.CollectT) {\n\t\tvar err error\n\t\tc, err = pop.NewConnection(&pop.ConnectionDetails{\n\t\t\tURL: url,\n\t\t})\n\t\trequire.NoError(t, err)\n\t\trequire.NoError(t, c.Open())\n\t\trequire.NoError(t, c.RawQuery(\"select version()\").Exec())\n\t}, 5*time.Minute, time.Second*5, \"could not connect to database at %s\", url)\n\treturn\n}\n\n// ## PostgreSQL ##\n\nfunc startPostgreSQL(t testing.TB, version string) dockertest.Resource {\n\tpool := dockertest.NewPoolT(t, \"\")\n\treturn pool.RunT(t, \"postgres\",\n\t\tdockertest.WithTag(cmp.Or(version, \"16\")),\n\t\tdockertest.WithoutReuse(),\n\t\tdockertest.WithEnv([]string{\"PGUSER=postgres\", \"POSTGRES_PASSWORD=secret\", \"POSTGRES_DB=postgres\"}),\n\t)\n}\n\n// RunTestPostgreSQL runs a PostgreSQL database and returns the URL to it.\n// If a docker container is started for the database, the container be removed\n// at the end of the test.\nfunc RunTestPostgreSQL(t testing.TB) string {\n\tif dsn := os.Getenv(\"TEST_DATABASE_POSTGRESQL\"); dsn != \"\" {\n\t\tt.Logf(\"Skipping Docker setup because environment variable TEST_DATABASE_POSTGRESQL is set to: %s\", dsn)\n\t\treturn dsn\n\t}\n\tr := startPostgreSQL(t, \"\")\n\treturn fmt.Sprintf(\"postgres://postgres:secret@127.0.0.1:%s/postgres?sslmode=disable\", r.GetPort(\"5432/tcp\"))\n}\n\n// RunTestPostgreSQLWithVersion connects to a PostgreSQL database.\nfunc RunTestPostgreSQLWithVersion(t testing.TB, version string) string {\n\tif dsn := os.Getenv(\"TEST_DATABASE_POSTGRESQL\"); dsn != \"\" {\n\t\treturn dsn\n\t}\n\tr := startPostgreSQL(t, version)\n\treturn fmt.Sprintf(\"postgres://postgres:secret@127.0.0.1:%s/postgres?sslmode=disable\", r.GetPort(\"5432/tcp\"))\n}\n\n// ## MySQL ##\n\nfunc startMySQL(t testing.TB, version string) dockertest.Resource {\n\tpool := dockertest.NewPoolT(t, \"\")\n\treturn pool.RunT(t, \"mysql\",\n\t\tdockertest.WithTag(cmp.Or(version, \"8.0\")),\n\t\tdockertest.WithoutReuse(),\n\t\tdockertest.WithEnv([]string{\n\t\t\t\"MYSQL_ROOT_PASSWORD=secret\",\n\t\t\t\"MYSQL_ROOT_HOST=%\",\n\t\t}),\n\t)\n}\n\n// RunTestMySQL runs a MySQL database and returns the URL to it.\n// If a docker container is started for the database, the container be removed\n// at the end of the test.\nfunc RunTestMySQL(t testing.TB) string {\n\tif dsn := os.Getenv(\"TEST_DATABASE_MYSQL\"); dsn != \"\" {\n\t\tt.Logf(\"Skipping Docker setup because environment variable TEST_DATABASE_MYSQL is set to: %s\", dsn)\n\t\treturn dsn\n\t}\n\tr := startMySQL(t, \"\")\n\treturn fmt.Sprintf(\"mysql://root:secret@tcp(localhost:%s)/mysql?parseTime=true&multiStatements=true\", r.GetPort(\"3306/tcp\"))\n}\n\n// RunTestMySQLWithVersion runs a MySQL database in the specified version and returns the URL to it.\n// If a docker container is started for the database, the container be removed\n// at the end of the test.\nfunc RunTestMySQLWithVersion(t testing.TB, version string) string {\n\tif dsn := os.Getenv(\"TEST_DATABASE_MYSQL\"); dsn != \"\" {\n\t\tt.Logf(\"Skipping Docker setup because environment variable TEST_DATABASE_MYSQL is set to: %s\", dsn)\n\t\treturn dsn\n\t}\n\tr := startMySQL(t, version)\n\treturn fmt.Sprintf(\"mysql://root:secret@tcp(localhost:%s)/mysql?parseTime=true&multiStatements=true\", r.GetPort(\"3306/tcp\"))\n}\n\n// ## CockroachDB\n\nfunc startCockroachDB(t testing.TB, version string) dockertest.Resource {\n\tpool := dockertest.NewPoolT(t, \"\")\n\treturn pool.RunT(t, \"cockroachdb/cockroach\",\n\t\tdockertest.WithTag(cmp.Or(version, \"latest-v25.4\")),\n\t\tdockertest.WithoutReuse(),\n\t\tdockertest.WithCmd([]string{\"start-single-node\", \"--insecure\"}),\n\t)\n}\n\n// RunTestCockroachDB runs a CockroachDB database and returns the URL to it.\n// If a docker container is started for the database, the container be removed\n// at the end of the test.\nfunc RunTestCockroachDB(t testing.TB) string {\n\treturn RunTestCockroachDBWithVersion(t, \"\")\n}\n\n// RunTestCockroachDBWithVersion runs a CockroachDB database and returns the URL to it.\n// If a docker container is started for the database, the container be removed\n// at the end of the test.\nfunc RunTestCockroachDBWithVersion(t testing.TB, version string) string {\n\tif dsn := os.Getenv(\"TEST_DATABASE_COCKROACHDB\"); dsn != \"\" {\n\t\tt.Logf(\"Skipping Docker setup because environment variable TEST_DATABASE_COCKROACHDB is set to: %s\", dsn)\n\t\treturn dsn\n\t}\n\tr := startCockroachDB(t, version)\n\treturn fmt.Sprintf(\"cockroach://root@localhost:%s/defaultdb?sslmode=disable\", r.GetPort(\"26257/tcp\"))\n}\n\nfunc DumpSchema(t testing.TB, c *pop.Connection) string {\n\tname, database, port := c.Dialect.Name(), c.Dialect.Details().Database, c.Dialect.Details().Port\n\tt.Logf(\"Dumping schema for dialect %s, database %s on port %s\", name, database, port)\n\n\tvar cmd []string\n\tvar appendToDump string\n\tswitch dialects := stringsx.SwitchExact(name); {\n\tcase dialects.AddCase(\"sqlite3\"):\n\t\treturn dumpSQLiteSchema(t, c)\n\tcase dialects.AddCase(\"postgres\"):\n\t\tcmd = []string{\"pg_dump\", \"--username\", \"postgres\", \"--schema-only\", \"--dbname\", database}\n\t\t// we need to set the search path because the postgres dump always unsets it\n\t\tappendToDump = \"SET search_path TO public;\\n\"\n\tcase dialects.AddCase(\"mysql\"):\n\t\tcmd = []string{\"mysqldump\", \"--user\", \"root\", \"--password=secret\", \"--no-data\", database}\n\tcase dialects.AddCase(\"cockroach\"):\n\t\tcmd = []string{\"cockroach\", \"sql\", \"--insecure\", \"--database\", database, \"--execute\", \"SHOW CREATE ALL TABLES; SHOW CREATE ALL TYPES;\", \"--format\", \"raw\"}\n\tdefault:\n\t\tt.Log(dialects.ToUnknownCaseErr())\n\t\tt.FailNow()\n\t\treturn \"\"\n\t}\n\n\tcli, err := client.NewClientWithOpts(client.FromEnv)\n\trequire.NoError(t, err)\n\tcontainers, err := cli.ContainerList(t.Context(), container.ListOptions{\n\t\tFilters: filters.NewArgs(filters.Arg(\"publish\", port)),\n\t})\n\trequire.NoError(t, err)\n\trequire.Lenf(t, containers, 1, \"expected exactly one %s container with port %s\", name, port)\n\n\tprocess, err := cli.ContainerExecCreate(t.Context(), containers[0].ID, container.ExecOptions{\n\t\tTty: true,\n\t\tAttachStdout: true,\n\t\tCmd: cmd,\n\t})\n\trequire.NoError(t, err)\n\n\tresp, err := cli.ContainerExecAttach(t.Context(), process.ID, container.ExecAttachOptions{\n\t\tTty: true,\n\t})\n\trequire.NoError(t, err)\n\tdump, err := io.ReadAll(resp.Reader)\n\trequire.NoErrorf(t, err, \"%s\", dump)\n\n\td := string(dump) + appendToDump\n\td = regexp.MustCompile(`(--|#|\\\\|mysqldump|SHOW CREATE)[^\\n]*\\n`).ReplaceAllLiteralString(d, \"\") // comments and other non-schema lines\n\td = strings.ReplaceAll(d, \"\\r\\n\", \"\\n\")\n\td = regexp.MustCompile(`\\n\\n+`).ReplaceAllLiteralString(d, \"\\n\\n\")\n\treturn d\n}\n\nfunc dumpSQLiteSchema(t testing.TB, c *pop.Connection) string {\n\tvar sqls []string\n\trequire.NoError(t, c.RawQuery(\"SELECT sql FROM sqlite_master WHERE type IN ('table', 'index', 'trigger', 'view') AND name NOT LIKE 'sqlite_%' ORDER BY name\").All(&sqls))\n\treturn strings.Join(sqls, \";\\n\") + \";\\n\"\n}\n" }, { "path": "oryx/sqlcon/error.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sqlcon\n\nimport (\n\t\"database/sql\"\n\t\"net/http\"\n\n\t\"github.com/go-sql-driver/mysql\"\n\t\"github.com/jackc/pgconn\"\n\tpgxconn \"github.com/jackc/pgx/v5/pgconn\"\n\t\"github.com/lib/pq\"\n\t\"github.com/pkg/errors\"\n\t\"google.golang.org/grpc/codes\"\n\n\t\"github.com/ory/herodot\"\n)\n\nvar (\n\t// ErrUniqueViolation is returned when^a SQL INSERT / UPDATE command returns a conflict.\n\tErrUniqueViolation = &herodot.DefaultError{\n\t\tCodeField: http.StatusConflict,\n\t\tGRPCCodeField: codes.AlreadyExists,\n\t\tStatusField: http.StatusText(http.StatusConflict),\n\t\tErrorField: \"Unable to insert or update resource because a resource with that value exists already\",\n\t}\n\t// ErrNoRows is returned when a SQL SELECT statement returns no rows.\n\tErrNoRows = &herodot.DefaultError{\n\t\tCodeField: http.StatusNotFound,\n\t\tGRPCCodeField: codes.NotFound,\n\t\tStatusField: http.StatusText(http.StatusNotFound),\n\t\tErrorField: \"Unable to locate the resource\",\n\t}\n\t// ErrConcurrentUpdate is returned when the database is unable to serialize access due to a concurrent update.\n\tErrConcurrentUpdate = &herodot.DefaultError{\n\t\tCodeField: http.StatusBadRequest,\n\t\tGRPCCodeField: codes.Aborted,\n\t\tStatusField: http.StatusText(http.StatusBadRequest),\n\t\tErrorField: \"Unable to serialize access due to a concurrent update in another session\",\n\t}\n\tErrNoSuchTable = &herodot.DefaultError{\n\t\tCodeField: http.StatusInternalServerError,\n\t\tGRPCCodeField: codes.Internal,\n\t\tStatusField: http.StatusText(http.StatusInternalServerError),\n\t\tErrorField: \"Unable to locate the table\",\n\t}\n\tErrNoSuchColumn = &herodot.DefaultError{\n\t\tCodeField: http.StatusInternalServerError,\n\t\tGRPCCodeField: codes.Internal,\n\t\tStatusField: http.StatusText(http.StatusInternalServerError),\n\t\tErrorField: \"Unable to locate the column\",\n\t}\n)\n\nfunc handlePostgres(err error, sqlState string) error {\n\tswitch sqlState {\n\tcase \"23505\": // \"unique_violation\"\n\t\treturn errors.WithStack(ErrUniqueViolation.WithWrap(err))\n\tcase \"40001\", // \"serialization_failure\" in CRDB\n\t\t\"CR000\": // \"serialization_failure\"\n\t\treturn errors.WithStack(ErrConcurrentUpdate.WithWrap(err))\n\tcase \"42P01\": // \"no such table\"\n\t\treturn errors.WithStack(ErrNoSuchTable.WithWrap(err))\n\tcase \"42703\": // \"no such column\"\n\t\treturn errors.WithStack(ErrNoSuchColumn.WithWrap(err))\n\t}\n\treturn errors.WithStack(err)\n}\n\ntype stater interface {\n\tSQLState() string\n}\n\n// HandleError returns the right sqlcon.Err* depending on the input error.\nfunc HandleError(err error) error {\n\tif err == nil {\n\t\treturn nil\n\t}\n\n\tvar st stater\n\tif errors.Is(err, sql.ErrNoRows) {\n\t\treturn errors.WithStack(ErrNoRows)\n\t} else if errors.As(err, &st) {\n\t\treturn errors.WithStack(handlePostgres(err, st.SQLState()))\n\t} else if e := new(pq.Error); errors.As(err, &e) {\n\t\treturn errors.WithStack(handlePostgres(err, string(e.Code)))\n\t} else if e := new(pgconn.PgError); errors.As(err, &e) {\n\t\treturn errors.WithStack(handlePostgres(err, e.Code))\n\t} else if e := new(pgxconn.PgError); errors.As(err, &e) {\n\t\treturn errors.WithStack(handlePostgres(err, e.Code))\n\t} else if e := new(mysql.MySQLError); errors.As(err, &e) {\n\t\tswitch e.Number {\n\t\tcase 1062: // https://dev.mysql.com/doc/mysql-errors/8.0/en/server-error-reference.html#error_er_dup_entry\n\t\t\treturn errors.WithStack(ErrUniqueViolation.WithWrap(err))\n\t\tcase 1146: // https://dev.mysql.com/doc/mysql-errors/8.0/en/server-error-reference.html#error_er_no_such_table\n\t\t\treturn errors.WithStack(ErrNoSuchTable.WithWrap(e))\n\t\tcase 1054: // https://dev.mysql.com/doc/mysql-errors/8.0/en/server-error-reference.html#error_er_bad_field_error\n\t\t\treturn errors.WithStack(ErrNoSuchColumn.WithWrap(e))\n\t\t}\n\t}\n\n\tif err := handleSqlite(err); err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\treturn errors.WithStack(err)\n}\n" }, { "path": "oryx/sqlcon/error_nosqlite.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build !sqlite\n// +build !sqlite\n\npackage sqlcon\n\n// handleSqlite handles the error iff (if and only if) it is an sqlite error\nfunc handleSqlite(_ error) error {\n\treturn nil\n}\n" }, { "path": "oryx/sqlcon/error_sqlite.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build sqlite\n// +build sqlite\n\npackage sqlcon\n\nimport (\n\t\"strings\"\n\n\t\"github.com/mattn/go-sqlite3\"\n\t\"github.com/pkg/errors\"\n)\n\n// handleSqlite handles the error iff (if and only if) it is an sqlite error\nfunc handleSqlite(err error) error {\n\tif e := new(sqlite3.Error); errors.As(err, e) {\n\t\tswitch e.ExtendedCode {\n\t\tcase sqlite3.ErrConstraintUnique:\n\t\t\tfallthrough\n\t\tcase sqlite3.ErrConstraintPrimaryKey:\n\t\t\treturn errors.WithStack(ErrUniqueViolation.WithWrap(err))\n\n\t\t}\n\n\t\tswitch e.Code {\n\t\tcase sqlite3.ErrError:\n\t\t\tif strings.Contains(err.Error(), \"no such table\") {\n\t\t\t\treturn errors.WithStack(ErrNoSuchTable.WithWrap(err))\n\t\t\t}\n\t\tcase sqlite3.ErrLocked:\n\t\t\treturn errors.WithStack(ErrConcurrentUpdate.WithWrap(err))\n\t\t}\n\n\t\tif strings.HasPrefix(e.Error(), \"no such column:\") ||\n\t\t\tstrings.Contains(e.Error(), \"has no column named\") {\n\t\t\treturn errors.WithStack(ErrNoSuchColumn.WithWrap(err))\n\t\t}\n\n\t\treturn errors.WithStack(err)\n\t}\n\n\treturn nil\n}\n" }, { "path": "oryx/sqlcon/message.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sqlcon\n\n// HelpMessage returns a string explaining how to set up SQL using environment variables.\nfunc HelpMessage() string {\n\treturn `- DATABASE_URL: A DSN to a persistent backend. Various backends are supported:\n\n - Changes are lost on process death (ephemeral storage):\n\n\t- Memory: If DATABASE_URL is \"memory\", data will be written to memory and is lost when you restart this instance.\n\t Example: DATABASE_URL=memory\n\n - Changes are kept after process death (persistent storage):\n\n - SQL Databases: Officially, PostgreSQL, MySQL and CockroachDB are supported. This project works best with PostgreSQL.\n\n\t - PostgreSQL: If DATABASE_URL is a DSN starting with postgres://, PostgreSQL will be used as storage backend.\n\t\tExample: DATABASE_URL=postgres://user:password@host:123/database\n\n\t\tAdditionally, the following query/DSN parameters are supported:\n\n \t* max_conns (number): Sets the maximum number of open connections to the database. Defaults to the number of CPU cores times 2.\n\t\t* max_idle_conns (number): Sets the maximum number of connections in the idle. Defaults to the number of CPU cores.\n * max_conn_lifetime (duratino): Sets the maximum amount of time (\"ms\", \"s\", \"m\", \"h\") a connection may be reused.\n\t\t Defaults to 0s (disabled).\n\t\t* sslmode (string): Whether or not to use SSL (default is require)\n\t\t * disable - No SSL\n\t\t * require - Always SSL (skip verification)\n\t\t * verify-ca - Always SSL (verify that the certificate presented by the\n\t\t server was signed by a trusted CA)\n\t\t * verify-full - Always SSL (verify that the certification presented by\n\t\t the server was signed by a trusted CA and the server host name\n\t\t matches the one in the certificate)\n\t\t* fallback_application_name (string): An application_name to fall back to if one isn't provided.\n\t\t* connect_timeout (number): Maximum wait for connection, in seconds. Zero or\n\t\t not specified means wait indefinitely.\n\t\t* sslcert (string): Cert file location. The file must contain PEM encoded data.\n\t\t* sslkey (string): Key file location. The file must contain PEM encoded data.\n\t\t* sslrootcert (string): The location of the root certificate file. The file\n\t\t must contain PEM encoded data.\n\t\tExample: DATABASE_URL=postgres://user:password@host:123/database?sslmode=verify-full\n\n\t - MySQL: If DATABASE_URL is a DSN starting with mysql:// MySQL will be used as storage backend.\n\t\tBe aware that the ?parseTime=true parameter is mandatory, or timestamps will not work.\n\t\tExample: DATABASE_URL=mysql://user:password@tcp(host:123)/database?parseTime=true\n\n\t\tAdditionally, the following query/DSN parameters are supported:\n\t\t* collation (string): Sets the collation used for client-server interaction on connection. In contrast to charset, \n\t\t collation does not issue additional queries. If the specified collation is unavailable on the target server,\n\t\t the connection will fail.\n\t\t* loc (string): Sets the location for time.Time values. Note that this sets the location for time.Time values\n\t\t but does not change MySQL's time_zone setting. For that set the time_zone DSN parameter. Please keep in mind,\n\t\t that param values must be url.QueryEscape'ed. Alternatively you can manually replace the / with %2F.\n\t\t For example US/Pacific would be loc=US%2FPacific.\n\t\t* maxAllowedPacket (number): Max packet size allowed in bytes. The default value is 4 MiB and should be\n\t\t adjusted to match the server settings. maxAllowedPacket=0 can be used to automatically fetch the max_allowed_packet variable from server on every connection.\n\t\t* readTimeout (duration): I/O read timeout. The value must be a decimal number with a unit suffix\n\t\t (\"ms\", \"s\", \"m\", \"h\"), such as \"30s\", \"0.5m\" or \"1m30s\".\n\t\t* timeout (duration): Timeout for establishing connections, aka dial timeout. The value must be a decimal number with a unit suffix\n\t\t (\"ms\", \"s\", \"m\", \"h\"), such as \"30s\", \"0.5m\" or \"1m30s\".\n\t\t* tls (bool / string): tls=true enables TLS / SSL encrypted connection to the server. Use skip-verify if\n\t\t you want to use a self-signed or invalid certificate (server side).\n\t\t* writeTimeout (duration): I/O write timeout. The value must be a decimal number with a unit suffix\n\t\t (\"ms\", \"s\", \"m\", \"h\"), such as \"30s\", \"0.5m\" or \"1m30s\".\n\t\tExample: DATABASE_URL=mysql://user:password@tcp(host:123)/database?parseTime=true&writeTimeout=123s\n\n\t - CockroachDB: If DATABASE_URL is a DSN starting with cockroach://, CockroachDB will be used as storage backend.\n\t\tExample: DATABASE_URL=cockroach://user:password@host:123/database\n\n\t\tAdditionally, the following query/DSN parameters are supported:\n\t\t* sslmode (string): Whether or not to use SSL (default is require)\n\t\t * disable - No SSL\n\t\t * require - Always SSL (skip verification)\n\t\t * verify-ca - Always SSL (verify that the certificate presented by the\n\t\t server was signed by a trusted CA)\n\t\t * verify-full - Always SSL (verify that the certification presented by\n\t\t the server was signed by a trusted CA and the server host name\n\t\t matches the one in the certificate)\n\t\t* application_name (string): An initial value for the application_name session variable.\n\t\t* sslcert (string): Cert file location. The file must contain PEM encoded data.\n\t\t* sslkey (string): Key file location. The file must contain PEM encoded data.\n\t\t* sslrootcert (string): The location of the root certificate file. The file\n\t\t must contain PEM encoded data.\n\t\tExample: DATABASE_URL=cockroach://user:password@host:123/database?sslmode=verify-full`\n}\n" }, { "path": "oryx/sqlcon/parse_opts.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sqlcon\n\nimport (\n\t\"fmt\"\n\t\"net/url\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/ory/x/logrusx\"\n)\n\n// ParseConnectionOptions parses values for max_conns, max_idle_conns, max_conn_lifetime from DSNs.\n// It also returns the URI without those query parameters.\nfunc ParseConnectionOptions(l *logrusx.Logger, dsn string) (maxConns int, maxIdleConns int, maxConnLifetime, maxIdleConnTime time.Duration, cleanedDSN string) {\n\tmaxConns = maxParallelism() * 2\n\tmaxIdleConns = maxParallelism()\n\tcleanedDSN = dsn\n\n\thostPath, rawQuery, ok := strings.Cut(dsn, \"?\")\n\tif !ok {\n\t\tl.\n\t\t\tWithField(\"sql_max_connections\", maxConns).\n\t\t\tWithField(\"sql_max_idle_connections\", maxIdleConns).\n\t\t\tWithField(\"sql_max_connection_lifetime\", maxConnLifetime).\n\t\t\tWithField(\"sql_max_idle_connection_time\", maxIdleConnTime).\n\t\t\tDebugf(\"No SQL connection options have been defined, falling back to default connection options.\")\n\t\treturn\n\t}\n\n\tquery, err := url.ParseQuery(rawQuery)\n\tif err != nil {\n\t\tl.\n\t\t\tWithField(\"sql_max_connections\", maxConns).\n\t\t\tWithField(\"sql_max_idle_connections\", maxIdleConns).\n\t\t\tWithField(\"sql_max_connection_lifetime\", maxConnLifetime).\n\t\t\tWithField(\"sql_max_idle_connection_time\", maxIdleConnTime).\n\t\t\tWithError(err).\n\t\t\tWarnf(\"Unable to parse SQL DSN query, falling back to default connection options.\")\n\t\treturn\n\t}\n\n\tif v := query.Get(\"max_conns\"); v != \"\" {\n\t\ts, err := strconv.ParseInt(v, 10, 64)\n\t\tif err != nil {\n\t\t\tl.WithError(err).Warnf(`SQL DSN query parameter \"max_conns\" value %v could not be parsed to int, falling back to default value %d`, v, maxConns)\n\t\t} else {\n\t\t\tmaxConns = int(s)\n\t\t}\n\t\tquery.Del(\"max_conns\")\n\t}\n\n\tif v := query.Get(\"max_idle_conns\"); v != \"\" {\n\t\ts, err := strconv.ParseInt(v, 10, 64)\n\t\tif err != nil {\n\t\t\tl.WithError(err).Warnf(`SQL DSN query parameter \"max_idle_conns\" value %v could not be parsed to int, falling back to default value %d`, v, maxIdleConns)\n\t\t} else {\n\t\t\tmaxIdleConns = int(s)\n\t\t}\n\t\tquery.Del(\"max_idle_conns\")\n\t}\n\n\tif v := query.Get(\"max_conn_lifetime\"); v != \"\" {\n\t\ts, err := time.ParseDuration(v)\n\t\tif err != nil {\n\t\t\tl.WithError(err).Warnf(`SQL DSN query parameter \"max_conn_lifetime\" value %v could not be parsed to duration, falling back to default value %d`, v, maxConnLifetime)\n\t\t} else {\n\t\t\tmaxConnLifetime = s\n\t\t}\n\t\tquery.Del(\"max_conn_lifetime\")\n\t}\n\n\tif v := query.Get(\"max_conn_idle_time\"); v != \"\" {\n\t\ts, err := time.ParseDuration(v)\n\t\tif err != nil {\n\t\t\tl.WithError(err).Warnf(`SQL DSN query parameter \"max_conn_idle_time\" value %v could not be parsed to duration, falling back to default value %d`, v, maxIdleConnTime)\n\t\t} else {\n\t\t\tmaxIdleConnTime = s\n\t\t}\n\t\tquery.Del(\"max_conn_idle_time\")\n\t}\n\tcleanedDSN = fmt.Sprintf(\"%s?%s\", hostPath, query.Encode())\n\n\treturn\n}\n\n// FinalizeDSN will return a finalized DSN URI.\nfunc FinalizeDSN(l *logrusx.Logger, dsn string) string {\n\tif !strings.HasPrefix(dsn, \"mysql://\") {\n\t\treturn dsn\n\t}\n\n\tvar q url.Values\n\thostPath, query, ok := strings.Cut(dsn, \"?\")\n\n\tif !ok {\n\t\tq = make(url.Values)\n\t} else {\n\t\tvar err error\n\t\tq, err = url.ParseQuery(query)\n\t\tif err != nil {\n\t\t\tl.WithError(err).Warnf(\"Unable to parse SQL DSN query, could not finalize the DSN URI.\")\n\t\t\treturn dsn\n\t\t}\n\t}\n\n\tq.Set(\"multiStatements\", \"true\")\n\tq.Set(\"parseTime\", \"true\")\n\n\t// This causes an UPDATE to return the number of matching rows instead of\n\t// the number of rows changed. This ensures compatibility with PostgreSQL and SQLite behavior.\n\tq.Set(\"clientFoundRows\", \"true\")\n\n\treturn fmt.Sprintf(\"%s?%s\", hostPath, q.Encode())\n}\n" }, { "path": "oryx/sqlxx/batch/.snapshots/Test_buildInsertQueryArgs-case=cockroach.json", "content": "{\n \"TableName\": \"\\\"test_models\\\"\",\n \"ColumnsDecl\": \"\\\"created_at\\\", \\\"id\\\", \\\"int\\\", \\\"nid\\\", \\\"null_time_ptr\\\", \\\"string\\\", \\\"updated_at\\\"\",\n \"Columns\": [\n \"created_at\",\n \"id\",\n \"int\",\n \"nid\",\n \"null_time_ptr\",\n \"string\",\n \"updated_at\"\n ],\n \"Placeholders\": \"(?, ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?)\"\n}\n" }, { "path": "oryx/sqlxx/batch/.snapshots/Test_buildInsertQueryArgs-case=testModel.json", "content": "{\n \"TableName\": \"\\\"test_models\\\"\",\n \"ColumnsDecl\": \"\\\"created_at\\\", \\\"id\\\", \\\"int\\\", \\\"nid\\\", \\\"null_time_ptr\\\", \\\"string\\\", \\\"updated_at\\\"\",\n \"Columns\": [\n \"created_at\",\n \"id\",\n \"int\",\n \"nid\",\n \"null_time_ptr\",\n \"string\",\n \"updated_at\"\n ],\n \"Placeholders\": \"(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?)\"\n}\n" }, { "path": "oryx/sqlxx/batch/.snapshots/Test_buildInsertQueryValues-case=testModel-case=cockroach.json", "content": "[\n \"0001-01-01T00:00:00Z\",\n \"0001-01-01T00:00:00Z\",\n \"string\",\n 42,\n null,\n {\n \"ID\": \"00000000-0000-0000-0000-000000000000\",\n \"NID\": \"00000000-0000-0000-0000-000000000000\",\n \"String\": \"string\",\n \"Int\": 42,\n \"NullTimePtr\": null,\n \"created_at\": \"0001-01-01T00:00:00Z\",\n \"updated_at\": \"0001-01-01T00:00:00Z\"\n }\n]\n" }, { "path": "oryx/sqlxx/batch/create.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage batch\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"sort\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/jmoiron/sqlx/reflectx\"\n\n\t\"github.com/ory/x/dbal\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/pop/v6\"\n\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n\n\t\"github.com/ory/x/sqlxx\"\n)\n\ntype (\n\tinsertQueryArgs struct {\n\t\tTableName string\n\t\tColumnsDecl string\n\t\tColumns []string\n\t\tPlaceholders string\n\t}\n\tquoter interface {\n\t\tQuote(key string) string\n\t}\n\tTracerConnection struct {\n\t\tTracer *otelx.Tracer\n\t\tConnection *pop.Connection\n\t}\n)\n\nfunc buildInsertQueryArgs[T any](ctx context.Context, dialect string, mapper *reflectx.Mapper, quoter quoter, models []*T) insertQueryArgs {\n\tvar (\n\t\tv T\n\t\tmodel = pop.NewModel(v, ctx)\n\n\t\tcolumns []string\n\t\tquotedColumns []string\n\t\tplaceholders []string\n\t\tplaceholderRow []string\n\t)\n\n\tfor _, col := range model.Columns().Cols {\n\t\tcolumns = append(columns, col.Name)\n\t\tplaceholderRow = append(placeholderRow, \"?\")\n\t}\n\n\t// We sort for the sole reason that the test snapshots are deterministic.\n\tsort.Strings(columns)\n\n\tfor _, col := range columns {\n\t\tquotedColumns = append(quotedColumns, quoter.Quote(col))\n\t}\n\n\t// We generate a list (for every row one) of VALUE statements here that\n\t// will be substituted by their column values later:\n\t//\n\t//\t(?, ?, ?, ?),\n\t//\t(?, ?, ?, ?),\n\t//\t(?, ?, ?, ?)\n\tfor _, m := range models {\n\t\tm := reflect.ValueOf(m)\n\n\t\tpl := make([]string, len(placeholderRow))\n\t\tcopy(pl, placeholderRow)\n\n\t\t// There is a special case - when using CockroachDB we want to generate\n\t\t// UUIDs using \"gen_random_uuid()\" which ends up in a VALUE statement of:\n\t\t//\n\t\t//\t(gen_random_uuid(), ?, ?, ?),\n\t\tfor k := range placeholderRow {\n\t\t\tif columns[k] != \"id\" {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tfield := mapper.FieldByName(m, columns[k])\n\t\t\tval, ok := field.Interface().(uuid.UUID)\n\t\t\tif !ok {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tif val == uuid.Nil && dialect == dbal.DriverCockroachDB {\n\t\t\t\tpl[k] = \"gen_random_uuid()\"\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\tplaceholders = append(placeholders, fmt.Sprintf(\"(%s)\", strings.Join(pl, \", \")))\n\t}\n\n\treturn insertQueryArgs{\n\t\tTableName: quoter.Quote(model.TableName()),\n\t\tColumnsDecl: strings.Join(quotedColumns, \", \"),\n\t\tColumns: columns,\n\t\tPlaceholders: strings.Join(placeholders, \",\\n\"),\n\t}\n}\n\nfunc buildInsertQueryValues[T any](dialect string, mapper *reflectx.Mapper, columns []string, models []*T, nowFunc func() time.Time) (values []any, err error) {\n\tfor _, m := range models {\n\t\tm := reflect.ValueOf(m)\n\n\t\tnow := nowFunc()\n\t\t// Append model fields to args\n\t\tfor _, c := range columns {\n\t\t\tfield := mapper.FieldByName(m, c)\n\n\t\t\tswitch c {\n\t\t\tcase \"created_at\":\n\t\t\t\tif pop.IsZeroOfUnderlyingType(field.Interface()) {\n\t\t\t\t\tfield.Set(reflect.ValueOf(now))\n\t\t\t\t}\n\t\t\tcase \"updated_at\":\n\t\t\t\tfield.Set(reflect.ValueOf(now))\n\t\t\tcase \"id\":\n\t\t\t\tif value, ok := field.Interface().(uuid.UUID); ok && value != uuid.Nil {\n\t\t\t\t\tbreak // breaks switch, not for\n\t\t\t\t} else if value, ok := field.Interface().(string); ok && len(value) > 0 {\n\t\t\t\t\tbreak // breaks switch, not for\n\t\t\t\t} else if dialect == dbal.DriverCockroachDB {\n\t\t\t\t\t// This is a special case:\n\t\t\t\t\t// 1. We're using cockroach\n\t\t\t\t\t// 2. It's the primary key field (\"ID\")\n\t\t\t\t\t// 3. A UUID was not yet set.\n\t\t\t\t\t//\n\t\t\t\t\t// If all these conditions meet, the VALUE statement will look as such:\n\t\t\t\t\t//\n\t\t\t\t\t//\t(gen_random_uuid(), ?, ?, ?, ...)\n\t\t\t\t\t//\n\t\t\t\t\t// For that reason, we do not add the ID value to the list of arguments,\n\t\t\t\t\t// because one of the arguments is using a built-in and thus doesn't need a value.\n\t\t\t\t\tcontinue // break switch, not for\n\t\t\t\t}\n\n\t\t\t\tid, err := uuid.NewV4()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tfield.Set(reflect.ValueOf(id))\n\t\t\t}\n\n\t\t\tvalues = append(values, field.Interface())\n\n\t\t\t// Special-handling for *sqlxx.NullTime: mapper.FieldByName sets this to a zero time.Time,\n\t\t\t// but we want a nil pointer instead.\n\t\t\tif i, ok := field.Interface().(*sqlxx.NullTime); ok {\n\t\t\t\tif time.Time(*i).IsZero() {\n\t\t\t\t\tfield.Set(reflect.Zero(field.Type()))\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn values, nil\n}\n\ntype createOptions struct {\n\tonConflict string\n}\n\ntype option func(*createOptions)\n\nfunc OnConflictDoNothing() func(*createOptions) {\n\treturn func(o *createOptions) {\n\t\to.onConflict = \"ON CONFLICT DO NOTHING\"\n\t}\n}\n\n// CreateFromSlice is a helper around Create that accepts a slice of models\n// instead of a slice of model pointers.\nfunc CreateFromSlice[T any](ctx context.Context, p *TracerConnection, models []T, opts ...option) (err error) {\n\tvar ptrs []*T\n\tfor k := range models {\n\t\tptrs = append(ptrs, &models[k])\n\t}\n\treturn Create(ctx, p, ptrs, opts...)\n}\n\n// Create batch-inserts the given models into the database using a single INSERT statement.\n// The models are either all created or none.\nfunc Create[T any](ctx context.Context, p *TracerConnection, models []*T, opts ...option) (err error) {\n\tctx, span := p.Tracer.Tracer().Start(ctx, \"persistence.sql.batch.Create\")\n\tdefer otelx.End(span, &err)\n\n\tif len(models) == 0 {\n\t\treturn nil\n\t}\n\n\toptions := &createOptions{}\n\tfor _, opt := range opts {\n\t\topt(options)\n\t}\n\n\tvar v T\n\tmodel := pop.NewModel(v, ctx)\n\n\tconn := p.Connection\n\tquoter, ok := conn.Dialect.(quoter)\n\tif !ok {\n\t\treturn errors.Errorf(\"store is not a quoter: %T\", conn.Store)\n\t}\n\n\tqueryArgs := buildInsertQueryArgs(ctx, conn.Dialect.Name(), conn.TX.Mapper, quoter, models)\n\tvalues, err := buildInsertQueryValues(conn.Dialect.Name(), conn.TX.Mapper, queryArgs.Columns, models, func() time.Time { return time.Now().UTC().Truncate(time.Microsecond) })\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tvar returningClause string\n\tif conn.Dialect.Name() != dbal.DriverMySQL {\n\t\t// PostgreSQL, CockroachDB, SQLite support RETURNING.\n\t\treturningClause = fmt.Sprintf(\"RETURNING %s\", model.IDField())\n\t}\n\n\tquery := conn.Dialect.TranslateSQL(fmt.Sprintf(\n\t\t\"INSERT INTO %s (%s) VALUES\\n%s\\n%s\\n%s\",\n\t\tqueryArgs.TableName,\n\t\tqueryArgs.ColumnsDecl,\n\t\tqueryArgs.Placeholders,\n\t\toptions.onConflict,\n\t\treturningClause,\n\t))\n\n\trows, err := conn.TX.QueryContext(ctx, query, values...)\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tdefer rows.Close()\n\n\t// Hydrate the models from the RETURNING clause.\n\t//\n\t// Databases not supporting RETURNING will just return 0 rows.\n\tcount := 0\n\tfor rows.Next() {\n\t\tif err := setModelID(rows, pop.NewModel(models[count], ctx)); err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcount++\n\t}\n\n\tif err := rows.Err(); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\treturn sqlcon.HandleError(err)\n}\n\n// setModelID was copy & pasted from pop. It basically sets\n// the primary key to the given value read from the SQL row.\nfunc setModelID(row *sql.Rows, model *pop.Model) error {\n\tel := reflect.ValueOf(model.Value).Elem()\n\tfbn := el.FieldByName(\"ID\")\n\tif !fbn.IsValid() {\n\t\treturn errors.New(\"model does not have a field named id\")\n\t}\n\n\tpkt, err := model.PrimaryKeyType()\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tswitch pkt {\n\tcase \"UUID\":\n\t\tvar id uuid.UUID\n\t\tif err := row.Scan(&id); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tfbn.Set(reflect.ValueOf(id))\n\tdefault:\n\t\tvar id interface{}\n\t\tif err := row.Scan(&id); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tv := reflect.ValueOf(id)\n\t\tswitch fbn.Kind() {\n\t\tcase reflect.Int, reflect.Int64:\n\t\t\tfbn.SetInt(v.Int())\n\t\tdefault:\n\t\t\tfbn.Set(reflect.ValueOf(id))\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "oryx/sqlxx/expand.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sqlxx\n\n// Expandable controls what fields to expand for projects.\ntype Expandable string\n\n// Expandables is a list of Expandable values.\ntype Expandables []Expandable\n\n// String returns a string representation of the Expandable.\nfunc (e Expandable) String() string {\n\treturn string(e)\n}\n\n// ToEager returns the fields used by pop's Eager command.\nfunc (e Expandables) ToEager() []string {\n\tvar s []string\n\tfor _, e := range e {\n\t\ts = append(s, e.String())\n\t}\n\treturn s\n}\n\n// Has returns true if the Expandable is in the list.\nfunc (e Expandables) Has(search Expandable) bool {\n\tfor _, e := range e {\n\t\tif e == search {\n\t\t\treturn true\n\t\t}\n\t}\n\treturn false\n}\n" }, { "path": "oryx/sqlxx/sqlxx.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sqlxx\n\nimport (\n\t\"fmt\"\n\t\"net/url\"\n\t\"reflect\"\n\t\"slices\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n)\n\nfunc keys(t any, exclude []string) []string {\n\ttt := reflect.TypeOf(t)\n\tif tt.Kind() == reflect.Pointer {\n\t\ttt = tt.Elem()\n\t}\n\tks := make([]string, 0, tt.NumField())\n\tfor i := range tt.NumField() {\n\t\tf := tt.Field(i)\n\t\tkey, _, _ := strings.Cut(f.Tag.Get(\"db\"), \",\")\n\t\tif key != \"\" && key != \"-\" && !slices.Contains(exclude, key) {\n\t\t\tks = append(ks, key)\n\t\t}\n\t}\n\treturn ks\n}\n\n// NamedInsertArguments returns columns and arguments for SQL INSERT statements based on a struct's tags. Does\n// not work with nested structs or maps!\n//\n//\ttype st struct {\n//\t\tFoo string `db:\"foo\"`\n//\t\tBar string `db:\"bar,omitempty\"`\n//\t\tBaz string `db:\"-\"`\n//\t\tZab string\n//\t}\n//\tcolumns, arguments := NamedInsertArguments(new(st))\n//\tquery := fmt.Sprintf(\"INSERT INTO foo (%s) VALUES (%s)\", columns, arguments)\n//\t// INSERT INTO foo (foo, bar) VALUES (:foo, :bar)\nfunc NamedInsertArguments(t any, exclude ...string) (columns string, arguments string) {\n\tkeys := keys(t, exclude)\n\treturn strings.Join(keys, \", \"),\n\t\t\":\" + strings.Join(keys, \", :\")\n}\n\n// NamedUpdateArguments returns columns and arguments for SQL UPDATE statements based on a struct's tags. Does\n// not work with nested structs or maps!\n//\n//\ttype st struct {\n//\t\tFoo string `db:\"foo\"`\n//\t\tBar string `db:\"bar,omitempty\"`\n//\t\tBaz string `db:\"-\"`\n//\t\tZab string\n//\t}\n//\tquery := fmt.Sprintf(\"UPDATE foo SET %s\", NamedUpdateArguments(new(st)))\n//\t// UPDATE foo SET foo=:foo, bar=:bar\nfunc NamedUpdateArguments(t any, exclude ...string) string {\n\tkeys := keys(t, exclude)\n\tstatements := make([]string, len(keys))\n\n\tfor k, key := range keys {\n\t\tstatements[k] = fmt.Sprintf(\"%s=:%s\", key, key)\n\t}\n\n\treturn strings.Join(statements, \", \")\n}\n\nfunc OnConflictDoNothing(dialect string, columnNoop string) string {\n\tif dialect == \"mysql\" {\n\t\treturn fmt.Sprintf(\" ON DUPLICATE KEY UPDATE `%s` = `%s` \", columnNoop, columnNoop)\n\t} else {\n\t\treturn ` ON CONFLICT DO NOTHING `\n\t}\n}\n\n// ExtractSchemeFromDSN returns the scheme (e.g. `mysql`, `postgres`, etc) component in a DSN string,\n// as well as the remaining part of the DSN after the scheme separator.\n// It is an error to not have a scheme present.\n// This makes sense in the context of a DSN to be able to identify which database is in use.\nfunc ExtractSchemeFromDSN(dsn string) (string, string, error) {\n\tscheme, afterSchemeSeparator, schemeSeparatorFound := strings.Cut(dsn, \"://\")\n\tif !schemeSeparatorFound {\n\t\treturn \"\", \"\", errors.New(\"invalid DSN: missing scheme separator\")\n\t}\n\tif scheme == \"\" {\n\t\treturn \"\", \"\", errors.New(\"invalid DSN: empty scheme\")\n\t}\n\n\treturn scheme, afterSchemeSeparator, nil\n}\n\n// ExtractDbNameFromDSN returns the database name component in a DSN string.\nfunc ExtractDbNameFromDSN(dsn string) (string, error) {\n\t_, afterScheme, err := ExtractSchemeFromDSN(dsn)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\t_, afterSlash, slashFound := strings.Cut(afterScheme, \"/\")\n\tif !slashFound {\n\t\treturn \"\", nil\n\t}\n\n\tdbName, _, _ := strings.Cut(afterSlash, \"?\")\n\treturn dbName, nil\n}\n\n// ReplaceSchemeInDSN replaces the scheme (e.g. `mysql`, `postgres`, etc) in a DSN string with another one.\n// This is necessary for example when using `cockroach` as a scheme, but using the postgres driver to connect to the database,\n// and this driver only accepts `postgres` as a scheme.\nfunc ReplaceSchemeInDSN(dsn string, newScheme string) (string, error) {\n\t_, afterSchemeSeparator, err := ExtractSchemeFromDSN(dsn)\n\tif err != nil {\n\t\treturn \"\", errors.WithStack(err)\n\t}\n\n\treturn newScheme + \"://\" + afterSchemeSeparator, nil\n}\n\n// DSNRedacted parses a database DSN and returns a redacted form as a string.\n// It replaces any password with \"xxxxx\" just like `url.Redacted()`.\n// Only the password is redacted, not the username.\n// This function is necessary because MySQL uses a DSN format not compatible with `url.Parse`.\n// Additionally and as a consequence of the point above, the scheme is expected to be present and non-empty.\n// This function is less strict that `url.Parse` in the case of MySQL.\n// It also does not escape any characters in the username, whereas `url.String()`/`url.Redacted` does.\nfunc DSNRedacted(dsn string) (string, error) {\n\tscheme, afterSchemeSeparator, err := ExtractSchemeFromDSN(dsn)\n\tif err != nil {\n\t\treturn \"\", errors.WithStack(err)\n\t}\n\n\t// If this is not MySQL, we simply delegate the work to `url.Parse`.\n\tif scheme != \"mysql\" {\n\t\tu, err := url.Parse(dsn)\n\t\tif err != nil {\n\t\t\treturn \"\", errors.WithStack(err)\n\t\t}\n\t\treturn u.Redacted(), nil\n\t}\n\n\t// MySQL has a weird DSN syntax not conforming to a standard URL, of the form:\n\t// `[username[:password]@][protocol[(address)]]/dbname[?param1=value1&...¶mN=valueN]`\n\t// We only need to parse up to `@` in order to redact the password. The rest is left as-is.\n\n\tusernamePassword, afterUsernamePassword, usernamePasswordSeparatorFound := strings.Cut(afterSchemeSeparator, \"@\")\n\tif !usernamePasswordSeparatorFound {\n\t\tafterUsernamePassword = afterSchemeSeparator\n\t}\n\n\tusername, password, hasPassword := strings.Cut(usernamePassword, \":\")\n\t// We only insert a redacted password in the final result if a password was provided in the input.\n\t// This behavior matches the one of `url.Redacted()`.\n\tif hasPassword {\n\t\tpassword = \":xxxxx\"\n\t}\n\n\tres := scheme + \"://\"\n\tif usernamePasswordSeparatorFound {\n\t\tres += username + password + \"@\"\n\t}\n\tres += afterUsernamePassword\n\treturn res, nil\n}\n" }, { "path": "oryx/sqlxx/types.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sqlxx\n\nimport (\n\t\"database/sql\"\n\t\"database/sql/driver\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/tidwall/gjson\"\n\n\t\"github.com/pkg/errors\"\n)\n\n// Duration represents a JSON and SQL compatible time.Duration.\n// swagger:type string\ntype Duration time.Duration\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (ns Duration) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(time.Duration(ns).String())\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (ns *Duration) UnmarshalJSON(data []byte) error {\n\tvar s string\n\tif err := json.Unmarshal(data, &s); err != nil {\n\t\treturn err\n\t}\n\n\tp, err := time.ParseDuration(s)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t*ns = Duration(p)\n\treturn nil\n}\n\n// StringSliceJSONFormat represents []string{} which is encoded to/from JSON for SQL storage.\ntype StringSliceJSONFormat []string\n\n// Scan implements the Scanner interface.\nfunc (m *StringSliceJSONFormat) Scan(value interface{}) error {\n\tvar val string\n\tswitch v := value.(type) {\n\tcase nil:\n\t\t*m = StringSliceJSONFormat{}\n\t\treturn nil\n\tcase string:\n\t\tval = v\n\tcase []byte:\n\t\tval = string(v)\n\tdefault:\n\t\treturn errors.Errorf(\"cannot scan %#v into StringSliceJSONFormat\", value)\n\t}\n\tif len(val) == 0 {\n\t\tval = \"[]\"\n\t}\n\n\tif parsed := gjson.Parse(val); parsed.Type == gjson.Null {\n\t\tval = \"[]\"\n\t} else if !parsed.IsArray() {\n\t\treturn errors.Errorf(\"expected JSON value to be an array but got type: %s\", parsed.Type.String())\n\t}\n\n\treturn errors.WithStack(json.Unmarshal([]byte(val), &m))\n}\n\n// Value implements the driver Valuer interface.\nfunc (m StringSliceJSONFormat) Value() (driver.Value, error) {\n\tif len(m) == 0 {\n\t\treturn \"[]\", nil\n\t}\n\n\tencoded, err := json.Marshal(&m)\n\treturn string(encoded), errors.WithStack(err)\n}\n\n// StringSlicePipeDelimiter de/encodes the string slice to/from a SQL string.\ntype StringSlicePipeDelimiter []string\n\n// Scan implements the Scanner interface.\nfunc (n *StringSlicePipeDelimiter) Scan(value interface{}) error {\n\tvar s sql.NullString\n\tif err := s.Scan(value); err != nil {\n\t\treturn err\n\t}\n\t*n = scanStringSlice('|', s.String)\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (n StringSlicePipeDelimiter) Value() (driver.Value, error) {\n\treturn valueStringSlice('|', n), nil\n}\n\nfunc scanStringSlice(delimiter rune, value interface{}) []string {\n\tescaped := false\n\ts := fmt.Sprintf(\"%s\", value)\n\tsplitted := strings.FieldsFunc(s, func(r rune) bool {\n\t\tif r == '\\\\' {\n\t\t\tescaped = !escaped\n\t\t} else if escaped && r != delimiter {\n\t\t\tescaped = false\n\t\t}\n\t\treturn !escaped && r == delimiter\n\t})\n\tfor k, v := range splitted {\n\t\tsplitted[k] = strings.ReplaceAll(v, \"\\\\\"+string(delimiter), string(delimiter))\n\t}\n\treturn splitted\n}\n\nfunc valueStringSlice(delimiter rune, value []string) string {\n\treplace := make([]string, len(value))\n\tfor k, v := range value {\n\t\treplace[k] = strings.ReplaceAll(v, string(delimiter), \"\\\\\"+string(delimiter))\n\t}\n\treturn strings.Join(replace, string(delimiter))\n}\n\n// NullBool represents a bool that may be null.\n// NullBool implements the Scanner interface so\n// swagger:type bool\n// swagger:model nullBool\ntype NullBool struct {\n\tBool bool\n\tValid bool // Valid is true if Bool is not NULL\n}\n\n// Scan implements the Scanner interface.\nfunc (ns *NullBool) Scan(value interface{}) error {\n\td := sql.NullBool{}\n\tif err := d.Scan(value); err != nil {\n\t\treturn err\n\t}\n\n\tns.Bool = d.Bool\n\tns.Valid = d.Valid\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (ns NullBool) Value() (driver.Value, error) {\n\tif !ns.Valid {\n\t\treturn nil, nil\n\t}\n\treturn ns.Bool, nil\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (ns NullBool) MarshalJSON() ([]byte, error) {\n\tif !ns.Valid {\n\t\treturn []byte(\"null\"), nil\n\t}\n\treturn json.Marshal(ns.Bool)\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (ns *NullBool) UnmarshalJSON(data []byte) error {\n\tif ns == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\tif len(data) == 0 || string(data) == \"null\" {\n\t\treturn nil\n\t}\n\tns.Valid = true\n\treturn errors.WithStack(json.Unmarshal(data, &ns.Bool))\n}\n\n// FalsyNullBool represents a bool that may be null.\n// It JSON decodes to false if null.\n//\n// swagger:type bool\n// swagger:model falsyNullBool\ntype FalsyNullBool struct {\n\tBool bool\n\tValid bool // Valid is true if Bool is not NULL\n}\n\n// Scan implements the Scanner interface.\nfunc (ns *FalsyNullBool) Scan(value interface{}) error {\n\td := sql.NullBool{}\n\tif err := d.Scan(value); err != nil {\n\t\treturn err\n\t}\n\n\tns.Bool = d.Bool\n\tns.Valid = d.Valid\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (ns FalsyNullBool) Value() (driver.Value, error) {\n\tif !ns.Valid {\n\t\treturn nil, nil\n\t}\n\treturn ns.Bool, nil\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (ns FalsyNullBool) MarshalJSON() ([]byte, error) {\n\tif !ns.Valid {\n\t\treturn []byte(\"false\"), nil\n\t}\n\treturn json.Marshal(ns.Bool)\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (ns *FalsyNullBool) UnmarshalJSON(data []byte) error {\n\tif ns == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\tif len(data) == 0 || string(data) == \"null\" {\n\t\treturn nil\n\t}\n\tns.Valid = true\n\treturn errors.WithStack(json.Unmarshal(data, &ns.Bool))\n}\n\n// swagger:type string\n// swagger:model nullString\ntype NullString string\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (ns NullString) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(string(ns))\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (ns *NullString) UnmarshalJSON(data []byte) error {\n\tif ns == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\tif len(data) == 0 {\n\t\treturn nil\n\t}\n\treturn errors.WithStack(json.Unmarshal(data, (*string)(ns)))\n}\n\n// Scan implements the Scanner interface.\nfunc (ns *NullString) Scan(value interface{}) error {\n\tvar v sql.NullString\n\tif err := (&v).Scan(value); err != nil {\n\t\treturn err\n\t}\n\t*ns = NullString(v.String)\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (ns NullString) Value() (driver.Value, error) {\n\tif len(ns) == 0 {\n\t\treturn sql.NullString{}.Value()\n\t}\n\treturn sql.NullString{Valid: true, String: string(ns)}.Value()\n}\n\n// String implements the Stringer interface.\nfunc (ns NullString) String() string {\n\treturn string(ns)\n}\n\n// NullTime implements sql.NullTime functionality.\n//\n// swagger:model nullTime\n// required: false\ntype NullTime time.Time\n\n// Scan implements the Scanner interface.\nfunc (ns *NullTime) Scan(value interface{}) error {\n\tvar v sql.NullTime\n\tif err := (&v).Scan(value); err != nil {\n\t\treturn err\n\t}\n\t*ns = NullTime(v.Time)\n\treturn nil\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (ns NullTime) MarshalJSON() ([]byte, error) {\n\tvar t *time.Time\n\tif !time.Time(ns).IsZero() {\n\t\ttt := time.Time(ns)\n\t\tt = &tt\n\t}\n\treturn json.Marshal(t)\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (ns *NullTime) UnmarshalJSON(data []byte) error {\n\tvar t time.Time\n\tif err := json.Unmarshal(data, &t); err != nil {\n\t\treturn err\n\t}\n\t*ns = NullTime(t)\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (ns NullTime) Value() (driver.Value, error) {\n\treturn sql.NullTime{Valid: !time.Time(ns).IsZero(), Time: time.Time(ns)}.Value()\n}\n\n// MapStringInterface represents a map[string]interface that works well with JSON, SQL, and Swagger.\ntype MapStringInterface map[string]interface{}\n\n// Scan implements the Scanner interface.\nfunc (n *MapStringInterface) Scan(value interface{}) error {\n\tv := fmt.Sprintf(\"%s\", value)\n\tif len(v) == 0 {\n\t\treturn nil\n\t}\n\treturn errors.WithStack(json.Unmarshal([]byte(v), n))\n}\n\n// Value implements the driver Valuer interface.\nfunc (n MapStringInterface) Value() (driver.Value, error) {\n\tvalue, err := json.Marshal(n)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\treturn string(value), nil\n}\n\n// JSONArrayRawMessage represents a json.RawMessage which only accepts arrays that works well with JSON, SQL, and Swagger.\ntype JSONArrayRawMessage json.RawMessage\n\n// Scan implements the Scanner interface.\nfunc (m *JSONArrayRawMessage) Scan(value interface{}) error {\n\tval := fmt.Sprintf(\"%s\", value)\n\tif len(val) == 0 {\n\t\tval = \"[]\"\n\t}\n\n\tif parsed := gjson.Parse(val); parsed.Type == gjson.Null {\n\t\tval = \"[]\"\n\t} else if !parsed.IsArray() {\n\t\treturn errors.Errorf(\"expected JSON value to be an array but got type: %s\", parsed.Type.String())\n\t}\n\n\t*m = []byte(val)\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (m JSONArrayRawMessage) Value() (driver.Value, error) {\n\tif len(m) == 0 {\n\t\treturn \"[]\", nil\n\t}\n\n\tif parsed := gjson.ParseBytes(m); parsed.Type == gjson.Null {\n\t\treturn \"[]\", nil\n\t} else if !parsed.IsArray() {\n\t\treturn nil, errors.Errorf(\"expected JSON value to be an array but got type: %s\", parsed.Type.String())\n\t}\n\n\treturn string(m), nil\n}\n\n// JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.\ntype JSONRawMessage json.RawMessage\n\n// Scan implements the Scanner interface.\nfunc (m *JSONRawMessage) Scan(value interface{}) error {\n\tswitch v := value.(type) {\n\tcase []byte:\n\t\t*m = slices.Clone(v)\n\tcase string:\n\t\t*m = JSONRawMessage(v)\n\tcase nil:\n\t\t*m = JSONRawMessage(\"null\")\n\tdefault:\n\t\treturn errors.Errorf(\"cannot scan %T into JSONRawMessage\", value)\n\t}\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (m JSONRawMessage) Value() (driver.Value, error) {\n\tif len(m) == 0 {\n\t\treturn \"null\", nil\n\t}\n\treturn string(m), nil\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (m JSONRawMessage) MarshalJSON() ([]byte, error) {\n\tif len(m) == 0 {\n\t\treturn []byte(\"null\"), nil\n\t}\n\treturn m, nil\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (m *JSONRawMessage) UnmarshalJSON(data []byte) error {\n\tif m == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\t*m = append((*m)[0:0], data...)\n\treturn nil\n}\n\n// NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-\n//\n// swagger:model nullJsonRawMessage\ntype NullJSONRawMessage json.RawMessage\n\n// Scan implements the Scanner interface.\nfunc (m *NullJSONRawMessage) Scan(value any) error {\n\treturn (*JSONRawMessage)(m).Scan(value)\n}\n\n// Value implements the driver Valuer interface.\nfunc (m NullJSONRawMessage) Value() (driver.Value, error) {\n\tif len(m) == 0 || string(m) == \"null\" {\n\t\treturn nil, nil\n\t}\n\treturn string(m), nil\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (m NullJSONRawMessage) MarshalJSON() ([]byte, error) {\n\tif len(m) == 0 {\n\t\treturn []byte(\"null\"), nil\n\t}\n\treturn m, nil\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (m *NullJSONRawMessage) UnmarshalJSON(data []byte) error {\n\tif m == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\t*m = append((*m)[0:0], data...)\n\treturn nil\n}\n\n// JSONScan is a generic helper for retrieving a SQL JSON-encoded value.\nfunc JSONScan(dst, value any) error {\n\t// Note: raw is a string (not []byte) because the MySQL driver reuses byte slices across scans.\n\t// Using strings avoids the need to manually copy the byte slice.\n\tvar raw string\n\tswitch v := value.(type) {\n\tcase nil:\n\t\traw = \"null\"\n\tcase string:\n\t\traw = v\n\tcase []byte:\n\t\traw = string(v)\n\tdefault:\n\t\treturn fmt.Errorf(\"unable to scan type %T as JSON into %T\", value, dst)\n\t}\n\tif err := json.Unmarshal([]byte(raw), dst); err != nil {\n\t\treturn fmt.Errorf(\"unable to decode JSON payload into %T: %w\", dst, err)\n\t}\n\treturn nil\n}\n\n// NullInt64 represents an int64 that may be null.\n// swagger:model nullInt64\ntype NullInt64 struct {\n\tInt int64\n\tValid bool // Valid is true if Duration is not NULL\n}\n\n// Scan implements the Scanner interface.\nfunc (ns *NullInt64) Scan(value interface{}) error {\n\td := sql.NullInt64{}\n\tif err := d.Scan(value); err != nil {\n\t\treturn err\n\t}\n\n\tns.Int = d.Int64\n\tns.Valid = d.Valid\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (ns NullInt64) Value() (driver.Value, error) {\n\tif !ns.Valid {\n\t\treturn nil, nil\n\t}\n\treturn ns.Int, nil\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (ns NullInt64) MarshalJSON() ([]byte, error) {\n\tif !ns.Valid {\n\t\treturn []byte(\"null\"), nil\n\t}\n\treturn json.Marshal(ns.Int)\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (ns *NullInt64) UnmarshalJSON(data []byte) error {\n\tif ns == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\tif len(data) == 0 || string(data) == \"null\" {\n\t\treturn nil\n\t}\n\tns.Valid = true\n\treturn errors.WithStack(json.Unmarshal(data, &ns.Int))\n}\n\n// NullDuration represents a nullable JSON and SQL compatible time.Duration.\n//\n// swagger:type string\n// swagger:model nullDuration\ntype NullDuration struct {\n\tDuration time.Duration\n\tValid bool\n}\n\n// Scan implements the Scanner interface.\nfunc (ns *NullDuration) Scan(value interface{}) error {\n\td := sql.NullInt64{}\n\tif err := d.Scan(value); err != nil {\n\t\treturn err\n\t}\n\n\tns.Duration = time.Duration(d.Int64)\n\tns.Valid = d.Valid\n\treturn nil\n}\n\n// Value implements the driver Valuer interface.\nfunc (ns NullDuration) Value() (driver.Value, error) {\n\tif !ns.Valid {\n\t\treturn nil, nil\n\t}\n\treturn int64(ns.Duration), nil\n}\n\n// MarshalJSON returns m as the JSON encoding of m.\nfunc (ns NullDuration) MarshalJSON() ([]byte, error) {\n\tif !ns.Valid {\n\t\treturn []byte(\"null\"), nil\n\t}\n\n\treturn json.Marshal(ns.Duration.String())\n}\n\n// UnmarshalJSON sets *m to a copy of data.\nfunc (ns *NullDuration) UnmarshalJSON(data []byte) error {\n\tif ns == nil {\n\t\treturn errors.New(\"json.RawMessage: UnmarshalJSON on nil pointer\")\n\t}\n\n\tif len(data) == 0 || string(data) == \"null\" {\n\t\treturn nil\n\t}\n\n\tvar s string\n\tif err := json.Unmarshal(data, &s); err != nil {\n\t\treturn err\n\t}\n\n\tp, err := time.ParseDuration(s)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tns.Duration = p\n\tns.Valid = true\n\treturn nil\n}\n\nfunc (ns Duration) IsZero() bool { return ns == 0 }\nfunc (m StringSliceJSONFormat) IsZero() bool { return len(m) == 0 }\nfunc (n StringSlicePipeDelimiter) IsZero() bool { return len(n) == 0 }\nfunc (ns NullBool) IsZero() bool { return !ns.Valid || !ns.Bool }\nfunc (ns FalsyNullBool) IsZero() bool { return !ns.Valid || !ns.Bool }\nfunc (ns NullString) IsZero() bool { return len(ns) == 0 }\nfunc (ns NullTime) IsZero() bool { return time.Time(ns).IsZero() }\nfunc (n MapStringInterface) IsZero() bool { return len(n) == 0 }\nfunc (m JSONArrayRawMessage) IsZero() bool { return len(m) == 0 || string(m) == \"[]\" }\nfunc (m JSONRawMessage) IsZero() bool { return len(m) == 0 || string(m) == \"null\" }\nfunc (m NullJSONRawMessage) IsZero() bool { return len(m) == 0 || string(m) == \"null\" }\nfunc (ns NullInt64) IsZero() bool { return !ns.Valid || ns.Int == 0 }\nfunc (ns NullDuration) IsZero() bool { return !ns.Valid || ns.Duration == 0 }\n" }, { "path": "oryx/stringslice/unique.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage stringslice\n\n// Unique returns the given string slice with unique values, preserving order.\n// Consider using slices.Compact with slices.Sort instead when you don't care about order.\nfunc Unique(i []string) []string {\n\tu := make([]string, 0, len(i))\n\tm := make(map[string]struct{}, len(i))\n\n\tfor _, val := range i {\n\t\tif _, ok := m[val]; !ok {\n\t\t\tm[val] = struct{}{}\n\t\t\tu = append(u, val)\n\t\t}\n\t}\n\n\treturn u\n}\n" }, { "path": "oryx/stringsx/case.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage stringsx\n\nimport \"unicode\"\n\n// ToLowerInitial converts a string's first character to lower case.\nfunc ToLowerInitial(s string) string {\n\tif s == \"\" {\n\t\treturn \"\"\n\t}\n\ta := []rune(s)\n\ta[0] = unicode.ToLower(a[0])\n\treturn string(a)\n}\n\n// ToUpperInitial converts a string's first character to upper case.\nfunc ToUpperInitial(s string) string {\n\tif s == \"\" {\n\t\treturn \"\"\n\t}\n\ta := []rune(s)\n\ta[0] = unicode.ToUpper(a[0])\n\treturn string(a)\n}\n" }, { "path": "oryx/stringsx/split.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage stringsx\n\nimport \"strings\"\n\n// Splitx is a special case of strings.Split\n// which returns an empty slice if the string is empty\nfunc Splitx(s, sep string) []string {\n\tif s == \"\" {\n\t\treturn []string{}\n\t}\n\n\treturn strings.Split(s, sep)\n}\n" }, { "path": "oryx/stringsx/switch_case.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage stringsx\n\nimport (\n\t\"fmt\"\n\t\"slices\"\n\t\"strings\"\n)\n\ntype (\n\tRegisteredCases struct {\n\t\tcases []string\n\t\tactual string\n\t}\n\terrUnknownCase struct {\n\t\t*RegisteredCases\n\t}\n\tRegisteredPrefixes struct {\n\t\tprefixes []string\n\t\tactual string\n\t}\n\terrUnknownPrefix struct {\n\t\t*RegisteredPrefixes\n\t}\n)\n\nvar (\n\tErrUnknownCase = errUnknownCase{}\n\tErrUnknownPrefix = errUnknownPrefix{}\n)\n\nfunc SwitchExact(actual string) *RegisteredCases {\n\treturn &RegisteredCases{\n\t\tactual: actual,\n\t}\n}\n\nfunc SwitchPrefix(actual string) *RegisteredPrefixes {\n\treturn &RegisteredPrefixes{\n\t\tactual: actual,\n\t}\n}\n\nfunc (r *RegisteredCases) AddCase(cases ...string) bool {\n\tr.cases = append(r.cases, cases...)\n\treturn slices.Contains(cases, r.actual)\n}\n\nfunc (r *RegisteredPrefixes) HasPrefix(prefixes ...string) bool {\n\tr.prefixes = append(r.prefixes, prefixes...)\n\treturn slices.ContainsFunc(prefixes, func(s string) bool {\n\t\treturn strings.HasPrefix(r.actual, s)\n\t})\n}\n\nfunc (r *RegisteredCases) String() string {\n\treturn \"[\" + strings.Join(r.cases, \", \") + \"]\"\n}\n\nfunc (r *RegisteredPrefixes) String() string {\n\treturn \"[\" + strings.Join(r.prefixes, \", \") + \"]\"\n}\n\nfunc (r *RegisteredCases) ToUnknownCaseErr() error {\n\treturn errUnknownCase{r}\n}\n\nfunc (r *RegisteredPrefixes) ToUnknownPrefixErr() error {\n\treturn errUnknownPrefix{r}\n}\n\nfunc (e errUnknownCase) Error() string {\n\treturn fmt.Sprintf(\"expected one of %s but got %s\", e.String(), e.actual)\n}\n\nfunc (e errUnknownCase) Is(err error) bool {\n\t_, ok := err.(errUnknownCase)\n\treturn ok\n}\n\nfunc (e errUnknownPrefix) Error() string {\n\treturn fmt.Sprintf(\"expected %s to have one of the prefixes %s\", e.actual, e.String())\n}\n\nfunc (e errUnknownPrefix) Is(err error) bool {\n\t_, ok := err.(errUnknownPrefix)\n\treturn ok\n}\n" }, { "path": "oryx/stringsx/truncate.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage stringsx\n\nimport \"unicode/utf8\"\n\n// TruncateByteLen returns string truncated at the end with the length specified\nfunc TruncateByteLen(s string, length int) string {\n\tif length <= 0 || len(s) <= length {\n\t\treturn s\n\t}\n\n\tres := s[:length]\n\n\t// in case we cut in the middle of an utf8 rune, we have to remove the last byte as well until it fits\n\tfor !utf8.ValidString(res) {\n\t\tres = res[:len(res)-1]\n\t}\n\treturn res\n}\n" }, { "path": "oryx/swaggerx/error.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage swaggerx\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/go-openapi/runtime\"\n)\n\nfunc FormatSwaggerError(err error) string {\n\tvar e *runtime.APIError\n\tif errors.As(err, &e) {\n\t\tbody, err := json.MarshalIndent(e, \"\\t\", \" \")\n\t\tif err != nil {\n\t\t\tbody = []byte(fmt.Sprintf(\"%+v\", e.Response))\n\t\t}\n\n\t\tswitch e.Code {\n\t\tcase http.StatusForbidden:\n\t\t\treturn fmt.Sprintf(\"The service responded with status code 403 indicating that you lack permission to access the resource. The full error details are:\\n\\n\\t%s\\n\\n\", body)\n\t\tcase http.StatusUnauthorized:\n\t\t\treturn fmt.Sprintf(\"The service responded with status code 401 indicating that you forgot to include credentials (e.g. token, TLS certificate, ...) in the HTTP request. The full error details are:\\n\\n\\t%s\\n\\n\", body)\n\t\tcase http.StatusNotFound:\n\t\t\treturn fmt.Sprintf(\"The service responded with status code 404 indicating that the resource does not exist. Check that the URL is correct (are you using the correct admin/public/... endpoint?) and that the resource exists. The full error details are:\\n\\n\\t%s\\n\\n\", body)\n\t\tdefault:\n\t\t\treturn fmt.Sprintf(\"Unable to complete operation %s because the server responded with status code %d:\\n\\n\\t%s\\n\", e.OperationName, e.Code, body)\n\t\t}\n\t}\n\treturn fmt.Sprintf(\"%+v\", err)\n}\n" }, { "path": "oryx/testingx/helpers.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n// Package testingx contains helper functions and extensions used when writing tests in Ory.\npackage testingx\n\nimport (\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\n// RepoRootPath returns the absolute path of the closest parent directory that has a go.mod file relative to the caller.\nfunc RepoRootPath(t require.TestingT) (repoRoot string) {\n\t_, fpath, _, _ := runtime.Caller(1)\n\tfor dir := filepath.Dir(filepath.FromSlash(fpath)); dir != filepath.Dir(dir); dir = filepath.Dir(dir) {\n\t\tmodPath := filepath.Join(dir, \"go.mod\")\n\t\tif _, err := os.Stat(modPath); err == nil {\n\t\t\trepoRoot = dir\n\t\t\tbreak\n\t\t}\n\t}\n\trequire.NotEmptyf(t, repoRoot, \"could not determine repo root using path: %q\", fpath)\n\treturn repoRoot\n}\n" }, { "path": "oryx/tlsx/cert.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage tlsx\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"crypto/x509/pkix\"\n\t\"encoding/base64\"\n\t\"encoding/pem\"\n\t\"fmt\"\n\t\"io\"\n\t\"math/big\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"slices\"\n\t\"sync/atomic\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/x/watcherx\"\n)\n\n// ErrNoCertificatesConfigured is returned when no TLS configuration was found.\nvar ErrNoCertificatesConfigured = errors.New(\"no tls configuration was found\")\n\n// ErrInvalidCertificateConfiguration is returned when an invalid TLS configuration was found.\nvar ErrInvalidCertificateConfiguration = errors.New(\"tls configuration is invalid\")\n\n// HTTPSCertificate returns loads a HTTP over TLS Certificate by looking at environment variables.\nfunc HTTPSCertificate() ([]tls.Certificate, error) {\n\tprefix := \"HTTPS_TLS\"\n\treturn Certificate(\n\t\tos.Getenv(prefix+\"_CERT\"), os.Getenv(prefix+\"_KEY\"),\n\t\tos.Getenv(prefix+\"_CERT_PATH\"), os.Getenv(prefix+\"_KEY_PATH\"),\n\t)\n}\n\n// HTTPSCertificateHelpMessage returns a help message for configuring HTTP over TLS Certificates.\nfunc HTTPSCertificateHelpMessage() string {\n\treturn CertificateHelpMessage(\"HTTPS_TLS\")\n}\n\n// CertificateHelpMessage returns a help message for configuring TLS Certificates.\nfunc CertificateHelpMessage(prefix string) string {\n\treturn `- ` + prefix + `_CERT_PATH: The path to the TLS certificate (pem encoded).\n\tExample: ` + prefix + `_CERT_PATH=~/cert.pem\n\n- ` + prefix + `_KEY_PATH: The path to the TLS private key (pem encoded).\n\tExample: ` + prefix + `_KEY_PATH=~/key.pem\n\n- ` + prefix + `_CERT: Base64 encoded (without padding) string of the TLS certificate (PEM encoded) to be used for HTTP over TLS (HTTPS).\n\tExample: ` + prefix + `_CERT=\"-----BEGIN CERTIFICATE-----\\nMIIDZTCCAk2gAwIBAgIEV5xOtDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQDDClP...\"\n\n- ` + prefix + `_KEY: Base64 encoded (without padding) string of the private key (PEM encoded) to be used for HTTP over TLS (HTTPS).\n\tExample: ` + prefix + `_KEY=\"-----BEGIN ENCRYPTED PRIVATE KEY-----\\nMIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDg...\"\n`\n}\n\n// CertificateFromBase64 loads a TLS certificate from a base64-encoded string of\n// the PEM representations of the cert and key.\nfunc CertificateFromBase64(certBase64, keyBase64 string) (tls.Certificate, error) {\n\tcertPEM, err := base64.StdEncoding.DecodeString(certBase64)\n\tif err != nil {\n\t\treturn tls.Certificate{}, fmt.Errorf(\"unable to base64 decode the TLS certificate: %v\", err)\n\t}\n\tkeyPEM, err := base64.StdEncoding.DecodeString(keyBase64)\n\tif err != nil {\n\t\treturn tls.Certificate{}, fmt.Errorf(\"unable to base64 decode the TLS private key: %v\", err)\n\t}\n\tcert, err := tls.X509KeyPair(certPEM, keyPEM)\n\tif err != nil {\n\t\treturn tls.Certificate{}, fmt.Errorf(\"unable to load X509 key pair: %v\", err)\n\t}\n\treturn cert, nil\n}\n\n// [deprecated] Certificate returns a TLS Certificate by looking at its\n// arguments. If both certPEMBase64 and keyPEMBase64 are not empty and contain\n// base64-encoded PEM representations of a cert and key, respectively, that key\n// pair is returned. Otherwise, if certPath and keyPath point to PEM files, the\n// key pair is loaded from those. Returns ErrNoCertificatesConfigured if all\n// arguments are empty, and ErrInvalidCertificateConfiguration if the arguments\n// are inconsistent.\n//\n// This function is deprecated. Use CertificateFromBase64 or GetCertificate\n// instead.\nfunc Certificate(\n\tcertPEMBase64, keyPEMBase64 string,\n\tcertPath, keyPath string,\n) ([]tls.Certificate, error) {\n\tif certPEMBase64 == \"\" && keyPEMBase64 == \"\" && certPath == \"\" && keyPath == \"\" {\n\t\treturn nil, errors.WithStack(ErrNoCertificatesConfigured)\n\t}\n\n\tif certPEMBase64 != \"\" && keyPEMBase64 != \"\" {\n\t\tcert, err := CertificateFromBase64(certPEMBase64, keyPEMBase64)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\treturn []tls.Certificate{cert}, nil\n\t}\n\n\tif certPath != \"\" && keyPath != \"\" {\n\t\tcert, err := tls.LoadX509KeyPair(certPath, keyPath)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"unable to load X509 key pair from files: %v\", err)\n\t\t}\n\t\treturn []tls.Certificate{cert}, nil\n\t}\n\n\treturn nil, errors.WithStack(ErrInvalidCertificateConfiguration)\n}\n\ntype CertFunc = func(*tls.ClientHelloInfo) (*tls.Certificate, error)\n\n// GetCertificate returns a function for use with\n// \"net/tls\".Config.GetCertificate.\n//\n// The certificate and private key are read from the specified filesystem paths.\n// The certificate file is watched for changes, upon which the cert+key are\n// reloaded in the background. Errors during reloading are deduplicated and\n// reported through the errs channel if it is not nil. When the provided context\n// is canceled, background reloading stops and the errs channel is closed.\n//\n// The returned function always yields the latest successfully loaded\n// certificate; ClientHelloInfo is unused.\nfunc GetCertificate(\n\tctx context.Context,\n\tcertPath, keyPath string,\n\terrs chan<- error,\n) (CertFunc, error) {\n\tif certPath == \"\" || keyPath == \"\" {\n\t\treturn nil, errors.WithStack(ErrNoCertificatesConfigured)\n\t}\n\tcert, err := tls.LoadX509KeyPair(certPath, keyPath)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(fmt.Errorf(\"unable to load X509 key pair from files: %v\", err))\n\t}\n\tvar store atomic.Value\n\tstore.Store(&cert)\n\n\tevents := make(chan watcherx.Event)\n\t// The cert could change without the key changing, but not the other way around.\n\t// Hence, we only watch the cert.\n\t_, err = watcherx.WatchFile(ctx, certPath, events)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\tgo func() {\n\t\tif errs != nil {\n\t\t\tdefer close(errs)\n\t\t}\n\t\tvar lastReportedError string\n\t\tfor {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn\n\n\t\t\tcase event := <-events:\n\t\t\t\tvar err error\n\t\t\t\tswitch event := event.(type) {\n\t\t\t\tcase *watcherx.ChangeEvent:\n\t\t\t\t\tvar cert tls.Certificate\n\t\t\t\t\tcert, err = tls.LoadX509KeyPair(certPath, keyPath)\n\t\t\t\t\tif err == nil {\n\t\t\t\t\t\tstore.Store(&cert)\n\t\t\t\t\t\tlastReportedError = \"\"\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\t\t\t\t\terr = fmt.Errorf(\"unable to load X509 key pair from files: %v\", err)\n\n\t\t\t\tcase *watcherx.ErrorEvent:\n\t\t\t\t\terr = fmt.Errorf(\"file watch: %v\", event)\n\t\t\t\tdefault:\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tif err.Error() == lastReportedError { // same message as before: don't spam the error channel\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\t// fresh error\n\t\t\t\tselect {\n\t\t\t\tcase errs <- errors.WithStack(err):\n\t\t\t\t\tlastReportedError = err.Error()\n\t\t\t\tcase <-time.After(500 * time.Millisecond):\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}()\n\n\treturn func(*tls.ClientHelloInfo) (*tls.Certificate, error) {\n\t\tif cert, ok := store.Load().(*tls.Certificate); ok {\n\t\t\treturn cert, nil\n\t\t}\n\t\treturn nil, errors.WithStack(ErrNoCertificatesConfigured)\n\t}, nil\n}\n\n// PublicKey returns the public key for a given private key, or nil.\nfunc PublicKey(key crypto.PrivateKey) interface{ Equal(x crypto.PublicKey) bool } {\n\tswitch k := key.(type) {\n\tcase *rsa.PrivateKey:\n\t\treturn &k.PublicKey\n\tcase *ecdsa.PrivateKey:\n\t\treturn &k.PublicKey\n\tcase ed25519.PrivateKey:\n\t\treturn k.Public().(ed25519.PublicKey)\n\tdefault:\n\t\treturn nil\n\t}\n}\n\n// CreateSelfSignedTLSCertificate creates a self-signed TLS certificate.\nfunc CreateSelfSignedTLSCertificate(key interface{}, opts ...CertificateOpts) (*tls.Certificate, error) {\n\tc, err := CreateSelfSignedCertificate(key, opts...)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tblock, err := PEMBlockForKey(key)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tpemCert := pem.EncodeToMemory(&pem.Block{Type: \"CERTIFICATE\", Bytes: c.Raw})\n\tpemKey := pem.EncodeToMemory(block)\n\tcert, err := tls.X509KeyPair(pemCert, pemKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &cert, nil\n}\n\n// CreateSelfSignedCertificate creates a self-signed x509 certificate.\nfunc CreateSelfSignedCertificate(key interface{}, opts ...CertificateOpts) (cert *x509.Certificate, err error) {\n\tserialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)\n\tserialNumber, err := rand.Int(rand.Reader, serialNumberLimit)\n\tif err != nil {\n\t\treturn cert, errors.Errorf(\"failed to generate serial number: %s\", err)\n\t}\n\n\tcertificate := &x509.Certificate{\n\t\tSerialNumber: serialNumber,\n\t\tSubject: pkix.Name{\n\t\t\tOrganization: []string{\"ORY GmbH\"},\n\t\t\tCommonName: \"ORY\",\n\t\t},\n\t\tIssuer: pkix.Name{\n\t\t\tOrganization: []string{\"ORY GmbH\"},\n\t\t\tCommonName: \"ORY\",\n\t\t},\n\t\tNotBefore: time.Now().UTC(),\n\t\tNotAfter: time.Now().UTC().Add(time.Hour * 24 * 31),\n\t\tKeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,\n\t\tExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},\n\t\tBasicConstraintsValid: true,\n\t\tIsCA: true,\n\t\tDNSNames: []string{\"localhost\"},\n\t}\n\tfor _, opt := range opts {\n\t\topt(certificate)\n\t}\n\n\tder, err := x509.CreateCertificate(rand.Reader, certificate, certificate, PublicKey(key), key)\n\tif err != nil {\n\t\treturn cert, errors.Errorf(\"failed to create certificate: %s\", err)\n\t}\n\n\tcert, err = x509.ParseCertificate(der)\n\tif err != nil {\n\t\treturn cert, errors.Errorf(\"failed to encode private key: %s\", err)\n\t}\n\treturn cert, nil\n}\n\n// PEMBlockForKey returns a PEM-encoded block for key.\nfunc PEMBlockForKey(key interface{}) (*pem.Block, error) {\n\tb, err := x509.MarshalPKCS8PrivateKey(key)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\treturn &pem.Block{Type: \"PRIVATE KEY\", Bytes: b}, nil\n}\n\n// NewClientCert creates a new client TLS certificate signed by the given CA.\nfunc NewClientCert(CAcert *x509.Certificate, CAkey crypto.PrivateKey, opts ...CertificateOpts) (*tls.Certificate, error) {\n\tif !slices.Contains(CAcert.ExtKeyUsage, x509.ExtKeyUsageClientAuth) {\n\t\treturn nil, errors.Errorf(\"the CA certificate does not have the client authentication extended key usage (OID 1.3.6.1.5.5.7.3.2) set\")\n\t}\n\tserialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)\n\tserialNumber, err := rand.Int(rand.Reader, serialNumberLimit)\n\tif err != nil {\n\t\treturn nil, errors.Errorf(\"failed to generate serial number: %s\", err)\n\t}\n\n\tkey, err := rsa.GenerateKey(rand.Reader, 3072)\n\tif err != nil {\n\t\treturn nil, errors.Errorf(\"failed to generate private key: %s\", err)\n\t}\n\n\ttemplate := &x509.Certificate{\n\t\tSerialNumber: serialNumber,\n\t\tSubject: pkix.Name{\n\t\t\tOrganization: []string{\"Ory GmbH\"},\n\t\t\tCommonName: \"ORY\",\n\t\t},\n\t\tIssuer: CAcert.Subject,\n\t\tNotBefore: time.Now().UTC(),\n\t\tNotAfter: CAcert.NotAfter,\n\t\tKeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,\n\t\tExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},\n\t\tBasicConstraintsValid: true,\n\t\tIsCA: false,\n\t}\n\tfor _, opt := range opts {\n\t\topt(template)\n\t}\n\n\tder, err := x509.CreateCertificate(rand.Reader, template, CAcert, PublicKey(key), CAkey)\n\tif err != nil {\n\t\treturn nil, errors.Errorf(\"failed to create certificate: %s\", err)\n\t}\n\n\tpemCert := pem.EncodeToMemory(&pem.Block{Type: \"CERTIFICATE\", Bytes: der})\n\tpemBlock, err := PEMBlockForKey(key)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tpemKey := pem.EncodeToMemory(pemBlock)\n\n\tcert, err := tls.X509KeyPair(pemCert, pemKey)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\treturn &cert, nil\n}\n\ntype CertificateOpts func(*x509.Certificate)\n\n// CreateSelfSignedCertificateForTest writes a new, self-signed TLS\n// certificate+key (in PEM format) to a temporary location on disk and returns\n// the paths to both, and the respective contents in base64 encoding. The\n// files are automatically cleaned up when the given *testing.T concludes its\n// tests.\nfunc CreateSelfSignedCertificateForTest(t testing.TB) (certPath, keyPath, certBase64, keyBase64 string) {\n\ttmpDir := t.TempDir()\n\n\tprivateKey, err := rsa.GenerateKey(rand.Reader, 2048)\n\trequire.NoError(t, err)\n\n\tcert, err := CreateSelfSignedCertificate(privateKey)\n\trequire.NoError(t, err)\n\n\t// write cert\n\tcertFile, err := os.Create(filepath.Join(tmpDir, \"cert.pem\"))\n\trequire.NoError(t, err)\n\tcertPath = certFile.Name()\n\n\tvar buf bytes.Buffer\n\tenc := base64.NewEncoder(base64.StdEncoding, &buf)\n\trequire.NoErrorf(t, pem.Encode(\n\t\tio.MultiWriter(enc, certFile),\n\t\t&pem.Block{Type: \"CERTIFICATE\", Bytes: cert.Raw},\n\t), \"Failed to write data to %q\", certPath)\n\trequire.NoError(t, enc.Close())\n\trequire.NoErrorf(t, certFile.Close(), \"Error closing %q\", certPath)\n\tcertBase64 = buf.String()\n\n\t// write key\n\tkeyFile, err := os.Create(filepath.Join(tmpDir, \"key.pem\"))\n\trequire.NoError(t, err)\n\tkeyPath = keyFile.Name()\n\tbuf.Reset()\n\tenc = base64.NewEncoder(base64.StdEncoding, &buf)\n\n\tprivBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)\n\trequire.NoError(t, err)\n\n\trequire.NoErrorf(t, pem.Encode(\n\t\tio.MultiWriter(enc, keyFile),\n\t\t&pem.Block{Type: \"PRIVATE KEY\", Bytes: privBytes},\n\t), \"Failed to write data to %q\", keyPath)\n\trequire.NoError(t, enc.Close())\n\trequire.NoErrorf(t, keyFile.Close(), \"Error closing %q\", keyPath)\n\tkeyBase64 = buf.String()\n\n\treturn\n}\n" }, { "path": "oryx/tlsx/termination.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage tlsx\n\nimport (\n\t\"net\"\n\t\"net/http\"\n\t\"strings\"\n\n\t\"github.com/pkg/errors\"\n\t\"github.com/urfave/negroni\"\n\n\t\"github.com/ory/x/healthx\"\n\t\"github.com/ory/x/httpx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/prometheusx\"\n)\n\ntype dependencies interface {\n\tlogrusx.Provider\n\thttpx.WriterProvider\n}\n\n// EnforceTLSRequests creates a middleware that enforces TLS for incoming HTTP requests.\n// It allows termination (non-HTTPS traffic) from specific CIDR ranges provided in the `allowTerminationFrom` slice.\n// If the request is not secure and does not match the allowed CIDR ranges, an error response is returned.\n// The middleware also validates the `X-Forwarded-Proto` header to ensure it is set to \"https\".\nfunc EnforceTLSRequests(d dependencies, allowTerminationFrom []string) (negroni.Handler, error) {\n\tnetworks := make([]*net.IPNet, 0, len(allowTerminationFrom))\n\tfor _, rn := range allowTerminationFrom {\n\t\t_, network, err := net.ParseCIDR(rn)\n\t\tif err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\tnetworks = append(networks, network)\n\t}\n\n\treturn negroni.HandlerFunc(func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {\n\t\tif r.TLS != nil ||\n\t\t\tr.URL.Path == healthx.AliveCheckPath ||\n\t\t\tr.URL.Path == healthx.ReadyCheckPath ||\n\t\t\tr.URL.Path == prometheusx.MetricsPrometheusPath {\n\t\t\tnext(rw, r)\n\t\t\treturn\n\t\t}\n\n\t\tif len(networks) == 0 {\n\t\t\td.Logger().WithRequest(r).WithError(errors.New(\"TLS termination is not enabled\")).Error(\"Could not serve http connection\")\n\t\t\td.Writer().WriteErrorCode(rw, r, http.StatusBadGateway, errors.New(\"can not serve request over insecure http\"))\n\t\t\treturn\n\t\t}\n\n\t\tif err := matchesRange(r, networks); err != nil {\n\t\t\td.Logger().WithRequest(r).WithError(err).Warnln(\"Could not serve http connection\")\n\t\t\td.Writer().WriteErrorCode(rw, r, http.StatusBadGateway, errors.New(\"can not serve request over insecure http\"))\n\t\t\treturn\n\t\t}\n\n\t\tproto := r.Header.Get(\"X-Forwarded-Proto\")\n\t\tif proto == \"\" {\n\t\t\td.Logger().WithRequest(r).WithError(errors.New(\"X-Forwarded-Proto header is missing\")).Error(\"Could not serve http connection\")\n\t\t\td.Writer().WriteErrorCode(rw, r, http.StatusBadGateway, errors.New(\"can not serve request over insecure http\"))\n\t\t\treturn\n\t\t} else if proto != \"https\" {\n\t\t\td.Logger().WithRequest(r).WithError(errors.New(\"X-Forwarded-Proto header is missing\")).Error(\"Could not serve http connection\")\n\t\t\td.Writer().WriteErrorCode(rw, r, http.StatusBadGateway, errors.Errorf(\"expected X-Forwarded-Proto header to be https but got: %s\", proto))\n\t\t\treturn\n\t\t}\n\n\t\tnext(rw, r)\n\t}), nil\n}\n\nfunc matchesRange(r *http.Request, networks []*net.IPNet) error {\n\tremoteIP, _, err := net.SplitHostPort(r.RemoteAddr)\n\tif err != nil {\n\t\treturn errors.WithStack(err)\n\t}\n\n\tcheck := []string{remoteIP}\n\tfor fwd := range strings.SplitSeq(r.Header.Get(\"X-Forwarded-For\"), \",\") {\n\t\tcheck = append(check, strings.TrimSpace(fwd))\n\t}\n\n\tfor _, ipNet := range networks {\n\t\tfor _, ip := range check {\n\t\t\taddr := net.ParseIP(ip)\n\t\t\tif ipNet.Contains(addr) {\n\t\t\t\treturn nil\n\t\t\t}\n\t\t}\n\t}\n\treturn errors.Errorf(\"neither remote address nor any x-forwarded-for values match CIDR ranges %+v: %v, ranges, check)\", networks, check)\n}\n" }, { "path": "oryx/urlx/copy.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage urlx\n\nimport \"net/url\"\n\n// Copy returns a copy of the input url.\nfunc Copy(src *url.URL) *url.URL {\n\tvar out = new(url.URL)\n\t*out = *src\n\treturn out\n}\n\n// CopyWithQuery returns a copy of the input url with the given query parameters\nfunc CopyWithQuery(src *url.URL, query url.Values) *url.URL {\n\tout := Copy(src)\n\tq := out.Query()\n\tfor k := range query {\n\t\tq.Set(k, query.Get(k))\n\t}\n\tout.RawQuery = q.Encode()\n\treturn out\n}\n" }, { "path": "oryx/urlx/extract.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage urlx\n\nimport (\n\t\"context\"\n\t\"net\"\n\t\"net/url\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n)\n\n// hostCache caches DNS lookup results for hostnames to avoid repeated lookups.\n// The cache is thread-safe and stores true/false whether a hostname resolves to public IPs.\ntype hostCache struct {\n\tmu sync.RWMutex\n\tcache map[string]bool\n}\n\n// get retrieves a cached value for a hostname. Returns value and whether it was found.\nfunc (hc *hostCache) get(hostname string) (bool, bool) {\n\thc.mu.RLock()\n\tdefer hc.mu.RUnlock()\n\tisPublic, found := hc.cache[hostname]\n\treturn isPublic, found\n}\n\n// set stores the lookup result for a hostname.\nfunc (hc *hostCache) set(hostname string, isPublic bool) {\n\thc.mu.Lock()\n\tdefer hc.mu.Unlock()\n\thc.cache[hostname] = isPublic\n}\n\n// localCache lives for the lifetime of the main process. The cache\n// size is not expected to grow more than a few hundred bytes.\nvar localCache = &hostCache{\n\tcache: make(map[string]bool),\n}\n\n// ExtractPublicAddress iterates over parameters and extracts the first public\n// address found. Parameter values are assumed to be in priority order. Returns\n// an empty string if only private addresses are available.\nfunc ExtractPublicAddress(values ...string) string {\n\tfor _, value := range values {\n\t\tif value == \"\" || value == \"*\" {\n\t\t\tcontinue\n\t\t}\n\t\thost := value\n\n\t\t// parse URL addresses\n\t\tif u, err := url.Parse(value); err == nil && len(u.Host) > 1 {\n\t\t\thost = removeWildcardsFromHostname(u.Host)\n\t\t}\n\n\t\t// strip port on both URL and non-URL addresses\n\t\thostname, _, err := net.SplitHostPort(host)\n\t\tif err != nil {\n\t\t\thostname = host\n\t\t}\n\n\t\t// for IP addresses\n\t\tif ip := net.ParseIP(hostname); ip != nil {\n\t\t\tif !isPrivateIP(ip) {\n\t\t\t\treturn host\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\n\t\t// for hostnames, first check cache\n\t\tif isPublic, found := localCache.get(hostname); found {\n\t\t\tif isPublic {\n\t\t\t\treturn host\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\n\t\t// otherwise, perform DNS lookup & cache result\n\t\tisPublic := isPublicHostname(hostname)\n\t\tlocalCache.set(hostname, isPublic)\n\t\tif isPublic {\n\t\t\treturn host\n\t\t}\n\t}\n\n\treturn \"\"\n}\n\n// isPrivateIP checks if an IP address is private (RFC 1918/4193).\nfunc isPrivateIP(ip net.IP) bool {\n\treturn ip.IsPrivate() ||\n\t\tip.IsLoopback() ||\n\t\tip.IsLinkLocalUnicast() ||\n\t\tip.IsLinkLocalMulticast() ||\n\t\tip.IsUnspecified() // 0.0.0.0 or ::\n}\n\n// isPublicHostname performs DNS lookup to determine if hostname resolves to public IPs.\n// Returns true if at least one resolved IP is public, false if all are private or lookup fails.\nfunc isPublicHostname(hostname string) bool {\n\t// avoid DNS lookup if localhost\n\tlower := strings.ToLower(hostname)\n\tif lower == \"localhost\" {\n\t\treturn false\n\t}\n\n\tctx, cancel := context.WithTimeoutCause(context.Background(), 2*time.Second, errors.Errorf(\"failed to resolve DNS for %s within 2s\", hostname))\n\tdefer cancel()\n\n\tips, err := net.DefaultResolver.LookupIPAddr(ctx, hostname)\n\tif err != nil {\n\t\treturn false\n\t}\n\n\tfor _, ip := range ips {\n\t\tif !isPrivateIP(ip.IP) {\n\t\t\treturn true\n\t\t}\n\t}\n\n\treturn false\n}\n\n// removeWildcardsFromHostname removes wildcard segments from a hostname string\n// by splitting on dots and filtering out asterisk-only segments.\nfunc removeWildcardsFromHostname(hostname string) string {\n\tsep := strings.Split(hostname, \".\")\n\tclean := make([]string, 0, len(sep))\n\tfor _, s := range sep {\n\t\tif s != \"*\" && s != \"\" {\n\t\t\tclean = append(clean, s)\n\t\t}\n\t}\n\treturn strings.Join(clean, \".\")\n}\n" }, { "path": "oryx/urlx/join.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage urlx\n\nimport (\n\t\"net/url\"\n\t\"path\"\n\n\t\"github.com/ory/x/cmdx\"\n)\n\n// MustJoin joins the paths of two URLs. Fatals if first is not a DSN.\nfunc MustJoin(first string, parts ...string) string {\n\tu, err := url.Parse(first)\n\tif err != nil {\n\t\tcmdx.Fatalf(\"Unable to parse %s: %s\", first, err)\n\t}\n\treturn AppendPaths(u, parts...).String()\n}\n\n// AppendPaths appends the provided paths to the url.\n// Paths are intentionally *not* URL encoded.\n// The caller is responsible for url encoding, possibly selectively, the required path components with `url.PathEscape`.\nfunc AppendPaths(u *url.URL, paths ...string) (ep *url.URL) {\n\tep = Copy(u)\n\tif len(paths) == 0 {\n\t\treturn ep\n\t}\n\n\tep.Path = path.Join(append([]string{ep.Path}, paths...)...)\n\n\tlast := paths[len(paths)-1]\n\tif last != \"\" && last[len(last)-1] == '/' {\n\t\tep.Path = ep.Path + \"/\"\n\t}\n\n\treturn ep\n}\n\n// SetQuery appends the provided url values to the DSN's query string.\nfunc SetQuery(u *url.URL, query url.Values) (ep *url.URL) {\n\tep = Copy(u)\n\tq := ep.Query()\n\n\tfor k := range query {\n\t\tq.Set(k, query.Get(k))\n\t}\n\n\tep.RawQuery = q.Encode()\n\treturn ep\n}\n" }, { "path": "oryx/urlx/parse.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage urlx\n\nimport (\n\t\"net/url\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/ory/x/logrusx\"\n)\n\n// winPathRegex is a regex for [DRIVE-LETTER]:\nvar winPathRegex = regexp.MustCompile(\"^[A-Za-z]:.*\")\n\n// Parse parses rawURL into a URL structure with special handling for file:// URLs\n//\n// File URLs with relative paths (file://../file, ../file) will be returned as a\n// url.URL object without the Scheme set to \"file\". This is because the file\n// scheme does not support relative paths. Make sure to check for\n// both \"file\" or \"\" (an empty string) in URL.Scheme if you are looking for\n// a file path.\n//\n// Use the companion function GetURLFilePath() to get a file path suitable\n// for the current operating system.\nfunc Parse(rawURL string) (*url.URL, error) {\n\tlcRawURL := strings.ToLower(rawURL)\n\tif strings.HasPrefix(lcRawURL, \"file:///\") {\n\t\treturn url.Parse(rawURL)\n\t}\n\n\t// Normally the first part after file:// is a hostname, but since\n\t// this is often misused we interpret the URL like a normal path\n\t// by removing the \"file://\" from the beginning (if it exists)\n\trawURL = trimPrefixIC(rawURL, \"file://\")\n\n\tif winPathRegex.MatchString(rawURL) {\n\t\t// Windows path\n\t\treturn url.Parse(\"file:///\" + rawURL)\n\t}\n\n\tif strings.HasPrefix(lcRawURL, \"\\\\\\\\\") {\n\t\t// Windows UNC path\n\t\t// We extract the hostname and create an appropriate file:// URL\n\t\t// based on the hostname and the path\n\t\thost, path := extractUNCPathParts(rawURL)\n\t\t// It is safe to replace the \\ with / here because this is POSIX style path\n\t\treturn url.Parse(\"file://\" + host + strings.ReplaceAll(path, \"\\\\\", \"/\"))\n\t}\n\n\tparsed, err := url.Parse(rawURL)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\t// Since go1.19:\n\t//\n\t// > The URL type now distinguishes between URLs with no authority and URLs with an empty authority.\n\t// > For example, http:///path has an empty authority (host), while http:/path has none.\n\t//\n\t// See https://golang.org/doc/go1.19#net/url for more details.\n\tparsed.OmitHost = false\n\treturn parsed, nil\n}\n\n// ParseOrPanic parses a url or panics.\nfunc ParseOrPanic(in string) *url.URL {\n\tout, err := url.Parse(in)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn out\n}\n\n// ParseOrFatal parses a url or fatals.\nfunc ParseOrFatal(l *logrusx.Logger, in string) *url.URL {\n\tout, err := url.Parse(in)\n\tif err != nil {\n\t\tl.WithError(err).Fatalf(\"Unable to parse url: %s\", in)\n\t}\n\treturn out\n}\n\n// ParseRequestURIOrPanic parses a request uri or panics.\nfunc ParseRequestURIOrPanic(in string) *url.URL {\n\tout, err := url.ParseRequestURI(in)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn out\n}\n\n// ParseRequestURIOrFatal parses a request uri or fatals.\nfunc ParseRequestURIOrFatal(l *logrusx.Logger, in string) *url.URL {\n\tout, err := url.ParseRequestURI(in)\n\tif err != nil {\n\t\tl.WithError(err).Fatalf(\"Unable to parse url: %s\", in)\n\t}\n\treturn out\n}\n\nfunc extractUNCPathParts(uncPath string) (host, path string) {\n\tparts := strings.Split(strings.TrimPrefix(uncPath, \"\\\\\\\\\"), \"\\\\\")\n\thost = parts[0]\n\tif len(parts) > 0 {\n\t\tpath = \"\\\\\" + strings.Join(parts[1:], \"\\\\\")\n\t}\n\treturn host, path\n}\n\n// trimPrefixIC returns s without the provided leading prefix string using\n// case insensitive matching.\n// If s doesn't start with prefix, s is returned unchanged.\nfunc trimPrefixIC(s, prefix string) string {\n\tif strings.HasPrefix(strings.ToLower(s), prefix) {\n\t\treturn s[len(prefix):]\n\t}\n\treturn s\n}\n" }, { "path": "oryx/urlx/path.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build !windows\n// +build !windows\n\npackage urlx\n\nimport (\n\t\"net/url\"\n)\n\n// GetURLFilePath returns the path of a URL that is compatible with the runtime os filesystem\nfunc GetURLFilePath(u *url.URL) string {\n\tif u == nil {\n\t\treturn \"\"\n\t}\n\treturn u.Path\n}\n" }, { "path": "oryx/urlx/path_windows.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\n//go:build windows\n// +build windows\n\npackage urlx\n\nimport (\n\t\"net/url\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\n// GetURLFilePath returns the path of a URL that is compatible with the runtime os filesystem\nfunc GetURLFilePath(u *url.URL) string {\n\tif u == nil {\n\t\treturn \"\"\n\t}\n\tif !(u.Scheme == \"file\" || u.Scheme == \"\") {\n\t\treturn u.Path\n\t}\n\n\tfPath := u.Path\n\tif u.Host != \"\" {\n\t\t// Make UNC Path\n\t\tfPath = \"\\\\\\\\\" + u.Host + filepath.FromSlash(fPath)\n\t\treturn fPath\n\t}\n\tfPathTrimmed := strings.TrimLeft(fPath, \"/\")\n\tif winPathRegex.MatchString(fPathTrimmed) {\n\t\t// On Windows we should remove the initial path separator in case this\n\t\t// is a normal path (for example: \"\\c:\\\" -> \"c:\\\"\")\n\t\tfPath = fPathTrimmed\n\t}\n\treturn filepath.FromSlash(fPath)\n}\n" }, { "path": "oryx/uuidx/uuid.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage uuidx\n\nimport \"github.com/gofrs/uuid\"\n\n// NewV4 returns a new randomly generated UUID or panics.\nfunc NewV4() uuid.UUID {\n\treturn uuid.Must(uuid.NewV4())\n}\n" }, { "path": "oryx/watcherx/definitions.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage watcherx\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/url\"\n)\n\ntype (\n\terrSchemeUnknown struct {\n\t\tscheme string\n\t}\n\tEventChannel chan Event\n\tWatcher interface {\n\t\t// DispatchNow fires the watcher and causes an event.\n\t\t//\n\t\t// WARNING: The returned channel must be read or no further events will\n\t\t// be propagated due to a deadlock.\n\t\tDispatchNow() (<-chan int, error)\n\t}\n\tdispatcher struct {\n\t\ttrigger chan struct{}\n\t\tdone chan int\n\t}\n)\n\nvar (\n\t// ErrSchemeUnknown is just for checking with errors.Is()\n\tErrSchemeUnknown = &errSchemeUnknown{}\n\tErrWatcherNotRunning = fmt.Errorf(\"watcher is not running\")\n)\n\nfunc (e *errSchemeUnknown) Is(other error) bool {\n\t_, ok := other.(*errSchemeUnknown)\n\treturn ok\n}\n\nfunc (e *errSchemeUnknown) Error() string {\n\treturn fmt.Sprintf(\"unknown scheme '%s' to watch\", e.scheme)\n}\n\nfunc newDispatcher() *dispatcher {\n\treturn &dispatcher{\n\t\ttrigger: make(chan struct{}),\n\t\tdone: make(chan int),\n\t}\n}\n\nfunc (d *dispatcher) DispatchNow() (<-chan int, error) {\n\tif d.trigger == nil {\n\t\treturn nil, ErrWatcherNotRunning\n\t}\n\td.trigger <- struct{}{}\n\treturn d.done, nil\n}\n\nfunc Watch(ctx context.Context, u *url.URL, c EventChannel) (Watcher, error) {\n\tswitch u.Scheme {\n\t// see urlx.Parse for why the empty string is also file\n\tcase \"file\", \"\":\n\t\treturn WatchFile(ctx, u.Path, c)\n\t}\n\treturn nil, &errSchemeUnknown{u.Scheme}\n}\n" }, { "path": "oryx/watcherx/directory.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage watcherx\n\nimport (\n\t\"context\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/fsnotify/fsnotify\"\n\t\"github.com/pkg/errors\"\n)\n\nfunc WatchDirectory(ctx context.Context, dir string, c EventChannel) (Watcher, error) {\n\tw, err := fsnotify.NewWatcher()\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\tsubDirs := make(map[string]struct{})\n\tif err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {\n\t\tif err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tif info.IsDir() {\n\t\t\tif err := w.Add(path); err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\t\t\tsubDirs[path] = struct{}{}\n\t\t}\n\t\treturn nil\n\t}); err != nil {\n\t\treturn nil, err\n\t}\n\n\tdw := &directoryWatcher{\n\t\tdispatcher: newDispatcher(),\n\t\tc: c,\n\t\tdir: dir,\n\t\tsubDirs: subDirs,\n\t\tw: w,\n\t}\n\tgo dw.streamDirectoryEvents(ctx)\n\treturn dw, nil\n}\n\ntype directoryWatcher struct {\n\t*dispatcher\n\tc EventChannel\n\tdir string\n\tsubDirs map[string]struct{}\n\tw *fsnotify.Watcher\n}\n\nfunc (w *directoryWatcher) handleEvent(ctx context.Context, e fsnotify.Event) {\n\tif e.Has(fsnotify.Remove) {\n\t\tif _, ok := w.subDirs[e.Name]; ok {\n\t\t\t// we do not want any event on deletion of a directory\n\t\t\tdelete(w.subDirs, e.Name)\n\t\t\treturn\n\t\t}\n\t\tw.maybeSend(ctx, &RemoveEvent{\n\t\t\tsource: source(e.Name),\n\t\t})\n\t\treturn\n\t} else if e.Has(fsnotify.Write | fsnotify.Create) {\n\t\tif stats, err := os.Stat(e.Name); err != nil {\n\t\t\tw.maybeSend(ctx, &ErrorEvent{\n\t\t\t\terror: errors.WithStack(err),\n\t\t\t\tsource: source(e.Name),\n\t\t\t})\n\t\t\treturn\n\t\t} else if stats.IsDir() {\n\t\t\tif err := w.w.Add(e.Name); err != nil {\n\t\t\t\tw.maybeSend(ctx, &ErrorEvent{\n\t\t\t\t\terror: errors.WithStack(err),\n\t\t\t\t\tsource: source(e.Name),\n\t\t\t\t})\n\t\t\t}\n\t\t\tw.subDirs[e.Name] = struct{}{}\n\t\t\treturn\n\t\t}\n\n\t\t//#nosec G304 -- false positive\n\t\tdata, err := os.ReadFile(e.Name)\n\t\tif err != nil {\n\t\t\tw.maybeSend(ctx, &ErrorEvent{\n\t\t\t\terror: err,\n\t\t\t\tsource: source(e.Name),\n\t\t\t})\n\t\t} else {\n\t\t\tw.maybeSend(ctx, &ChangeEvent{\n\t\t\t\tdata: data,\n\t\t\t\tsource: source(e.Name),\n\t\t\t})\n\t\t}\n\t}\n}\n\nfunc (w *directoryWatcher) maybeSend(ctx context.Context, e Event) bool {\n\tselect {\n\tcase <-ctx.Done():\n\t\treturn false\n\tcase w.c <- e:\n\t\treturn true\n\t}\n}\n\nfunc (w *directoryWatcher) streamDirectoryEvents(ctx context.Context) {\n\tdefer func() {\n\t\tclose(w.done)\n\t\tclose(w.c)\n\t\t_ = w.w.Close()\n\t}()\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tcase e := <-w.w.Events:\n\t\t\tw.handleEvent(ctx, e)\n\t\tcase <-w.trigger:\n\t\t\tvar eventsSent int\n\n\t\t\tif err := filepath.Walk(w.dir, func(path string, info os.FileInfo, err error) error {\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\tif !info.IsDir() {\n\t\t\t\t\t//#nosec G304 -- false positive\n\t\t\t\t\tdata, err := os.ReadFile(path)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\tif !w.maybeSend(ctx, &ErrorEvent{\n\t\t\t\t\t\t\terror: err,\n\t\t\t\t\t\t\tsource: source(path),\n\t\t\t\t\t\t}) {\n\t\t\t\t\t\t\treturn errors.WithStack(context.Canceled)\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif !w.maybeSend(ctx, &ChangeEvent{\n\t\t\t\t\t\t\tdata: data,\n\t\t\t\t\t\t\tsource: source(path),\n\t\t\t\t\t\t}) {\n\t\t\t\t\t\t\treturn errors.WithStack(context.Canceled)\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\teventsSent++\n\t\t\t\t}\n\t\t\t\treturn nil\n\t\t\t}); err != nil {\n\t\t\t\tif !w.maybeSend(ctx, &ErrorEvent{\n\t\t\t\t\terror: err,\n\t\t\t\t\tsource: source(w.dir),\n\t\t\t\t}) {\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t\teventsSent++\n\t\t\t}\n\n\t\t\tw.done <- eventsSent\n\t\t}\n\t}\n}\n" }, { "path": "oryx/watcherx/event.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage watcherx\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n)\n\ntype (\n\tEvent interface {\n\t\t// MarshalJSON is required to work multiple times\n\t\tjson.Marshaler\n\n\t\tReader() io.Reader\n\t\tSource() string\n\t\tString() string\n\t\tsetSource(string)\n\t}\n\tsource string\n\tErrorEvent struct {\n\t\terror\n\t\tsource\n\t}\n\tChangeEvent struct {\n\t\tdata []byte\n\t\tsource\n\t}\n\tRemoveEvent struct {\n\t\tsource\n\t}\n\tserialEventType string\n\tserialEvent struct {\n\t\tType serialEventType `json:\"type\"`\n\t\tData []byte `json:\"data\"`\n\t\tSource source `json:\"source\"`\n\t}\n)\n\nfunc NewErrorEvent(err error, source_ string) *ErrorEvent {\n\treturn &ErrorEvent{\n\t\terror: err,\n\t\tsource: source(source_),\n\t}\n}\n\nconst (\n\tserialTypeChange serialEventType = \"change\"\n\tserialTypeRemove serialEventType = \"remove\"\n\tserialTypeError serialEventType = \"error\"\n)\n\nfunc (e *ErrorEvent) Reader() io.Reader {\n\treturn bytes.NewBufferString(e.Error())\n}\n\nfunc (e *ErrorEvent) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(serialEvent{\n\t\tType: serialTypeError,\n\t\tData: []byte(e.Error()),\n\t\tSource: e.source,\n\t})\n}\n\nfunc (e *ErrorEvent) String() string {\n\treturn fmt.Sprintf(\"error: %+v; source: %s\", e.error, e.source)\n}\n\nfunc (e source) Source() string {\n\treturn string(e)\n}\n\nfunc (e *source) setSource(nsrc string) {\n\t*e = source(nsrc)\n}\n\nfunc (e *ChangeEvent) Reader() io.Reader {\n\treturn bytes.NewBuffer(e.data)\n}\n\nfunc (e *ChangeEvent) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(serialEvent{\n\t\tType: serialTypeChange,\n\t\tData: e.data,\n\t\tSource: e.source,\n\t})\n}\n\nfunc (e *ChangeEvent) String() string {\n\treturn fmt.Sprintf(\"data: %s; source: %s\", e.data, e.source)\n}\n\nfunc (e *RemoveEvent) Reader() io.Reader {\n\treturn nil\n}\n\nfunc (e *RemoveEvent) MarshalJSON() ([]byte, error) {\n\treturn json.Marshal(serialEvent{\n\t\tType: serialTypeRemove,\n\t\tSource: e.source,\n\t})\n}\n\nfunc (e *RemoveEvent) String() string {\n\treturn fmt.Sprintf(\"removed source: %s\", e.source)\n}\n" }, { "path": "oryx/watcherx/file.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage watcherx\n\nimport (\n\t\"context\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/fsnotify/fsnotify\"\n\t\"github.com/pkg/errors\"\n)\n\n// WatchFile spawns a background goroutine to watch file, reporting any changes\n// to c. Watching stops when ctx is canceled.\nfunc WatchFile(ctx context.Context, file string, c EventChannel) (Watcher, error) {\n\twatcher, err := fsnotify.NewWatcher()\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\tdir := filepath.Dir(file)\n\tif err := watcher.Add(dir); err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\tresolvedFile, err := filepath.EvalSymlinks(file)\n\tif err != nil {\n\t\tif pathError := new(os.PathError); !errors.As(err, &pathError) {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t\t// The file does not exist. The watcher should still watch the directory\n\t\t// to get notified about file creation.\n\t\tresolvedFile = \"\"\n\t} else if resolvedFile != file {\n\t\t// If `resolvedFile` != `file` then `file` is a symlink and we have to explicitly watch the referenced file.\n\t\t// This is because fsnotify follows symlinks and watches the destination file, not the symlink\n\t\t// itself. That is at least the case for unix systems. See: https://github.com/fsnotify/fsnotify/issues/199\n\t\tif err := watcher.Add(file); err != nil {\n\t\t\treturn nil, errors.WithStack(err)\n\t\t}\n\t}\n\td := newDispatcher()\n\tgo streamFileEvents(ctx, watcher, c, d.trigger, d.done, file, resolvedFile)\n\treturn d, nil\n}\n\n// streamFileEvents watches for file changes and supports symlinks which requires several workarounds due to limitations of fsnotify.\n// Argument `resolvedFile` is the resolved symlink path of the file, or it is the watchedFile name itself. If `resolvedFile` is empty, then the watchedFile does not exist.\nfunc streamFileEvents(ctx context.Context, watcher *fsnotify.Watcher, c EventChannel, sendNow <-chan struct{}, sendNowDone chan<- int, watchedFile, resolvedFile string) {\n\teventSource := source(watchedFile)\n\tremoveDirectFileWatcher := func() {\n\t\t_ = watcher.Remove(watchedFile)\n\t}\n\taddDirectFileWatcher := func() {\n\t\t// check if the watchedFile (symlink) exists\n\t\t// if it does not the dir watcher will notify us when it gets created\n\t\tif _, err := os.Lstat(watchedFile); err == nil {\n\t\t\tif err := watcher.Add(watchedFile); err != nil {\n\t\t\t\tc <- &ErrorEvent{\n\t\t\t\t\terror: errors.WithStack(err),\n\t\t\t\t\tsource: eventSource,\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\tdefer watcher.Close()\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tcase <-sendNow:\n\t\t\tif resolvedFile == \"\" {\n\t\t\t\t// The file does not exist. Announce this by sending a RemoveEvent.\n\t\t\t\tc <- &RemoveEvent{eventSource}\n\t\t\t} else {\n\t\t\t\t// The file does exist. Announce the current content by sending a ChangeEvent.\n\t\t\t\t// #nosec G304 -- false positive\n\t\t\t\tdata, err := os.ReadFile(watchedFile)\n\t\t\t\tif err != nil {\n\t\t\t\t\tselect {\n\t\t\t\t\tcase c <- &ErrorEvent{\n\t\t\t\t\t\terror: errors.WithStack(err),\n\t\t\t\t\t\tsource: eventSource,\n\t\t\t\t\t}:\n\t\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\tselect {\n\t\t\t\tcase c <- &ChangeEvent{\n\t\t\t\t\tdata: data,\n\t\t\t\t\tsource: eventSource,\n\t\t\t\t}:\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// in any of the above cases we send exactly one event\n\t\t\tselect {\n\t\t\tcase sendNowDone <- 1:\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn\n\t\t\t}\n\t\tcase e, ok := <-watcher.Events:\n\t\t\tif !ok {\n\t\t\t\treturn\n\t\t\t}\n\t\t\t// filter events to only watch watchedFile\n\t\t\t// e.Name contains the name of the watchedFile (regardless whether it is a symlink), not the resolved file name\n\t\t\tif filepath.Clean(e.Name) == watchedFile {\n\t\t\t\trecentlyResolvedFile, err := filepath.EvalSymlinks(watchedFile)\n\t\t\t\t// when there is no error the file exists and any symlinks can be resolved\n\t\t\t\tif err != nil {\n\t\t\t\t\t// check if the watchedFile (or the file behind the symlink) was removed\n\t\t\t\t\tif _, ok := err.(*os.PathError); ok {\n\t\t\t\t\t\tselect {\n\t\t\t\t\t\tcase c <- &RemoveEvent{eventSource}:\n\t\t\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t\tremoveDirectFileWatcher()\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\t\t\t\t\tselect {\n\t\t\t\t\tcase c <- &ErrorEvent{\n\t\t\t\t\t\terror: errors.WithStack(err),\n\t\t\t\t\t\tsource: eventSource,\n\t\t\t\t\t}:\n\t\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\t// This catches following three cases:\n\t\t\t\t// 1. the watchedFile was written or created\n\t\t\t\t// 2. the watchedFile is a symlink and has changed (k8s config map updates)\n\t\t\t\t// 3. the watchedFile behind the symlink was written or created\n\t\t\t\tswitch {\n\t\t\t\tcase recentlyResolvedFile != resolvedFile:\n\t\t\t\t\tresolvedFile = recentlyResolvedFile\n\t\t\t\t\t// watch the symlink again to update the actually watched file\n\t\t\t\t\tremoveDirectFileWatcher()\n\t\t\t\t\taddDirectFileWatcher()\n\t\t\t\t\t// we fallthrough because we also want to read the file in this case\n\t\t\t\t\tfallthrough\n\t\t\t\tcase e.Has(fsnotify.Write | fsnotify.Create):\n\t\t\t\t\t// #nosec G304 -- false positive\n\t\t\t\t\tdata, err := os.ReadFile(watchedFile)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\tselect {\n\t\t\t\t\t\tcase c <- &ErrorEvent{\n\t\t\t\t\t\t\terror: errors.WithStack(err),\n\t\t\t\t\t\t\tsource: eventSource,\n\t\t\t\t\t\t}:\n\t\t\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\t\t\t\t\tselect {\n\t\t\t\t\tcase c <- &ChangeEvent{\n\t\t\t\t\t\tdata: data,\n\t\t\t\t\t\tsource: eventSource,\n\t\t\t\t\t}:\n\t\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "oryx/watcherx/integrationtest/.dockerignore", "content": "event_logger.yml\nconfigmap.yml\n\nMakefile\nREADME.md\n\neventlog_snapshot\n" }, { "path": "oryx/watcherx/integrationtest/.gitignore", "content": "tmp_snapshot\n" }, { "path": "oryx/watcherx/integrationtest/Dockerfile", "content": "FROM golang:1.26-alpine3.23 AS builder\n\nRUN apk -U --no-cache add build-base\n\nWORKDIR /go/src/github.com/ory/x\n\nADD go.mod go.mod\nADD go.sum go.sum\n\nRUN go mod download\n\nADD . .\n\nRUN go build -o /usr/bin/eventlogger ./watcherx/integrationtest\n\nFROM alpine:3.22\n\nCOPY --from=builder /usr/bin/eventlogger /usr/bin/eventlogger\n\nENTRYPOINT [\"eventlogger\"]\nCMD [\"/etc/config/mock-config\"]\n" }, { "path": "oryx/watcherx/integrationtest/Makefile", "content": "SHELL=/bin/bash -euo pipefail\n\nCLUSTER_NAME=watcherx-integration-test\nSNAPSHOT_FILE=eventlog_snapshot\n\ndefine generate_snapshot\n\tsleep 5\n\tmake update\n\tsleep 1\n\tkubectl logs eventlogger --context kind-${CLUSTER_NAME} >> $(1)\n\tmake apply\n\tsleep 1\n\tkubectl logs eventlogger --context kind-${CLUSTER_NAME} >> $(1)\n\tmake update\n\tsleep 1\n\tkubectl logs eventlogger --context kind-${CLUSTER_NAME} >> $(1)\nendef\n\n.PHONY: build\nbuild:\n\tdocker build -f Dockerfile -t eventlogger:latest ../..\n\n.PHONY: create\ncreate:\n\tkind create cluster --name ${CLUSTER_NAME} --wait 1m || true\n\n.PHONY: load\nload:\n\tkind load docker-image eventlogger:latest --name ${CLUSTER_NAME}\n\n.PHONY: apply\napply:\n\tkubectl apply -f configmap.yml -f event_logger.yml --context kind-${CLUSTER_NAME}\n\n.PHONY: delete\ndelete:\n\tkind delete cluster --name ${CLUSTER_NAME}\n\n.PHONY: setup\nsetup: build create load apply\n\n.PHONY: snapshot\nsnapshot: setup container-restart\n\trm ${SNAPSHOT_FILE}\n\t${call generate_snapshot,$(SNAPSHOT_FILE)}\n\n.PHONY: check\ncheck: setup container-restart\n\trm tmp_snapshot || true\n\t${call generate_snapshot,tmp_snapshot}\n\tdiff tmp_snapshot ${SNAPSHOT_FILE}\n\n.PHONY: logs\nlogs:\n\tkubectl logs eventlogger --context kind-${CLUSTER_NAME}\n\n.PHONY: container-restart\ncontainer-restart:\n\tkubectl delete -f event_logger.yml --context kind-${CLUSTER_NAME}\n\tkubectl apply -f event_logger.yml --context kind-${CLUSTER_NAME}\n\n.PHONY: update\nupdate:\n\tcat configmap.yml | sed 's/somevalue/othervalue/' | kubectl apply -f - --context kind-${CLUSTER_NAME}\n\tcat event_logger.yml | sed 's/somevalue/othervalue/' | kubectl apply -f - --context kind-${CLUSTER_NAME}\n" }, { "path": "oryx/watcherx/integrationtest/README.md", "content": "# Integration Test for watcherx/FileWatcher\n\nAs kubernetes has a special way to change mounted config map values we want to\nmake sure our file watcher is compatible with that.\n\n## Perquisites\n\nThe versions are the ones that definitely work.\n\n- kind (v0.8.1)\n- kubectl (v1.18.5)\n- docker (v19.03.12-ce)\n- make (v4.3)\n\n## Structure\n\nThe `main.go` just logs all events it gets. It is deployed to a kind kubernetes\ncluster together with a configmap that gets updated during the test. For details\non the test steps have a look at the `Makefile`.\n\n## Running\n\nTo generate the log snapshot run `make snapshot`. That snapshot should be\ncommitted. To check if the FileWatcher works run `make check`. For debugging\npurposes single steps of the setup have descriptive make target names and can be\nrun separately. It is safe to delete the cluster at any point or rerun snapshot\ngeneration.\n" }, { "path": "oryx/watcherx/integrationtest/configmap.yml", "content": "kind: ConfigMap\napiVersion: v1\nmetadata:\n name: changing-config\ndata:\n mock-config: somevalue\n" }, { "path": "oryx/watcherx/integrationtest/event_logger.yml", "content": "kind: Pod\napiVersion: v1\nmetadata:\n name: eventlogger\n annotations:\n variant: somevalue\nspec:\n containers:\n - name: eventlogger\n image: eventlogger:latest\n imagePullPolicy: Never\n volumeMounts:\n - name: changing-config\n mountPath: /etc/config\n restartPolicy: Never\n volumes:\n - name: changing-config\n configMap:\n name: changing-config\n" }, { "path": "oryx/watcherx/integrationtest/eventlog_snapshot", "content": "watching file /etc/config/mock-config\ngot change event:\nData: othervalue,\nSrc: /etc/config/mock-config\nwatching file /etc/config/mock-config\ngot change event:\nData: othervalue,\nSrc: /etc/config/mock-config\ngot change event:\nData: somevalue,\nSrc: /etc/config/mock-config\nwatching file /etc/config/mock-config\ngot change event:\nData: othervalue,\nSrc: /etc/config/mock-config\ngot change event:\nData: somevalue,\nSrc: /etc/config/mock-config\ngot change event:\nData: othervalue,\nSrc: /etc/config/mock-config\n" }, { "path": "oryx/watcherx/integrationtest/main.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\n\t\"github.com/ory/x/watcherx\"\n)\n\nfunc main() {\n\tif len(os.Args) != 2 {\n\t\t_, _ = fmt.Fprintf(os.Stderr, \"expected 1 comand line argument but got %d\\n\", len(os.Args)-1)\n\t\tos.Exit(1)\n\t}\n\tc := make(chan watcherx.Event)\n\t_, err := watcherx.WatchFile(context.Background(), os.Args[1], c)\n\tif err != nil {\n\t\t_, _ = fmt.Fprintf(os.Stderr, \"could not initialize file watcher: %+v\\n\", err)\n\t\tos.Exit(1)\n\t}\n\tfmt.Printf(\"watching file %s\\n\", os.Args[1])\n\tfor {\n\t\tswitch e := (<-c).(type) {\n\t\tcase *watcherx.ChangeEvent:\n\t\t\tvar data []byte\n\t\t\tdata, err = io.ReadAll(e.Reader())\n\t\t\tif err != nil {\n\t\t\t\t_, _ = fmt.Fprintf(os.Stderr, \"could not read data: %+v\\n\", err)\n\t\t\t\tos.Exit(1)\n\t\t\t}\n\t\t\tfmt.Printf(\"got change event:\\nData: %s,\\nSrc: %s\\n\", data, e.Source())\n\t\tcase *watcherx.RemoveEvent:\n\t\t\tfmt.Printf(\"got remove event:\\nSrc: %s\\n\", e.Source())\n\t\tcase *watcherx.ErrorEvent:\n\t\t\tfmt.Printf(\"got error event:\\nError: %s\\n\", e.Error())\n\t\tdefault:\n\t\t\tfmt.Println(\"got unknown event\")\n\t\t}\n\t}\n}\n" }, { "path": "oryx/watcherx/test_helpers.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage watcherx\n\nimport (\n\t\"os\"\n\t\"path\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc KubernetesAtomicWrite(t *testing.T, dir, fileName, content string) {\n\t// atomic write according to https://github.com/kubernetes/kubernetes/blob/master/pkg/volume/util/atomic_writer.go\n\tconst (\n\t\tdataDirName = \"..data\"\n\t\tnewDataDirName = \"..data_tmp\"\n\t)\n\t// (2)\n\tdataDirPath := filepath.Join(dir, dataDirName)\n\toldTsDir, err := os.Readlink(dataDirPath)\n\tif err != nil {\n\t\trequire.True(t, os.IsNotExist(err), \"%+v\", err)\n\t\t// although Readlink() returns \"\" on err, don't be fragile by relying on it (since it's not specified in docs)\n\t\t// empty oldTsDir indicates that it didn't exist\n\t\toldTsDir = \"\"\n\t}\n\toldTsPath := filepath.Join(dir, oldTsDir)\n\n\t// (3) we are not interested in the case where a file gets deleted as we just operate on one file\n\t// (4) we assume the file needs an update\n\n\t// (5)\n\ttsDir, err := os.MkdirTemp(dir, time.Now().UTC().Format(\"..2006_01_02_15_04_05.\"))\n\trequire.NoError(t, err)\n\ttsDirName := filepath.Base(tsDir)\n\n\t// (6)\n\trequire.NoError(\n\t\tt,\n\t\tos.WriteFile(path.Join(tsDir, fileName), []byte(content), 0600),\n\t)\n\n\t// (7)\n\t_, err = os.Readlink(filepath.Join(dir, fileName))\n\tif err != nil && os.IsNotExist(err) {\n\t\t// The link into the data directory for this path doesn't exist; create it\n\t\trequire.NoError(\n\t\t\tt,\n\t\t\tos.Symlink(filepath.Join(dataDirName, fileName), filepath.Join(dir, fileName)),\n\t\t)\n\t}\n\n\t// (8)\n\tnewDataDirPath := filepath.Join(dir, newDataDirName)\n\trequire.NoError(\n\t\tt,\n\t\tos.Symlink(tsDirName, newDataDirPath),\n\t)\n\n\t// (9)\n\tif runtime.GOOS == \"windows\" {\n\t\trequire.NoError(t, os.Remove(dataDirPath))\n\t\trequire.NoError(t, os.Symlink(tsDirName, dataDirPath))\n\t\trequire.NoError(t, os.Remove(newDataDirPath))\n\t} else {\n\t\trequire.NoError(t, os.Rename(newDataDirPath, dataDirPath))\n\t}\n\n\t// (10) in our case there is nothing to remove\n\n\t// (11)\n\tif len(oldTsDir) > 0 {\n\t\trequire.NoError(t, os.RemoveAll(oldTsPath))\n\t}\n}\n" }, { "path": "otp/otp.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage otp\n\nimport (\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/x/randx\"\n)\n\n// Entropy sets the number of characters used for generating verification codes. This must not be\n// changed to another value as we only have 32 characters available in the SQL schema.\nconst Entropy = 32\n\nfunc New() (string, error) {\n\tcode, err := randx.RuneSequence(Entropy, randx.AlphaNum)\n\tif err != nil {\n\t\treturn \"\", errors.WithStack(err)\n\t}\n\treturn string(code), nil\n}\n" }, { "path": "package.json", "content": "{\n \"private\": true,\n \"scripts\": {\n \"openapi-generator-cli\": \"openapi-generator-cli\",\n \"wait-on\": \"wait-on\"\n },\n \"prettier\": \"ory-prettier-styles\",\n \"dependencies\": {\n \"@openapitools/openapi-generator-cli\": \"2.30.2\",\n \"yamljs\": \"0.3.0\"\n },\n \"devDependencies\": {\n \"license-checker\": \"25.0.1\",\n \"ory-prettier-styles\": \"1.3.0\",\n \"prettier\": \"3.8.1\",\n \"prettier-plugin-packagejson\": \"3.0.2\",\n \"process\": \"0.11.10\",\n \"wait-on\": \"9.0.1\"\n },\n \"overrides\": {\n \"axios\": \">=1.13.5\",\n \"glob\": \">=11.1.0\"\n }\n}\n" }, { "path": "persistence/reference.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage persistence\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/ory/kratos/x\"\n\n\t\"github.com/ory/kratos/selfservice/sessiontokenexchange\"\n\t\"github.com/ory/x/networkx\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/pop/v6\"\n\n\t\"github.com/ory/x/popx\"\n\n\t\"github.com/ory/kratos/continuity\"\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/selfservice/errorx\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n\t\"github.com/ory/kratos/session\"\n)\n\ntype Provider interface {\n\tPersister() Persister\n\tSetPersister(Persister)\n}\n\ntype Persister interface {\n\tcontinuity.Persister\n\tidentity.PrivilegedPool\n\tregistration.FlowPersister\n\tlogin.FlowPersister\n\tsettings.FlowPersister\n\tcourier.Persister\n\tsession.Persister\n\tsessiontokenexchange.Persister\n\terrorx.Persister\n\tverification.FlowPersister\n\trecovery.FlowPersister\n\tlink.RecoveryTokenPersister\n\tlink.VerificationTokenPersister\n\tcode.RecoveryCodePersister\n\tcode.VerificationCodePersister\n\tcode.RegistrationCodePersister\n\tcode.LoginCodePersister\n\n\tCleanupDatabase(context.Context, time.Duration, time.Duration, int) error\n\tClose(context.Context) error\n\tPing(context.Context) error\n\tMigrationStatus(context.Context) (popx.MigrationStatuses, error)\n\tMigrateDown(ctx context.Context, steps int) error\n\tMigrateUp(context.Context) error\n\tMigrationBox() *popx.MigrationBox\n\tGetConnection(context.Context) *pop.Connection\n\tConnection(ctx context.Context) *pop.Connection\n\tx.TransactionalPersister\n\tNetworker\n}\n\ntype Networker interface {\n\tWithNetworkID(nid uuid.UUID) Persister\n\tNetworkID(ctx context.Context) uuid.UUID\n\tDetermineNetwork(ctx context.Context) (*networkx.Network, error)\n}\n" }, { "path": "persistence/sql/.soda.yml", "content": "development:\n url: sqlite://a/b\n\nsqlite:\n url: sqlite://a/b\n\npostgres:\n url: postgres://a/b\n\nmysql:\n url: mysql://tcp(a)/b?parseTime=true&multiStatements=true\n\ncockroach:\n url: crdb://a/b\n" }, { "path": "persistence/sql/README.md", "content": "# SQL Migrations\n\nMigrations consist of one `up` and one `down` file.\nTo create these SQL migrations, copy the last migration in `./persistence/sql/migrations/sql` and change the timestamp to the current timestamp and the name to the desired name.\n\nIf some logic is different for one of the database systems, add the id after the name to the file name.\nThe content of that file will override the content of the \"general\" file for that particular DB system.\n\nExample:\n\n`20220802103909000000_courier_send_count.up.sql`\nand\n`20220802103909000000_courier_send_count.down.sql`\n\nWith for example cockroach specific behavior:\n\n`20220802103909000000_courier_send_count.cockroach.up.sql`\nand\n`20220802103909000000_courier_send_count.cockroach.down.sql`\n\nReplace `cockroach` with `mysql`, `postgres` or `sqlite` if applicable.\n\n## Old Way\n\nTo create SQL migrations, target each database individually and run\n\n```\n$ dialect=mysql # or postgres|cockroach|sqlite\n$ name=\n$ ory dev pop migration create -d=$dialect ./persistence/sql/migrations/templates $name\n$ soda generate sql -e mysql -c ./persistence/sql/.soda.yml -p ./persistence/sql/migrations/templates [name]\n$ soda generate sql -e sqlite -c ./persistence/sql/.soda.yml -p ./persistence/sql/migrations/templates [name]\n$ soda generate sql -e postgres -c ./persistence/sql/.soda.yml -p ./persistence/sql/migrations/templates [name]\n$ soda generate sql -e cockroach -c ./persistence/sql/.soda.yml -p ./persistence/sql/migrations/templates [name]\n```\n\nand remove the `sqlite` part from the newly generated file to create a SQL migrations that works with all\naforementioned databases.\n\n## Rendering Migrations\n\nBecause migrations needs to be backwards compatible, and because fizz migrations might change, we render\nfizz migrations to raw SQL statements using `make migrations-render`.\n\nThe concrete migrations being applied can be found in [`./migrations/sql`](./migrations/sql).\n" }, { "path": "persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=Identities.json", "content": "{\n \"TableName\": \"\\\"identities\\\"\",\n \"ColumnsDecl\": \"\\\"available_aal\\\", \\\"created_at\\\", \\\"external_id\\\", \\\"id\\\", \\\"metadata_admin\\\", \\\"metadata_public\\\", \\\"nid\\\", \\\"organization_id\\\", \\\"schema_id\\\", \\\"state\\\", \\\"state_changed_at\\\", \\\"traits\\\", \\\"updated_at\\\"\",\n \"Columns\": [\n \"available_aal\",\n \"created_at\",\n \"external_id\",\n \"id\",\n \"metadata_admin\",\n \"metadata_public\",\n \"nid\",\n \"organization_id\",\n \"schema_id\",\n \"state\",\n \"state_changed_at\",\n \"traits\",\n \"updated_at\"\n ],\n \"Placeholders\": \"(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\"\n}\n" }, { "path": "persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=RecoveryAddress#01.json", "content": "{\n \"TableName\": \"\\\"identity_recovery_addresses\\\"\",\n \"ColumnsDecl\": \"\\\"created_at\\\", \\\"id\\\", \\\"identity_id\\\", \\\"nid\\\", \\\"updated_at\\\", \\\"value\\\", \\\"via\\\"\",\n \"Columns\": [\n \"created_at\",\n \"id\",\n \"identity_id\",\n \"nid\",\n \"updated_at\",\n \"value\",\n \"via\"\n ],\n \"Placeholders\": \"(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?)\"\n}\n" }, { "path": "persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=RecoveryAddress.json", "content": "{\n \"TableName\": \"\\\"identity_recovery_addresses\\\"\",\n \"ColumnsDecl\": \"\\\"created_at\\\", \\\"id\\\", \\\"identity_id\\\", \\\"nid\\\", \\\"updated_at\\\", \\\"value\\\", \\\"via\\\"\",\n \"Columns\": [\n \"created_at\",\n \"id\",\n \"identity_id\",\n \"nid\",\n \"updated_at\",\n \"value\",\n \"via\"\n ],\n \"Placeholders\": \"(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?)\"\n}\n" }, { "path": "persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=cockroach.json", "content": "{\n \"TableName\": \"\\\"test_models\\\"\",\n \"ColumnsDecl\": \"\\\"created_at\\\", \\\"id\\\", \\\"int\\\", \\\"nid\\\", \\\"null_time_ptr\\\", \\\"string\\\", \\\"traits\\\", \\\"updated_at\\\"\",\n \"Columns\": [\n \"created_at\",\n \"id\",\n \"int\",\n \"nid\",\n \"null_time_ptr\",\n \"string\",\n \"traits\",\n \"updated_at\"\n ],\n \"Placeholders\": \"(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?, ?),\\n(?, gen_random_uuid(), ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?)\"\n}\n" }, { "path": "persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=testModel.json", "content": "{\n \"TableName\": \"\\\"test_models\\\"\",\n \"ColumnsDecl\": \"\\\"created_at\\\", \\\"id\\\", \\\"int\\\", \\\"nid\\\", \\\"null_time_ptr\\\", \\\"string\\\", \\\"traits\\\", \\\"updated_at\\\"\",\n \"Columns\": [\n \"created_at\",\n \"id\",\n \"int\",\n \"nid\",\n \"null_time_ptr\",\n \"string\",\n \"traits\",\n \"updated_at\"\n ],\n \"Placeholders\": \"(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?),\\n(?, ?, ?, ?, ?, ?, ?, ?)\"\n}\n" }, { "path": "persistence/sql/batch/.snapshots/Test_buildInsertQueryValues-case=testModel-case=cockroach.json", "content": "[\n \"2023-01-01T00:00:00Z\",\n \"2023-01-01T00:00:00Z\",\n \"string\",\n 42,\n null,\n {\n \"foo\": \"bar\"\n }\n]\n" }, { "path": "persistence/sql/batch/create.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage batch\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"slices\"\n\t\"sort\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/jmoiron/sqlx/reflectx\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\ntype (\n\tinsertQueryArgs struct {\n\t\tTableName string\n\t\tColumnsDecl string\n\t\tColumns []string\n\t\tPlaceholders string\n\t}\n\tquoter interface {\n\t\tQuote(key string) string\n\t}\n\tTracerConnection struct {\n\t\tTracer *otelx.Tracer\n\t\tConnection *pop.Connection\n\t}\n\n\t// PartialConflictError represents a partial conflict during [Create]. It always\n\t// wraps a [sqlcon.ErrUniqueViolation], so that the caller can either abort the\n\t// whole transaction, or handle the partial success.\n\tPartialConflictError[T any] struct {\n\t\tFailed []*T\n\t}\n)\n\nfunc (p *PartialConflictError[T]) Error() string {\n\treturn fmt.Sprintf(\"partial conflict error: %d models failed to insert\", len(p.Failed))\n}\n\nfunc (p *PartialConflictError[T]) ErrOrNil() error {\n\tif len(p.Failed) == 0 {\n\t\treturn nil\n\t}\n\treturn p\n}\n\nfunc (p *PartialConflictError[T]) Unwrap() error {\n\tif len(p.Failed) == 0 {\n\t\treturn nil\n\t}\n\treturn sqlcon.ErrUniqueViolation\n}\n\nfunc buildInsertQueryArgs[T any](ctx context.Context, models []*T, opts *createOpts) insertQueryArgs {\n\tvar (\n\t\tv T\n\t\tmodel = pop.NewModel(v, ctx)\n\n\t\tcolumns []string\n\t\tquotedColumns []string\n\t\tplaceholders []string\n\t\tplaceholderRow []string\n\t)\n\n\tfor _, col := range model.Columns().Cols {\n\t\tcolumns = append(columns, col.Name)\n\t\tplaceholderRow = append(placeholderRow, \"?\")\n\t}\n\n\t// We sort for the sole reason that the test snapshots are deterministic.\n\tsort.Strings(columns)\n\n\tfor _, col := range columns {\n\t\tquotedColumns = append(quotedColumns, opts.quoter.Quote(col))\n\t}\n\n\t// We generate a list (for every row one) of VALUE statements here that\n\t// will be substituted by their column values later:\n\t//\n\t//\t(?, ?, ?, ?),\n\t//\t(?, ?, ?, ?),\n\t//\t(?, ?, ?, ?)\n\tfor _, m := range models {\n\t\tm := reflect.ValueOf(m)\n\n\t\tpl := make([]string, len(placeholderRow))\n\t\tcopy(pl, placeholderRow)\n\n\t\t// There is a special case - when using CockroachDB we want to generate\n\t\t// UUIDs using \"gen_random_uuid()\" which ends up in a VALUE statement of:\n\t\t//\n\t\t//\t(gen_random_uuid(), ?, ?, ?),\n\t\tfor k := range placeholderRow {\n\t\t\tif columns[k] != \"id\" {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tfield := opts.mapper.FieldByName(m, columns[k])\n\t\t\tval, ok := field.Interface().(uuid.UUID)\n\t\t\tif !ok {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tif val == uuid.Nil && opts.dialect == dbal.DriverCockroachDB && !opts.partialInserts {\n\t\t\t\tpl[k] = \"gen_random_uuid()\"\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t\tplaceholders = append(placeholders, fmt.Sprintf(\"(%s)\", strings.Join(pl, \", \")))\n\t}\n\n\treturn insertQueryArgs{\n\t\tTableName: opts.quoter.Quote(model.TableName()),\n\t\tColumnsDecl: strings.Join(quotedColumns, \", \"),\n\t\tColumns: columns,\n\t\tPlaceholders: strings.Join(placeholders, \",\\n\"),\n\t}\n}\n\nfunc buildInsertQueryValues[T any](columns []string, models []*T, opts *createOpts) (values []any, err error) {\n\tfor _, m := range models {\n\t\tm := reflect.ValueOf(m)\n\n\t\tnow := opts.now()\n\t\t// Append model fields to args\n\t\tfor _, c := range columns {\n\t\t\tfield := opts.mapper.FieldByName(m, c)\n\n\t\t\tswitch c {\n\t\t\tcase \"created_at\":\n\t\t\t\tif pop.IsZeroOfUnderlyingType(field.Interface()) {\n\t\t\t\t\tfield.Set(reflect.ValueOf(now))\n\t\t\t\t}\n\t\t\tcase \"updated_at\":\n\t\t\t\tfield.Set(reflect.ValueOf(now))\n\t\t\tcase \"id\":\n\t\t\t\tif field.Interface().(uuid.UUID) != uuid.Nil {\n\t\t\t\t\tbreak // breaks switch, not for\n\t\t\t\t} else if opts.dialect == dbal.DriverCockroachDB && !opts.partialInserts {\n\t\t\t\t\t// This is a special case:\n\t\t\t\t\t// 1. We're using cockroach\n\t\t\t\t\t// 2. It's the primary key field (\"ID\")\n\t\t\t\t\t// 3. A UUID was not yet set.\n\t\t\t\t\t//\n\t\t\t\t\t// If all these conditions meet, the VALUE statement will look as such:\n\t\t\t\t\t//\n\t\t\t\t\t//\t(gen_random_uuid(), ?, ?, ?, ...)\n\t\t\t\t\t//\n\t\t\t\t\t// For that reason, we do not add the ID value to the list of arguments,\n\t\t\t\t\t// because one of the arguments is using a built-in and thus doesn't need a value.\n\t\t\t\t\tcontinue // break switch, not for\n\t\t\t\t}\n\n\t\t\t\tid, err := uuid.NewV4()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tfield.Set(reflect.ValueOf(id))\n\t\t\t}\n\n\t\t\tvalues = append(values, field.Interface())\n\n\t\t\t// Special-handling for *sqlxx.NullTime: mapper.FieldByName sets this to a zero time.Time,\n\t\t\t// but we want a nil pointer instead.\n\t\t\tif i, ok := field.Interface().(*sqlxx.NullTime); ok {\n\t\t\t\tif time.Time(*i).IsZero() {\n\t\t\t\t\tfield.Set(reflect.Zero(field.Type()))\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn values, nil\n}\n\ntype createOpts struct {\n\tpartialInserts bool\n\tdialect string\n\tmapper *reflectx.Mapper\n\tquoter quoter\n\tnow func() time.Time\n}\n\ntype CreateOpts func(*createOpts)\n\n// WithPartialInserts allows to insert only the models that do not conflict with\n// an existing record. WithPartialInserts will also generate the IDs for the\n// models before inserting them, so that the successful inserts can be correlated\n// with the input models.\n//\n// In particular, WithPartialInserts does not work with MySQL, because it does\n// not support the \"RETURNING\" clause.\n//\n// WithPartialInserts does not work with CockroachDB and gen_random_uuid(),\n// because then the successful inserts cannot be correlated with the input\n// models. Note: gen_random_uuid() will skip the UNIQUE constraint check, which\n// needs to hit all regions in a distributed setup. Therefore, WithPartialInserts\n// should not be used to insert models for only a single identity.\nvar WithPartialInserts CreateOpts = func(o *createOpts) {\n\to.partialInserts = true\n}\n\nfunc newCreateOpts(conn *pop.Connection, opts ...CreateOpts) *createOpts {\n\to := new(createOpts)\n\to.dialect = conn.Dialect.Name()\n\to.mapper = conn.TX.Mapper\n\to.quoter = conn.Dialect.(quoter)\n\to.now = func() time.Time { return time.Now().UTC().Truncate(time.Microsecond) }\n\tfor _, f := range opts {\n\t\tf(o)\n\t}\n\treturn o\n}\n\n// Create batch-inserts the given models into the database using a single INSERT\n// statement. By default, the models are either all created or none. If\n// [WithPartialInserts] is passed as an option, partial inserts are supported,\n// and the models that could not be inserted are returned in an\n// [PartialConflictError].\nfunc Create[T any](ctx context.Context, p *TracerConnection, models []*T, opts ...CreateOpts) (err error) {\n\tctx, span := p.Tracer.Tracer().Start(ctx, \"persistence.sql.batch.Create\",\n\t\ttrace.WithAttributes(attribute.Int(\"count\", len(models))))\n\tdefer otelx.End(span, &err)\n\n\tif len(models) == 0 {\n\t\treturn nil\n\t}\n\n\tvar v T\n\tmodel := pop.NewModel(v, ctx)\n\n\tconn := p.Connection\n\toptions := newCreateOpts(conn, opts...)\n\n\tqueryArgs := buildInsertQueryArgs(ctx, models, options)\n\tvalues, err := buildInsertQueryValues(queryArgs.Columns, models, options)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tvar returningClause string\n\tif conn.Dialect.Name() != dbal.DriverMySQL {\n\t\t// PostgreSQL, CockroachDB, SQLite support RETURNING.\n\t\tif options.partialInserts {\n\t\t\treturningClause = fmt.Sprintf(\"ON CONFLICT DO NOTHING RETURNING %s\", model.IDField())\n\t\t} else {\n\t\t\treturningClause = fmt.Sprintf(\"RETURNING %s\", model.IDField())\n\t\t}\n\t}\n\n\tquery := conn.Dialect.TranslateSQL(fmt.Sprintf(\n\t\t\"INSERT INTO %s (%s) VALUES\\n%s\\n%s\",\n\t\tqueryArgs.TableName,\n\t\tqueryArgs.ColumnsDecl,\n\t\tqueryArgs.Placeholders,\n\t\treturningClause,\n\t))\n\n\trows, err := conn.TX.QueryContext(ctx, query, values...)\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tdefer func() { _ = rows.Close() }()\n\n\t// MySQL, which does not support RETURNING, also does not have ON CONFLICT DO\n\t// NOTHING, meaning that MySQL will always fail the whole transaction on a single\n\t// record conflict.\n\tif conn.Dialect.Name() == dbal.DriverMySQL {\n\t\treturn nil\n\t}\n\n\tif options.partialInserts {\n\t\treturn handlePartialInserts(queryArgs, values, models, rows)\n\t} else {\n\t\treturn handleFullInserts(models, rows)\n\t}\n}\n\nfunc handleFullInserts[T any](models []*T, rows *sql.Rows) error {\n\t// Hydrate the models from the RETURNING clause.\n\tfor i := 0; rows.Next(); i++ {\n\t\tvar id uuid.UUID\n\t\tif err := rows.Scan(&id); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tif err := setModelID(id, models[i]); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tif err := rows.Err(); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\treturn nil\n}\n\nfunc handlePartialInserts[T any](queryArgs insertQueryArgs, values []any, models []*T, rows *sql.Rows) error {\n\t// Hydrate the models from the RETURNING clause.\n\tidsInDB := make(map[uuid.UUID]struct{})\n\tfor rows.Next() {\n\t\tvar id uuid.UUID\n\t\tif err := rows.Scan(&id); err != nil {\n\t\t\treturn errors.WithStack(err)\n\t\t}\n\t\tidsInDB[id] = struct{}{}\n\t}\n\tif err := rows.Err(); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\tidIdx := slices.Index(queryArgs.Columns, \"id\")\n\tif idIdx == -1 {\n\t\treturn errors.New(\"id column not found\")\n\t}\n\tvar idValues []uuid.UUID\n\tfor i := idIdx; i < len(values); i += len(queryArgs.Columns) {\n\t\tidValues = append(idValues, values[i].(uuid.UUID))\n\t}\n\n\tvar partialConflictError PartialConflictError[T]\n\tfor i, id := range idValues {\n\t\tif _, ok := idsInDB[id]; !ok {\n\t\t\tpartialConflictError.Failed = append(partialConflictError.Failed, models[i])\n\t\t} else {\n\t\t\tif err := setModelID(id, models[i]); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t}\n\n\treturn partialConflictError.ErrOrNil()\n}\n\n// setModelID sets the id field of the model to the id.\nfunc setModelID(id uuid.UUID, model any) error {\n\tel := reflect.ValueOf(model).Elem()\n\tidField := el.FieldByName(\"ID\")\n\tif !idField.IsValid() {\n\t\treturn errors.New(\"model does not have a field named id\")\n\t}\n\tidField.Set(reflect.ValueOf(id))\n\n\treturn nil\n}\n" }, { "path": "persistence/sql/batch/create_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage batch\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/jmoiron/sqlx/reflectx\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/snapshotx\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\ntype (\n\ttestModel struct {\n\t\tID uuid.UUID `db:\"id\"`\n\t\tNID uuid.UUID `db:\"nid\"`\n\t\tString string `db:\"string\"`\n\t\tInt int `db:\"int\"`\n\t\tTraits identity.Traits `db:\"traits\"`\n\t\tNullTimePtr *sqlxx.NullTime `db:\"null_time_ptr\"`\n\t\tCreatedAt time.Time `json:\"created_at\" db:\"created_at\"`\n\t\tUpdatedAt time.Time `json:\"updated_at\" db:\"updated_at\"`\n\t}\n\ttestQuoter struct{}\n)\n\nfunc (i testModel) TableName(ctx context.Context) string {\n\treturn \"test_models\"\n}\n\nfunc (tq testQuoter) Quote(s string) string { return fmt.Sprintf(\"%q\", s) }\n\nfunc makeModels[T any]() []*T {\n\tmodels := make([]*T, 10)\n\tfor k := range models {\n\t\tmodels[k] = new(T)\n\t}\n\treturn models\n}\n\nfunc Test_buildInsertQueryArgs(t *testing.T) {\n\tctx := context.Background()\n\tt.Run(\"case=testModel\", func(t *testing.T) {\n\t\tmodels := makeModels[testModel]()\n\t\topts := &createOpts{\n\t\t\tdialect: \"other\",\n\t\t\tquoter: testQuoter{},\n\t\t\tmapper: reflectx.NewMapper(\"db\")}\n\t\targs := buildInsertQueryArgs(ctx, models, opts)\n\t\tsnapshotx.SnapshotT(t, args)\n\n\t\tquery := fmt.Sprintf(\"INSERT INTO %s (%s) VALUES\\n%s\", args.TableName, args.ColumnsDecl, args.Placeholders)\n\t\tassert.Equal(t, `INSERT INTO \"test_models\" (\"created_at\", \"id\", \"int\", \"nid\", \"null_time_ptr\", \"string\", \"traits\", \"updated_at\") VALUES\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?)`, query)\n\t})\n\n\tt.Run(\"case=Identities\", func(t *testing.T) {\n\t\tmodels := makeModels[identity.Identity]()\n\t\topts := &createOpts{\n\t\t\tdialect: \"other\",\n\t\t\tquoter: testQuoter{},\n\t\t\tmapper: reflectx.NewMapper(\"db\")}\n\t\targs := buildInsertQueryArgs(ctx, models, opts)\n\t\tsnapshotx.SnapshotT(t, args)\n\t})\n\n\tt.Run(\"case=RecoveryAddress\", func(t *testing.T) {\n\t\tmodels := makeModels[identity.RecoveryAddress]()\n\t\topts := &createOpts{\n\t\t\tdialect: \"other\",\n\t\t\tquoter: testQuoter{},\n\t\t\tmapper: reflectx.NewMapper(\"db\")}\n\t\targs := buildInsertQueryArgs(ctx, models, opts)\n\t\tsnapshotx.SnapshotT(t, args)\n\t})\n\n\tt.Run(\"case=RecoveryAddress\", func(t *testing.T) {\n\t\tmodels := makeModels[identity.RecoveryAddress]()\n\t\topts := &createOpts{\n\t\t\tdialect: \"other\",\n\t\t\tquoter: testQuoter{},\n\t\t\tmapper: reflectx.NewMapper(\"db\")}\n\t\targs := buildInsertQueryArgs(ctx, models, opts)\n\t\tsnapshotx.SnapshotT(t, args)\n\t})\n\n\tt.Run(\"case=cockroach\", func(t *testing.T) {\n\t\tmodels := makeModels[testModel]()\n\t\tfor k := range models {\n\t\t\tif k%3 == 0 {\n\t\t\t\tmodels[k].ID = uuid.FromStringOrNil(fmt.Sprintf(\"ae0125a9-2786-4ada-82d2-d169cf75047%d\", k))\n\t\t\t}\n\t\t}\n\t\topts := &createOpts{\n\t\t\tdialect: dbal.DriverCockroachDB,\n\t\t\tquoter: testQuoter{},\n\t\t\tmapper: reflectx.NewMapper(\"db\")}\n\t\targs := buildInsertQueryArgs(ctx, models, opts)\n\t\tsnapshotx.SnapshotT(t, args)\n\t})\n}\n\nfunc Test_buildInsertQueryValues(t *testing.T) {\n\tt.Run(\"case=testModel\", func(t *testing.T) {\n\t\tmodel := &testModel{\n\t\t\tString: \"string\",\n\t\t\tInt: 42,\n\t\t\tTraits: []byte(`{\"foo\": \"bar\"}`),\n\t\t}\n\n\t\tfrozenTime := time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC)\n\t\topts := &createOpts{\n\t\t\tmapper: reflectx.NewMapper(\"db\"),\n\t\t\tquoter: testQuoter{},\n\t\t\tnow: func() time.Time { return frozenTime },\n\t\t}\n\n\t\tt.Run(\"case=cockroach\", func(t *testing.T) {\n\t\t\topts.dialect = dbal.DriverCockroachDB\n\t\t\tvalues, err := buildInsertQueryValues(\n\t\t\t\t[]string{\"created_at\", \"updated_at\", \"id\", \"string\", \"int\", \"null_time_ptr\", \"traits\"},\n\t\t\t\t[]*testModel{model},\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\t\t\tsnapshotx.SnapshotT(t, values)\n\t\t})\n\n\t\tt.Run(\"case=others\", func(t *testing.T) {\n\t\t\topts.dialect = \"other\"\n\t\t\tvalues, err := buildInsertQueryValues(\n\t\t\t\t[]string{\"created_at\", \"updated_at\", \"id\", \"string\", \"int\", \"null_time_ptr\", \"traits\"},\n\t\t\t\t[]*testModel{model},\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tassert.Equal(t, frozenTime, model.CreatedAt)\n\t\t\tassert.Equal(t, model.CreatedAt, values[0])\n\n\t\t\tassert.Equal(t, frozenTime, model.UpdatedAt)\n\t\t\tassert.Equal(t, model.UpdatedAt, values[1])\n\n\t\t\tassert.NotZero(t, model.ID)\n\t\t\tassert.Equal(t, model.ID, values[2])\n\n\t\t\tassert.Equal(t, model.String, values[3])\n\t\t\tassert.Equal(t, model.Int, values[4])\n\n\t\t\tassert.Nil(t, model.NullTimePtr)\n\n\t\t})\n\t})\n}\n" }, { "path": "persistence/sql/batch/test_persister.go", "content": "// Copyright © 2024 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage batch\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"testing\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nfunc TestPersister(ctx context.Context, tracer *otelx.Tracer, p persistence.Persister) func(t *testing.T) {\n\treturn func(t *testing.T) {\n\t\tt.Run(\"method=batch.Create\", func(t *testing.T) {\n\t\t\tident1 := identity.NewIdentity(\"\")\n\t\t\tident1.NID = p.NetworkID(ctx)\n\t\t\tident2 := identity.NewIdentity(\"\")\n\t\t\tident2.NID = p.NetworkID(ctx)\n\n\t\t\t// Create two identities\n\t\t\t_ = p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\t\t\tconn := &TracerConnection{\n\t\t\t\t\tTracer: tracer,\n\t\t\t\t\tConnection: tx,\n\t\t\t\t}\n\n\t\t\t\terr := Create(ctx, conn, []*identity.Identity{ident1, ident2})\n\t\t\t\trequire.NoError(t, err)\n\n\t\t\t\treturn nil\n\t\t\t})\n\n\t\t\trequire.NotEqual(t, uuid.Nil, ident1.ID)\n\t\t\trequire.NotEqual(t, uuid.Nil, ident2.ID)\n\n\t\t\t// Create conflicting verifiable addresses\n\t\t\taddresses := []*identity.VerifiableAddress{{\n\t\t\t\tValue: \"foo.1@bar.de\",\n\t\t\t\tIdentityID: ident1.ID,\n\t\t\t\tNID: ident1.NID,\n\t\t\t}, {\n\t\t\t\tValue: \"foo.2@bar.de\",\n\t\t\t\tIdentityID: ident1.ID,\n\t\t\t\tNID: ident1.NID,\n\t\t\t}, {\n\t\t\t\tValue: \"conflict@bar.de\",\n\t\t\t\tIdentityID: ident1.ID,\n\t\t\t\tNID: ident1.NID,\n\t\t\t}, {\n\t\t\t\tValue: \"foo.3@bar.de\",\n\t\t\t\tIdentityID: ident1.ID,\n\t\t\t\tNID: ident1.NID,\n\t\t\t}, {\n\t\t\t\tValue: \"conflict@bar.de\",\n\t\t\t\tIdentityID: ident1.ID,\n\t\t\t\tNID: ident1.NID,\n\t\t\t}, {\n\t\t\t\tValue: \"foo.4@bar.de\",\n\t\t\t\tIdentityID: ident1.ID,\n\t\t\t\tNID: ident1.NID,\n\t\t\t}}\n\n\t\t\tt.Run(\"case=fails all without partial inserts\", func(t *testing.T) {\n\t\t\t\t_ = p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\t\t\t\tconn := &TracerConnection{\n\t\t\t\t\t\tTracer: tracer,\n\t\t\t\t\t\tConnection: tx,\n\t\t\t\t\t}\n\t\t\t\t\terr := Create(ctx, conn, addresses)\n\t\t\t\t\tassert.ErrorIs(t, err, sqlcon.ErrUniqueViolation)\n\t\t\t\t\tif partial := new(PartialConflictError[identity.VerifiableAddress]); errors.As(err, &partial) {\n\t\t\t\t\t\trequire.NoError(t, partial, \"expected no partial error\")\n\t\t\t\t\t}\n\t\t\t\t\treturn err\n\t\t\t\t})\n\t\t\t})\n\n\t\t\tt.Run(\"case=return partial error with partial inserts\", func(t *testing.T) {\n\t\t\t\t_ = p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\t\t\t\tconn := &TracerConnection{\n\t\t\t\t\t\tTracer: tracer,\n\t\t\t\t\t\tConnection: tx,\n\t\t\t\t\t}\n\n\t\t\t\t\terr := Create(ctx, conn, addresses, WithPartialInserts)\n\t\t\t\t\tassert.ErrorIs(t, err, sqlcon.ErrUniqueViolation)\n\n\t\t\t\t\tif conn.Connection.Dialect.Name() != dbal.DriverMySQL {\n\t\t\t\t\t\t// MySQL does not support partial errors.\n\t\t\t\t\t\tpartialErr := new(PartialConflictError[identity.VerifiableAddress])\n\t\t\t\t\t\trequire.ErrorAs(t, err, &partialErr)\n\t\t\t\t\t\tassert.Len(t, partialErr.Failed, 1)\n\t\t\t\t\t}\n\n\t\t\t\t\treturn nil\n\t\t\t\t})\n\t\t\t})\n\t\t})\n\t}\n}\n" }, { "path": "persistence/sql/devices/persister_devices.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage devices\n\nimport (\n\t\"context\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/popx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nvar _ session.DevicePersister = (*DevicePersister)(nil)\n\ntype DevicePersister struct {\n\tctxer contextx.Provider\n\tc *pop.Connection\n\tnid uuid.UUID\n}\n\nfunc NewPersister(r contextx.Provider, c *pop.Connection) *DevicePersister {\n\treturn &DevicePersister{\n\t\tctxer: r,\n\t\tc: c,\n\t}\n}\n\nfunc (p *DevicePersister) NetworkID(ctx context.Context) uuid.UUID {\n\treturn p.ctxer.Contextualizer().Network(ctx, p.nid)\n}\n\nfunc (p DevicePersister) WithNetworkID(nid uuid.UUID) session.DevicePersister {\n\tp.nid = nid\n\treturn &p\n}\n\nfunc (p *DevicePersister) CreateDevice(ctx context.Context, d *session.Device) error {\n\td.NID = p.NetworkID(ctx)\n\treturn sqlcon.HandleError(popx.GetConnection(ctx, p.c.WithContext(ctx)).Create(d))\n}\n" }, { "path": "persistence/sql/identity/persister_identity.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage identity\n\nimport (\n\t\"cmp\"\n\t\"context\"\n\t\"database/sql\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"maps\"\n\t\"sort\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/otp\"\n\t\"github.com/ory/kratos/persistence/sql/batch\"\n\t\"github.com/ory/kratos/persistence/sql/update\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/kratos/x/events\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/crdbx\"\n\t\"github.com/ory/x/errorsx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/pagination/keysetpagination\"\n\t\"github.com/ory/x/popx\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/sqlxx\"\n)\n\nvar (\n\t_ identity.Pool = new(IdentityPersister)\n\t_ identity.PrivilegedPool = new(IdentityPersister)\n)\n\ntype dependencies interface {\n\tschema.IdentitySchemaProvider\n\tidentity.ValidationProvider\n\tlogrusx.Provider\n\tconfig.Provider\n\tcontextx.Provider\n\totelx.Provider\n}\n\ntype IdentityPersister struct {\n\tr dependencies\n\tc *pop.Connection\n\tnid uuid.UUID\n}\n\nfunc NewPersister(r dependencies, c *pop.Connection) *IdentityPersister {\n\treturn &IdentityPersister{\n\t\tc: c,\n\t\tr: r,\n\t}\n}\n\nfunc (p *IdentityPersister) NetworkID(ctx context.Context) uuid.UUID {\n\treturn p.r.Contextualizer().Network(ctx, p.nid)\n}\n\nfunc (p IdentityPersister) WithNetworkID(nid uuid.UUID) identity.PrivilegedPool {\n\tp.nid = nid\n\treturn &p\n}\n\nfunc WithTransaction(ctx context.Context, tx *pop.Connection) context.Context {\n\treturn popx.WithTransaction(ctx, tx)\n}\n\nfunc (p *IdentityPersister) Transaction(ctx context.Context, callback func(ctx context.Context, connection *pop.Connection) error) error {\n\treturn popx.Transaction(ctx, p.c.WithContext(ctx), callback)\n}\n\nfunc (p *IdentityPersister) GetConnection(ctx context.Context) *pop.Connection {\n\treturn popx.GetConnection(ctx, p.c.WithContext(ctx))\n}\n\nfunc (p *IdentityPersister) ListVerifiableAddresses(ctx context.Context, page, itemsPerPage int) (a []identity.VerifiableAddress, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ListVerifiableAddresses\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Int(\"per_page\", itemsPerPage),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tif err := p.GetConnection(ctx).Where(\"nid = ?\", p.NetworkID(ctx)).Order(\"id DESC\").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn a, nil\n}\n\nfunc (p *IdentityPersister) ListRecoveryAddresses(ctx context.Context, page, itemsPerPage int) (a []identity.RecoveryAddress, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ListRecoveryAddresses\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Int(\"per_page\", itemsPerPage),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tif err := p.GetConnection(ctx).Where(\"nid = ?\", p.NetworkID(ctx)).Order(\"id DESC\").Paginate(page, x.MaxItemsPerPage(itemsPerPage)).All(&a); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn a, nil\n}\n\nfunc stringToLowerTrim(match string) string {\n\treturn strings.ToLower(strings.TrimSpace(match))\n}\n\nfunc NormalizeIdentifier(ct identity.CredentialsType, match string) string {\n\tswitch ct {\n\tcase identity.CredentialsTypeLookup:\n\t\t// lookup credentials are case-sensitive\n\t\treturn match\n\tcase identity.CredentialsTypeTOTP:\n\t\t// totp credentials are case-sensitive\n\t\treturn match\n\tcase identity.CredentialsTypeOIDC, identity.CredentialsTypeSAML:\n\t\t// OIDC credentials are case-sensitive\n\t\treturn match\n\tcase identity.CredentialsTypePassword, identity.CredentialsTypeCodeAuth, identity.CredentialsTypeWebAuthn:\n\t\treturn stringToLowerTrim(match)\n\tdefault:\n\t\treturn match\n\t}\n}\n\nfunc (p *IdentityPersister) FindIdentityByCredentialIdentifier(ctx context.Context, identifier string, caseSensitive bool, expand identity.Expandables) (_ *identity.Identity, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FindIdentityByCredentialIdentifier\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tvar find struct {\n\t\tIdentityID uuid.UUID `db:\"identity_id\"`\n\t}\n\n\tif !caseSensitive {\n\t\tidentifier = NormalizeIdentifier(identity.CredentialsTypePassword, identifier)\n\t}\n\n\tnid := p.NetworkID(ctx)\n\tif err := p.GetConnection(ctx).RawQuery(`\nSELECT ic.identity_id\nFROM identity_credentials ic\nINNER JOIN identity_credential_identifiers ici\n\tON ic.id = ici.identity_credential_id\nWHERE ici.identifier = ?\nAND ic.nid = ?\nAND ici.nid = ?\nLIMIT 1`,\n\t\tidentifier,\n\t\tnid,\n\t\tnid,\n\t).First(&find); err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, sqlcon.HandleError(err)\n\t\t}\n\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn p.GetIdentity(ctx, find.IdentityID, expand)\n}\n\nfunc (p *IdentityPersister) FindByCredentialsIdentifier(ctx context.Context, ct identity.CredentialsType, match string) (_ *identity.Identity, _ *identity.Credentials, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FindByCredentialsIdentifier\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tnid := p.NetworkID(ctx)\n\n\tvar find struct {\n\t\tIdentityID uuid.UUID `db:\"identity_id\"`\n\t}\n\n\t// Force case-insensitivity and trimming for identifiers\n\tmatch = NormalizeIdentifier(ct, match)\n\n\t// Fast path: if the credential type ID is a known constant, skip the join with\n\t// identity_credential_types. In the rare case the constant is stale (old\n\t// self-hosted deployments where IDs were dynamic), the query returns no rows and\n\t// we fall through to the join-based query below.\n\tvar found bool\n\tif typeID, ok := identity.ConstantCredentialsTypeToId[ct]; ok {\n\t\tif err := p.GetConnection(ctx).RawQuery(`\n\t\t\tSELECT\n\t\t\t\tic.identity_id\n\t\t\tFROM identity_credentials ic\n\t\t\t\t\tINNER JOIN identity_credential_identifiers ici\n\t\t\t\t\t\tON ic.id = ici.identity_credential_id AND ici.identity_credential_type_id = ?\n\t\t\tWHERE ici.identifier = ?\n\t\t\tAND ic.nid = ?\n\t\t\tAND ici.nid = ?\n\t\t\tLIMIT 1`, // pop doesn't understand how to add a limit clause to this query\n\t\t\ttypeID,\n\t\t\tmatch,\n\t\t\tnid,\n\t\t\tnid,\n\t\t).First(&find); err == nil {\n\t\t\tfound = true\n\t\t}\n\t}\n\n\tif !found {\n\t\tif err := p.GetConnection(ctx).RawQuery(`\n\t\t\tSELECT\n\t\t\t\tic.identity_id\n\t\t\tFROM identity_credentials ic\n\t\t\t\t\tINNER JOIN identity_credential_types ict\n\t\t\t\t\t\tON ic.identity_credential_type_id = ict.id\n\t\t\t\t\tINNER JOIN identity_credential_identifiers ici\n\t\t\t\t\t\tON ic.id = ici.identity_credential_id AND ici.identity_credential_type_id = ict.id\n\t\t\tWHERE ici.identifier = ?\n\t\t\tAND ic.nid = ?\n\t\t\tAND ici.nid = ?\n\t\t\tAND ict.name = ?\n\t\t\tLIMIT 1`, // pop doesn't understand how to add a limit clause to this query\n\t\t\tmatch,\n\t\t\tnid,\n\t\t\tnid,\n\t\t\tct,\n\t\t).First(&find); err != nil {\n\t\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\t\treturn nil, nil, sqlcon.HandleError(err) // herodot.ErrNotFound.WithTrace(err).WithReasonf(`No identity matching credentials identifier \"%s\" could be found.`, match)\n\t\t\t}\n\n\t\t\treturn nil, nil, sqlcon.HandleError(err)\n\t\t}\n\t}\n\n\tspan.SetAttributes(attribute.String(\"identity.id\", find.IdentityID.String()))\n\n\ti, err := p.GetIdentityConfidential(ctx, find.IdentityID)\n\tif err != nil {\n\t\treturn nil, nil, err\n\t}\n\n\tcreds, ok := i.GetCredentials(ct)\n\tif !ok {\n\t\treturn nil, nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"The SQL adapter failed to return the appropriate credentials_type \\\"%s\\\". This is a bug in the code.\", ct))\n\t}\n\n\treturn i, creds, nil\n}\n\nfunc (p *IdentityPersister) FindIdentityByWebauthnUserHandle(ctx context.Context, userHandle []byte) (_ *identity.Identity, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FindIdentityByWebauthnUserHandle\")\n\tdefer otelx.End(span, &err)\n\n\tvar id identity.Identity\n\n\tvar jsonPath string\n\tcon := p.GetConnection(ctx)\n\tswitch con.Dialect.Name() {\n\tcase \"sqlite\", \"mysql\":\n\t\tjsonPath = \"$.user_handle\"\n\tdefault:\n\t\tjsonPath = \"user_handle\"\n\t}\n\n\tcolumns := popx.DBColumns[identity.Identity](&popx.AliasQuoter{Alias: \"identities\", Quoter: con.Dialect})\n\n\tif err := con.RawQuery(fmt.Sprintf(`\nSELECT %s\nFROM identities\nINNER JOIN identity_credentials\n ON identities.id = identity_credentials.identity_id\n AND identities.nid = identity_credentials.nid\n AND identity_credentials.identity_credential_type_id = (\n SELECT id\n FROM identity_credential_types\n WHERE name = ?\n )\nWHERE identity_credentials.config ->> '%s' = ? AND identity_credentials.config ->> '%s' IS NOT NULL\n AND identities.nid = ?\nLIMIT 1`, columns,\n\t\tjsonPath, jsonPath),\n\t\tidentity.CredentialsTypeWebAuthn,\n\t\tbase64.StdEncoding.EncodeToString(userHandle),\n\t\tp.NetworkID(ctx),\n\t).First(&id); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &id, nil\n}\n\nfunc (p *IdentityPersister) createIdentityCredentials(ctx context.Context, identities ...*identity.Identity) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.createIdentityCredentials\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Int(\"num_identities\", len(identities)),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tvar (\n\t\tnid = p.NetworkID(ctx)\n\t\ttraceConn = &batch.TracerConnection{Tracer: p.r.Tracer(ctx), Connection: p.GetConnection(ctx)}\n\t\tcredentials []*identity.Credentials\n\t\tidentifiers []*identity.CredentialIdentifier\n\t)\n\n\tvar opts []batch.CreateOpts\n\tif len(identities) > 1 {\n\t\topts = append(opts, batch.WithPartialInserts)\n\t}\n\n\tfor _, ident := range identities {\n\t\tfor k := range ident.Credentials {\n\t\t\tcred := ident.Credentials[k]\n\n\t\t\tif len(cred.Config) == 0 {\n\t\t\t\tcred.Config = sqlxx.JSONRawMessage(\"{}\")\n\t\t\t}\n\n\t\t\tct, err := FindIdentityCredentialsTypeByName(p.GetConnection(ctx), cred.Type)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tcred.ID, err = uuid.NewV4()\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tcred.IdentityID = ident.ID\n\t\t\tcred.NID = nid\n\t\t\tcred.IdentityCredentialTypeID = ct\n\t\t\tcredentials = append(credentials, &cred)\n\n\t\t\tident.Credentials[k] = cred\n\t\t}\n\t}\n\tif err = batch.Create(ctx, traceConn, credentials, opts...); err != nil {\n\t\treturn err\n\t}\n\n\tfor _, cred := range credentials {\n\t\tfor _, identifier := range cred.Identifiers {\n\t\t\t// Force case-insensitivity and trimming for identifiers\n\t\t\tidentifier = NormalizeIdentifier(cred.Type, identifier)\n\n\t\t\tif identifier == \"\" {\n\t\t\t\treturn errors.WithStack(herodot.ErrMisconfiguration.WithReasonf(\n\t\t\t\t\t\"Unable to create identity credentials with missing or empty identifier.\"))\n\t\t\t}\n\n\t\t\tct, err := FindIdentityCredentialsTypeByName(p.GetConnection(ctx), cred.Type)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tidentifiers = append(identifiers, &identity.CredentialIdentifier{\n\t\t\t\tIdentifier: identifier,\n\t\t\t\tIdentityID: new(cred.IdentityID),\n\t\t\t\tIdentityCredentialsID: cred.ID,\n\t\t\t\tIdentityCredentialsTypeID: ct,\n\t\t\t\tNID: p.NetworkID(ctx),\n\t\t\t})\n\t\t}\n\t}\n\n\tif err = batch.Create(ctx, traceConn, identifiers, opts...); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (p *IdentityPersister) createVerifiableAddresses(ctx context.Context, conn *pop.Connection, identities ...*identity.Identity) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.createVerifiableAddresses\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Int(\"num_identities\", len(identities)),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\twork := make([]*identity.VerifiableAddress, 0, len(identities))\n\tfor _, id := range identities {\n\t\tfor i := range id.VerifiableAddresses {\n\t\t\twork = append(work, &id.VerifiableAddresses[i])\n\t\t}\n\t}\n\tvar opts []batch.CreateOpts\n\tif len(identities) > 1 {\n\t\topts = append(opts, batch.WithPartialInserts)\n\t}\n\n\treturn batch.Create(ctx, &batch.TracerConnection{Tracer: p.r.Tracer(ctx), Connection: conn}, work, opts...)\n}\n\ntype differ interface {\n\tSignature() string\n\tGetID() uuid.UUID\n}\n\nfunc updateAssociationWith[T differ](ctx context.Context, p *IdentityPersister, fromDatabase, updateTo []T,\n) (result []T, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.updateAssociationWith\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\ttoKeep, toCreate, toRemoveIDs := diffAssociations(fromDatabase, updateTo)\n\n\t// Subtle: we delete the old associations from the DB first, because else\n\t// they could cause UNIQUE constraints to fail on insert.\n\t// Foreign key cascade will take care of deleting dependent records.\n\tif len(toRemoveIDs) > 0 {\n\t\tif err := p.GetConnection(ctx).Where(\"id IN (?)\", toRemoveIDs).Where(\"nid = ?\", p.NetworkID(ctx)).Delete(new(T)); err != nil {\n\t\t\treturn nil, sqlcon.HandleError(err)\n\t\t}\n\t}\n\n\tif len(toCreate) > 0 {\n\t\tif err := batch.Create(ctx,\n\t\t\t&batch.TracerConnection{\n\t\t\t\tTracer: p.r.Tracer(ctx),\n\t\t\t\tConnection: p.GetConnection(ctx),\n\t\t\t},\n\t\t\ttoCreate,\n\t\t); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tresult = make([]T, 0, len(toKeep)+len(toCreate))\n\tfor _, v := range toKeep {\n\t\tresult = append(result, *v)\n\t}\n\tfor _, v := range toCreate {\n\t\tresult = append(result, *v)\n\t}\n\n\treturn result, nil\n}\n\nfunc updateAssociation[T differ](ctx context.Context, p *IdentityPersister, i *identity.Identity, inID []T,\n) (result []T, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.updateAssociation\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", i.ID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tvar inDB []T\n\tif err := p.GetConnection(ctx).\n\t\tWhere(\"identity_id = ? AND nid = ?\", i.ID, p.NetworkID(ctx)).\n\t\tAll(&inDB); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn updateAssociationWith(ctx, p, inDB, inID)\n}\n\nfunc (p *IdentityPersister) updateCredentialsAssociation(ctx context.Context, identityID uuid.UUID, fromDatabase []identity.Credentials, updateTo []identity.Credentials) (result map[identity.CredentialsType]identity.Credentials, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.updateCredentialsAssociation\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", identityID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tnid := p.NetworkID(ctx)\n\n\t// Normalize new credentials by ensuring IdentityID, NID, and identifiers are set before hashing\n\tfor i := range updateTo {\n\t\tupdateTo[i].IdentityID = identityID\n\t\tupdateTo[i].NID = nid\n\t\t// Normalize identifiers to match what's stored in the database (make a copy to avoid modifying original)\n\t\tnormalizedIdentifiers := make([]string, len(updateTo[i].Identifiers))\n\t\tfor j, identifier := range updateTo[i].Identifiers {\n\t\t\tnormalizedIdentifiers[j] = NormalizeIdentifier(updateTo[i].Type, identifier)\n\t\t}\n\t\tupdateTo[i].Identifiers = normalizedIdentifiers\n\t}\n\n\tcredsToKeep, newCreds, credsToDeleteIDs := diffAssociations(fromDatabase, updateTo)\n\n\tif len(credsToDeleteIDs) > 0 {\n\t\t// Delete the credential and its identifiers.\n\t\tconn := p.GetConnection(ctx)\n\t\tq := \"DELETE FROM identity_credentials WHERE nid = ? AND id IN (?)\"\n\t\tif conn.Dialect.Name() == \"cockroach\" {\n\t\t\tq = \"DELETE FROM identity_credentials@primary WHERE nid = ? AND id IN (?)\"\n\t\t}\n\t\tif err := conn.RawQuery(q, nid, credsToDeleteIDs).Exec(); err != nil {\n\t\t\treturn nil, sqlcon.HandleError(err)\n\t\t}\n\t}\n\n\t// Create new credentials that aren't already in the database\n\tcredsToCreate := make(map[identity.CredentialsType]identity.Credentials, len(newCreds))\n\tfor _, c := range newCreds {\n\t\tcredsToCreate[c.Type] = *c\n\t}\n\n\tif len(credsToCreate) > 0 {\n\t\tif err := p.createIdentityCredentials(ctx, &identity.Identity{\n\t\t\tID: identityID,\n\t\t\tCredentials: credsToCreate,\n\t\t}); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tresult = make(map[identity.CredentialsType]identity.Credentials, len(credsToKeep)+len(credsToCreate))\n\tfor _, c := range credsToKeep {\n\t\tresult[c.Type] = *c\n\t}\n\tmaps.Copy(result, credsToCreate)\n\n\treturn result, nil\n}\n\nfunc diffAssociations[T differ](fromDatabase, updateTo []T) (unchanged, toCreate []*T, toRemoveIDs []uuid.UUID) {\n\tnewAssocs := make(map[string]*T, len(updateTo))\n\toldAssocs := make(map[string]*T, len(fromDatabase))\n\tfor i, a := range updateTo {\n\t\tnewAssocs[a.Signature()] = &updateTo[i]\n\t}\n\tfor i, a := range fromDatabase {\n\t\toldAssocs[a.Signature()] = &fromDatabase[i]\n\t}\n\n\ttoRemoveIDs = make([]uuid.UUID, 0, len(fromDatabase))\n\ttoCreate = make([]*T, 0, len(updateTo))\n\tunchanged = make([]*T, 0, len(updateTo))\n\n\tfor h, a := range oldAssocs {\n\t\tif _, found := newAssocs[h]; found {\n\t\t\tdelete(newAssocs, h)\n\t\t\tunchanged = append(unchanged, a)\n\t\t} else {\n\t\t\ttoRemoveIDs = append(toRemoveIDs, (*a).GetID())\n\t\t}\n\t}\n\n\tfor _, a := range newAssocs {\n\t\ttoCreate = append(toCreate, a)\n\t}\n\n\treturn\n}\n\nfunc (p *IdentityPersister) normalizeAllAddressess(ctx context.Context, identities ...*identity.Identity) {\n\tfor _, id := range identities {\n\t\tp.normalizeRecoveryAddresses(ctx, id)\n\t\tp.normalizeVerifiableAddresses(ctx, id)\n\t}\n}\n\nfunc (p *IdentityPersister) normalizeVerifiableAddresses(ctx context.Context, id *identity.Identity) {\n\tfor k := range id.VerifiableAddresses {\n\t\tv := id.VerifiableAddresses[k]\n\n\t\tv.IdentityID = id.ID\n\t\tv.NID = p.NetworkID(ctx)\n\t\tv.Value = stringToLowerTrim(v.Value)\n\t\tv.Via = cmp.Or(v.Via, identity.AddressTypeEmail)\n\t\tif len(v.Status) == 0 {\n\t\t\tif v.Verified {\n\t\t\t\tv.Status = identity.VerifiableAddressStatusCompleted\n\t\t\t} else {\n\t\t\t\tv.Status = identity.VerifiableAddressStatusPending\n\t\t\t}\n\t\t}\n\n\t\t// If verified is true but no timestamp is set, we default to time.Now\n\t\tif v.Verified && (v.VerifiedAt == nil || time.Time(*v.VerifiedAt).IsZero()) {\n\t\t\tv.VerifiedAt = new(sqlxx.NullTime(time.Now()))\n\t\t}\n\t\tif !v.Verified {\n\t\t\tv.VerifiedAt = nil\n\t\t}\n\n\t\tid.VerifiableAddresses[k] = v\n\t}\n}\n\nfunc (p *IdentityPersister) normalizeRecoveryAddresses(ctx context.Context, id *identity.Identity) {\n\tfor k := range id.RecoveryAddresses {\n\t\tid.RecoveryAddresses[k].IdentityID = id.ID\n\t\tid.RecoveryAddresses[k].NID = p.NetworkID(ctx)\n\t\tid.RecoveryAddresses[k].Value = stringToLowerTrim(id.RecoveryAddresses[k].Value)\n\t\tid.RecoveryAddresses[k].Via = cmp.Or(id.RecoveryAddresses[k].Via, identity.AddressTypeEmail)\n\t}\n}\n\nfunc (p *IdentityPersister) createRecoveryAddresses(ctx context.Context, conn *pop.Connection, identities ...*identity.Identity) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.createRecoveryAddresses\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Int(\"num_identities\", len(identities)),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\t// https://go.dev/play/p/b1kU5Bme2Fr\n\twork := make([]*identity.RecoveryAddress, 0, len(identities))\n\tfor _, id := range identities {\n\t\tfor i := range id.RecoveryAddresses {\n\t\t\twork = append(work, &id.RecoveryAddresses[i])\n\t\t}\n\t}\n\n\tvar opts []batch.CreateOpts\n\tif len(identities) > 1 {\n\t\topts = append(opts, batch.WithPartialInserts)\n\t}\n\n\treturn batch.Create(ctx, &batch.TracerConnection{Tracer: p.r.Tracer(ctx), Connection: conn}, work, opts...)\n}\n\nfunc (p *IdentityPersister) CountIdentities(ctx context.Context) (n int64, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CountIdentities\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tcount, err := p.c.WithContext(ctx).Where(\"nid = ?\", p.NetworkID(ctx)).Count(new(identity.Identity))\n\tif err != nil {\n\t\treturn 0, sqlcon.HandleError(err)\n\t}\n\tspan.SetAttributes(attribute.Int(\"num_identities\", count))\n\treturn int64(count), nil\n}\n\nfunc (p *IdentityPersister) CreateIdentity(ctx context.Context, ident *identity.Identity) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateIdentity\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\treturn p.CreateIdentities(ctx, ident)\n}\n\nfunc (p *IdentityPersister) CreateIdentities(ctx context.Context, identities ...*identity.Identity) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateIdentities\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Int(\"identities.count\", len(identities)),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tfor _, ident := range identities {\n\t\tident.NID = p.NetworkID(ctx)\n\n\t\tif ident.SchemaID == \"\" {\n\t\t\tident.SchemaID = p.r.Config().DefaultIdentityTraitsSchemaID(ctx)\n\t\t}\n\n\t\tstateChangedAt := sqlxx.NullTime(time.Now())\n\t\tident.StateChangedAt = &stateChangedAt\n\t\tif ident.State == \"\" {\n\t\t\tident.State = identity.StateActive\n\t\t}\n\n\t\tif len(ident.Traits) == 0 {\n\t\t\tident.Traits = identity.Traits(\"{}\")\n\t\t}\n\n\t\tif err = p.InjectTraitsSchemaURL(ctx, ident); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif err = p.validateIdentity(ctx, ident); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tvar succeededIDs []uuid.UUID\n\tvar partialErr *identity.CreateIdentitiesError\n\tif err := p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\tconn := &batch.TracerConnection{\n\t\t\tTracer: p.r.Tracer(ctx),\n\t\t\tConnection: tx,\n\t\t}\n\n\t\tsucceededIDs = make([]uuid.UUID, 0, len(identities))\n\t\tfailedIdentityIDs := make(map[uuid.UUID]struct{ created bool })\n\t\tpartialErr = nil\n\t\tcreatedIdentities := make([]*identity.Identity, 0, len(identities))\n\n\t\tvar opts []batch.CreateOpts\n\t\tif len(identities) > 1 {\n\t\t\topts = append(opts, batch.WithPartialInserts)\n\t\t}\n\t\tif err := batch.Create(ctx, conn, identities, opts...); err != nil {\n\t\t\tif partialErr := new(batch.PartialConflictError[identity.Identity]); errors.As(err, &partialErr) {\n\t\t\t\tfor _, k := range partialErr.Failed {\n\t\t\t\t\tfailedIdentityIDs[k.ID] = struct{ created bool }{false}\n\t\t\t\t}\n\n\t\t\t\t// Mark all created identities that were not in the failed list as created.\n\t\t\t\tfor _, ident := range identities {\n\t\t\t\t\tif _, ok := failedIdentityIDs[ident.ID]; !ok {\n\t\t\t\t\t\tcreatedIdentities = append(createdIdentities, ident)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t} else {\n\t\t\t// If no errors occurred, we can safely assume all identities were created.\n\t\t\tcreatedIdentities = identities\n\t\t}\n\n\t\tp.normalizeAllAddressess(ctx, createdIdentities...)\n\n\t\tif err = p.createVerifiableAddresses(ctx, tx, createdIdentities...); err != nil {\n\t\t\tif partialErr := new(batch.PartialConflictError[identity.VerifiableAddress]); errors.As(err, &partialErr) {\n\t\t\t\tfor _, k := range partialErr.Failed {\n\t\t\t\t\tfailedIdentityIDs[k.IdentityID] = struct{ created bool }{true}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t}\n\t\tif err = p.createRecoveryAddresses(ctx, tx, createdIdentities...); err != nil {\n\t\t\tif partialErr := new(batch.PartialConflictError[identity.RecoveryAddress]); errors.As(err, &partialErr) {\n\t\t\t\tfor _, k := range partialErr.Failed {\n\t\t\t\t\tfailedIdentityIDs[k.IdentityID] = struct{ created bool }{true}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t}\n\t\tif err = p.createIdentityCredentials(ctx, createdIdentities...); err != nil {\n\t\t\tif partialErr := new(batch.PartialConflictError[identity.Credentials]); errors.As(err, &partialErr) {\n\t\t\t\tfor _, k := range partialErr.Failed {\n\t\t\t\t\tfailedIdentityIDs[k.IdentityID] = struct{ created bool }{true}\n\t\t\t\t}\n\t\t\t} else if partialErr := new(batch.PartialConflictError[identity.CredentialIdentifier]); errors.As(err, &partialErr) {\n\t\t\t\tfor _, k := range partialErr.Failed {\n\t\t\t\t\tcredID := k.IdentityCredentialsID\n\t\t\t\t\tfor _, ident := range identities {\n\t\t\t\t\t\tfor _, cred := range ident.Credentials {\n\t\t\t\t\t\t\tif cred.ID == credID {\n\t\t\t\t\t\t\t\tfailedIdentityIDs[ident.ID] = struct{ created bool }{true}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t}\n\n\t\t// If any of the batch inserts failed on conflict, let's delete the corresponding\n\t\t// identity and return a list of failed identities in the error.\n\t\tif len(failedIdentityIDs) > 0 {\n\t\t\tpartialErr = identity.NewCreateIdentitiesError(len(failedIdentityIDs))\n\t\t\tidsToBeRemoved := make([]uuid.UUID, 0, len(failedIdentityIDs))\n\n\t\t\tfor _, ident := range identities {\n\t\t\t\tif info, ok := failedIdentityIDs[ident.ID]; ok {\n\t\t\t\t\tpartialErr.AddFailedIdentity(ident, sqlcon.ErrUniqueViolation)\n\t\t\t\t\tif info.created {\n\t\t\t\t\t\tidsToBeRemoved = append(idsToBeRemoved, ident.ID)\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tsucceededIDs = append(succeededIDs, ident.ID)\n\t\t\t\t}\n\t\t\t}\n\t\t\t// Manually roll back by deleting the identities that were inserted before the\n\t\t\t// error occurred.\n\t\t\tif err := p.DeleteIdentities(ctx, idsToBeRemoved); err != nil {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t} else {\n\t\t\t// No failures: report all identities as created.\n\t\t\tfor _, ident := range identities {\n\t\t\t\tsucceededIDs = append(succeededIDs, ident.ID)\n\t\t\t}\n\t\t}\n\n\t\treturn nil\n\t}); err != nil {\n\t\treturn err\n\t}\n\n\t// Report succeeded identities as created.\n\tfor _, identID := range succeededIDs {\n\t\tspan.AddEvent(events.NewIdentityCreated(ctx, identID))\n\t}\n\n\treturn partialErr.ErrOrNil()\n}\n\nfunc (p *IdentityPersister) HydrateIdentityAssociations(ctx context.Context, i *identity.Identity, expand identity.Expandables) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.HydrateIdentityAssociations\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", i.ID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tnid := p.NetworkID(ctx)\n\n\teg, ctx := errgroup.WithContext(ctx)\n\tif expand.Has(identity.ExpandFieldRecoveryAddresses) {\n\t\teg.Go(func() error {\n\t\t\t// We use WithContext to get a copy of the connection struct, which solves the race detector\n\t\t\t// from complaining incorrectly.\n\t\t\t//\n\t\t\t// https://github.com/ory/pop/issues/723\n\t\t\tif err := p.GetConnection(ctx).WithContext(ctx).\n\t\t\t\tWhere(\"identity_id = ? AND nid = ?\", i.ID, nid).\n\t\t\t\tOrder(\"id ASC\").\n\t\t\t\tAll(&i.RecoveryAddresses); err != nil {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t\treturn nil\n\t\t})\n\t}\n\n\tif expand.Has(identity.ExpandFieldVerifiableAddresses) {\n\t\teg.Go(func() error {\n\t\t\t// We use WithContext to get a copy of the connection struct, which solves the race detector\n\t\t\t// from complaining incorrectly.\n\t\t\t//\n\t\t\t// https://github.com/ory/pop/issues/723\n\t\t\tif err := p.GetConnection(ctx).WithContext(ctx).\n\t\t\t\tOrder(\"id ASC\").\n\t\t\t\tWhere(\"identity_id = ? AND nid = ?\", i.ID, nid).\n\t\t\t\tAll(&i.VerifiableAddresses); err != nil {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t\treturn nil\n\t\t})\n\t}\n\n\tif expand.Has(identity.ExpandFieldCredentials) {\n\t\teg.Go(func() (err error) {\n\t\t\t// We use WithContext to get a copy of the connection struct, which solves the race detector\n\t\t\t// from complaining incorrectly.\n\t\t\t//\n\t\t\t// https://github.com/ory/pop/issues/723\n\t\t\tcreds, err := QueryForCredentials(p.GetConnection(ctx).WithContext(ctx),\n\t\t\t\tWhere{\"identity_credentials.identity_id = ?\", []interface{}{i.ID}},\n\t\t\t\tWhere{\"identity_credentials.nid = ?\", []interface{}{nid}})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\ti.Credentials = creds[i.ID]\n\t\t\treturn\n\t\t})\n\t}\n\n\tif err := eg.Wait(); err != nil {\n\t\treturn err\n\t}\n\n\tif err := i.Validate(); err != nil {\n\t\treturn err\n\t}\n\n\tif err := identity.UpgradeCredentials(i); err != nil {\n\t\treturn err\n\t}\n\n\treturn p.InjectTraitsSchemaURL(ctx, i)\n}\n\ntype queryCredentials struct {\n\tIdentifier string `db:\"cred_identifier\"`\n\tidentity.Credentials\n}\n\nfunc (queryCredentials) TableName() string {\n\treturn \"identity_credentials\"\n}\n\ntype Where struct {\n\tCondition string\n\tArgs []interface{}\n}\n\n// QueryForCredentials queries for identity credentials with custom WHERE\n// clauses, returning the results resolved by the owning identity's UUID.\nfunc QueryForCredentials(con *pop.Connection, where ...Where) (credentialsPerIdentity map[uuid.UUID](map[identity.CredentialsType]identity.Credentials), err error) {\n\t// This query has been meticulously crafted to be as fast as possible.\n\t// If you touch it, you will likely introduce a performance regression.\n\tq := con.Select(\n\t\t\"COALESCE(identity_credential_identifiers.identifier, '') cred_identifier\",\n\t\t\"identity_credentials.id\",\n\t\t\"identity_credentials.identity_credential_type_id\",\n\t\t\"identity_credentials.identity_id\",\n\t\t\"identity_credentials.nid\",\n\t\t\"identity_credentials.config\",\n\t\t\"identity_credentials.version\",\n\t\t\"identity_credentials.created_at\",\n\t\t\"identity_credentials.updated_at\",\n\t).LeftJoin(identifiersTableNameWithIndexHint(con),\n\t\t\"identity_credential_identifiers.identity_credential_id = identity_credentials.id AND identity_credential_identifiers.nid = identity_credentials.nid\",\n\t)\n\tfor _, w := range where {\n\t\tq = q.Where(\"(\"+w.Condition+\")\", w.Args...)\n\t}\n\tvar results []queryCredentials\n\tif err := q.All(&results); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\t// assemble\n\tcredentialsPerIdentity = map[uuid.UUID](map[identity.CredentialsType]identity.Credentials){}\n\tfor _, res := range results {\n\n\t\tres.Type, err = FindIdentityCredentialsTypeByID(con, res.IdentityCredentialTypeID)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tcredentials, ok := credentialsPerIdentity[res.IdentityID]\n\t\tif !ok {\n\t\t\tcredentialsPerIdentity[res.IdentityID] = make(map[identity.CredentialsType]identity.Credentials)\n\t\t\tcredentials = credentialsPerIdentity[res.IdentityID]\n\t\t}\n\t\tidentifiers := credentials[res.Type].Identifiers\n\t\tif res.Identifier != \"\" {\n\t\t\tidentifiers = append(identifiers, res.Identifier)\n\t\t}\n\t\tif identifiers == nil {\n\t\t\tidentifiers = make([]string, 0)\n\t\t}\n\t\tres.Identifiers = identifiers\n\t\tcredentials[res.Type] = res.Credentials\n\t}\n\n\t// We need deterministic ordering for testing, but sorting in the\n\t// database can be expensive under certain circumstances.\n\tfor _, creds := range credentialsPerIdentity {\n\t\tfor k := range creds {\n\t\t\tsort.Strings(creds[k].Identifiers)\n\t\t}\n\t}\n\treturn credentialsPerIdentity, nil\n}\n\nfunc identifiersTableNameWithIndexHint(con *pop.Connection) string {\n\tici := \"identity_credential_identifiers\"\n\tswitch con.Dialect.Name() {\n\tcase \"cockroach\":\n\t\tici += \"@identity_credential_identifiers_ici_nid_i_idx\"\n\tcase \"sqlite3\":\n\t\tici += \" INDEXED BY identity_credential_identifiers_ici_nid_i_idx\"\n\tcase \"mysql\":\n\t\tici += \" USE INDEX(identity_credential_identifiers_ici_nid_i_idx)\"\n\tdefault:\n\t\t// good luck 🤷‍♂️\n\t}\n\treturn ici\n}\n\nfunc paginationAttributes(params *identity.ListIdentityParameters, paginator *keysetpagination.Paginator) []attribute.KeyValue {\n\tattrs := []attribute.KeyValue{\n\t\tattribute.StringSlice(\"expand\", params.Expand.ToEager()),\n\t\tattribute.Bool(\"use:credential_identifier_filter\", params.CredentialsIdentifier != \"\"),\n\t\tattribute.Bool(\"use:credential_identifier_similar_filter\", params.CredentialsIdentifierSimilar != \"\"),\n\t}\n\tif params.PagePagination != nil {\n\t\tattrs = append(attrs,\n\t\t\tattribute.Int(\"page\", params.PagePagination.Page),\n\t\t\tattribute.Int(\"per_page\", params.PagePagination.ItemsPerPage))\n\t} else {\n\t\tattrs = append(attrs,\n\t\t\tattribute.String(\"page_token\", paginator.Token().Encode()),\n\t\t\tattribute.Int(\"page_size\", paginator.Size()))\n\t}\n\treturn attrs\n}\n\n// getCredentialTypeIDs returns a map of credential types to their respective IDs.\n//\n// If a credential type is not found, an error is returned.\nfunc (p *IdentityPersister) getCredentialTypeIDs(ctx context.Context, credentialTypes []identity.CredentialsType) (map[identity.CredentialsType]uuid.UUID, error) {\n\tresult := map[identity.CredentialsType]uuid.UUID{}\n\n\tfor _, ct := range credentialTypes {\n\t\ttypeID, err := FindIdentityCredentialsTypeByName(p.GetConnection(ctx), ct)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tresult[ct] = typeID\n\t}\n\n\treturn result, nil\n}\n\nfunc (p *IdentityPersister) ListIdentities(ctx context.Context, params identity.ListIdentityParameters) (_ []identity.Identity, nextPage *keysetpagination.Paginator, err error) {\n\tpaginator := keysetpagination.GetPaginator(append(\n\t\tparams.KeySetPagination,\n\t\tkeysetpagination.WithDefaultToken(identity.DefaultPageToken()),\n\t\tkeysetpagination.WithDefaultSize(250),\n\t\tkeysetpagination.WithColumn(\"id\", \"ASC\"))...)\n\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ListIdentities\", trace.WithAttributes(append(\n\t\tpaginationAttributes(¶ms, paginator),\n\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx)))...))\n\tdefer otelx.End(span, &err)\n\n\tif _, err := uuid.FromString(paginator.Token().Parse(\"id\")[\"id\"]); err != nil {\n\t\treturn nil, nil, errors.WithStack(x.PageTokenInvalid)\n\t}\n\n\tnid := p.NetworkID(ctx)\n\tvar is []identity.Identity\n\n\tif err = p.Transaction(ctx, func(ctx context.Context, con *pop.Connection) error {\n\t\tis = make([]identity.Identity, 0) // Make sure we reset this to 0 in case of retries.\n\t\tnextPage = nil\n\n\t\tif err := crdbx.SetTransactionReadOnly(con); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif err := crdbx.SetTransactionConsistency(con, params.ConsistencyLevel, p.r.Config().DefaultConsistencyLevel(ctx)); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tjoins := \"\"\n\t\twheres := \"identities.nid = ? AND identities.id > ?\"\n\t\targs := []any{nid, paginator.Token().Encode()}\n\t\tlimit := fmt.Sprintf(\"LIMIT %d\", paginator.Size()+1)\n\t\tif params.PagePagination != nil {\n\t\t\twheres = \"identities.nid = ?\"\n\t\t\targs = []any{nid}\n\t\t\tpaginator := pop.NewPaginator(params.PagePagination.Page+1, params.PagePagination.ItemsPerPage)\n\t\t\tlimit = fmt.Sprintf(\"LIMIT %d OFFSET %d\", paginator.PerPage, paginator.Offset)\n\t\t}\n\t\tidentifier := params.CredentialsIdentifier\n\t\tidentifierOperator := \"=\"\n\t\tif identifier == \"\" && params.CredentialsIdentifierSimilar != \"\" {\n\t\t\tidentifier = x.EscapeLikePattern(params.CredentialsIdentifierSimilar) + \"%\"\n\t\t\tidentifierOperator = \"LIKE\"\n\t\t}\n\n\t\tif len(identifier) > 0 {\n\t\t\ttypes, err := p.getCredentialTypeIDs(ctx, []identity.CredentialsType{\n\t\t\t\tidentity.CredentialsTypeWebAuthn,\n\t\t\t\tidentity.CredentialsTypePassword,\n\t\t\t\tidentity.CredentialsTypeCodeAuth,\n\t\t\t\tidentity.CredentialsTypeOIDC,\n\t\t\t\tidentity.CredentialsTypeSAML,\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\t// When filtering by credentials identifier, we most likely are looking for a username or email. It is therefore\n\t\t\t// important to normalize the identifier before querying the database.\n\n\t\t\tjoins = params.TransformStatement(`\n\t\t\tINNER JOIN identity_credentials ic ON ic.identity_id = identities.id AND ic.nid = identities.nid\n\t\t\tINNER JOIN identity_credential_identifiers ici ON ici.identity_credential_id = ic.id AND ici.nid = ic.nid\n`)\n\n\t\t\twheres += fmt.Sprintf(`\n\t\t\tAND ic.nid = ? AND ici.nid = ?\n\t\t\tAND ((ici.identity_credential_type_id IN (?, ?, ?) AND ici.identifier %s ?)\n OR (ici.identity_credential_type_id IN (?, ?) AND ici.identifier %s ?))\n\t\t\t`, identifierOperator, identifierOperator)\n\t\t\targs = append(args,\n\t\t\t\tnid, nid,\n\t\t\t\ttypes[identity.CredentialsTypeWebAuthn], types[identity.CredentialsTypePassword], types[identity.CredentialsTypeCodeAuth],\n\t\t\t\tNormalizeIdentifier(identity.CredentialsTypePassword, identifier),\n\t\t\t\ttypes[identity.CredentialsTypeOIDC], types[identity.CredentialsTypeSAML],\n\t\t\t\tidentifier,\n\t\t\t)\n\t\t}\n\n\t\tif len(params.IdsFilter) > 0 {\n\t\t\twheres += `\n\t\t\t\tAND identities.id in (?)\n\t\t\t`\n\t\t\targs = append(args, params.IdsFilter)\n\t\t} else if !params.OrganizationID.IsNil() {\n\t\t\twheres += `\n\t\t\t\tAND identities.organization_id = ?\n\t\t\t`\n\t\t\targs = append(args, params.OrganizationID.String())\n\t\t}\n\n\t\tcolumns := popx.DBColumns[identity.Identity](&popx.AliasQuoter{Alias: \"identities\", Quoter: con.Dialect})\n\n\t\tquery := fmt.Sprintf(`\n\t\tSELECT DISTINCT %s\n\t\tFROM identities AS identities\n\t\t%s\n\t\tWHERE\n\t\t%s\n\t\tORDER BY identities.id ASC\n\t\t%s`,\n\t\t\tcolumns,\n\t\t\tjoins, wheres, limit)\n\n\t\tif err := con.RawQuery(query, args...).All(&is); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\n\t\tif params.PagePagination == nil {\n\t\t\tis, nextPage = keysetpagination.Result(is, paginator)\n\t\t}\n\n\t\tif len(is) == 0 {\n\t\t\treturn nil\n\t\t}\n\n\t\tidentitiesByID := make(map[uuid.UUID]*identity.Identity, len(is))\n\t\tidentityIDs := make([]any, len(is))\n\t\tfor k := range is {\n\t\t\tidentitiesByID[is[k].ID] = &is[k]\n\t\t\tidentityIDs[k] = is[k].ID\n\t\t}\n\n\t\tfor _, e := range params.Expand {\n\t\t\tswitch e {\n\t\t\tcase identity.ExpandFieldCredentials:\n\t\t\t\tcreds, err := QueryForCredentials(con,\n\t\t\t\t\tWhere{\"identity_credentials.nid = ?\", []interface{}{nid}},\n\t\t\t\t\tWhere{\"identity_credentials.identity_id IN (?)\", identityIDs})\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\tfor k := range is {\n\t\t\t\t\tis[k].Credentials = creds[is[k].ID]\n\t\t\t\t}\n\t\t\tcase identity.ExpandFieldVerifiableAddresses:\n\t\t\t\taddrs := make([]identity.VerifiableAddress, 0)\n\t\t\t\tif err := con.Where(\"identity_id IN (?)\", identityIDs).Where(\"nid = ?\", nid).Order(\"id\").All(&addrs); err != nil {\n\t\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t\t}\n\t\t\t\tfor _, addr := range addrs {\n\t\t\t\t\tidentitiesByID[addr.IdentityID].VerifiableAddresses = append(identitiesByID[addr.IdentityID].VerifiableAddresses, addr)\n\t\t\t\t}\n\t\t\tcase identity.ExpandFieldRecoveryAddresses:\n\t\t\t\taddrs := make([]identity.RecoveryAddress, 0)\n\t\t\t\tif err := con.Where(\"identity_id IN (?)\", identityIDs).Where(\"nid = ?\", nid).Order(\"id\").All(&addrs); err != nil {\n\t\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t\t}\n\t\t\t\tfor _, addr := range addrs {\n\t\t\t\t\tidentitiesByID[addr.IdentityID].RecoveryAddresses = append(identitiesByID[addr.IdentityID].RecoveryAddresses, addr)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn nil\n\t}); err != nil {\n\t\treturn nil, nil, err\n\t}\n\n\tschemaCache := map[string]string{}\n\tfor k := range is {\n\t\ti := &is[k]\n\n\t\tif u, ok := schemaCache[i.SchemaID]; ok {\n\t\t\ti.SchemaURL = u\n\t\t} else {\n\t\t\tif err := p.InjectTraitsSchemaURL(ctx, i); err != nil {\n\t\t\t\treturn nil, nil, err\n\t\t\t}\n\t\t\tschemaCache[i.SchemaID] = i.SchemaURL\n\t\t}\n\n\t\tif err := i.Validate(); err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\n\t\tif err := identity.UpgradeCredentials(i); err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\n\t\tis[k] = *i\n\t}\n\n\treturn is, nextPage, nil\n}\n\nfunc (p *IdentityPersister) UpdateIdentityColumns(ctx context.Context, i *identity.Identity, columns ...string) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateIdentityColumns\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", i.ID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tif err := p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\t_, err := tx.Where(\"id = ? AND nid = ?\", i.ID, p.NetworkID(ctx)).UpdateQuery(i, columns...)\n\t\treturn sqlcon.HandleError(err)\n\t}); err != nil {\n\t\treturn err\n\t}\n\n\tspan.AddEvent(events.NewIdentityUpdated(ctx, i.ID))\n\treturn nil\n}\n\nfunc (p *IdentityPersister) UpdateIdentity(ctx context.Context, i *identity.Identity, mods ...identity.UpdateIdentityModifier) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateIdentity\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", i.ID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tif err := p.validateIdentity(ctx, i); err != nil {\n\t\treturn err\n\t}\n\n\to := identity.NewUpdateIdentityOptions(mods)\n\n\tspan.SetAttributes(attribute.Bool(\"update.minimize_diff\", o.FromDatabase() != nil))\n\n\ti.NID = p.NetworkID(ctx)\n\ti.UpdatedAt = time.Now().UTC().Truncate(time.Microsecond)\n\tif err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\t// This returns \"ErrNoRows\" if the identity does not exist\n\t\tif err := update.Generic(WithTransaction(ctx, tx), tx, p.r.Tracer(ctx).Tracer(), i); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvar identityCreds map[identity.CredentialsType]identity.Credentials\n\t\tp.normalizeAllAddressess(ctx, i)\n\t\tif o.FromDatabase() != nil {\n\t\t\tif o.FromDatabase().ID != i.ID {\n\t\t\t\treturn errors.New(\"mismatched identity ID: this is a bug\")\n\t\t\t}\n\t\t\tvar err error\n\t\t\ti.RecoveryAddresses, err = updateAssociationWith(ctx, p, o.FromDatabase().RecoveryAddresses, i.RecoveryAddresses)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\ti.VerifiableAddresses, err = updateAssociationWith(ctx, p, o.FromDatabase().VerifiableAddresses, i.VerifiableAddresses)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tidentityCreds = o.FromDatabase().Credentials\n\t\t} else {\n\t\t\ti.RecoveryAddresses, err = updateAssociation(ctx, p, i, i.RecoveryAddresses)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\ti.VerifiableAddresses, err = updateAssociation(ctx, p, i, i.VerifiableAddresses)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tcreds, err := QueryForCredentials(tx,\n\t\t\t\tWhere{\"identity_credentials.identity_id = ?\", []interface{}{i.ID}},\n\t\t\t\tWhere{\"identity_credentials.nid = ?\", []interface{}{p.NetworkID(ctx)}})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tif c, found := creds[i.ID]; found {\n\t\t\t\tidentityCreds = c\n\t\t\t}\n\t\t}\n\n\t\toldCredentials := make([]identity.Credentials, 0, len(identityCreds))\n\t\tfor _, cred := range identityCreds {\n\t\t\toldCredentials = append(oldCredentials, cred)\n\t\t}\n\n\t\t// Convert new credentials map to slice\n\t\tnewCredentials := make([]identity.Credentials, 0, len(i.Credentials))\n\t\tfor _, cred := range i.Credentials {\n\t\t\tnewCredentials = append(newCredentials, cred)\n\t\t}\n\n\t\ti.Credentials, err = p.updateCredentialsAssociation(ctx, i.ID, oldCredentials, newCredentials)\n\t\treturn err\n\t})); err != nil {\n\t\treturn err\n\t}\n\n\tspan.AddEvent(events.NewIdentityUpdated(ctx, i.ID))\n\treturn nil\n}\n\nfunc (p *IdentityPersister) DeleteIdentity(ctx context.Context, id uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteIdentity\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", id),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\ttableName := new(identity.Identity).TableName(ctx)\n\tif p.c.Dialect.Name() == \"cockroach\" {\n\t\ttableName += \"@primary\"\n\t}\n\tnid := p.NetworkID(ctx)\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\"DELETE FROM %s WHERE id = ? AND nid = ?\", tableName),\n\t\tid,\n\t\tnid,\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\tspan.AddEvent(events.NewIdentityDeleted(ctx, id))\n\treturn nil\n}\n\nfunc (p *IdentityPersister) DeleteIdentities(ctx context.Context, ids []uuid.UUID) (err error) {\n\t// This function is only used internally to cleanup partially created identities,\n\t// when creating a batch of identities at once and some failed to be fully created.\n\t// This act should not be observable externally and thus we do not emit an event.\n\n\tif len(ids) == 0 {\n\t\treturn nil\n\t}\n\n\tstringIDs := make([]string, len(ids))\n\tfor k, id := range ids {\n\t\tstringIDs[k] = id.String()\n\t}\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteIdentites\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.StringSlice(\"identity.ids\", stringIDs),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tplaceholders := strings.TrimSuffix(strings.Repeat(\"?, \", len(ids)), \", \")\n\targs := make([]any, 0, len(ids)+1)\n\tfor _, id := range ids {\n\t\targs = append(args, id)\n\t}\n\targs = append(args, p.NetworkID(ctx))\n\n\ttableName := new(identity.Identity).TableName(ctx)\n\tif p.c.Dialect.Name() == \"cockroach\" {\n\t\ttableName += \"@primary\"\n\t}\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %s WHERE id IN (%s) AND nid = ?\",\n\t\ttableName,\n\t\tplaceholders,\n\t),\n\t\targs...,\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tif count != len(ids) {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\treturn nil\n}\n\nfunc (p *IdentityPersister) GetIdentity(ctx context.Context, id uuid.UUID, expand identity.Expandables) (_ *identity.Identity, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetIdentity\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", id),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx)),\n\t\t\tattribute.StringSlice(\"expand\", expand.ToEager())))\n\tdefer otelx.End(span, &err)\n\n\tvar i identity.Identity\n\tif err := p.GetConnection(ctx).Where(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).First(&i); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\tif err := p.HydrateIdentityAssociations(ctx, &i, expand); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &i, nil\n}\n\nfunc (p *IdentityPersister) GetIdentityConfidential(ctx context.Context, id uuid.UUID) (res *identity.Identity, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetIdentityConfidential\")\n\tdefer otelx.End(span, &err)\n\n\treturn p.GetIdentity(ctx, id, identity.ExpandEverything)\n}\n\nfunc (p *IdentityPersister) FindIdentityByExternalID(ctx context.Context, externalID string, expand identity.Expandables) (res *identity.Identity, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FindIdentityByExternalID\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.String(\"identity.external_id\", externalID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tvar i identity.Identity\n\tif err := p.GetConnection(ctx).Where(\"external_id = ? AND nid = ?\", externalID, p.NetworkID(ctx)).First(&i); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\tif err := p.HydrateIdentityAssociations(ctx, &i, expand); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &i, nil\n}\n\nfunc (p *IdentityPersister) FindVerifiableAddressByValue(ctx context.Context, via string, value string) (_ *identity.VerifiableAddress, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FindVerifiableAddressByValue\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\totelx.End(span, &err)\n\n\tvar address identity.VerifiableAddress\n\tif err := p.GetConnection(ctx).Where(\"nid = ? AND via = ? AND value = ?\", p.NetworkID(ctx), via, stringToLowerTrim(value)).First(&address); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &address, nil\n}\n\nfunc (p *IdentityPersister) FindRecoveryAddressByValue(ctx context.Context, via, value string) (_ *identity.RecoveryAddress, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FindRecoveryAddressByValue\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tvar address identity.RecoveryAddress\n\tif err := p.GetConnection(ctx).Where(\"nid = ? AND via = ? AND value = ?\", p.NetworkID(ctx), via, stringToLowerTrim(value)).First(&address); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &address, nil\n}\n\n// FindAllRecoveryAddressesForIdentityByRecoveryAddressValue returns all\n// recovery addresses for an identity if at least one of those addresses matches\n// the provided value.\nfunc (p *IdentityPersister) FindAllRecoveryAddressesForIdentityByRecoveryAddressValue(ctx context.Context, anyRecoveryAddress string) (recoveryAddresses []identity.RecoveryAddress, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FindAllRecoveryAddressesForIdentityByRecoveryAddressValue\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\t// SQL explanation:\n\t// 1. Find a row (`B`) with the value matching `anyRecoveryAddress`.\n\t// This row has an identity id (`B.identity_id`).\n\t// 2. Find all rows (`A`) with this identity id.\n\t// Meaning: find all recovery addresses for this identity.\n\t// The result set includes the user provided address (`anyRecoveryAddress`).\n\t// NOTE: Should we exclude from the result set the login address for more security?\n\t//\n\t// This is all done in one query with a self-join.\n\t// We also bound the results for safety.\n\terr = p.GetConnection(ctx).RawQuery(\n\t\t`\nSELECT A.id, A.via, A.value, A.identity_id, A.created_at, A.updated_at, A.nid\nFROM identity_recovery_addresses A\nJOIN identity_recovery_addresses B\nON A.identity_id = B.identity_id\nAND A.nid = B.nid\nWHERE B.value = ?\nAND A.nid = ?\nLIMIT 10\n\t\t`,\n\t\tstringToLowerTrim(anyRecoveryAddress),\n\t\tp.NetworkID(ctx),\n\t).\n\t\tAll(&recoveryAddresses)\n\tif err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\treturn recoveryAddresses, nil\n}\n\nfunc (p *IdentityPersister) VerifyAddress(ctx context.Context, code string) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.VerifyAddress\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tnewCode, err := otp.New()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tcount, err := p.GetConnection(ctx).RawQuery(\n\t\t// #nosec G201 -- TableName is static\n\t\tfmt.Sprintf(\n\t\t\t\"UPDATE %s SET status = ?, verified = true, verified_at = ?, code = ? WHERE nid = ? AND code = ? AND expires_at > ?\",\n\t\t\tnew(identity.VerifiableAddress).TableName(),\n\t\t),\n\t\tidentity.VerifiableAddressStatusCompleted,\n\t\ttime.Now().UTC().Round(time.Second),\n\t\tnewCode,\n\t\tp.NetworkID(ctx),\n\t\tcode,\n\t\ttime.Now().UTC(),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\tif count == 0 {\n\t\treturn sqlcon.HandleError(sqlcon.ErrNoRows)\n\t}\n\n\treturn nil\n}\n\nfunc (p *IdentityPersister) UpdateVerifiableAddress(ctx context.Context, address *identity.VerifiableAddress, updateColumns ...string) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateVerifiableAddress\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", address.IdentityID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx)),\n\t\t\tattribute.StringSlice(\"columns\", updateColumns)))\n\tdefer otelx.End(span, &err)\n\n\taddress.NID = p.NetworkID(ctx)\n\taddress.Value = stringToLowerTrim(address.Value)\n\treturn update.Generic(ctx, p.GetConnection(ctx), p.r.Tracer(ctx).Tracer(), address, updateColumns...)\n}\n\nfunc (p *IdentityPersister) validateIdentity(ctx context.Context, i *identity.Identity) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.validateIdentity\",\n\t\ttrace.WithAttributes(\n\t\t\tattribute.Stringer(\"identity.id\", i.ID),\n\t\t\tattribute.Stringer(\"network.id\", p.NetworkID(ctx))))\n\tdefer otelx.End(span, &err)\n\n\tif err := p.r.IdentityValidator().ValidateWithRunner(ctx, i); err != nil {\n\t\tif _, ok := errorsx.Cause(err).(*jsonschema.ValidationError); ok {\n\t\t\treturn errors.WithStack(herodot.ErrBadRequest.WithReasonf(\"%s\", err))\n\t\t}\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (p *IdentityPersister) InjectTraitsSchemaURL(ctx context.Context, i *identity.Identity) (err error) {\n\t// This trace is more noisy than it's worth in diagnostic power.\n\t// ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.InjectTraitsSchemaURL\")\n\t// defer otelx.End(span, &err)\n\n\tss, err := p.r.IdentityTraitsSchemas(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\ts, err := ss.GetByID(i.SchemaID)\n\tif err != nil {\n\t\treturn errors.WithStack(herodot.ErrMisconfiguration.WithReasonf(\n\t\t\t`The JSON Schema \"%s\" for this identity's traits could not be found.`, i.SchemaID))\n\t}\n\ti.SchemaURL = s.SchemaURL(p.r.Config().SelfPublicURL(ctx)).String()\n\treturn nil\n}\n\nvar (\n\tcredentialTypesID = sync.Map{}\n\tcredentialTypesName = sync.Map{}\n)\n\nfunc FindIdentityCredentialsTypeByID(con *pop.Connection, id uuid.UUID) (identity.CredentialsType, error) {\n\tfor name, cid := range identity.ConstantCredentialsTypeToId {\n\t\tif id.String() == cid {\n\t\t\treturn name, nil\n\t\t}\n\t}\n\n\tresult, found := credentialTypesID.Load(id)\n\tif !found {\n\t\tif err := loadCredentialTypes(con); err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\n\t\tresult, found = credentialTypesID.Load(id)\n\t}\n\n\tif !found {\n\t\treturn \"\", errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"The SQL adapter failed to return the appropriate credentials_type for id %q. This is a bug in the code.\", id))\n\t}\n\n\treturn result.(identity.CredentialsType), nil\n}\n\nfunc FindIdentityCredentialsTypeByName(con *pop.Connection, ct identity.CredentialsType) (uuid.UUID, error) {\n\tid, ok := identity.ConstantCredentialsTypeToId[ct]\n\tif ok {\n\t\treturn uuid.Must(uuid.FromString(id)), nil\n\t}\n\n\tresult, found := credentialTypesName.Load(ct)\n\tif !found {\n\t\tif err := loadCredentialTypes(con); err != nil {\n\t\t\treturn uuid.Nil, err\n\t\t}\n\n\t\tresult, found = credentialTypesName.Load(ct)\n\t}\n\n\tif !found {\n\t\treturn uuid.Nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"The SQL adapter failed to return the appropriate credentials_type for name %q. This is a bug in the code.\", ct))\n\t}\n\n\treturn result.(uuid.UUID), nil\n}\n\nfunc loadCredentialTypes(con *pop.Connection) (err error) {\n\tctx, span := trace.SpanFromContext(con.Context()).TracerProvider().Tracer(\"\").Start(con.Context(), \"persistence.sql.identity.loadCredentialTypes\")\n\tdefer otelx.End(span, &err)\n\t_ = ctx\n\n\tvar tt []identity.CredentialsTypeTable\n\tif err := con.WithContext(ctx).All(&tt); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\tfor _, t := range tt {\n\t\tcredentialTypesID.Store(t.ID, t.Name)\n\t\tcredentialTypesName.Store(t.Name, t.ID)\n\t}\n\n\treturn nil\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/0149ce5f-76a8-4efe-b2e3-431b8c6cceb6.json", "content": "{\n \"id\": \"0149ce5f-76a8-4efe-b2e3-431b8c6cceb6\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"metadata_public\": {\n \"foo\": \"bar\"\n },\n \"metadata_admin\": {\n \"baz\": \"bar\"\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/0149ce5f-76a8-4efe-b2e3-431b8c6cceb7.json", "content": "{\n \"id\": \"0149ce5f-76a8-4efe-b2e3-431b8c6cceb7\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbarbar@ory.sh\"\n },\n \"metadata_public\": {\n \"foo\": \"bar\"\n },\n \"metadata_admin\": {\n \"baz\": \"bar\"\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/196d8c1e-4f04-40f0-94b3-5ec43996b28a.json", "content": "{\n \"id\": \"196d8c1e-4f04-40f0-94b3-5ec43996b28a\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/28ff0031-190b-4253-bd15-14308dec013e.json", "content": "{\n \"id\": \"28ff0031-190b-4253-bd15-14308dec013e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbarbarfoo@ory.sh\"\n },\n \"metadata_public\": {\n \"foo\": \"bar\"\n },\n \"metadata_admin\": {\n \"baz\": \"bar\"\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/2ae6a5a7-2983-49e7-a4d8-7740b37c88cb.json", "content": "{\n \"id\": \"2ae6a5a7-2983-49e7-a4d8-7740b37c88cb\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"d7b10@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/308929d3-41a2-43fe-a33c-75308539d841.json", "content": "{\n \"id\": \"308929d3-41a2-43fe-a33c-75308539d841\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"metadata_public\": {\n \"foo\": \"bar\"\n },\n \"metadata_admin\": {\n \"baz\": \"bar\"\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/359963ec-b09b-4ea0-aece-fb4dd95f304a.json", "content": "{\n \"id\": \"359963ec-b09b-4ea0-aece-fb4dd95f304a\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"d7b11@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json", "content": "{\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"foo2@ory.sh\",\n \"foo@ory.sh\"\n ],\n \"config\": {\n \"hashed_password\": \"$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng\"\n },\n \"version\": 0,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n \"totp\": {\n \"type\": \"totp\",\n \"identifiers\": [],\n \"config\": {\n \"totp_url\": \"otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP\\u0026issuer=Example\"\n },\n \"version\": 0,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n },\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json", "content": "{\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"credentials\": {\n \"password\": {\n \"type\": \"password\",\n \"identifiers\": [\n \"foo1@ory.sh\",\n \"foobar@ory.sh\"\n ],\n \"config\": {\n \"hashed_password\": \"$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng\"\n },\n \"version\": 0,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n },\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/d7b9addb-ac15-4bc2-9fa5-562e0bf48755.json", "content": "{\n \"id\": \"d7b9addb-ac15-4bc2-9fa5-562e0bf48755\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"d7b9@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity/ed253b2c-48ed-4c58-9b6f-1dc963c30a66.json", "content": "{\n \"id\": \"ed253b2c-48ed-4c58-9b6f-1dc963c30a66\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"metadata_public\": null,\n \"metadata_admin\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity_recovery_address/b8293f1c-010f-45d9-b809-f3fc5365ba80.json", "content": "{\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity_verification_address/45e867e9-2745-4f16-8dd4-84334a252b61.json", "content": "{\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity_verification_address/b2d59320-8564-4400-a39f-a22a497a23f1.json", "content": "{\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity_verification_address/c2427b6d-312b-46d9-9285-536db7ae11fd.json", "content": "{\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/identity_verification_address/d4718a67-aec2-418d-8173-6ebc7bde3b86.json", "content": "{\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_code/bd292366-af32-4ba6-bdf0-11d6d1a217f3.json", "content": "{\n \"id\": \"bd292366-af32-4ba6-bdf0-11d6d1a217f3\",\n \"expires_at\": \"2022-08-18T08:28:18Z\",\n \"issued_at\": \"2022-08-18T07:28:18Z\",\n \"identity_id\": \"28ff0031-190b-4253-bd15-14308dec013e\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/00b1517f-2467-4aaf-b0a5-82b4a27dcaf5.json", "content": "{\n \"id\": \"00b1517f-2467-4aaf-b0a5-82b4a27dcaf5\",\n \"organization_id\": null,\n \"oauth2_login_challenge\": \"challenge data\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/0bc96cc9-dda4-4700-9e42-35731f2af91e.json", "content": "{\n \"id\": \"0bc96cc9-dda4-4700-9e42-35731f2af91e\",\n \"organization_id\": null,\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/1fb23c75-b809-42cc-8984-6ca2d0a1192f.json", "content": "{\n \"id\": \"1fb23c75-b809-42cc-8984-6ca2d0a1192f\",\n \"organization_id\": null,\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal2\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/202c1981-1e25-47f0-8764-75ad506c2bec.json", "content": "{\n \"id\": \"202c1981-1e25-47f0-8764-75ad506c2bec\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/349c945a-60f8-436a-a301-7a42c92604f9.json", "content": "{\n \"id\": \"349c945a-60f8-436a-a301-7a42c92604f9\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login?login_challenge=3caddfd599034bce83ffcae36f42dff7\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal2\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/38caf592-b042-4551-b92f-8d5223c2a4e2.json", "content": "{\n \"id\": \"38caf592-b042-4551-b92f-8d5223c2a4e2\",\n \"organization_id\": null,\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal2\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/3a9ea34f-0f12-469b-9417-3ae5795a7baa.json", "content": "{\n \"id\": \"3a9ea34f-0f12-469b-9417-3ae5795a7baa\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/43c99182-bb67-47e1-b564-bb23bd8d4393.json", "content": "{\n \"id\": \"43c99182-bb67-47e1-b564-bb23bd8d4393\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login?prompt=login\\u0026return_to=http%3A%2F%2F127.0.0.1%3A4455%2F.ory%2Fkratos%2Fpublic%2Fself-service%2Fbrowser%2Fflows%2Fsettings%2Fstrategies%2Fprofile%3Frequest%3D74fd6c53-7651-453e-90b8-2c5adbf911bb\",\n \"return_to\": \"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=74fd6c53-7651-453e-90b8-2c5adbf911bb\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": true,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/47edd3a8-0998-4779-9469-f4b8ee4430df.json", "content": "{\n \"id\": \"47edd3a8-0998-4779-9469-f4b8ee4430df\",\n \"organization_id\": null,\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e.json", "content": "{\n \"id\": \"56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/6d387820-f2f4-4f9f-9980-a90d89e7811f.json", "content": "{\n \"id\": \"6d387820-f2f4-4f9f-9980-a90d89e7811f\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/916ded11-aa64-4a27-b06e-96e221a509d7.json", "content": "{\n \"id\": \"916ded11-aa64-4a27-b06e-96e221a509d7\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/99974ce6-388c-4669-a95a-7757ee724020.json", "content": "{\n \"id\": \"99974ce6-388c-4669-a95a-7757ee724020\",\n \"organization_id\": null,\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/b1fac7fb-d016-4a06-a7fe-e4eab2a0429f.json", "content": "{\n \"id\": \"b1fac7fb-d016-4a06-a7fe-e4eab2a0429f\",\n \"organization_id\": null,\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/cccccccc-dda4-4700-9e42-35731f2af911.json", "content": "{\n \"id\": \"cccccccc-dda4-4700-9e42-35731f2af911\",\n \"organization_id\": null,\n \"oauth2_login_challenge\": \"challenge data\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/cccccccc-dda4-4700-9e42-35731f2af91e.json", "content": "{\n \"id\": \"cccccccc-dda4-4700-9e42-35731f2af91e\",\n \"organization_id\": null,\n \"oauth2_login_challenge\": \"challenge data\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/login_flow/d6aa1f23-88c9-4b9b-a850-392f48c7f9e8.json", "content": "{\n \"id\": \"d6aa1f23-88c9-4b9b-a850-392f48c7f9e8\",\n \"organization_id\": null,\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/login\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"refresh\": false,\n \"requested_aal\": \"aal1\",\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_code/8f75f5d9-9cb4-4848-9a73-9344f686f8a6.json", "content": "{\n \"id\": \"8f75f5d9-9cb4-4848-9a73-9344f686f8a6\",\n \"recovery_address\": null,\n \"expires_at\": \"2022-08-18T08:28:18Z\",\n \"issued_at\": \"2022-08-18T07:28:18Z\",\n \"identity_id\": \"308929d3-41a2-43fe-a33c-75308539d841\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_flow/0d14427f-e16d-43a5-8695-8278bf85d4eb.json", "content": "{\n \"id\": \"0d14427f-e16d-43a5-8695-8278bf85d4eb\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"link\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_flow/13178936-095a-466b-abe0-36d977d3dc18.json", "content": "{\n \"id\": \"13178936-095a-466b-abe0-36d977d3dc18\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"link\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_flow/4963f305-e874-4a68-8424-a00bec679e7b.json", "content": "{\n \"id\": \"4963f305-e874-4a68-8424-a00bec679e7b\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/recovery\",\n \"active\": \"link\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_flow/68fb4010-84a9-4d1e-9f92-2705978ee891.json", "content": "{\n \"id\": \"68fb4010-84a9-4d1e-9f92-2705978ee891\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery\",\n \"active\": \"link\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_flow/68fb4010-84a9-4d1e-9f92-2705978ee89e.json", "content": "{\n \"id\": \"68fb4010-84a9-4d1e-9f92-2705978ee89e\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/recovery\",\n \"active\": \"link\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_flow/87e871e1-a45f-4ed0-ba4e-a03063c774dc.json", "content": "{\n \"id\": \"87e871e1-a45f-4ed0-ba4e-a03063c774dc\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"link\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_token/1b667e6d-8fda-4194-a765-08185185d7e4.json", "content": "{\n \"id\": \"1b667e6d-8fda-4194-a765-08185185d7e4\",\n \"recovery_address\": null,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"identity_id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_token/5529d454-2946-404e-b681-d950f8657fd0.json", "content": "{\n \"id\": \"5529d454-2946-404e-b681-d950f8657fd0\",\n \"recovery_address\": null,\n \"expires_at\": \"2000-01-01T00:00:00Z\",\n \"issued_at\": \"2000-01-01T00:00:00Z\",\n \"identity_id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/recovery_token/77ca3f5c-cd39-488b-9f1d-cc7166d14bdc.json", "content": "{\n \"id\": \"77ca3f5c-cd39-488b-9f1d-cc7166d14bdc\",\n \"recovery_address\": null,\n \"expires_at\": \"2000-01-01T00:00:00Z\",\n \"issued_at\": \"2000-01-01T00:00:00Z\",\n \"identity_id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_code/f1f66a69-ce02-4a12-9591-9e02dda30a0d.json", "content": "{\n \"id\": \"f1f66a69-ce02-4a12-9591-9e02dda30a0d\",\n \"expires_at\": \"2022-08-18T08:28:18Z\",\n \"issued_at\": \"2022-08-18T07:28:18Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/05a7f09d-4ef3-41fb-958a-6ad74584b36a.json", "content": "{\n \"id\": \"05a7f09d-4ef3-41fb-958a-6ad74584b36a\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/22d58184-b97d-44a5-bbaf-0aa8b4000d81.json", "content": "{\n \"id\": \"22d58184-b97d-44a5-bbaf-0aa8b4000d81\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/2bf132e0-5d40-4df9-9a11-9106e5333735.json", "content": "{\n \"id\": \"2bf132e0-5d40-4df9-9a11-9106e5333735\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/696e7022-c466-44f6-89c6-8cf93c06a62a.json", "content": "{\n \"id\": \"696e7022-c466-44f6-89c6-8cf93c06a62a\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/69c80296-36cd-4afc-921a-15369cac5bf0.json", "content": "{\n \"id\": \"69c80296-36cd-4afc-921a-15369cac5bf0\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge=\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/87fa3f43-5155-42b4-a1ad-174c2595fdaf.json", "content": "{\n \"id\": \"87fa3f43-5155-42b4-a1ad-174c2595fdaf\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/8ef215a9-e8d5-43b3-9aa3-cb4333562e36.json", "content": "{\n \"id\": \"8ef215a9-e8d5-43b3-9aa3-cb4333562e36\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/8f32efdc-f6fc-4c27-a3c2-579d109eff60.json", "content": "{\n \"id\": \"8f32efdc-f6fc-4c27-a3c2-579d109eff60\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd.json", "content": "{\n \"id\": \"9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/e2150cdc-23ac-4940-a240-6c79c27ab029.json", "content": "{\n \"id\": \"e2150cdc-23ac-4940-a240-6c79c27ab029\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/ef18b06e-4700-4021-9949-ef783cd86be1.json", "content": "{\n \"id\": \"ef18b06e-4700-4021-9949-ef783cd86be1\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge=\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/ef18b06e-4700-4021-9949-ef783cd86be8.json", "content": "{\n \"id\": \"ef18b06e-4700-4021-9949-ef783cd86be8\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration?login_challenge=\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/registration_flow/f1b5ed18-113a-4a98-aae7-d4eba007199c.json", "content": "{\n \"id\": \"f1b5ed18-113a-4a98-aae7-d4eba007199c\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"password\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"organization_id\": null,\n \"state\": \"\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/session/068f6bb6-d15f-436d-94f7-b3fd0489c9ef.json", "content": "{\n \"id\": \"068f6bb6-d15f-436d-94f7-b3fd0489c9ef\",\n \"active\": false,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"authenticated_at\": \"2013-10-07T08:23:19Z\",\n \"authenticator_assurance_level\": \"aal2\",\n \"authentication_methods\": [\n {\n \"method\": \"password\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n },\n {\n \"method\": \"totp\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n }\n ],\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"identity\": {\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"devices\": []\n}\n" }, { "path": "persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json", "content": "{\n \"id\": \"7458af86-c1d8-401c-978a-8da89133f78b\",\n \"active\": true,\n \"expires_at\": \"2080-10-07T08:23:19Z\",\n \"authenticated_at\": \"2013-10-07T08:23:19Z\",\n \"authenticator_assurance_level\": \"aal2\",\n \"authentication_methods\": [\n {\n \"method\": \"password\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n },\n {\n \"method\": \"totp\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n }\n ],\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"identity\": {\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"devices\": []\n}\n" }, { "path": "persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json", "content": "{\n \"id\": \"7458af86-c1d8-401c-978a-8da89133f98b\",\n \"active\": false,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"authenticated_at\": \"2013-10-07T08:23:19Z\",\n \"authenticator_assurance_level\": \"aal2\",\n \"authentication_methods\": [\n {\n \"method\": \"password\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n },\n {\n \"method\": \"totp\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n }\n ],\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"identity\": {\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"devices\": [\n {\n \"id\": \"884f556e-eb3a-4b9f-bee3-11763642c6c0\",\n \"ip_address\": \"54.155.246.232\",\n \"user_agent\": \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36\",\n \"location\": \"Munich, Germany\"\n }\n ]\n}\n" }, { "path": "persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json", "content": "{\n \"id\": \"8571e374-38f2-4f46-8ad3-b9d914e174d3\",\n \"active\": false,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"authenticated_at\": \"2013-10-07T08:23:19Z\",\n \"authenticator_assurance_level\": \"aal1\",\n \"authentication_methods\": [\n {\n \"method\": \"v0.6_legacy_session\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n }\n ],\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"identity\": {\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"devices\": []\n}\n" }, { "path": "persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json", "content": "{\n \"id\": \"dcde5aaa-f789-4d3d-ae1f-76da8d57e67c\",\n \"active\": false,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"authenticated_at\": \"2013-10-07T08:23:19Z\",\n \"authenticator_assurance_level\": \"aal1\",\n \"authentication_methods\": [\n {\n \"method\": \"v0.6_legacy_session\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n }\n ],\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"identity\": {\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"devices\": []\n}\n" }, { "path": "persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json", "content": "{\n \"id\": \"f38cdebe-e567-42c9-a562-1bd4dee40998\",\n \"active\": false,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"authenticated_at\": \"2013-10-07T08:23:19Z\",\n \"authenticator_assurance_level\": \"aal1\",\n \"authentication_methods\": [\n {\n \"method\": \"v0.6_legacy_session\",\n \"aal\": \"\",\n \"completed_at\": \"0001-01-01T00:00:00Z\"\n }\n ],\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"identity\": {\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"devices\": []\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/194c5b05-0487-4a11-bcbc-f301c9ff9678.json", "content": "{\n \"id\": \"194c5b05-0487-4a11-bcbc-f301c9ff9678\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/19ede218-928c-4e02-ab49-b76e12b34f31.json", "content": "{\n \"id\": \"19ede218-928c-4e02-ab49-b76e12b34f31\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/19ede218-928c-4e02-ab49-b76e12b34f32.json", "content": "{\n \"id\": \"19ede218-928c-4e02-ab49-b76e12b34f32\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/21c5f714-3089-49d2-b387-f244d4dd9e00.json", "content": "{\n \"id\": \"21c5f714-3089-49d2-b387-f244d4dd9e00\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/74fd6c53-7651-453e-90b8-2c5adbf911bb.json", "content": "{\n \"id\": \"74fd6c53-7651-453e-90b8-2c5adbf911bb\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"5ff66179-c240-4703-b0d8-494592cefff5\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"bazbar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"45e867e9-2745-4f16-8dd4-84334a252b61\",\n \"value\": \"foo@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/77fe4fb3-2d4e-4532-b568-c44b0aece0aa.json", "content": "{\n \"id\": \"77fe4fb3-2d4e-4532-b568-c44b0aece0aa\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/8248bb5d-8ef7-45e3-8e07-9e2003dd5352.json", "content": "{\n \"id\": \"8248bb5d-8ef7-45e3-8e07-9e2003dd5352\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/90b4f970-b9ae-42bc-a0a7-73ec750e0aa1.json", "content": "{\n \"id\": \"90b4f970-b9ae-42bc-a0a7-73ec750e0aa1\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/a79bfcf1-68ae-49de-8b23-4f96921b8341.json", "content": "{\n \"id\": \"a79bfcf1-68ae-49de-8b23-4f96921b8341\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc.json", "content": "{\n \"id\": \"aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/settings_flow/cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba.json", "content": "{\n \"id\": \"cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/settings\",\n \"active\": \"profile\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"identity\": {\n \"id\": \"a251ebc2-880c-4f76-a8f3-38e6940eab0e\",\n \"schema_id\": \"default\",\n \"schema_url\": \"https://www.ory.sh/schemas/ZGVmYXVsdA\",\n \"state\": \"active\",\n \"traits\": {\n \"email\": \"foobar@ory.sh\"\n },\n \"verifiable_addresses\": [\n {\n \"id\": \"b2d59320-8564-4400-a39f-a22a497a23f1\",\n \"value\": \"foobar+without-code@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"c2427b6d-312b-46d9-9285-536db7ae11fd\",\n \"value\": \"foobar@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n },\n {\n \"id\": \"d4718a67-aec2-418d-8173-6ebc7bde3b86\",\n \"value\": \"foobar+11345642c6c0@ory.sh\",\n \"verified\": false,\n \"via\": \"email\",\n \"status\": \"pending\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"recovery_addresses\": [\n {\n \"id\": \"b8293f1c-010f-45d9-b809-f3fc5365ba80\",\n \"value\": \"foobar@ory.sh\",\n \"via\": \"email\",\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\"\n }\n ],\n \"metadata_public\": null,\n \"created_at\": \"2013-10-07T08:23:19Z\",\n \"updated_at\": \"2013-10-07T08:23:19Z\",\n \"organization_id\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/29b2c16e-2955-4faa-bd16-33af098cdf83.json", "content": "{\n \"id\": \"29b2c16e-2955-4faa-bd16-33af098cdf83\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"passed_challenge\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/3631e880-ce59-4cbd-a705-0d825eea590d.json", "content": "{\n \"id\": \"3631e880-ce59-4cbd-a705-0d825eea590d\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"passed_challenge\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/42f31e47-65e1-4be9-80ea-e5d8ed64b236.json", "content": "{\n \"id\": \"42f31e47-65e1-4be9-80ea-e5d8ed64b236\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"passed_challenge\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/5385c962-0295-4575-9b1b-d7eef13c0eda.json", "content": "{\n \"id\": \"5385c962-0295-4575-9b1b-d7eef13c0eda\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/registration\",\n \"active\": \"link\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"choose_method\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/6aae3159-b880-4cfb-a863-03b114b1371b.json", "content": "{\n \"id\": \"6aae3159-b880-4cfb-a863-03b114b1371b\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/7be6c72c-c868-4b61-a1f0-1130603665d1.json", "content": "{\n \"id\": \"7be6c72c-c868-4b61-a1f0-1130603665d1\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/7be6c72c-c868-4b61-a1f0-1130603665d8.json", "content": "{\n \"id\": \"7be6c72c-c868-4b61-a1f0-1130603665d8\",\n \"type\": \"api\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/81f74e5d-1fa5-4e1b-a9bf-e95119260471.json", "content": "{\n \"id\": \"81f74e5d-1fa5-4e1b-a9bf-e95119260471\",\n \"type\": \"api\",\n \"expires_at\": \"2022-11-03T08:23:19Z\",\n \"issued_at\": \"2022-11-03T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/81f74e5d-1fa5-4e1b-a9bf-e9511926047c.json", "content": "{\n \"id\": \"81f74e5d-1fa5-4e1b-a9bf-e9511926047c\",\n \"type\": \"api\",\n \"expires_at\": \"2022-11-03T08:23:19Z\",\n \"issued_at\": \"2022-11-03T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/a8e2b810-a561-4a9e-bbd8-37f649bc26fa.json", "content": "{\n \"id\": \"a8e2b810-a561-4a9e-bbd8-37f649bc26fa\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"passed_challenge\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_flow/b37d34c2-4290-4be4-9e3a-c6263ee77082.json", "content": "{\n \"id\": \"b37d34c2-4290-4be4-9e3a-c6263ee77082\",\n \"type\": \"browser\",\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\",\n \"request_url\": \"http://kratos:4433/self-service/browser/flows/verification/email\",\n \"ui\": {\n \"action\": \"\",\n \"method\": \"\",\n \"nodes\": null\n },\n \"state\": \"show_form\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_token/ee56574d-2f0c-43f6-8d26-0062938ae330.json", "content": "{\n \"id\": \"ee56574d-2f0c-43f6-8d26-0062938ae330\",\n \"verification_address\": null,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_token/ee56574d-2f1c-43f6-8d26-0062938ae330.json", "content": "{\n \"id\": \"ee56574d-2f1c-43f6-8d26-0062938ae330\",\n \"verification_address\": null,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/fixtures/verification_token/f81fd924-23bb-4cdf-8fa0-56253eff6cc9.json", "content": "{\n \"id\": \"f81fd924-23bb-4cdf-8fa0-56253eff6cc9\",\n \"verification_address\": null,\n \"expires_at\": \"2013-10-07T08:23:19Z\",\n \"issued_at\": \"2013-10-07T08:23:19Z\"\n}\n" }, { "path": "persistence/sql/migratest/migration_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage migratest\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/bradleyjkemp/cupaloy/v2\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/driver\"\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence/sql\"\n\tgomigrations \"github.com/ory/kratos/persistence/sql/migrations/go\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/fsx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/migratest\"\n\t\"github.com/ory/x/networkx\"\n\t\"github.com/ory/x/pagination/keysetpagination\"\n\t\"github.com/ory/x/popx\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/sqlcon/dockertest\"\n)\n\nfunc snapshotFor(paths ...string) *cupaloy.Config {\n\treturn cupaloy.New(\n\t\tcupaloy.CreateNewAutomatically(true),\n\t\tcupaloy.FailOnUpdate(true),\n\t\tcupaloy.SnapshotFileExtension(\".json\"),\n\t\tcupaloy.SnapshotSubdirectory(filepath.Join(paths...)),\n\t)\n}\n\nfunc CompareWithFixture(t *testing.T, actual interface{}, prefix string, id string) {\n\ts := snapshotFor(\"fixtures\", prefix)\n\tactualJSON, err := json.MarshalIndent(actual, \"\", \" \")\n\trequire.NoError(t, err)\n\terr = s.SnapshotWithName(id, actualJSON)\n\tassert.NoErrorf(t, err, \"actual = %s\", string(actualJSON))\n}\n\nfunc TestMigrations_SQLite(t *testing.T) {\n\tt.Parallel()\n\tsqlite, err := pop.NewConnection(&pop.ConnectionDetails{\n\t\tURL: dbal.NewSQLiteTestDatabase(t),\n\t})\n\trequire.NoError(t, err)\n\trequire.NoError(t, sqlite.Open())\n\n\ttestDatabase(t, \"sqlite\", sqlite)\n}\n\nfunc TestMigrations_Postgres(t *testing.T) {\n\tif testing.Short() {\n\t\tt.Skip(\"skipping testing in short mode\")\n\t}\n\tt.Parallel()\n\ttestDatabase(t, \"postgres\", dockertest.ConnectPop(t, dockertest.RunTestPostgreSQLWithVersion(t, \"16\")))\n}\n\nfunc TestMigrations_Mysql(t *testing.T) {\n\tif testing.Short() {\n\t\tt.Skip(\"skipping testing in short mode\")\n\t}\n\tt.Parallel()\n\ttestDatabase(t, \"mysql\", dockertest.ConnectPop(t, dockertest.RunTestMySQLWithVersion(t, \"8.4\")))\n}\n\nfunc TestMigrations_Cockroach(t *testing.T) {\n\tif testing.Short() {\n\t\tt.Skip(\"skipping testing in short mode\")\n\t}\n\tt.Parallel()\n\ttestDatabase(t, \"cockroach\", dockertest.ConnectPop(t, dockertest.RunTestCockroachDBWithVersion(t, \"latest-v25.4\")))\n}\n\nfunc testDatabase(t *testing.T, db string, c *pop.Connection) {\n\tctx := context.Background()\n\tl := logrusx.New(\"\", \"\", logrusx.ForceLevel(logrus.DebugLevel))\n\n\turl := c.URL()\n\t// workaround for https://github.com/ory/pop/issues/538\n\tswitch db {\n\tcase \"mysql\":\n\t\turl = \"mysql://\" + url\n\tcase \"sqlite\":\n\t\turl = \"sqlite3://\" + url\n\tcase \"cockroach\":\n\t\turl = \"cockroach\" + strings.TrimPrefix(url, \"postgres\")\n\t}\n\tif db != \"sqlite\" {\n\t\tdbName := \"testdb\" + strings.ReplaceAll(x.NewUUID().String(), \"-\", \"\")\n\t\trequire.NoError(t, c.RawQuery(\"CREATE DATABASE \"+dbName).Exec())\n\t\turl = regexp.MustCompile(`/[a-z0-9]+\\?`).ReplaceAllString(url, \"/\"+dbName+\"?\")\n\t}\n\n\tt.Logf(\"URL: %s\", url)\n\tvar err error\n\tc, err = pop.NewConnection(&pop.ConnectionDetails{URL: url})\n\trequire.NoError(t, err)\n\trequire.NoError(t, c.Open())\n\n\ttm, err := popx.NewMigrationBox(\n\t\tfsx.Merge(sql.Migrations, networkx.Migrations),\n\t\tc, l,\n\t\tpopx.WithGoMigrations(gomigrations.All),\n\t\tpopx.WithTestdata(t, os.DirFS(\"./testdata\")),\n\t)\n\trequire.NoError(t, err)\n\n\terr = tm.Up(ctx) // for easy breakpointing\n\t// _ = tm.DumpMigrationSchema(ctx) // uncomment to get the current state of the database after migrations have run\n\tif !assert.NoError(t, err) {\n\t\tassert.NoError(t, tm.DumpMigrationSchema(ctx))\n\t\tt.FailNow()\n\t}\n\n\topts := driver.WithConfigOptions(\n\t\tconfigx.WithValues(map[string]any{\n\t\t\tconfig.ViperKeyDSN: url,\n\t\t\tconfig.ViperKeyPublicBaseURL: \"https://www.ory.sh/\",\n\t\t\tconfig.ViperKeyIdentitySchemas: config.Schemas{{ID: \"default\", URL: \"file://stub/default.schema.json\"}},\n\t\t\tconfig.ViperKeySecretsDefault: []string{\"secret\"},\n\t\t}),\n\t\tconfigx.SkipValidation(),\n\t)\n\n\tt.Run(\"suite=fixtures\", func(t *testing.T) {\n\t\tt.Run(\"case=identity\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tids, _, err := d.PrivilegedIdentityPool().ListIdentities(context.Background(), identity.ListIdentityParameters{Expand: identity.ExpandEverything, KeySetPagination: []keysetpagination.Option{keysetpagination.WithSize(1000)}})\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\tvar found []string\n\t\t\tfor y, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tactual := &ids[y]\n\n\t\t\t\tfor _, a := range actual.VerifiableAddresses {\n\t\t\t\t\tCompareWithFixture(t, a, \"identity_verification_address\", a.ID.String())\n\t\t\t\t}\n\n\t\t\t\tfor _, a := range actual.RecoveryAddresses {\n\t\t\t\t\tCompareWithFixture(t, a, \"identity_recovery_address\", a.ID.String())\n\t\t\t\t}\n\n\t\t\t\tCompareWithFixture(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), \"identity\", id.ID.String())\n\t\t\t}\n\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"identity\"), found)\n\t\t})\n\n\t\tt.Run(\"case=identity_get\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tids, _, err := d.PrivilegedIdentityPool().ListIdentities(context.Background(), identity.ListIdentityParameters{Expand: identity.ExpandNothing, KeySetPagination: []keysetpagination.Option{keysetpagination.WithSize(1000)}})\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tactual, err := d.PrivilegedIdentityPool().GetIdentityConfidential(context.Background(), id.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tfound = append(found, actual.ID.String())\n\n\t\t\t\tCompareWithFixture(t, identity.WithCredentialsAndAdminMetadataInJSON(*actual), \"identity\", id.ID.String())\n\t\t\t}\n\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"identity\"), found)\n\t\t})\n\n\t\tt.Run(\"case=verification_token\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []link.VerificationToken\n\n\t\t\trequire.NoError(t, c.All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\tfor _, id := range ids {\n\t\t\t\tCompareWithFixture(t, id, \"verification_token\", id.ID.String())\n\t\t\t}\n\t\t})\n\n\t\tt.Run(\"case=session\", func(t *testing.T) {\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []session.Session\n\t\t\trequire.NoError(t, c.Select(\"id\").All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tactual, err := d.SessionPersister().GetSession(context.Background(), id.ID, session.ExpandEverything)\n\t\t\t\trequire.NoErrorf(t, err, \"Trying to get session: %s\", id.ID)\n\t\t\t\trequire.NotEmpty(t, actual.LogoutToken, \"check if migrations have generated a logout token for existing sessions\")\n\t\t\t\tCompareWithFixture(t, actual, \"session\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"session\"), found)\n\t\t})\n\n\t\tt.Run(\"case=login\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []login.Flow\n\t\t\trequire.NoError(t, c.Select(\"id\").All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tactual, err := d.LoginFlowPersister().GetLoginFlow(context.Background(), id.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tCompareWithFixture(t, actual, \"login_flow\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"login_flow\"), found)\n\t\t})\n\n\t\tt.Run(\"case=registration\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []registration.Flow\n\t\t\trequire.NoError(t, c.Select(\"id\").All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tactual, err := d.RegistrationFlowPersister().GetRegistrationFlow(context.Background(), id.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tCompareWithFixture(t, actual, \"registration_flow\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"registration_flow\"), found)\n\t\t})\n\n\t\tt.Run(\"case=settings_flow\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []settings.Flow\n\t\t\trequire.NoError(t, c.Select(\"id\").All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tactual, err := d.SettingsFlowPersister().GetSettingsFlow(context.Background(), id.ID)\n\t\t\t\trequire.NoError(t, err, id.ID.String())\n\t\t\t\tCompareWithFixture(t, actual, \"settings_flow\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"settings_flow\"), found)\n\t\t})\n\n\t\tt.Run(\"case=recovery_flow\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []recovery.Flow\n\t\t\trequire.NoError(t, c.Select(\"id\").All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tactual, err := d.RecoveryFlowPersister().GetRecoveryFlow(context.Background(), id.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tCompareWithFixture(t, actual, \"recovery_flow\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"recovery_flow\"), found)\n\t\t})\n\n\t\tt.Run(\"case=verification_flow\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []verification.Flow\n\t\t\trequire.NoError(t, c.Select(\"id\").All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\td, err := driver.New(\n\t\t\t\tcontext.Background(),\n\t\t\t\tos.Stderr,\n\t\t\t\topts,\n\t\t\t)\n\t\t\trequire.NoError(t, err)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tactual, err := d.VerificationFlowPersister().GetVerificationFlow(context.Background(), id.ID)\n\t\t\t\trequire.NoError(t, err)\n\t\t\t\tCompareWithFixture(t, actual, \"verification_flow\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"verification_flow\"), found)\n\t\t})\n\n\t\tt.Run(\"case=recovery_token\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []link.RecoveryToken\n\t\t\trequire.NoError(t, c.All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tCompareWithFixture(t, id, \"recovery_token\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"recovery_token\"), found)\n\t\t})\n\n\t\tt.Run(\"case=recovery_code\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []code.RecoveryCode\n\t\t\trequire.NoError(t, c.All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tCompareWithFixture(t, id, \"recovery_code\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"recovery_code\"), found)\n\t\t})\n\n\t\tt.Run(\"case=registration_code\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []code.RegistrationCode\n\t\t\trequire.NoError(t, c.All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tCompareWithFixture(t, id, \"registration_code\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"registration_code\"), found)\n\t\t})\n\n\t\tt.Run(\"case=login_code\", func(t *testing.T) {\n\n\t\t\tt.Parallel()\n\n\t\t\tvar ids []code.LoginCode\n\t\t\trequire.NoError(t, c.All(&ids))\n\t\t\trequire.NotEmpty(t, ids)\n\n\t\t\tvar found []string\n\t\t\tfor _, id := range ids {\n\t\t\t\tfound = append(found, id.ID.String())\n\t\t\t\tCompareWithFixture(t, id, \"login_code\", id.ID.String())\n\t\t\t}\n\t\t\tmigratest.ContainsExpectedIds(t, filepath.Join(\"fixtures\", \"login_code\"), found)\n\t\t})\n\t})\n\n\tt.Run(\"suite=constraints\", func(t *testing.T) {\n\t\tt.Cleanup(func() {\n\t\t\t// clean up test duplicates - remove identity_credential_identifiers 10985ed1-5b6e-4012-ac10-03d87df65618 - otherwise down migration later fails.\n\t\t\trequire.NoError(t, c.RawQuery(\"DELETE FROM identity_credential_identifiers WHERE identifier = '10985ed1-5b6e-4012-ac10-03d87df65618'\").Exec())\n\t\t})\n\n\t\td, err := driver.New(\n\t\t\tcontext.Background(),\n\t\t\tos.Stderr,\n\t\t\topts,\n\t\t)\n\t\trequire.NoError(t, err)\n\n\t\tsr, err := d.SettingsFlowPersister().GetSettingsFlow(context.Background(), x.ParseUUID(\"a79bfcf1-68ae-49de-8b23-4f96921b8341\"))\n\t\trequire.NoError(t, err)\n\n\t\trequire.NoError(t, d.PrivilegedIdentityPool().DeleteIdentity(context.Background(), sr.IdentityID))\n\n\t\t_, err = d.SettingsFlowPersister().GetSettingsFlow(context.Background(), x.ParseUUID(\"a79bfcf1-68ae-49de-8b23-4f96921b8341\"))\n\t\trequire.Error(t, err)\n\t\trequire.ErrorIs(t, err, sqlcon.ErrNoRows)\n\t})\n\n\tt.Run(\"suite=down\", func(t *testing.T) {\n\t\terr = tm.Down(ctx, -1) // for easy breakpointing\n\t\tif !assert.NoError(t, err) {\n\t\t\tassert.NoError(t, tm.DumpMigrationSchema(ctx))\n\t\t\tt.FailNow()\n\t\t}\n\t})\n}\n" }, { "path": "persistence/sql/migratest/stub/default.schema.json", "content": "{\n \"$id\": \"https://example.com/person.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n\n \"email\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n },\n \"verification\": {\n \"via\": \"email\"\n },\n \"recovery\": {\n \"via\": \"email\"\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "persistence/sql/migratest/testdata/20150100000001_testdata.sql", "content": "INSERT INTO networks (id, created_at, updated_at) VALUES ('884f556e-eb3a-4b9f-bee3-11345642c6c0', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20191100000001_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000002_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000003_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000004_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000005_testdata.mysql.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000006_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000007_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000008_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000009_testdata.mysql.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000010_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000011_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20191100000012_testdata.sql", "content": "-- no test data up until v0.3.0\n\n" }, { "path": "persistence/sql/migratest/testdata/20200317160354_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20200401183443_testdata.sql", "content": "-- no test data up until v0.3.0\n" }, { "path": "persistence/sql/migratest/testdata/20200402142539_testdata.sql", "content": "INSERT INTO identities (id, traits_schema_id, traits, created_at, updated_at) VALUES ('a251ebc2-880c-4f76-a8f3-38e6940eab0e', 'default', '{\"email\":\"foobar@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO identities (id, traits_schema_id, traits, created_at, updated_at) VALUES ('5ff66179-c240-4703-b0d8-494592cefff5', 'default', '{\"email\":\"bazbar@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO continuity_containers (id, identity_id, name, payload, expires_at, created_at, updated_at) VALUES ('50ba09d3-481b-4060-844a-9541a9cec39c', '5ff66179-c240-4703-b0d8-494592cefff5', 'ory_kratos_settings_profile', '{\"traits\":{\"email\":\"baz@ory.sh\"},\"request_id\":\"\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO courier_messages (id, type, status, body, subject, recipient, created_at, updated_at) VALUES ('98f45a85-0782-49f1-a7b5-8f83d160b4a5', 1, 2, 'Hi, Verify your account by opening the following link:\n\nhttp://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/verification/email/confirm/swmcFweNFSfvTSTKecmZjO6I8x0hxzZS', 'Please verify your email address', 'foo@ory.sh', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO courier_messages (id, type, status, body, subject, recipient, created_at, updated_at) VALUES ('7a9d6df4-3b60-4cae-996e-d15d78b0fc36', 1, 2, 'Hi, Verify your account by opening the following link: http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/verification/email/confirm/u9ZcBr5HbRTR8f53Qj2Ng3KR8Mv1Zjdb', 'Please verify your email address', 'foobar@ory.sh', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO courier_messages (id, type, status, body, subject, recipient, created_at, updated_at) VALUES ('77fdc5e0-2260-49da-8aae-c36ba255d05b', 1, 2, 'Hi, Verify your account by opening the following link: http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/verification/email/confirm/SQcSX0Jx6IVEDKqAuaLZLNEw00J4vlig', 'Please verify your email address', 'foobar@ory.sh', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO courier_messages (id, type, status, body, subject, recipient, created_at, updated_at) VALUES ('a3ea4c30-0c6e-47b1-99ba-8fa69282e166', 1, 2, 'Hi, Verify your account by opening the following link: http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/verification/email/confirm/AtsREGbtXu0RlIcwv3RPpxHEZNEcq3R9', 'Please verify your email address', 'foo@ory.sh', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO identity_credential_types (id, name) VALUES ('22bff9ae-f5aa-45d7-803b-97ec0b4e7b32', 'password');\nINSERT INTO identity_credential_types (id, name) VALUES ('8071b37b-0d54-4c6f-8234-72cffb4ce784', 'totp');\n\nINSERT INTO identity_credentials (id, config, identity_credential_type_id, identity_id, created_at, updated_at) VALUES ('35b60ecf-30f9-42d6-bf5d-47ad41148691', '{\"hashed_password\":\"$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng\"}', '22bff9ae-f5aa-45d7-803b-97ec0b4e7b32', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO identity_credentials (id, config, identity_credential_type_id, identity_id, created_at, updated_at) VALUES ('74ac2d31-bccb-442f-a792-7b8bb14817f8', '{\"hashed_password\":\"$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng\"}', '22bff9ae-f5aa-45d7-803b-97ec0b4e7b32', '5ff66179-c240-4703-b0d8-494592cefff5', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO identity_credential_identifiers (id, identifier, identity_credential_id, created_at, updated_at) VALUES ('f63a74f9-12da-439d-a8ce-b0157cd163b1', 'foobar@ory.sh', '35b60ecf-30f9-42d6-bf5d-47ad41148691', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO identity_credential_identifiers (id, identifier, identity_credential_id, created_at, updated_at) VALUES ('1f51d652-8504-4d26-8615-989fd76b7ebf', 'foo@ory.sh', '74ac2d31-bccb-442f-a792-7b8bb14817f8', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO identity_verifiable_addresses (id, code, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at) VALUES ('c2427b6d-312b-46d9-9285-536db7ae11fd', 'SQcSX0Jx6IVEDKqAuaLZLNEw00J4vlig', 'pending', 'email', false, 'foobar@ory.sh', null, '2013-10-07 08:23:19', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO identity_verifiable_addresses (id, code, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at) VALUES ('45e867e9-2745-4f16-8dd4-84334a252b61', 'AtsREGbtXu0RlIcwv3RPpxHEZNEcq3R9', 'pending', 'email', false, 'foo@ory.sh', null, '2013-10-07 08:23:19', '5ff66179-c240-4703-b0d8-494592cefff5', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) VALUES ('3a9ea34f-0f12-469b-9417-3ae5795a7baa', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false);\nINSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) VALUES ('916ded11-aa64-4a27-b06e-96e221a509d7', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'JdXCIeZGYglwUTjEC5PpKO5LFDEbeVOketqK5hdfZgFX379dVpLcRyRs+lteQJ1PxTMlyN0+btkz+5iVm4miIg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false);\nINSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) VALUES ('99974ce6-388c-4669-a95a-7757ee724020', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'OXDnJU8yP+iXXsf2TduzRYrDLfksjC0vRdU+nN5bdo+YeQt5xGWKbqEX/gggqE1ntM7qavC/qqzaR2B1Pk88Ew==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false);\nINSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) VALUES ('6d387820-f2f4-4f9f-9980-a90d89e7811f', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'Nrq+T0uNsSL8ztjmnbIB2V6NodqifoG+HZ4q6NSAnnWXs1ITwNoEpMqH4Rjwwf/7YIBmSX5NBj2CDHQBNJTU6Q==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false);\nINSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) VALUES ('202c1981-1e25-47f0-8764-75ad506c2bec', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', '7esV9o+i9BJCvpBz3HXWxBPI2802lrGtt3+dBIwBZ/1M4vmqBPVBlHT3qY2xBijmLcUcXuqlNi4o7cPtbBUtYQ==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false);\nINSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) VALUES ('43c99182-bb67-47e1-b564-bb23bd8d4393', 'http://kratos:4433/self-service/browser/flows/login?prompt=login&return_to=http%3A%2F%2F127.0.0.1%3A4455%2F.ory%2Fkratos%2Fpublic%2Fself-service%2Fbrowser%2Fflows%2Fsettings%2Fstrategies%2Fprofile%3Frequest%3D74fd6c53-7651-453e-90b8-2c5adbf911bb', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'dUD3MWqAmTdyoz2xwC9g5Dpv0g1aGUqAHOOsjy+IOh0vfPDqpKSudgZNSq9dqdxft4M0DN411z+5qSCMre5lmg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', true);\n\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('9944614a-8f43-421d-aa7d-f051391e463f', 'password', '3a9ea34f-0f12-469b-9417-3ae5795a7baa', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=3a9ea34f-0f12-469b-9417-3ae5795a7baa\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('a2c9f597-6eb2-4ea5-972b-4f4ffa828a6c', 'oidc', '3a9ea34f-0f12-469b-9417-3ae5795a7baa', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/3a9ea34f-0f12-469b-9417-3ae5795a7baa\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('227aa2c4-acf3-489f-a239-7f18d4bc2828', 'password', '916ded11-aa64-4a27-b06e-96e221a509d7', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=916ded11-aa64-4a27-b06e-96e221a509d7\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"JdXCIeZGYglwUTjEC5PpKO5LFDEbeVOketqK5hdfZgFX379dVpLcRyRs+lteQJ1PxTMlyN0+btkz+5iVm4miIg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('bd498938-863f-41de-a60f-69af4220db36', 'oidc', '916ded11-aa64-4a27-b06e-96e221a509d7', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/916ded11-aa64-4a27-b06e-96e221a509d7\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"JdXCIeZGYglwUTjEC5PpKO5LFDEbeVOketqK5hdfZgFX379dVpLcRyRs+lteQJ1PxTMlyN0+btkz+5iVm4miIg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('9cdeaa86-1242-4c62-99b6-575d900d4c47', 'password', '99974ce6-388c-4669-a95a-7757ee724020', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=99974ce6-388c-4669-a95a-7757ee724020\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"OXDnJU8yP+iXXsf2TduzRYrDLfksjC0vRdU+nN5bdo+YeQt5xGWKbqEX/gggqE1ntM7qavC/qqzaR2B1Pk88Ew==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('b370b9bf-b785-4c8a-a013-245adc8db117', 'oidc', '99974ce6-388c-4669-a95a-7757ee724020', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/99974ce6-388c-4669-a95a-7757ee724020\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"OXDnJU8yP+iXXsf2TduzRYrDLfksjC0vRdU+nN5bdo+YeQt5xGWKbqEX/gggqE1ntM7qavC/qqzaR2B1Pk88Ew==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('df9bc6af-5b62-4f38-8bac-618937a67ff8', 'password', '6d387820-f2f4-4f9f-9980-a90d89e7811f', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=6d387820-f2f4-4f9f-9980-a90d89e7811f\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"Nrq+T0uNsSL8ztjmnbIB2V6NodqifoG+HZ4q6NSAnnWXs1ITwNoEpMqH4Rjwwf/7YIBmSX5NBj2CDHQBNJTU6Q==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('9cb49264-492d-49d2-8b19-ed1b7506d5ba', 'oidc', '6d387820-f2f4-4f9f-9980-a90d89e7811f', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/6d387820-f2f4-4f9f-9980-a90d89e7811f\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"Nrq+T0uNsSL8ztjmnbIB2V6NodqifoG+HZ4q6NSAnnWXs1ITwNoEpMqH4Rjwwf/7YIBmSX5NBj2CDHQBNJTU6Q==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('ccc3dbc3-302c-4f55-8f30-891975843ed4', 'password', '202c1981-1e25-47f0-8764-75ad506c2bec', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=202c1981-1e25-47f0-8764-75ad506c2bec\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"7esV9o+i9BJCvpBz3HXWxBPI2802lrGtt3+dBIwBZ/1M4vmqBPVBlHT3qY2xBijmLcUcXuqlNi4o7cPtbBUtYQ==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('49a44013-0650-4393-bad0-d3aaa7396fd6', 'oidc', '202c1981-1e25-47f0-8764-75ad506c2bec', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/202c1981-1e25-47f0-8764-75ad506c2bec\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"7esV9o+i9BJCvpBz3HXWxBPI2802lrGtt3+dBIwBZ/1M4vmqBPVBlHT3qY2xBijmLcUcXuqlNi4o7cPtbBUtYQ==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('6ba34380-19e5-473d-9181-e8f7def63235', 'oidc', '43c99182-bb67-47e1-b564-bb23bd8d4393', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/43c99182-bb67-47e1-b564-bb23bd8d4393\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"dUD3MWqAmTdyoz2xwC9g5Dpv0g1aGUqAHOOsjy+IOh0vfPDqpKSudgZNSq9dqdxft4M0DN411z+5qSCMre5lmg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_login_request_methods (id, method, selfservice_login_request_id, config, created_at, updated_at) VALUES ('32477a6c-b6a5-482f-a218-287dc1208d8e', 'password', '43c99182-bb67-47e1-b564-bb23bd8d4393', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=43c99182-bb67-47e1-b564-bb23bd8d4393\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"foo@ory.sh\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"dUD3MWqAmTdyoz2xwC9g5Dpv0g1aGUqAHOOsjy+IOh0vfPDqpKSudgZNSq9dqdxft4M0DN411z+5qSCMre5lmg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_registration_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) VALUES ('87fa3f43-5155-42b4-a1ad-174c2595fdaf', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) VALUES ('2bf132e0-5d40-4df9-9a11-9106e5333735', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'eyxQ2bNdAWBqzkZpRbzPQDpbDtpdqkkz2b7awuCdg6EJJi2lA4m/Lj7zhPYQb7snESM/I5vtdE6Qn8ixbEtHgg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) VALUES ('05a7f09d-4ef3-41fb-958a-6ad74584b36a', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'R3+y/kB6m+17C3HRkAYQJ+KOIpruSQnbplm+t3JiQd7mdl6iyy0ua01CSC/9de4F3IPlCTJ6jlg5y+BeknYLQg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) VALUES ('22d58184-b97d-44a5-bbaf-0aa8b4000d81', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'vtujrgwX3K+icdz8iHW3WD4VYd+QIGCb1NqjWcF+wj4f0k/yh0BpKZQ45QLlBkl6ABimTEwT5xhLSP2wIWqIog==', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('634a863d-2f86-40f3-aa82-29ac211e2484', 'password', '87fa3f43-5155-42b4-a1ad-174c2595fdaf', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/registration/strategies/password?request=87fa3f43-5155-42b4-a1ad-174c2595fdaf\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"KeEp3OT+pHSXJpZAP+C1hR3yr4eIjUBDhg9tc/F1WI1b61SgVCoaOsMbVN9qM8HiNoqefk7KfT7PLn8AfaOcrg==\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true,\"errors\":[{\"message\":\"the password does not fulfill the password policy because: the password has been found in data breaches and must no longer be used.\"}]},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo@ory.sh\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('08ce0a27-50ee-4e9a-aa75-2a842fb6825b', 'oidc', '87fa3f43-5155-42b4-a1ad-174c2595fdaf', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/87fa3f43-5155-42b4-a1ad-174c2595fdaf\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('fd51365b-b954-4a2a-9367-98a37cabf86c', 'password', '2bf132e0-5d40-4df9-9a11-9106e5333735', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/registration/strategies/password?request=2bf132e0-5d40-4df9-9a11-9106e5333735\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"eyxQ2bNdAWBqzkZpRbzPQDpbDtpdqkkz2b7awuCdg6EJJi2lA4m/Lj7zhPYQb7snESM/I5vtdE6Qn8ixbEtHgg==\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"traits.email\",\"type\":\"email\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('c65e1f49-d458-42a8-940b-8dc956804616', 'oidc', '2bf132e0-5d40-4df9-9a11-9106e5333735', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/2bf132e0-5d40-4df9-9a11-9106e5333735\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"eyxQ2bNdAWBqzkZpRbzPQDpbDtpdqkkz2b7awuCdg6EJJi2lA4m/Lj7zhPYQb7snESM/I5vtdE6Qn8ixbEtHgg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('39f85951-6d5d-43c8-afeb-a93d041f38e4', 'password', '05a7f09d-4ef3-41fb-958a-6ad74584b36a', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/registration/strategies/password?request=05a7f09d-4ef3-41fb-958a-6ad74584b36a\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"R3+y/kB6m+17C3HRkAYQJ+KOIpruSQnbplm+t3JiQd7mdl6iyy0ua01CSC/9de4F3IPlCTJ6jlg5y+BeknYLQg==\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"traits.email\",\"type\":\"email\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('8555b5d4-7f0c-4353-bddb-0601bc1c7387', 'oidc', '05a7f09d-4ef3-41fb-958a-6ad74584b36a', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/05a7f09d-4ef3-41fb-958a-6ad74584b36a\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"R3+y/kB6m+17C3HRkAYQJ+KOIpruSQnbplm+t3JiQd7mdl6iyy0ua01CSC/9de4F3IPlCTJ6jlg5y+BeknYLQg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('3573b093-4ea1-4f7c-bd90-2bd44275c36f', 'password', '22d58184-b97d-44a5-bbaf-0aa8b4000d81', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/registration/strategies/password?request=22d58184-b97d-44a5-bbaf-0aa8b4000d81\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"vtujrgwX3K+icdz8iHW3WD4VYd+QIGCb1NqjWcF+wj4f0k/yh0BpKZQ45QLlBkl6ABimTEwT5xhLSP2wIWqIog==\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"traits.email\",\"type\":\"email\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_registration_request_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at) VALUES ('c8853b14-a511-4367-a530-b79a514c701b', 'oidc', '22d58184-b97d-44a5-bbaf-0aa8b4000d81', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/22d58184-b97d-44a5-bbaf-0aa8b4000d81\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"vtujrgwX3K+icdz8iHW3WD4VYd+QIGCb1NqjWcF+wj4f0k/yh0BpKZQ45QLlBkl6ABimTEwT5xhLSP2wIWqIog==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_settings_requests (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) VALUES ('21c5f714-3089-49d2-b387-f244d4dd9e00', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile');\nINSERT INTO selfservice_settings_requests (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) VALUES ('194c5b05-0487-4a11-bcbc-f301c9ff9678', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', true, 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', null);\nINSERT INTO selfservice_settings_requests (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) VALUES ('74fd6c53-7651-453e-90b8-2c5adbf911bb', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, '5ff66179-c240-4703-b0d8-494592cefff5', '2013-10-07 08:23:19', '2013-10-07 08:23:19', null);\n\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('71896798-3844-4269-bdab-9a9f1f6160f3', 'profile', '21c5f714-3089-49d2-b387-f244d4dd9e00', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"yDwSg0quCmc4kBl7lBqYwGh4W8awrc+TpeWiigZs3iemRCwqeDhGdrW3sIv8T7u742pN+Kryx/NrdRpEXcT9qA==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo\",\"errors\":[{\"message\":\"validation failed\"},{\"message\":\"foo is not valid email\"},{\"message\":\"foo is not valid email\"}]}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('e8cfd338-5112-4311-b2ec-97ebc07fd7e9', 'password', '21c5f714-3089-49d2-b387-f244d4dd9e00', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/password?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"Yohg7gsfztSw5KSEt/7+Tnbfc3QBmFA7zvqPg7DuhdgM8F5HOYmCxT3DDXTfq901/c1lShvHWFsAajdN60amVw==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('61d63a2d-ad74-433a-bcfb-2c93ae7b4d9c', 'oidc', '21c5f714-3089-49d2-b387-f244d4dd9e00', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/settings/connections?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"Yohg7gsfztSw5KSEt/7+Tnbfc3QBmFA7zvqPg7DuhdgM8F5HOYmCxT3DDXTfq901/c1lShvHWFsAajdN60amVw==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('1966b9ba-1fe2-46b9-97f9-e4f86cc8f15d', 'password', '194c5b05-0487-4a11-bcbc-f301c9ff9678', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/password?request=194c5b05-0487-4a11-bcbc-f301c9ff9678\",\"method\":\"POST\",\"fields\":[{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"4apNE3S+VLL1UPu8GhyLOhdnhkzLZxrwTqZ/dx5xf3eP0nO6RigYo3h3UkxySahBnHWQctE4EpCANse5Rdlc+A==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('3095bd65-910b-4110-87fc-893e443df30c', 'oidc', '194c5b05-0487-4a11-bcbc-f301c9ff9678', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/settings/connections?request=194c5b05-0487-4a11-bcbc-f301c9ff9678\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"4apNE3S+VLL1UPu8GhyLOhdnhkzLZxrwTqZ/dx5xf3eP0nO6RigYo3h3UkxySahBnHWQctE4EpCANse5Rdlc+A==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('76da60ae-d629-48ed-92b2-5be892adbef7', 'profile', '194c5b05-0487-4a11-bcbc-f301c9ff9678', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=194c5b05-0487-4a11-bcbc-f301c9ff9678\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"IoLeYNbYJdALHIKvrgK7iYyMHA8r/rhG+6mr3z0nleRM+uDJ5E5pwYY7K1/GV5jyB54KMTGhsCY1ORMRZo+2aw==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foobar@ory.sh\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('5ce98190-d1e8-4034-a361-7a3e686551eb', 'profile', '74fd6c53-7651-453e-90b8-2c5adbf911bb', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=74fd6c53-7651-453e-90b8-2c5adbf911bb\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"G/2FjcQNeTJHOFrPP0ytFfC/AWeUDDB4DQs6SsMRMjxBwYJWCilOczPWLdGiyhGufVPnZhAgrceoQbZJQXdtuw==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"baz@ory.sh\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('fb401162-9db6-4be4-b44c-01ce724dd817', 'password', '74fd6c53-7651-453e-90b8-2c5adbf911bb', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/password?request=74fd6c53-7651-453e-90b8-2c5adbf911bb\",\"method\":\"POST\",\"fields\":[{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"4G7nFBBjlvSMDzqi3HXROK2ijGojM/2jXmoVHQPAz7i6UuDP3kehtfjhTbxB822DIE5qa6cfYBz7IJkegaaQPw==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_settings_request_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at) VALUES ('9068a486-20f2-42f1-b5b8-368aedbb7b89', 'oidc', '74fd6c53-7651-453e-90b8-2c5adbf911bb', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/strategies/oidc/settings/connections?request=74fd6c53-7651-453e-90b8-2c5adbf911bb\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"4G7nFBBjlvSMDzqi3HXROK2ijGojM/2jXmoVHQPAz7i6UuDP3kehtfjhTbxB822DIE5qa6cfYBz7IJkegaaQPw==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_verification_requests (id, request_url, issued_at, expires_at, form, via, csrf_token, success, created_at, updated_at) VALUES ('a8e2b810-a561-4a9e-bbd8-37f649bc26fa', 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'null', 'email', '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==', true, '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO selfservice_verification_requests (id, request_url, issued_at, expires_at, form, via, csrf_token, success, created_at, updated_at) VALUES ('b37d34c2-4290-4be4-9e3a-c6263ee77082', 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/verification/email/complete?request=b37d34c2-4290-4be4-9e3a-c6263ee77082\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"w+Amwv/g+QE/RaFUuc5/z7qnfFC2fxro9w9kUvoqhyBi6cqedLdMhwkMmKrUvYHthKq7w2pMnWtonTq7Gj7NvA==\"},{\"name\":\"to_verify\",\"type\":\"email\",\"required\":true}]}', 'email', 'w+Amwv/g+QE/RaFUuc5/z7qnfFC2fxro9w9kUvoqhyBi6cqedLdMhwkMmKrUvYHthKq7w2pMnWtonTq7Gj7NvA==', false, '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200519101057_testdata.sql", "content": "INSERT INTO identity_recovery_addresses (id, via, value, identity_id, created_at, updated_at)\nVALUES ('b8293f1c-010f-45d9-b809-f3fc5365ba80', 'email', 'foobar@ory.sh', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_recovery_requests (id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at)\nVALUES ('13178936-095a-466b-abe0-36d977d3dc18', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'link', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', 'choose_method', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_recovery_request_methods (id, method, selfservice_recovery_request_id, config, created_at, updated_at)\nVALUES ('921462a6-8af6-4cda-97b4-dc0930ed271b', 'link', '13178936-095a-466b-abe0-36d977d3dc18', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"yDwSg0quCmc4kBl7lBqYwGh4W8awrc+TpeWiigZs3iemRCwqeDhGdrW3sIv8T7u742pN+Kryx/NrdRpEXcT9qA==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo\",\"errors\":[{\"message\":\"validation failed\"},{\"message\":\"foo is not valid email\"},{\"message\":\"foo is not valid email\"}]}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO identity_recovery_tokens (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_request_id, created_at, updated_at)\nVALUES ('5529d454-2946-404e-b681-d950f8657fd0', 'd40c167d-a7f2-41a6-86b2-a5483001a010', false, null, 'b8293f1c-010f-45d9-b809-f3fc5365ba80', '13178936-095a-466b-abe0-36d977d3dc18', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200519101058_testdata.mysql.sql", "content": "-- empty\n" }, { "path": "persistence/sql/migratest/testdata/20200601101000_testdata.sql", "content": "INSERT INTO selfservice_settings_requests (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method, messages) VALUES\n('a79bfcf1-68ae-49de-8b23-4f96921b8341', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '[]');\n" }, { "path": "persistence/sql/migratest/testdata/20200601101001_testdata.mysql.sql", "content": "-- empty\n" }, { "path": "persistence/sql/migratest/testdata/20200605111551_testdata.sql", "content": "INSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages) VALUES ('56d94e8b-8a5d-4b7f-8a6e-3259d2b2903e', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, '[]');\nINSERT INTO selfservice_registration_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages) VALUES ('9edcf051-1cd0-44cc-bd2f-6ac21f0c24dd', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]');\nINSERT INTO selfservice_verification_requests (id, request_url, issued_at, expires_at, form, via, csrf_token, success, created_at, updated_at, messages) VALUES ('29b2c16e-2955-4faa-bd16-33af098cdf83', 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'null', 'email', '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==', true, '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]');\n" }, { "path": "persistence/sql/migratest/testdata/20200607165100_testdata.sql", "content": "INSERT INTO selfservice_settings_requests (id, request_url, issued_at, expires_at, state, identity_id, created_at, updated_at, active_method, messages) VALUES\n('77fe4fb3-2d4e-4532-b568-c44b0aece0aa', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'show_form', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '[]');\n" }, { "path": "persistence/sql/migratest/testdata/20200705105359_testdata.sql", "content": "INSERT INTO identities (id, schema_id, traits, created_at, updated_at) VALUES ('d7b9addb-ac15-4bc2-9fa5-562e0bf48755', 'default', '{\"email\":\"d7b9@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200810141652_testdata.sql", "content": "INSERT INTO selfservice_login_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages, type) VALUES ('47edd3a8-0998-4779-9469-f4b8ee4430df', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, '[]', 'api');\nINSERT INTO selfservice_registration_requests (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages, type) VALUES ('696e7022-c466-44f6-89c6-8cf93c06a62a', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'api');\nINSERT INTO selfservice_verification_requests (id, request_url, issued_at, expires_at, form, via, csrf_token, success, created_at, updated_at, messages, type) VALUES ('3631e880-ce59-4cbd-a705-0d825eea590d', 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'null', 'email', '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==', true, '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'api');\nINSERT INTO selfservice_settings_requests (id, request_url, issued_at, expires_at, state, identity_id, created_at, updated_at, active_method, messages) VALUES\n('cdfd1eed-34a4-491d-ad0a-7579d3a0a7ba', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'show_form', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '[]');\nINSERT INTO selfservice_recovery_requests (id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type)\nVALUES ('87e871e1-a45f-4ed0-ba4e-a03063c774dc', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'link', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', 'choose_method', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api');\n" }, { "path": "persistence/sql/migratest/testdata/20200810161022_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages, type)\nVALUES ('b1fac7fb-d016-4a06-a7fe-e4eab2a0429f', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, '[]', 'api');\nINSERT INTO selfservice_login_flow_methods (id, method, selfservice_login_request_id, config, created_at, updated_at)\nVALUES ('8ca78d66-772a-4408-804e-f5d3d9fe696e', 'password', 'b1fac7fb-d016-4a06-a7fe-e4eab2a0429f', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=3a9ea34f-0f12-469b-9417-3ae5795a7baa\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_registration_flows (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages, type)\nVALUES ('8ef215a9-e8d5-43b3-9aa3-cb4333562e36', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'api');\nINSERT INTO selfservice_registration_flow_methods (id, method, selfservice_registration_request_id, config, created_at, updated_at)\nVALUES ('356019d1-900e-4c6d-b3f1-564c86930979', 'password', '8ef215a9-e8d5-43b3-9aa3-cb4333562e36', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/registration/strategies/password?request=87fa3f43-5155-42b4-a1ad-174c2595fdaf\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"KeEp3OT+pHSXJpZAP+C1hR3yr4eIjUBDhg9tc/F1WI1b61SgVCoaOsMbVN9qM8HiNoqefk7KfT7PLn8AfaOcrg==\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true,\"errors\":[{\"message\":\"the password does not fulfill the password policy because: the password has been found in data breaches and must no longer be used.\"}]},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo@ory.sh\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_settings_flows (id, request_url, issued_at, expires_at, state, identity_id, created_at, updated_at, active_method, messages)\nVALUES ('90b4f970-b9ae-42bc-a0a7-73ec750e0aa1', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'show_form', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '[]');\nINSERT INTO selfservice_settings_flow_methods (id, method, selfservice_settings_request_id, config, created_at, updated_at)\nVALUES ('547e8444-b3b0-4de7-9fdf-b80d6a8de15f', 'profile', '90b4f970-b9ae-42bc-a0a7-73ec750e0aa1', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"yDwSg0quCmc4kBl7lBqYwGh4W8awrc+TpeWiigZs3iemRCwqeDhGdrW3sIv8T7u742pN+Kryx/NrdRpEXcT9qA==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo\",\"errors\":[{\"message\":\"validation failed\"},{\"message\":\"foo is not valid email\"},{\"message\":\"foo is not valid email\"}]}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_verification_flows (id, request_url, issued_at, expires_at, form, via, csrf_token, success, created_at, updated_at, messages, type)\nVALUES ('42f31e47-65e1-4be9-80ea-e5d8ed64b236', 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'null', 'email', '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==', true, '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'api');\n\nINSERT INTO selfservice_recovery_flows (id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type)\nVALUES ('0d14427f-e16d-43a5-8695-8278bf85d4eb', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'link', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', 'choose_method', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api');\nINSERT INTO selfservice_recovery_flow_methods (id, method, selfservice_recovery_request_id, config, created_at, updated_at)\nVALUES ('1a45ce9b-b527-4535-ad31-b808e481d280', 'link', '0d14427f-e16d-43a5-8695-8278bf85d4eb', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"yDwSg0quCmc4kBl7lBqYwGh4W8awrc+TpeWiigZs3iemRCwqeDhGdrW3sIv8T7u742pN+Kryx/NrdRpEXcT9qA==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo\",\"errors\":[{\"message\":\"validation failed\"},{\"message\":\"foo is not valid email\"},{\"message\":\"foo is not valid email\"}]}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200810162450_testdata.sql", "content": "INSERT INTO selfservice_login_flow_methods (id, method, selfservice_login_flow_id, config, created_at, updated_at)\nVALUES ('12aca2ae-248d-448c-a33c-5efb1b165238', 'password', 'b1fac7fb-d016-4a06-a7fe-e4eab2a0429f', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/login/strategies/password?request=3a9ea34f-0f12-469b-9417-3ae5795a7baa\",\"method\":\"POST\",\"fields\":[{\"name\":\"identifier\",\"type\":\"text\",\"required\":true,\"value\":\"\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true},{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_registration_flow_methods (id, method, selfservice_registration_flow_id, config, created_at, updated_at)\nVALUES ('4849e60b-bd37-4e51-9361-3b6c27f7b9f8', 'password', '8ef215a9-e8d5-43b3-9aa3-cb4333562e36', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/registration/strategies/password?request=87fa3f43-5155-42b4-a1ad-174c2595fdaf\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"KeEp3OT+pHSXJpZAP+C1hR3yr4eIjUBDhg9tc/F1WI1b61SgVCoaOsMbVN9qM8HiNoqefk7KfT7PLn8AfaOcrg==\"},{\"name\":\"password\",\"type\":\"password\",\"required\":true,\"errors\":[{\"message\":\"the password does not fulfill the password policy because: the password has been found in data breaches and must no longer be used.\"}]},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo@ory.sh\"}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_settings_flow_methods (id, method, selfservice_settings_flow_id, config, created_at, updated_at)\nVALUES ('d3501777-80cb-4fc6-b1ec-04c8d4d5b187', 'profile', '90b4f970-b9ae-42bc-a0a7-73ec750e0aa1', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"yDwSg0quCmc4kBl7lBqYwGh4W8awrc+TpeWiigZs3iemRCwqeDhGdrW3sIv8T7u742pN+Kryx/NrdRpEXcT9qA==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo\",\"errors\":[{\"message\":\"validation failed\"},{\"message\":\"foo is not valid email\"},{\"message\":\"foo is not valid email\"}]}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_recovery_flow_methods (id, method, selfservice_recovery_flow_id, config, created_at, updated_at)\nVALUES ('1d53af7f-8379-4ad0-9e00-16a2963bea83', 'link', '0d14427f-e16d-43a5-8695-8278bf85d4eb', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"yDwSg0quCmc4kBl7lBqYwGh4W8awrc+TpeWiigZs3iemRCwqeDhGdrW3sIv8T7u742pN+Kryx/NrdRpEXcT9qA==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo\",\"errors\":[{\"message\":\"validation failed\"},{\"message\":\"foo is not valid email\"},{\"message\":\"foo is not valid email\"}]}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200812124254_testdata.sql", "content": "INSERT INTO sessions (id, issued_at, expires_at, authenticated_at,created_at,updated_at, token, identity_id)\nVALUES ('8571e374-38f2-4f46-8ad3-b9d914e174d3','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19', '1001ba7ddd644cb68478e8947e4jfha', '5ff66179-c240-4703-b0d8-494592cefff5')\n" }, { "path": "persistence/sql/migratest/testdata/20200812160551_testdata.sql", "content": "INSERT INTO sessions (id, issued_at, expires_at, authenticated_at,created_at,updated_at, token, identity_id, active)\nVALUES ('f38cdebe-e567-42c9-a562-1bd4dee40998','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19', '1001ba7ddd644cb68478e8947e4jfhb', '5ff66179-c240-4703-b0d8-494592cefff5', true)\n" }, { "path": "persistence/sql/migratest/testdata/20200830121710_testdata.sql", "content": "INSERT INTO identity_recovery_tokens (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at)\nVALUES ('77ca3f5c-cd39-488b-9f1d-cc7166d14bdc', 'd4c66613-c4cd-47c7-8e26-a70ecc5f5b5f', false, null, 'b8293f1c-010f-45d9-b809-f3fc5365ba80', '13178936-095a-466b-abe0-36d977d3dc18', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200830130642_testdata.sql", "content": "-- nothing do to\n" }, { "path": "persistence/sql/migratest/testdata/20200830130643_testdata.sql", "content": "-- nothing do to\n" }, { "path": "persistence/sql/migratest/testdata/20200830130644_testdata.sql", "content": "-- nothing do to\n" }, { "path": "persistence/sql/migratest/testdata/20200830130645_testdata.sql", "content": "-- nothing do to\n" }, { "path": "persistence/sql/migratest/testdata/20200830130646_testdata.sql", "content": "INSERT INTO selfservice_verification_flows (id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, created_at, updated_at)\nVALUES ('5385c962-0295-4575-9b1b-d7eef13c0eda', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '[]', 'link', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', 'choose_method', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at)\nVALUES ('42021826-ad73-44f1-9365-6e2ba455c883', 'link', '5385c962-0295-4575-9b1b-d7eef13c0eda', '{\"action\":\"http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?flow=21c5f714-3089-49d2-b387-f244d4dd9e00\",\"method\":\"POST\",\"fields\":[{\"name\":\"csrf_token\",\"type\":\"hidden\",\"required\":true,\"value\":\"yDwSg0quCmc4kBl7lBqYwGh4W8awrc+TpeWiigZs3iemRCwqeDhGdrW3sIv8T7u742pN+Kryx/NrdRpEXcT9qA==\"},{\"name\":\"traits.email\",\"type\":\"text\",\"value\":\"foo\",\"errors\":[{\"message\":\"validation failed\"},{\"message\":\"foo is not valid email\"},{\"message\":\"foo is not valid email\"}]}]}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200830154602_testdata.sql", "content": "INSERT INTO identity_verification_tokens (id, token, used, used_at, identity_verifiable_address_id, selfservice_verification_flow_id, created_at, updated_at, expires_at, issued_at)\nVALUES ('ee56574d-2f0c-43f6-8d26-0062938ae330', '1001ba7ddd644cb68478e8947e4jfhc', false, null, '45e867e9-2745-4f16-8dd4-84334a252b61', '5385c962-0295-4575-9b1b-d7eef13c0eda', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO identity_verification_tokens (id, token, used, used_at, identity_verifiable_address_id, selfservice_verification_flow_id, created_at, updated_at, expires_at, issued_at)\nVALUES ('f81fd924-23bb-4cdf-8fa0-56253eff6cc9', '1001ba7ddd644cb68478e8947e4jfhd', false, null, '45e867e9-2745-4f16-8dd4-84334a252b61', NULL, '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200830172221_testdata.sql", "content": "INSERT INTO identity_recovery_tokens (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at)\nVALUES ('1b667e6d-8fda-4194-a765-08185185d7e4', '1001ba7ddd644cb68478e8947e4jfhe', false, null, 'b8293f1c-010f-45d9-b809-f3fc5365ba80', '13178936-095a-466b-abe0-36d977d3dc18', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20200831110752_testdata.sql", "content": "INSERT INTO identity_verifiable_addresses (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at) VALUES\n('b2d59320-8564-4400-a39f-a22a497a23f1', 'pending', 'email', false, 'foobar+without-code@ory.sh', null, 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20201201161451_testdata.sql", "content": "SELECT *\nFROM identity_credential_types\nWHERE name = 'password' OR name = 'oidc';\n" }, { "path": "persistence/sql/migratest/testdata/20210118113234_testdata.sql", "content": "" }, { "path": "persistence/sql/migratest/testdata/20210126114619_testdata.sql", "content": "" }, { "path": "persistence/sql/migratest/testdata/20210307130558_testdata.sql", "content": "INSERT INTO courier_messages (id, type, status, body, subject, recipient, created_at, updated_at) VALUES ('34948489-31dc-454a-ab3b-b2dcc75a787f', 1, 2, 'Hi, Verify your account by opening the following link: http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/verification/email/confirm/AtsREGbtXu0RlIcwv3RPpxHEZNEcq3R9', 'Please verify your email address', 'foo@ory.sh', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20210307130559_testdata.sql", "content": "INSERT INTO courier_messages (id, status, type, recipient, body, subject, template_type, template_data, created_at, updated_at) VALUES\n('b2d59320-8564-4400-a39f-a22a497a23f1', 1, 1, 'foo@bar.com', 'body', 'subject', 'recovery_invalid', 'binary_data', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20210311102338_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui)\nVALUES ('0bc96cc9-dda4-4700-9e42-35731f2af91e', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'api', '{}');\n\nINSERT INTO selfservice_registration_flows (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui)\nVALUES ('e2150cdc-23ac-4940-a240-6c79c27ab029', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n\nINSERT INTO selfservice_settings_flows (id, request_url, issued_at, expires_at, state, identity_id, created_at, updated_at, active_method, ui)\nVALUES ('aeba85bd-1a8c-44bf-8fc3-3be83c01a3dc', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'show_form', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '{}');\n\nINSERT INTO selfservice_verification_flows (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, ui)\nVALUES ('6aae3159-b880-4cfb-a863-03b114b1371b', 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n\nINSERT INTO selfservice_recovery_flows (id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, ui)\nVALUES ('4963f305-e874-4a68-8424-a00bec679e7b', 'http://kratos:4433/self-service/browser/flows/recovery', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'link', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', 'choose_method', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n" }, { "path": "persistence/sql/migratest/testdata/20210410175418_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui)\nVALUES ('d6aa1f23-88c9-4b9b-a850-392f48c7f9e8', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '', 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'api', '{}');\n\nINSERT INTO selfservice_registration_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui)\nVALUES ('f1b5ed18-113a-4a98-aae7-d4eba007199c', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n\nINSERT INTO selfservice_settings_flows (id, nid, request_url, issued_at, expires_at, state, identity_id, created_at, updated_at, active_method, ui)\nVALUES ('19ede218-928c-4e02-ab49-b76e12b34f31', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'show_form', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '{}');\n\nINSERT INTO selfservice_verification_flows (id, nid, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, ui)\nVALUES ('7be6c72c-c868-4b61-a1f0-1130603665d8', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n\nINSERT INTO selfservice_recovery_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, ui)\nVALUES ('68fb4010-84a9-4d1e-9f92-2705978ee89e', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'http://kratos:4433/self-service/browser/flows/recovery', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'link', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', 'choose_method', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n\nINSERT INTO courier_messages (id, nid, status, type, recipient, body, subject, template_type, template_data, created_at, updated_at) VALUES\n('b821adf0-a067-4b3c-9f90-cac496d02a92', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 1, 1, 'foo@bar.com', 'body', 'subject', 'recovery_invalid', 'binary_data', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO identity_verifiable_addresses (id, nid, status, via, verified, value, verified_at, identity_id, created_at, updated_at) VALUES\n('d4718a67-aec2-418d-8173-6ebc7bde3b86', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'pending', 'email', false, 'foobar+11345642c6c0@ory.sh', null, 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\nINSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at) VALUES ('196d8c1e-4f04-40f0-94b3-5ec43996b28a', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default', '{\"email\":\"foobar@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\nINSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at) VALUES ('ed253b2c-48ed-4c58-9b6f-1dc963c30a66', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default', '{\"email\":\"bazbar@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n\n" }, { "path": "persistence/sql/migratest/testdata/20210504121624_testdata.sql", "content": "INSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at, state) VALUES ('2ae6a5a7-2983-49e7-a4d8-7740b37c88cb','884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default', '{\"email\":\"d7b10@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'active');\nINSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at) VALUES ('359963ec-b09b-4ea0-aece-fb4dd95f304a','884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default', '{\"email\":\"d7b11@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19');\n" }, { "path": "persistence/sql/migratest/testdata/20210618103120_testdata.sql", "content": "INSERT INTO sessions (id, nid, issued_at, expires_at, authenticated_at,created_at,updated_at, token, identity_id, active, logout_token)\nVALUES ('dcde5aaa-f789-4d3d-ae1f-76da8d57e67c','884f556e-eb3a-4b9f-bee3-11345642c6c0','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19','2013-10-07 08:23:19', 'eVwBt7UWPweVwBt7UWPw', '5ff66179-c240-4703-b0d8-494592cefff5', true, '123eVwBt7UWPweVwBt7UWPw')\n" }, { "path": "persistence/sql/migratest/testdata/20210805112414_testdata.sql", "content": "INSERT INTO selfservice_settings_flows (id, nid, request_url, issued_at, expires_at, state, identity_id, created_at, updated_at, active_method, ui, internal_context)\nVALUES ('8248bb5d-8ef7-45e3-8e07-9e2003dd5352', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'http://kratos:4433/self-service/browser/flows/settings', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'show_form', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '{}', '{\"foo\":\"bar\"}');\n" }, { "path": "persistence/sql/migratest/testdata/20210805122535_testdata.sql", "content": "-- nothing to do here because the schema did not change\n" }, { "path": "persistence/sql/migratest/testdata/20210810153530_testdata.sql", "content": "INSERT INTO sessions (id, nid, issued_at, expires_at, authenticated_at, created_at, updated_at, token, identity_id,\n active, logout_token, aal, authentication_methods)\nVALUES ('7458af86-c1d8-401c-978a-8da89133f78b', '884f556e-eb3a-4b9f-bee3-11345642c6c0', '2013-10-07 08:23:19',\n '2080-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19',\n 'eVwBt7UAAAAVwBt7UWPw', '5ff66179-c240-4703-b0d8-494592cefff5', true, '123eVwBt7UAAAeVwBt7UWPw', 'aal2',\n '[{\"method\":\"password\"},{\"method\":\"totp\"}]');\n\nINSERT INTO selfservice_login_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at,\n updated_at, forced, type, ui, requested_aal)\nVALUES ('1fb23c75-b809-42cc-8984-6ca2d0a1192f', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '',\n 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'api', '{}', 'aal2');\n" }, { "path": "persistence/sql/migratest/testdata/20210813150152_testdata.sql", "content": "-- nothing to do here because the schema did not change\n" }, { "path": "persistence/sql/migratest/testdata/20210816113956_testdata.sql", "content": "-- nothing to do here because the schema did not change\n" }, { "path": "persistence/sql/migratest/testdata/20210816142650_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at,\n updated_at, forced, type, ui, requested_aal, internal_context)\nVALUES ('38caf592-b042-4551-b92f-8d5223c2a4e2', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/login', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '',\n 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'api', '{}', 'aal2', '{\"foo\":\"bar\"}');\n\nINSERT INTO selfservice_registration_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token,\n created_at, updated_at, type, ui, internal_context)\nVALUES ('8f32efdc-f6fc-4c27-a3c2-579d109eff60', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/registration', '2013-10-07 08:23:19', '2013-10-07 08:23:19',\n 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}', '{\"foo\":\"bar\"}');\n" }, { "path": "persistence/sql/migratest/testdata/20210817181232_testdata.sql", "content": "INSERT INTO identity_credential_identifiers (id, nid, identifier, identity_credential_id, created_at, updated_at, identity_credential_type_id)\nVALUES ('2672f198-4795-437c-8e14-56459b1d941a', '884f556e-eb3a-4b9f-bee3-11345642c6c0','foo1@ory.sh', '35b60ecf-30f9-42d6-bf5d-47ad41148691',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', '22bff9ae-f5aa-45d7-803b-97ec0b4e7b32');\n\nINSERT INTO identity_credential_identifiers (id, nid, identifier, identity_credential_id, created_at, updated_at, identity_credential_type_id)\nVALUES ('10985ed1-5b6e-4012-ac10-03d87df65618', '884f556e-eb3a-4b9f-bee3-11345642c6c0','foo2@ory.sh', '74ac2d31-bccb-442f-a792-7b8bb14817f8',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c');\n" }, { "path": "persistence/sql/migratest/testdata/20210829131458_testdata.sql", "content": "-- empty because it is just an SQL insert\n" }, { "path": "persistence/sql/migratest/testdata/20210913095309_testdata.sql", "content": "UPDATE identity_recovery_tokens SET identity_id = 'a251ebc2-880c-4f76-a8f3-38e6940eab0e' WHERE id = '5529d454-2946-404e-b681-d950f8657fd0';\nUPDATE identity_recovery_tokens SET identity_id = 'a251ebc2-880c-4f76-a8f3-38e6940eab0e' WHERE id = '77ca3f5c-cd39-488b-9f1d-cc7166d14bdc';\nUPDATE identity_recovery_tokens SET identity_id = 'a251ebc2-880c-4f76-a8f3-38e6940eab0e' WHERE id = '1b667e6d-8fda-4194-a765-08185185d7e4';\n\n" }, { "path": "persistence/sql/migratest/testdata/20220118104539_testdata.sql", "content": "" }, { "path": "persistence/sql/migratest/testdata/20220301102701_testdata.sql", "content": "INSERT INTO identity_credentials (id, nid, config, identity_credential_type_id, identity_id, created_at, updated_at,\n version)\nVALUES ('4cefc264-4291-4abc-8f26-cc0217874f14', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n '{\"totp_url\":\"otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example\"}',\n '8071b37b-0d54-4c6f-8234-72cffb4ce784', '5ff66179-c240-4703-b0d8-494592cefff5', '2013-10-07 08:23:19',\n '2013-10-07 08:23:19', 0);\n" }, { "path": "persistence/sql/migratest/testdata/20220420102701_testdata.sql", "content": "INSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at, metadata_public, metadata_admin) VALUES ('308929d3-41a2-43fe-a33c-75308539d841', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default', '{\"email\":\"bazbar@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '{\"foo\":\"bar\"}', '{\"baz\":\"bar\"}');\n" }, { "path": "persistence/sql/migratest/testdata/20220607000001_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, requested_aal, internal_context, oauth2_login_challenge)\nVALUES ('349c945a-60f8-436a-a301-7a42c92604f9', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/login?login_challenge=3caddfd599034bce83ffcae36f42dff7', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '',\n 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'browser', '{}', 'aal2', '{\"foo\":\"bar\"}', '3caddfd5-9903-4bce-83ff-cae36f42dff7');\n\nINSERT INTO selfservice_registration_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, internal_context, oauth2_login_challenge)\nVALUES ('ef18b06e-4700-4021-9949-ef783cd86be8', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/registration?login_challenge=', '2013-10-07 08:23:19', '2013-10-07 08:23:19',\n 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'browser', '{}', '{\"foo\":\"bar\"}', '3caddfd5-9903-4bce-83ff-cae36f42dff7');\n" }, { "path": "persistence/sql/migratest/testdata/20220902141902_testdata.sql", "content": "INSERT INTO identity_verification_tokens (id, token, used, used_at, identity_verifiable_address_id, selfservice_verification_flow_id, created_at, updated_at, expires_at, issued_at, nid)\nVALUES ('ee56574d-2f1c-43f6-8d26-0062938ae330', '1001ba7ddd644cb68478e8947e4jfhe', false, null, '45e867e9-2745-4f16-8dd4-84334a252b61', '5385c962-0295-4575-9b1b-d7eef13c0eda', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '884f556e-eb3a-4b9f-bee3-11345642c6c0');\n" }, { "path": "persistence/sql/migratest/testdata/20220907132836_testdata.sql", "content": "INSERT INTO sessions (id, nid, issued_at, expires_at, authenticated_at, created_at, updated_at, token, identity_id,\n active, logout_token, aal, authentication_methods)\nVALUES ('7458af86-c1d8-401c-978a-8da89133f98b', '884f556e-eb3a-4b9f-bee3-11345642c6c0', '2013-10-07 08:23:19',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19',\n 'eVwBt7UAAAAVwBt7XAMw', '5ff66179-c240-4703-b0d8-494592cefff5', true, '123eVwBt7UAAAeVwBt7XAMw', 'aal2',\n '[{\"method\":\"password\"},{\"method\":\"totp\"}]');\n\nINSERT INTO session_devices (id, nid, session_id, ip_address, user_agent, location, created_at, updated_at)\nVALUES ('884f556e-eb3a-4b9f-bee3-11763642c6c0', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n '7458af86-c1d8-401c-978a-8da89133f98b', '54.155.246.232',\n 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36',\n 'Munich, Germany', '2022-08-07 08:23:19', '2022-08-09 08:35:19');\n" }, { "path": "persistence/sql/migratest/testdata/20220929124401_testdata.sql", "content": "INSERT INTO identity_recovery_codes (id, code, used_at, identity_recovery_address_id, code_type, expires_at, issued_at, selfservice_recovery_flow_id, created_at, updated_at, nid, identity_id) VALUES (\n '8f75f5d9-9cb4-4848-9a73-9344f686f8a6',\n '7eb71370d8497734ec78dfe613bf0f08967e206d2b5c2fc1243be823cfcd57a7',\n null,\n 'b8293f1c-010f-45d9-b809-f3fc5365ba80',\n 1,\n '2022-08-18 08:28:18',\n '2022-08-18 07:28:18',\n '68fb4010-84a9-4d1e-9f92-2705978ee89e',\n '2022-08-18 07:28:18',\n '2022-08-18 07:28:18',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n '308929d3-41a2-43fe-a33c-75308539d841'\n)" }, { "path": "persistence/sql/migratest/testdata/20221103120601_testdata.sql", "content": "INSERT INTO\n selfservice_verification_flows (\n id,\n nid,\n request_url,\n issued_at,\n expires_at,\n csrf_token,\n created_at,\n updated_at,\n type,\n ui,\n submit_count\n )\nVALUES\n (\n '81f74e5d-1fa5-4e1b-a9bf-e9511926047c',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/verification/email',\n '2022-11-03 08:23:19',\n '2022-11-03 08:23:19',\n '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==',\n '2022-11-03 08:23:19',\n '2022-11-03 08:23:19',\n 'api',\n '{}',\n 0\n );\n\nINSERT INTO\n identity_verification_codes (\n id,\n code_hmac,\n used_at,\n identity_verifiable_address_id,\n expires_at,\n issued_at,\n selfservice_verification_flow_id,\n created_at,\n updated_at,\n nid\n )\nVALUES\n (\n '5ab4e72b-332a-48ab-b1e9-3b1ef1ba5b60',\n '7eb71370d8497734ec78dfe613bf0f08967e206d2b5c2fc1243be823cfcd57a7',\n null,\n '45e867e9-2745-4f16-8dd4-84334a252b61',\n '2022-11-03 08:28:18',\n '2022-11-03 08:28:18',\n '81f74e5d-1fa5-4e1b-a9bf-e9511926047c',\n '2022-11-03 08:28:18',\n '2022-11-03 08:28:18',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0'\n );" }, { "path": "persistence/sql/migratest/testdata/20221205095201_testdata.sql", "content": "INSERT INTO\n courier_messages (\n id,\n type,\n status,\n body,\n subject,\n recipient,\n created_at,\n updated_at,\n template_type,\n nid,\n send_count\n )\nVALUES\n (\n 'd9d4401c-08a1-434c-8ab5-4a7edefde351',\n 1,\n 2,\n 'Hi, Verify your account by opening the following link: http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/verification/email/confirm/u9ZcBr5HbRTR8f53Qj2Ng3KR8Mv1Zjdb',\n 'Please verify your email address',\n 'foobar@ory.sh',\n '2013-10-07 08:23:19',\n '2013-10-07 08:23:19',\n 'verification_valid',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 4\n );\n\nINSERT INTO\n courier_message_dispatches\nVALUES\n (\n 'ea0c9a03-44ce-43a8-8c5d-52f468991cb9',\n 'd9d4401c-08a1-434c-8ab5-4a7edefde351',\n 'success',\n '{}',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n '2013-10-07 08:23:19',\n '2013-10-07 08:23:19'\n )\n" }, { "path": "persistence/sql/migratest/testdata/20230313141439_testdata.sql", "content": "INSERT INTO sessions (id, nid, issued_at, expires_at, authenticated_at, created_at, updated_at, token, identity_id,\n active, logout_token, aal, authentication_methods)\nVALUES ('068f6bb6-d15f-436d-94f7-b3fd0489c9ef', '884f556e-eb3a-4b9f-bee3-11345642c6c0', '2013-10-07 08:23:19',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19',\n 'ory_lo_5e5aad0f7a4143452df3d23733a68e3', '5ff66179-c240-4703-b0d8-494592cefff5', true, 'ory_st_5e5aad0f7a4143452df3d23733a68e2', 'aal2',\n '[{\"method\":\"password\"},{\"method\":\"totp\"}]');\n" }, { "path": "persistence/sql/migratest/testdata/20230614205200_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at,\n updated_at, forced, type, ui, internal_context, oauth2_login_challenge_data)\nVALUES ('cccccccc-dda4-4700-9e42-35731f2af91e',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/login',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', '',\n 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'api', '{}', '{\"foo\":\"bar\"}', 'challenge data');\n" }, { "path": "persistence/sql/migratest/testdata/20230705000000_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at,\n updated_at, forced, type, ui, internal_context, oauth2_login_challenge_data)\nVALUES ('cccccccc-dda4-4700-9e42-35731f2af911',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', '',\n 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'api', '{}', '{\"foo\":\"bar\"}', 'challenge data');\n\nINSERT INTO selfservice_verification_flows (id,\n nid,\n request_url,\n issued_at,\n expires_at,\n csrf_token,\n created_at,\n updated_at,\n type,\n ui,\n submit_count)\nVALUES ('81f74e5d-1fa5-4e1b-a9bf-e95119260471',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email/self-service/browser/flows/verification/email',\n '2022-11-03 08:23:19',\n '2022-11-03 08:23:19',\n '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==',\n '2022-11-03 08:23:19',\n '2022-11-03 08:23:19',\n 'api',\n '{}',\n 0);\n\n\nINSERT INTO selfservice_registration_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token,\n created_at, updated_at, type, ui, internal_context, oauth2_login_challenge)\nVALUES ('ef18b06e-4700-4021-9949-ef783cd86be1', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge=',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19',\n 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'browser', '{}', '{\"foo\":\"bar\"}',\n '3caddfd5-9903-4bce-83ff-cae36f42dff7');\n\nINSERT INTO selfservice_settings_flows (id, nid, request_url, issued_at, expires_at, state, identity_id, created_at,\n updated_at, active_method, ui,internal_context)\nVALUES ('19ede218-928c-4e02-ab49-b76e12b34f32', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings/self-service/browser/flows/settings',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'show_form', 'a251ebc2-880c-4f76-a8f3-38e6940eab0e',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'profile', '{}', '{}');\n\nINSERT INTO selfservice_verification_flows (id, nid, request_url, issued_at, expires_at, csrf_token, created_at,\n updated_at, type, ui)\nVALUES ('7be6c72c-c868-4b61-a1f0-1130603665d1', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/verification/email', '2013-10-07 08:23:19',\n '2013-10-07 08:23:19',\n '8xoIMa1+UkDqTt+tIHmIEHztQkk0AWk2PJhWWYDmB6dSE+RtJinnxtwH5lNNCnYyQuCF2ugy7rWjCgiwYPJNOw==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n\nINSERT INTO selfservice_recovery_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token, state,\n recovered_identity_id, created_at, updated_at, type, ui)\nVALUES ('68fb4010-84a9-4d1e-9f92-2705978ee891', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery/self-service/browser/flows/recovery',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'link',\n 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==', 'choose_method',\n 'a251ebc2-880c-4f76-a8f3-38e6940eab0e', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'api', '{}');\n" }, { "path": "persistence/sql/migratest/testdata/20230706000000_testdata.sql", "content": "INSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at, metadata_public, metadata_admin,\n available_aal)\nVALUES ('0149ce5f-76a8-4efe-b2e3-431b8c6cceb6', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default',\n '{\"email\":\"bazbar@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '{\"foo\":\"bar\"}', '{\"baz\":\"bar\"}',\n 'aal1');\n\nINSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at, metadata_public, metadata_admin,\n available_aal)\nVALUES ('0149ce5f-76a8-4efe-b2e3-431b8c6cceb7', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default',\n '{\"email\":\"bazbarbar@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '{\"foo\":\"bar\"}', '{\"baz\":\"bar\"}',\n NULL);\n" }, { "path": "persistence/sql/migratest/testdata/20230707133700_testdata.sql", "content": "INSERT INTO selfservice_login_flows (id,nid, request_url, issued_at, expires_at, active_method, csrf_token, created_at,\n updated_at, forced, type, ui, internal_context, oauth2_login_challenge_data, state)\nVALUES ('00b1517f-2467-4aaf-b0a5-82b4a27dcaf5',\n '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login/self-service/browser/flows/login',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', '',\n 'fpeVSZ9ZH7YvUkhXsOVEIssxbfauh5lcoQSYxTcN0XkMneg1L42h+HtvisjlNjBF4ElcD2jApCHoJYq2u9sVWg==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', false, 'api', '{}', '{\"foo\":\"bar\"}', 'challenge data', 'choose_method');\n\nINSERT INTO identities (id, nid, schema_id, traits, created_at, updated_at, metadata_public, metadata_admin,\n available_aal)\nVALUES ('28ff0031-190b-4253-bd15-14308dec013e', '884f556e-eb3a-4b9f-bee3-11345642c6c0', 'default',\n '{\"email\":\"bazbarbarfoo@ory.sh\"}', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '{\"foo\":\"bar\"}', '{\"baz\":\"bar\"}',\n NULL);\n\nINSERT INTO identity_login_codes (id, code, address, address_type, used_at, expires_at, issued_at, selfservice_login_flow_id, identity_id,\n created_at, updated_at, nid)\nVALUES ('bd292366-af32-4ba6-bdf0-11d6d1a217f3',\n'7eb71370d8497734ec78dfe613bf0f08967e206d2b5c2fc1243be823cfcd57a7',\n'bazbarbarfoo@ory.com',\n'email',\nnull,\n'2022-08-18 08:28:18',\n'2022-08-18 07:28:18',\n'00b1517f-2467-4aaf-b0a5-82b4a27dcaf5',\n'28ff0031-190b-4253-bd15-14308dec013e',\n'2022-08-18 07:28:18',\n'2022-08-18 07:28:18',\n'884f556e-eb3a-4b9f-bee3-11345642c6c0'\n)\n" }, { "path": "persistence/sql/migratest/testdata/20230707133701_testdata.sql", "content": "INSERT INTO selfservice_registration_flows (id, nid, request_url, issued_at, expires_at, active_method, csrf_token,\n created_at, updated_at, type, ui, internal_context, oauth2_login_challenge, state)\nVALUES ('69c80296-36cd-4afc-921a-15369cac5bf0', '884f556e-eb3a-4b9f-bee3-11345642c6c0',\n 'http://kratos:4433/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge/self-service/browser/flows/registration?login_challenge=',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19',\n 'password', 'vYYuhWXBfXKzBC+BlnbDmXfBKsUWY6SU/v04gHF9GYzPjFP51RXDPOc57R7Dpbf+XLkbPNAkmem33Crz/avdrw==',\n '2013-10-07 08:23:19', '2013-10-07 08:23:19', 'browser', '{}', '{\"foo\":\"bar\"}',\n '3caddfd5-9903-4bce-83ff-cae36f42dff7', 'choose_method');\n\nINSERT INTO identity_registration_codes (id, address, address_type, code, used_at, expires_at, issued_at, selfservice_registration_flow_id,\n created_at, updated_at, nid)\nVALUES ('f1f66a69-ce02-4a12-9591-9e02dda30a0d',\n'example@example.com',\n'email',\n'7eb71370d8497734ec78dfe613bf0f08967e206d2b5c2fc1243be823cfcd57a7',\nnull,\n'2022-08-18 08:28:18',\n'2022-08-18 07:28:18',\n'69c80296-36cd-4afc-921a-15369cac5bf0',\n'2022-08-18 07:28:18',\n'2022-08-18 07:28:18',\n'884f556e-eb3a-4b9f-bee3-11345642c6c0'\n)\n" }, { "path": "persistence/sql/migrations/go/20251105000000000000_identity_id_not_null_fks.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage gomigrations\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/popx\"\n)\n\nvar backfillIdentityID = []popx.Migration{\n\t{\n\t\tVersion: \"20251105000000000001\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in identity_credential_identifiers\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"cockroach\",\n\t\tAutocommit: true,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\t_, err := c.Store.Exec(\"CREATE INDEX IF NOT EXISTS ici_identity_id_backfill_storing ON identity_credential_identifiers (identity_id ASC) STORING (identity_credential_id) NOT VISIBLE\")\n\t\t\tif err != nil {\n\t\t\t\treturn errors.WithStack(err)\n\t\t\t}\n\t\t\tfor {\n\t\t\t\tres, err := c.Store.Exec(`\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\tidentity_credential_identifiers@ici_identity_id_backfill_storing ici\n\t\t\t\t\tSET\n\t\t\t\t\t\tidentity_id = ic.identity_id\n\t\t\t\t\tFROM\n\t\t\t\t\t\tidentity_credentials ic\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tici.identity_credential_id = ic.id\n\t\t\t\t\t\t-- AND ici.nid = ic.nid -- not needed because JOIN predicate is on primary key\n\t\t\t\t\t\tAND ici.identity_id IS NULL\n\t\t\t\t\tLIMIT 10000`)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tn, err := res.RowsAffected()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tif n == 0 {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tfmt.Printf(\"Backfilled column identity_id for %d rows in identity_credential_identifiers table\\n\", n)\n\t\t\t}\n\t\t\t_, err = c.Store.Exec(\"DROP INDEX identity_credential_identifiers@ici_identity_id_backfill_storing\")\n\t\t\treturn errors.WithStack(err)\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000001\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in identity_credential_identifiers\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"postgres\",\n\t\tAutocommit: true,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\tfor {\n\t\t\t\tres, err := c.Store.Exec(`\n\t\t\t\t\tWITH to_update AS (\n\t\t\t\t\t\tSELECT ici.id, ic.identity_id\n\t\t\t\t\t\tFROM identity_credential_identifiers ici\n\t\t\t\t\t\tJOIN identity_credentials ic ON ici.identity_credential_id = ic.id AND ici.nid = ic.nid\n\t\t\t\t\t\tWHERE ici.identity_id IS NULL\n\t\t\t\t\t\tLIMIT 10000\n\t\t\t\t\t)\n\t\t\t\t\tUPDATE identity_credential_identifiers ici\n\t\t\t\t\tSET identity_id = to_update.identity_id\n\t\t\t\t\tFROM to_update\n\t\t\t\t\tWHERE ici.id = to_update.id`)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tn, err := res.RowsAffected()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tif n == 0 {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tfmt.Printf(\"Backfilled column identity_id for %d rows in identity_credential_identifiers table\\n\", n)\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000001\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in identity_credential_identifiers\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"mysql\",\n\t\tAutocommit: true,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\tfor {\n\t\t\t\tres, err := c.Store.Exec(`\n\t\t\t\t\tUPDATE identity_credential_identifiers ici\n\t\t\t\t\tJOIN (\n\t\t\t\t\t\tSELECT ici2.id\n\t\t\t\t\t\tFROM identity_credential_identifiers ici2\n\t\t\t\t\t\tJOIN identity_credentials ic ON ici2.identity_credential_id = ic.id AND ici2.nid = ic.nid\n\t\t\t\t\t\tWHERE ici2.identity_id IS NULL\n\t\t\t\t\t\tLIMIT 10000\n\t\t\t\t\t) t ON ici.id = t.id\n\t\t\t\t\tJOIN identity_credentials ic ON ici.identity_credential_id = ic.id\n\t\t\t\t\tSET ici.identity_id = ic.identity_id`)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tn, err := res.RowsAffected()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tif n == 0 {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tfmt.Printf(\"Backfilled column identity_id for %d rows in identity_credential_identifiers table\\n\", n)\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000001\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in identity_credential_identifiers (noop)\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"sqlite3\",\n\t\tAutocommit: false,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\treturn nil // nothing, see 20251104000000000000_identifiers_devices_identity_id.sqlite.up.sql\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000001\",\n\t\tPath: path(),\n\t\tName: \"Revert backfill column identity_id in identity_credential_identifiers (noop)\",\n\t\tDirection: \"down\",\n\t\tType: \"go\",\n\t\tDBType: \"all\",\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\treturn nil\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000002\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in session_devices\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"cockroach\",\n\t\tAutocommit: true,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\tfor {\n\t\t\t\tres, err := c.Store.Exec(`\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\tsession_devices sd\n\t\t\t\t\tSET\n\t\t\t\t\t\tidentity_id = s.identity_id\n\t\t\t\t\tFROM\n\t\t\t\t\t\tsessions s\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tsd.session_id = s.id\n\t\t\t\t\t\tAND sd.nid = s.nid\n\t\t\t\t\t\tAND sd.identity_id IS NULL\n\t\t\t\t\tLIMIT 10000`)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tn, err := res.RowsAffected()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tif n == 0 {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tfmt.Printf(\"Backfilled column identity_id for %d rows in session_devices table\\n\", n)\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000002\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in session_devices\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"postgres\",\n\t\tAutocommit: true,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\tfor {\n\t\t\t\tres, err := c.Store.Exec(`\n\t\t\t\t\tWITH to_update AS (\n\t\t\t\t\t\tSELECT sd.id, s.identity_id\n\t\t\t\t\t\tFROM session_devices sd\n\t\t\t\t\t\tJOIN sessions s ON sd.session_id = s.id AND sd.nid = s.nid\n\t\t\t\t\t\tWHERE sd.identity_id IS NULL\n\t\t\t\t\t\tLIMIT 10000\n\t\t\t\t\t)\n\t\t\t\t\tUPDATE session_devices sd\n\t\t\t\t\tSET identity_id = to_update.identity_id\n\t\t\t\t\tFROM to_update\n\t\t\t\t\tWHERE sd.id = to_update.id`)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tn, err := res.RowsAffected()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tif n == 0 {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tfmt.Printf(\"Backfilled column identity_id for %d rows in session_devices table\\n\", n)\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000002\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in session_devices\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"mysql\",\n\t\tAutocommit: true,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\tfor {\n\t\t\t\tres, err := c.Store.Exec(`\n\t\t\t\t\tUPDATE session_devices sd\n\t\t\t\t\tJOIN (\n\t\t\t\t\t\tSELECT sd2.id\n\t\t\t\t\t\tFROM session_devices sd2\n\t\t\t\t\t\tJOIN sessions s2 ON sd2.session_id = s2.id AND sd2.nid = s2.nid\n\t\t\t\t\t\tWHERE sd2.identity_id IS NULL\n\t\t\t\t\t\tLIMIT 10000\n\t\t\t\t\t) t ON sd.id = t.id\n\t\t\t\t\tJOIN sessions s ON sd.session_id = s.id\n\t\t\t\t\tSET sd.identity_id = s.identity_id`)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tn, err := res.RowsAffected()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn errors.WithStack(err)\n\t\t\t\t}\n\t\t\t\tif n == 0 {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tfmt.Printf(\"Backfilled column identity_id for %d rows in session_devices table\\n\", n)\n\t\t\t}\n\t\t\treturn nil\n\t\t},\n\t},\n\t{\n\t\tVersion: \"20251105000000000002\",\n\t\tPath: path(),\n\t\tName: \"Backfill column identity_id in session_devices (noop)\",\n\t\tDirection: \"up\",\n\t\tType: \"go\",\n\t\tDBType: \"sqlite3\",\n\t\tAutocommit: false,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\treturn nil // nothing, see 20251104000000000000_identifiers_devices_identity_id.sqlite.up.sql\n\t\t},\n\t},\n\n\t{\n\t\tVersion: \"20251105000000000002\",\n\t\tPath: path(),\n\t\tName: \"Revert backfill column identity_id in session_devices (noop)\",\n\t\tDirection: \"down\",\n\t\tType: \"go\",\n\t\tDBType: \"all\",\n\t\tAutocommit: false,\n\t\tRunner: func(m popx.Migration, c *pop.Connection) error {\n\t\t\treturn nil\n\t\t},\n\t},\n}\n" }, { "path": "persistence/sql/migrations/go/gomigrations.go", "content": "// Copyright © 2025 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage gomigrations\n\nimport (\n\t\"embed\"\n\t\"fmt\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"slices\"\n)\n\nvar (\n\tAll = slices.Concat(\n\t\tbackfillIdentityID,\n\t)\n\n\t//go:embed *.go\n\tSrc embed.FS\n)\n\nfunc path() string {\n\t_, file, line, _ := runtime.Caller(1)\n\treturn fmt.Sprintf(\"%s:%d\", filepath.Base(file), line)\n}\n" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_credentials\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_credential_types\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identities\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.cockroach.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" json NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credentials_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_credentials_identity_credential_types_id_fk\" FOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credential_identifiers_identity_credentials_id_fk\" FOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.mysql.down.sql", "content": "DROP TABLE `identity_credential_identifiers`;\nDROP TABLE `identity_credentials`;\nDROP TABLE `identity_credential_types`;\nDROP TABLE `identities`;" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.mysql.up.sql", "content": "CREATE TABLE `identities` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`traits_schema_id` VARCHAR (2048) NOT NULL,\n`traits` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nCREATE TABLE `identity_credential_types` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`name` VARCHAR (32) NOT NULL\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_credential_types_name_idx` ON `identity_credential_types` (`name`);\nCREATE TABLE `identity_credentials` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`config` JSON NOT NULL,\n`identity_credential_type_id` char(36) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade,\nFOREIGN KEY (`identity_credential_type_id`) REFERENCES `identity_credential_types` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `identity_credential_identifiers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identifier` VARCHAR (255) NOT NULL,\n`identity_credential_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_credential_id`) REFERENCES `identity_credentials` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_credential_identifiers_identifier_idx` ON `identity_credential_identifiers` (`identifier`);" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";\nDROP TABLE \"identity_credentials\";\nDROP TABLE \"identity_credential_types\";\nDROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.postgres.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nCREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n);\nCREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);\nCREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" jsonb NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";\nDROP TABLE \"identity_credentials\";\nDROP TABLE \"identity_credential_types\";\nDROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/legacy/20191100000001_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" TEXT PRIMARY KEY,\n\"traits_schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nCREATE TABLE \"identity_credential_types\" (\n\"id\" TEXT PRIMARY KEY,\n\"name\" TEXT NOT NULL\n);\nCREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);\nCREATE TABLE \"identity_credentials\" (\n\"id\" TEXT PRIMARY KEY,\n\"config\" TEXT NOT NULL,\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade,\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON DELETE cascade\n);\nCREATE TABLE \"identity_credential_identifiers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_login_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_registration_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_registration_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_profile_management_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_login_request_methods_selfservice_login_requests_id_fk\" FOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_registration_request_methods_selfservice_registration_requests_id_fk\" FOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_profile_management_requests_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_login_request_methods`;\nDROP TABLE `selfservice_login_requests`;\nDROP TABLE `selfservice_registration_request_methods`;\nDROP TABLE `selfservice_registration_requests`;\nDROP TABLE `selfservice_profile_management_requests`;" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_login_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_login_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_login_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_login_request_id`) REFERENCES `selfservice_login_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_registration_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_registration_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_registration_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_registration_request_id`) REFERENCES `selfservice_registration_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_profile_management_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`update_successful` bool NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";\nDROP TABLE \"selfservice_login_requests\";\nDROP TABLE \"selfservice_registration_request_methods\";\nDROP TABLE \"selfservice_registration_requests\";\nDROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nCREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nCREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";\nDROP TABLE \"selfservice_login_requests\";\nDROP TABLE \"selfservice_registration_request_methods\";\nDROP TABLE \"selfservice_registration_requests\";\nDROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/legacy/20191100000002_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nCREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_login_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_login_request_id) REFERENCES selfservice_login_requests (id) ON DELETE cascade\n);\nCREATE TABLE \"selfservice_registration_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nCREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_registration_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_registration_request_id) REFERENCES selfservice_registration_requests (id) ON DELETE cascade\n);\nCREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.cockroach.down.sql", "content": "DROP TABLE \"sessions\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.cockroach.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"sessions_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.mysql.down.sql", "content": "DROP TABLE `sessions`;" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.mysql.up.sql", "content": "CREATE TABLE `sessions` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`authenticated_at` DATETIME NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.postgres.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.postgres.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.sqlite3.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/legacy/20191100000003_sessions.sqlite3.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.cockroach.down.sql", "content": "DROP TABLE \"selfservice_errors\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" json NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.mysql.down.sql", "content": "DROP TABLE `selfservice_errors`;" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.mysql.up.sql", "content": "CREATE TABLE `selfservice_errors` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`errors` JSON NOT NULL,\n`seen_at` DATETIME NOT NULL,\n`was_seen` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.postgres.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.postgres.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" jsonb NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/legacy/20191100000004_errors.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000005_identities.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255);\n" }, { "path": "persistence/sql/migrations/legacy/20191100000005_identities.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255) BINARY;\n" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.cockroach.down.sql", "content": "DROP TABLE \"courier_messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.cockroach.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.mysql.down.sql", "content": "DROP TABLE `courier_messages`;" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.mysql.up.sql", "content": "CREATE TABLE `courier_messages` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`type` INTEGER NOT NULL,\n`status` INTEGER NOT NULL,\n`body` VARCHAR (255) NOT NULL,\n`subject` VARCHAR (255) NOT NULL,\n`recipient` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.postgres.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.postgres.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.sqlite3.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/legacy/20191100000006_courier.sqlite3.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` DROP COLUMN `csrf_token`;" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` ADD COLUMN `csrf_token` VARCHAR (255) NOT NULL DEFAULT \"\";" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at) SELECT id, errors, seen_at, was_seen, created_at, updated_at FROM \"selfservice_errors\";\n\nDROP TABLE \"selfservice_errors\";\nALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/legacy/20191100000007_errors.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" TEXT NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.cockroach.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_verifiable_addresses\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.cockroach.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verifiable_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.mysql.down.sql", "content": "DROP TABLE `selfservice_verification_requests`;\nDROP TABLE `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.mysql.up.sql", "content": "CREATE TABLE `identity_verifiable_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`code` VARCHAR (32) NOT NULL,\n`status` VARCHAR (16) NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`verified` bool NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`verified_at` DATETIME,\n`expires_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`);\nCREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`);\nCREATE UNIQUE INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses` (`via`, `value`);\nCREATE INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses` (`via`, `value`);\nCREATE TABLE `selfservice_verification_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`success` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.postgres.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";\nDROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.postgres.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";\nDROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/legacy/20191100000008_selfservice_verification.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"code\" TEXT NOT NULL,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);\nCREATE TABLE \"selfservice_verification_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/legacy/20191100000009_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255);\n" }, { "path": "persistence/sql/migrations/legacy/20191100000009_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;\n" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.cockroach.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.mysql.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.postgres.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.sqlite3.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;\nCREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n);\nINSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\";\nDROP TABLE \"selfservice_errors\";\nALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/legacy/20191100000010_errors.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n);\nINSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\";\nDROP TABLE \"selfservice_errors\";\nALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/legacy/20191100000011_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" RENAME COLUMN \"body\" TO \"_body_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"courier_messages\" ADD COLUMN \"body\" text;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"courier_messages\" SET \"body\" = \"_body_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" SET NOT NULL;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"courier_messages\" DROP COLUMN \"_body_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000011_courier_body_type.down.sql", "content": "" }, { "path": "persistence/sql/migrations/legacy/20191100000011_courier_body_type.mysql.up.sql", "content": "ALTER TABLE `courier_messages` MODIFY `body` text NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20191100000011_courier_body_type.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" TYPE text, ALTER COLUMN \"body\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20191100000011_courier_body_type.sqlite3.up.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at) SELECT id, type, status, body, subject, recipient, created_at, updated_at FROM \"courier_messages\";\nDROP TABLE \"courier_messages\";\nALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `forced`;" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `forced` bool NOT NULL DEFAULT false;" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_login_requests\";\n\nDROP TABLE \"selfservice_login_requests\";\nALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/legacy/20191100000012_login_request_forced.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}';COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_profile_management_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `form` JSON;\nUPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);\nALTER TABLE `selfservice_profile_management_requests` MODIFY `form` JSON;\nDROP TABLE `selfservice_profile_management_request_methods`;\nALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `active_method`;" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.mysql.up.sql", "content": "CREATE TABLE `selfservice_profile_management_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_profile_management_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `active_method` VARCHAR (32);\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `form`;" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" jsonb;\nUPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);\nALTER TABLE \"selfservice_profile_management_requests\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL;\nDROP TABLE \"selfservice_profile_management_request_methods\";\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.postgres.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32);\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\";\nCREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful FROM \"selfservice_profile_management_requests\";\n\nDROP TABLE \"selfservice_profile_management_requests\";\nALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200317160354_create_profile_request_forms.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_profile_management_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" TEXT;\nINSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;\nCREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) SELECT id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method FROM \"selfservice_profile_management_requests\";\n\nDROP TABLE \"selfservice_profile_management_requests\";\nALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.cockroach.down.sql", "content": "DROP TABLE \"continuity_containers\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.cockroach.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" json,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"continuity_containers_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.mysql.down.sql", "content": "DROP TABLE `continuity_containers`;" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.mysql.up.sql", "content": "CREATE TABLE `continuity_containers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identity_id` char(36),\n`name` VARCHAR (255) NOT NULL,\n`payload` JSON,\n`expires_at` DATETIME NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.postgres.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.postgres.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" jsonb,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.sqlite3.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "persistence/sql/migrations/legacy/20200401183443_continuity_containers.sqlite3.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identity_id\" char(36),\n\"name\" TEXT NOT NULL,\n\"payload\" TEXT,\n\"expires_at\" DATETIME NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` CHANGE `selfservice_settings_request_id` `selfservice_profile_management_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_profile_management_request_methods`;\nALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_profile_management_requests`;" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_request_methods` CHANGE `selfservice_profile_management_request_id` `selfservice_settings_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_profile_management_request_methods` RENAME TO `selfservice_settings_request_methods`;\nALTER TABLE `selfservice_profile_management_requests` RENAME TO `selfservice_settings_requests`;" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200402142539_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_recovery_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_recovery_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"identity_recovery_addresses\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" json,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_requests_identities_id_fk\" FOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" json NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_request_methods_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\" FOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `identity_recovery_tokens`;\nDROP TABLE `selfservice_recovery_request_methods`;\nDROP TABLE `selfservice_recovery_requests`;\nDROP TABLE `identity_recovery_addresses`;" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `identity_recovery_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`via` VARCHAR (16) NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses` (`via`, `value`);\nCREATE INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses` (`via`, `value`);\nCREATE TABLE `selfservice_recovery_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`messages` JSON,\n`active_method` VARCHAR (32),\n`csrf_token` VARCHAR (255) NOT NULL,\n`state` VARCHAR (32) NOT NULL,\n`recovered_identity_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`recovered_identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `selfservice_recovery_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`config` JSON NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE TABLE `identity_recovery_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`identity_recovery_address_id` char(36) NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_recovery_address_id`) REFERENCES `identity_recovery_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_recovery_addresses_code_uq_idx` ON `identity_recovery_tokens` (`token`);\nCREATE INDEX `identity_recovery_addresses_code_idx` ON `identity_recovery_tokens` (`token`);" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";\nDROP TABLE \"selfservice_recovery_request_methods\";\nDROP TABLE \"selfservice_recovery_requests\";\nDROP TABLE \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" jsonb,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" jsonb NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);\nCREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";\nDROP TABLE \"selfservice_recovery_request_methods\";\nDROP TABLE \"selfservice_recovery_requests\";\nDROP TABLE \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/legacy/20200519101057_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"via\" TEXT NOT NULL,\n\"value\" TEXT NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);\nCREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON DELETE cascade\n);\nCREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"config\" TEXT NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n);\nCREATE TABLE \"identity_recovery_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/legacy/20200519101058_create_recovery_addresses.mysql.down.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64);\n" }, { "path": "persistence/sql/migrations/legacy/20200519101058_create_recovery_addresses.mysql.up.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64) BINARY;\n" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200601101000_create_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/legacy/20200601101001_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;\n" }, { "path": "persistence/sql/migrations/legacy/20200601101001_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(32) BINARY;\n" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" json;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_requests` DROP COLUMN `messages`;\nALTER TABLE `selfservice_login_requests` DROP COLUMN `messages`;\nALTER TABLE `selfservice_registration_requests` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` ADD COLUMN `messages` JSON;\nALTER TABLE `selfservice_login_requests` ADD COLUMN `messages` JSON;\nALTER TABLE `selfservice_registration_requests` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\";\nALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\";\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" jsonb;\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" jsonb;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n);\nINSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, via, success FROM \"selfservice_verification_requests\";\n\nDROP TABLE \"selfservice_verification_requests\";\nALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\";\nCREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false'\n);\nINSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced FROM \"selfservice_login_requests\";\n\nDROP TABLE \"selfservice_login_requests\";\nALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";\nCREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nINSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_registration_requests\";\n\nDROP TABLE \"selfservice_registration_requests\";\nALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200605111551_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" TEXT;\nALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" TEXT;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `state`;\nALTER TABLE `selfservice_settings_requests` ADD COLUMN `update_successful` bool NOT NULL DEFAULT false;" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form';\nALTER TABLE `selfservice_settings_requests` DROP COLUMN `update_successful`;" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\";\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/legacy/20200607165100_settings.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';\nCREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.cockroach.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.cockroach.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.mysql.down.sql", "content": "ALTER TABLE `identities` CHANGE `schema_id` `traits_schema_id` varchar(2048) NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.mysql.up.sql", "content": "ALTER TABLE `identities` CHANGE `traits_schema_id` `schema_id` varchar(2048) NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.postgres.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.postgres.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.sqlite3.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "persistence/sql/migrations/legacy/20200705105359_rename_identities_schema.sqlite3.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_registration_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_settings_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_recovery_requests` DROP COLUMN `type`;\nALTER TABLE `selfservice_verification_requests` DROP COLUMN `type`;" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_registration_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_settings_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_recovery_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE `selfservice_verification_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\";\nALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"messages\" TEXT\n);\nINSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages FROM \"selfservice_login_requests\";\n\nDROP TABLE \"selfservice_login_requests\";\nALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";\nCREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT\n);\nINSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages FROM \"selfservice_registration_requests\";\n\nDROP TABLE \"selfservice_registration_requests\";\nALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\";\nCREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\";\n\nDROP TABLE \"selfservice_settings_requests\";\nALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";\nCREATE TABLE \"_selfservice_recovery_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_selfservice_recovery_requests_tmp\" (id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, messages, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at FROM \"selfservice_recovery_requests\";\n\nDROP TABLE \"selfservice_recovery_requests\";\nALTER TABLE \"_selfservice_recovery_requests_tmp\" RENAME TO \"selfservice_recovery_requests\";\nCREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n);\nINSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, via, success FROM \"selfservice_verification_requests\";\n\nDROP TABLE \"selfservice_verification_requests\";\nALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200810141652_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';\nALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` RENAME TO `selfservice_login_requests`;\nALTER TABLE `selfservice_login_flow_methods` RENAME TO `selfservice_login_request_methods`;\nALTER TABLE `selfservice_registration_flow_methods` RENAME TO `selfservice_registration_request_methods`;\nALTER TABLE `selfservice_registration_flows` RENAME TO `selfservice_registration_requests`;\nALTER TABLE `selfservice_settings_flow_methods` RENAME TO `selfservice_settings_request_methods`;\nALTER TABLE `selfservice_settings_flows` RENAME TO `selfservice_settings_requests`;\nALTER TABLE `selfservice_recovery_flow_methods` RENAME TO `selfservice_recovery_request_methods`;\nALTER TABLE `selfservice_recovery_flows` RENAME TO `selfservice_recovery_requests`;\nALTER TABLE `selfservice_verification_flows` RENAME TO `selfservice_verification_requests`;" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_request_methods` RENAME TO `selfservice_login_flow_methods`;\nALTER TABLE `selfservice_login_requests` RENAME TO `selfservice_login_flows`;\nALTER TABLE `selfservice_registration_request_methods` RENAME TO `selfservice_registration_flow_methods`;\nALTER TABLE `selfservice_registration_requests` RENAME TO `selfservice_registration_flows`;\nALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_settings_flow_methods`;\nALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_settings_flows`;\nALTER TABLE `selfservice_recovery_request_methods` RENAME TO `selfservice_recovery_flow_methods`;\nALTER TABLE `selfservice_recovery_requests` RENAME TO `selfservice_recovery_flows`;\nALTER TABLE `selfservice_verification_requests` RENAME TO `selfservice_verification_flows`;" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";\nALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";\nALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";\nALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";\nALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";\nALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";\nALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";\nALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";\nALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";\nALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";\nALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";\nALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";\nALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";\nALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";\nALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";\nALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/legacy/20200810161022_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";\nALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";\nALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";\nALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";\nALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";\nALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";\nALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";\nALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";\nALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_flow_id` `selfservice_login_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_flow_id` `selfservice_registration_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_flow_id` `selfservice_settings_request_id` char(36) NOT NULL;\nALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_request_id` `selfservice_login_flow_id` char(36) NOT NULL;\nALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_request_id` `selfservice_registration_flow_id` char(36) NOT NULL;\nALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL;\nALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_request_id` `selfservice_settings_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/legacy/20200810162450_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";\nALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";\nALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";\nALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.cockroach.up.sql", "content": "DELETE FROM sessions;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" RENAME COLUMN \"token\" TO \"_token_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"sessions\" SET \"token\" = \"_token_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" DROP COLUMN \"_token_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `token`;" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.mysql.up.sql", "content": "DELETE FROM sessions;\nALTER TABLE `sessions` ADD COLUMN `token` VARCHAR (32);\nALTER TABLE `sessions` MODIFY `token` VARCHAR (32);\nCREATE UNIQUE INDEX `sessions_token_uq_idx` ON `sessions` (`token`);\nCREATE INDEX `sessions_token_idx` ON `sessions` (`token`);" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.postgres.up.sql", "content": "DELETE FROM sessions;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);\nALTER TABLE \"sessions\" ALTER COLUMN \"token\" TYPE VARCHAR (32), ALTER COLUMN \"token\" DROP NOT NULL;\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);\nCREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";\nDROP INDEX IF EXISTS \"sessions_token_idx\";\nCREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at FROM \"sessions\";\n\nDROP TABLE \"sessions\";\nALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/legacy/20200812124254_add_session_token.sqlite3.up.sql", "content": "DELETE FROM sessions;\nALTER TABLE \"sessions\" ADD COLUMN \"token\" TEXT;\nCREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nINSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\";\nDROP TABLE \"sessions\";\nALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);\nCREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `active`;" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `active` boolean DEFAULT false;" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";\nDROP INDEX IF EXISTS \"sessions_token_uq_idx\";\nCREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);\nCREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);\nINSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\";\n\nDROP TABLE \"sessions\";\nALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/legacy/20200812160551_add_session_revoke.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" NUMERIC DEFAULT 'false';" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.sqlite3.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/legacy/20200830121710_update_recovery_token.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}';COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP TABLE \"selfservice_verification_flow_methods\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `form` JSON;\nUPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);\nALTER TABLE `selfservice_verification_flows` MODIFY `form` JSON;\nDROP TABLE `selfservice_verification_flow_methods`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `active_method`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `state`;\nALTER TABLE `selfservice_verification_flows` ADD COLUMN `via` VARCHAR (16) NOT NULL DEFAULT 'email';\nALTER TABLE `selfservice_verification_flows` ADD COLUMN `success` bool NOT NULL DEFAULT FALSE;" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" jsonb;\nUPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);\nALTER TABLE \"selfservice_verification_flows\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL;\nDROP TABLE \"selfservice_verification_flow_methods\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\";\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email';\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form'\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser'\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" TEXT NOT NULL DEFAULT 'email';\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "persistence/sql/migrations/legacy/20200830130642_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/legacy/20200830130643_add_verification_methods.cockroach.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/legacy/20200830130643_add_verification_methods.down.sql", "content": "" }, { "path": "persistence/sql/migrations/legacy/20200830130643_add_verification_methods.mysql.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/legacy/20200830130643_add_verification_methods.postgres.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/legacy/20200830130643_add_verification_methods.sqlite3.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/legacy/20200830130644_add_verification_methods.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830130644_add_verification_methods.down.sql", "content": "" }, { "path": "persistence/sql/migrations/legacy/20200830130644_add_verification_methods.mysql.up.sql", "content": "CREATE TABLE `selfservice_verification_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_verification_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;\nALTER TABLE `selfservice_verification_flows` ADD COLUMN `active_method` VARCHAR (32);" }, { "path": "persistence/sql/migrations/legacy/20200830130644_add_verification_methods.postgres.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/legacy/20200830130644_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_verification_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);\nALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" TEXT;" }, { "path": "persistence/sql/migrations/legacy/20200830130645_add_verification_methods.cockroach.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/legacy/20200830130645_add_verification_methods.down.sql", "content": "" }, { "path": "persistence/sql/migrations/legacy/20200830130645_add_verification_methods.mysql.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/legacy/20200830130645_add_verification_methods.postgres.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/legacy/20200830130645_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/legacy/20200830130646_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830130646_add_verification_methods.down.sql", "content": "" }, { "path": "persistence/sql/migrations/legacy/20200830130646_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `form`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `via`;\nALTER TABLE `selfservice_verification_flows` DROP COLUMN `success`;" }, { "path": "persistence/sql/migrations/legacy/20200830130646_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\";\nALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";" }, { "path": "persistence/sql/migrations/legacy/20200830130646_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";\nCREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);\nINSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";\n\nDROP TABLE \"selfservice_verification_flows\";\nALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.cockroach.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.cockroach.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verification_tokens_identity_verifiable_addresses_id_fk\" FOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_verification_tokens_selfservice_verification_flows_id_fk\" FOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.mysql.down.sql", "content": "DROP TABLE `identity_verification_tokens`;" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.mysql.up.sql", "content": "CREATE TABLE `identity_verification_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`expires_at` DATETIME NOT NULL,\n`issued_at` DATETIME NOT NULL,\n`identity_verifiable_address_id` char(36) NOT NULL,\n`selfservice_verification_flow_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_verifiable_address_id`) REFERENCES `identity_verifiable_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_verification_flow_id`) REFERENCES `selfservice_verification_flows` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;\nCREATE UNIQUE INDEX `identity_verification_tokens_token_uq_idx` ON `identity_verification_tokens` (`token`);\nCREATE INDEX `identity_verification_tokens_token_idx` ON `identity_verification_tokens` (`token`);\nCREATE INDEX `identity_verification_tokens_verifiable_address_id_idx` ON `identity_verification_tokens` (`identity_verifiable_address_id`);\nCREATE INDEX `identity_verification_tokens_verification_flow_id_idx` ON `identity_verification_tokens` (`selfservice_verification_flow_id`);" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.postgres.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.postgres.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.sqlite3.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/legacy/20200830154602_add_verification_token.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON DELETE cascade\n);\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.cockroach.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.mysql.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36) NOT NULL;\nALTER TABLE `identity_recovery_tokens` DROP COLUMN `expires_at`;\nALTER TABLE `identity_recovery_tokens` DROP COLUMN `issued_at`;" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `expires_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE `identity_recovery_tokens` ADD COLUMN `issued_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36);" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.postgres.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL;\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\";\nALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.sqlite3.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\";\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at FROM \"identity_recovery_tokens\";\n\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at FROM \"identity_recovery_tokens\";\n\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/legacy/20200830172221_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";\nDROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";\nCREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nCREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);\nINSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\";\nDROP TABLE \"identity_recovery_tokens\";\nALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE identity_verifiable_addresses SET code = substr(md5(uuid_v4()), 0, 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"code\" TO \"_code_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_verifiable_addresses\" SET \"code\" = \"_code_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" SET NOT NULL;COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_code_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"expires_at\" TO \"_expires_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;COMMIT TRANSACTION;BEGIN TRANSACTION;\nUPDATE \"identity_verifiable_addresses\" SET \"expires_at\" = \"_expires_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_expires_at_tmp\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\";COMMIT TRANSACTION;BEGIN TRANSACTION;\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";COMMIT TRANSACTION;BEGIN TRANSACTION;" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD COLUMN `code` VARCHAR (32);\nALTER TABLE `identity_verifiable_addresses` ADD COLUMN `expires_at` DATETIME;\nUPDATE identity_verifiable_addresses SET code = LEFT(SHA2(RANDOM_BYTES(32), 256), 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nALTER TABLE `identity_verifiable_addresses` MODIFY `code` VARCHAR (32) NOT NULL;\nALTER TABLE `identity_verifiable_addresses` MODIFY `expires_at` DATETIME;\nCREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`);\nCREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`);\n" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses`;\nDROP INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses`;\nALTER TABLE `identity_verifiable_addresses` DROP COLUMN `code`;\nALTER TABLE `identity_verifiable_addresses` DROP COLUMN `expires_at`;" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;\nUPDATE identity_verifiable_addresses SET code = substr(md5(random()::text), 0, 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" TYPE VARCHAR (32), ALTER COLUMN \"code\" SET NOT NULL;\nALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"expires_at\" TYPE timestamp, ALTER COLUMN \"expires_at\" DROP NOT NULL;\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_code_uq_idx\";\nDROP INDEX \"identity_verifiable_addresses_code_idx\";\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\";\nALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" TEXT;\nALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" DATETIME;\nUPDATE identity_verifiable_addresses SET code = substr(hex(randomblob(32)), 0, 32) WHERE code IS NULL;\nUPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\";\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\";\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);\nCREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/legacy/20200831110752_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\";\n\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";\nDROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";\nCREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\nCREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nCREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);\nINSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\";\n\nDROP TABLE \"identity_verifiable_addresses\";\nALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.cockroach.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.mysql.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.postgres.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.sqlite3.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/legacy/20201201161451_credential_types_values.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');\nINSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.cockroach.down.sql", "content": "DROP TABLE \"networks\";" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.cockroach.up.sql", "content": "CREATE TABLE \"networks\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.mysql.down.sql", "content": "DROP TABLE `networks`;" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.mysql.up.sql", "content": "CREATE TABLE `networks` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.postgres.down.sql", "content": "DROP TABLE \"networks\";" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.postgres.up.sql", "content": "CREATE TABLE \"networks\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.sqlite3.down.sql", "content": "DROP TABLE \"networks\";" }, { "path": "persistence/sql/migrations/sql/20150100000001000000_networks.sqlite3.up.sql", "content": "CREATE TABLE \"networks\" (\n\"id\" TEXT PRIMARY KEY,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.cockroach.down.sql", "content": "DROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.cockroach.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.mysql.down.sql", "content": "DROP TABLE `identities`;" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.mysql.up.sql", "content": "CREATE TABLE `identities` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`traits_schema_id` VARCHAR (2048) NOT NULL,\n`traits` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.postgres.down.sql", "content": "DROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.postgres.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"traits_schema_id\" VARCHAR (2048) NOT NULL,\n\"traits\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.sqlite3.down.sql", "content": "DROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000000_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identities\" (\n\"id\" TEXT PRIMARY KEY,\n\"traits_schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credential_types\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.cockroach.up.sql", "content": "CREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.mysql.down.sql", "content": "DROP TABLE `identity_credential_types`;" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.mysql.up.sql", "content": "CREATE TABLE `identity_credential_types` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`name` VARCHAR (32) NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credential_types\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.postgres.up.sql", "content": "CREATE TABLE \"identity_credential_types\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"name\" VARCHAR (32) NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credential_types\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000001_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identity_credential_types\" (\n\"id\" TEXT PRIMARY KEY,\n\"name\" TEXT NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.mysql.down.sql", "content": "DROP TABLE `identity_credentials`;" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_credential_types_name_idx` ON `identity_credential_types` (`name`);" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000002_identities.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_types_name_idx\" ON \"identity_credential_types\" (name);" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.cockroach.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.cockroach.up.sql", "content": "CREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" json NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credentials_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_credentials_identity_credential_types_id_fk\" FOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.mysql.down.sql", "content": "DROP TABLE `identity_credential_identifiers`;" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.mysql.up.sql", "content": "CREATE TABLE `identity_credentials` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`config` JSON NOT NULL,\n`identity_credential_type_id` char(36) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade,\nFOREIGN KEY (`identity_credential_type_id`) REFERENCES `identity_credential_types` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.postgres.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.postgres.up.sql", "content": "CREATE TABLE \"identity_credentials\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"config\" jsonb NOT NULL,\n\"identity_credential_type_id\" UUID NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.sqlite3.down.sql", "content": "DROP TABLE \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20191100000001000003_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identity_credentials\" (\n\"id\" TEXT PRIMARY KEY,\n\"config\" TEXT NOT NULL,\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade,\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.cockroach.up.sql", "content": "CREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_credential_identifiers_identity_credentials_id_fk\" FOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.mysql.up.sql", "content": "CREATE TABLE `identity_credential_identifiers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identifier` VARCHAR (255) NOT NULL,\n`identity_credential_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_credential_id`) REFERENCES `identity_credentials` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.postgres.up.sql", "content": "CREATE TABLE \"identity_credential_identifiers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identifier\" VARCHAR (255) NOT NULL,\n\"identity_credential_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_credential_id\") REFERENCES \"identity_credentials\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000004_identities.sqlite3.up.sql", "content": "CREATE TABLE \"identity_credential_identifiers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_idx` ON `identity_credential_identifiers` (`identifier`);" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000001000005_identities.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_profile_management_requests`;" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_login_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000000_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_login_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_login_request_methods_selfservice_login_requests_id_fk\" FOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_registration_requests`;" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_login_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_login_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_login_request_id`) REFERENCES `selfservice_login_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_login_request_id\") REFERENCES \"selfservice_login_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000001_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_login_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_login_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_login_request_id) REFERENCES selfservice_login_requests (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_registration_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_registration_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_registration_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`active_method` VARCHAR (32) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_registration_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_registration_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"active_method\" VARCHAR (32) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_registration_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000002_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_registration_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_registration_request_methods_selfservice_registration_requests_id_fk\" FOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_login_requests`;" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_registration_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_registration_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_registration_request_id`) REFERENCES `selfservice_registration_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_registration_request_id\") REFERENCES \"selfservice_registration_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000003_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_registration_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_registration_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_registration_request_id) REFERENCES selfservice_registration_requests (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.cockroach.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_profile_management_requests_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.mysql.down.sql", "content": "DROP TABLE `selfservice_login_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.mysql.up.sql", "content": "CREATE TABLE `selfservice_profile_management_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`update_successful` bool NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.postgres.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.postgres.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_login_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20191100000002000004_requests.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.cockroach.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.cockroach.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"sessions_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.mysql.down.sql", "content": "DROP TABLE `sessions`;" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.mysql.up.sql", "content": "CREATE TABLE `sessions` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`authenticated_at` DATETIME NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.postgres.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.postgres.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"authenticated_at\" timestamp NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.sqlite3.down.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20191100000003000000_sessions.sqlite3.up.sql", "content": "CREATE TABLE \"sessions\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.cockroach.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" json NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.mysql.down.sql", "content": "DROP TABLE `selfservice_errors`;" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.mysql.up.sql", "content": "CREATE TABLE `selfservice_errors` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`errors` JSON NOT NULL,\n`seen_at` DATETIME NOT NULL,\n`was_seen` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.postgres.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.postgres.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"errors\" jsonb NOT NULL,\n\"seen_at\" timestamp NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000004000000_errors.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_errors\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME NOT NULL,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000005000000_identities.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000005000000_identities.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255) BINARY;" }, { "path": "persistence/sql/migrations/sql/20191100000005000001_identities.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers MODIFY COLUMN identifier VARCHAR(255);" }, { "path": "persistence/sql/migrations/sql/20191100000005000001_identities.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.cockroach.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.cockroach.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.mysql.down.sql", "content": "DROP TABLE `courier_messages`;" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.mysql.up.sql", "content": "CREATE TABLE `courier_messages` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`type` INTEGER NOT NULL,\n`status` INTEGER NOT NULL,\n`body` VARCHAR (255) NOT NULL,\n`subject` VARCHAR (255) NOT NULL,\n`recipient` VARCHAR (255) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.postgres.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.postgres.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"type\" int NOT NULL,\n\"status\" int NOT NULL,\n\"body\" VARCHAR (255) NOT NULL,\n\"subject\" VARCHAR (255) NOT NULL,\n\"recipient\" VARCHAR (255) NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.sqlite3.down.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20191100000006000000_courier.sqlite3.up.sql", "content": "CREATE TABLE \"courier_messages\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` DROP COLUMN `csrf_token`;" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` ADD COLUMN `csrf_token` VARCHAR (255) NOT NULL DEFAULT \"\";" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"csrf_token\";" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000007000000_errors.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"csrf_token\" TEXT NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/sql/20191100000007000001_errors.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000007000001_errors.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000007000002_errors.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at) SELECT id, errors, seen_at, was_seen, created_at, updated_at FROM \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000007000002_errors.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000007000003_errors.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000007000003_errors.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.cockroach.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.cockroach.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verifiable_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.mysql.down.sql", "content": "DROP TABLE `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.mysql.up.sql", "content": "CREATE TABLE `identity_verifiable_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`code` VARCHAR (32) NOT NULL,\n`status` VARCHAR (16) NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`verified` bool NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`verified_at` DATETIME,\n`expires_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.postgres.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.postgres.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"code\" VARCHAR (32) NOT NULL,\n\"status\" VARCHAR (16) NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"verified_at\" timestamp,\n\"expires_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.sqlite3.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20191100000008000000_selfservice_verification.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verifiable_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"code\" TEXT NOT NULL,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.cockroach.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.mysql.down.sql", "content": "DROP TABLE `selfservice_verification_requests`;" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`);" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.postgres.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000008000001_selfservice_verification.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.cockroach.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.mysql.up.sql", "content": "CREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`);" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.postgres.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000002_selfservice_verification.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000003_selfservice_verification.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.cockroach.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.mysql.up.sql", "content": "CREATE INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.postgres.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000004_selfservice_verification.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" json NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.mysql.up.sql", "content": "CREATE TABLE `selfservice_verification_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`form` JSON NOT NULL,\n`via` VARCHAR (16) NOT NULL,\n`csrf_token` VARCHAR (255) NOT NULL,\n`success` bool NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.postgres.up.sql", "content": "CREATE TABLE \"selfservice_verification_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"form\" jsonb NOT NULL,\n\"via\" VARCHAR (16) NOT NULL,\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000008000005_selfservice_verification.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_verification_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"form\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000009000000_verification.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000009000000_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;" }, { "path": "persistence/sql/migrations/sql/20191100000009000001_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255);" }, { "path": "persistence/sql/migrations/sql/20191100000009000001_verification.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` MODIFY `seen_at` DATETIME;" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ALTER COLUMN \"seen_at\" TYPE timestamp, ALTER COLUMN \"seen_at\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000000_errors.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n);" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.cockroach.down.sql", "content": "UPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp;" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.mysql.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.postgres.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000001_errors.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000002_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"seen_at\" timestamp;" }, { "path": "persistence/sql/migrations/sql/20191100000010000002_errors.cockroach.up.sql", "content": "UPDATE \"selfservice_errors\" SET \"seen_at\" = \"_seen_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000002_errors.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000002_errors.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000003_errors.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" RENAME COLUMN \"seen_at\" TO \"_seen_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000003_errors.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"_seen_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000003_errors.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n);" }, { "path": "persistence/sql/migrations/sql/20191100000010000003_errors.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20191100000010000004_errors.cockroach.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000010000004_errors.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000010000004_errors.sqlite3.down.sql", "content": "UPDATE selfservice_errors SET seen_at = '1980-01-01 00:00:00' WHERE seen_at = NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000010000004_errors.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" RENAME COLUMN \"body\" TO \"_body_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.mysql.up.sql", "content": "ALTER TABLE `courier_messages` MODIFY `body` text NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" TYPE text, ALTER COLUMN \"body\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000000_courier_body_type.sqlite3.up.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000011000001_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000001_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"body\" text;" }, { "path": "persistence/sql/migrations/sql/20191100000011000001_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000001_courier_body_type.sqlite3.up.sql", "content": "INSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at) SELECT id, type, status, body, subject, recipient, created_at, updated_at FROM \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20191100000011000002_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000002_courier_body_type.cockroach.up.sql", "content": "UPDATE \"courier_messages\" SET \"body\" = \"_body_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000011000002_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000002_courier_body_type.sqlite3.up.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20191100000011000003_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000003_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ALTER COLUMN \"body\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20191100000011000003_courier_body_type.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000003_courier_body_type.sqlite3.up.sql", "content": "ALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20191100000011000004_courier_body_type.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000011000004_courier_body_type.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"_body_tmp\";" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `forced`;" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `forced` bool NOT NULL DEFAULT false;" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"forced\";" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000012000000_login_request_forced.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"forced\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20191100000012000001_login_request_forced.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000012000001_login_request_forced.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000012000002_login_request_forced.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20191100000012000002_login_request_forced.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20191100000012000003_login_request_forced.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20191100000012000003_login_request_forced.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `active_method`;" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.mysql.up.sql", "content": "CREATE TABLE `selfservice_profile_management_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_profile_management_request_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"active_method\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.postgres.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_profile_management_request_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000000_create_profile_request_forms.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_profile_management_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_profile_management_request_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.cockroach.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.mysql.down.sql", "content": "DROP TABLE `selfservice_profile_management_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `active_method` VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.postgres.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000001_create_profile_request_forms.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"active_method\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}';" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.cockroach.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` MODIFY `form` JSON;" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.mysql.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.postgres.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful, form) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, update_successful, form FROM \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000002_create_profile_request_forms.sqlite3.up.sql", "content": "INSERT INTO selfservice_profile_management_request_methods (id, method, selfservice_profile_management_request_id, config) SELECT id, 'traits', id, form FROM selfservice_profile_management_requests;" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.mysql.down.sql", "content": "UPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` DROP COLUMN `form`;" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.postgres.down.sql", "content": "UPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" DROP COLUMN \"form\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\n\"form\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200317160354000003_create_profile_request_forms.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"update_successful\" bool NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200317160354000004_create_profile_request_forms.mysql.down.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` ADD COLUMN `form` JSON;" }, { "path": "persistence/sql/migrations/sql/20200317160354000004_create_profile_request_forms.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200317160354000004_create_profile_request_forms.postgres.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20200317160354000004_create_profile_request_forms.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200317160354000004_create_profile_request_forms.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_profile_management_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000004_create_profile_request_forms.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method) SELECT id, request_url, issued_at, expires_at, update_successful, identity_id, created_at, updated_at, active_method FROM \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000005_create_profile_request_forms.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000005_create_profile_request_forms.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000006_create_profile_request_forms.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000006_create_profile_request_forms.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_profile_management_requests_tmp\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000007_create_profile_request_forms.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_profile_management_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful, form) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful, form FROM \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200317160354000007_create_profile_request_forms.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200317160354000008_create_profile_request_forms.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_profile_management_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\n\"form\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200317160354000008_create_profile_request_forms.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200317160354000009_create_profile_request_forms.sqlite3.down.sql", "content": "UPDATE selfservice_profile_management_requests SET form=(SELECT * FROM (SELECT m.config FROM selfservice_profile_management_requests AS r INNER JOIN selfservice_profile_management_request_methods AS m ON r.id=m.selfservice_profile_management_request_id) as t);" }, { "path": "persistence/sql/migrations/sql/20200317160354000009_create_profile_request_forms.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200317160354000010_create_profile_request_forms.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" ADD COLUMN \"form\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200317160354000010_create_profile_request_forms.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.cockroach.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.cockroach.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" json,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"continuity_containers_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.mysql.down.sql", "content": "DROP TABLE `continuity_containers`;" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.mysql.up.sql", "content": "CREATE TABLE `continuity_containers` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`identity_id` char(36),\n`name` VARCHAR (255) NOT NULL,\n`payload` JSON,\n`expires_at` DATETIME NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.postgres.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.postgres.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"identity_id\" UUID,\n\"name\" VARCHAR (255) NOT NULL,\n\"payload\" jsonb,\n\"expires_at\" timestamp NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.sqlite3.down.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20200401183443000000_continuity_containers.sqlite3.up.sql", "content": "CREATE TABLE \"continuity_containers\" (\n\"id\" TEXT PRIMARY KEY,\n\"identity_id\" char(36),\n\"name\" TEXT NOT NULL,\n\"payload\" TEXT,\n\"expires_at\" DATETIME NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_profile_management_requests`;" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_request_methods` CHANGE `selfservice_profile_management_request_id` `selfservice_settings_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_profile_management_requests\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000000_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME COLUMN \"selfservice_profile_management_request_id\" TO \"selfservice_settings_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_profile_management_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_request_methods` RENAME TO `selfservice_settings_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_profile_management_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000001_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_request_methods\" RENAME TO \"selfservice_settings_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` CHANGE `selfservice_settings_request_id` `selfservice_profile_management_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.mysql.up.sql", "content": "ALTER TABLE `selfservice_profile_management_requests` RENAME TO `selfservice_settings_requests`;" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.postgres.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_profile_management_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200402142539000002_rename_profile_flows.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_profile_management_requests\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_addresses_identities_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `identity_recovery_addresses`;" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `identity_recovery_addresses` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`via` VARCHAR (16) NOT NULL,\n`value` VARCHAR (400) NOT NULL,\n`identity_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"via\" VARCHAR (16) NOT NULL,\n\"value\" VARCHAR (400) NOT NULL,\n\"identity_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000000_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"identity_recovery_addresses\" (\n\"id\" TEXT PRIMARY KEY,\n\"via\" TEXT NOT NULL,\n\"value\" TEXT NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `selfservice_recovery_requests`;" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000001_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"selfservice_recovery_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `selfservice_recovery_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.mysql.up.sql", "content": "CREATE INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"selfservice_recovery_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_recovery_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000002_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.cockroach.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" json,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_requests_identities_id_fk\" FOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.mysql.down.sql", "content": "DROP TABLE `identity_recovery_tokens`;" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `selfservice_recovery_requests` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`request_url` VARCHAR (2048) NOT NULL,\n`issued_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n`expires_at` DATETIME NOT NULL,\n`messages` JSON,\n`active_method` VARCHAR (32),\n`csrf_token` VARCHAR (255) NOT NULL,\n`state` VARCHAR (32) NOT NULL,\n`recovered_identity_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`recovered_identity_id`) REFERENCES `identities` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.postgres.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"request_url\" VARCHAR (2048) NOT NULL,\n\"issued_at\" timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" timestamp NOT NULL,\n\"messages\" jsonb,\n\"active_method\" VARCHAR (32),\n\"csrf_token\" VARCHAR (255) NOT NULL,\n\"state\" VARCHAR (32) NOT NULL,\n\"recovered_identity_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"recovered_identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200519101057000003_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_recovery_requests\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\"expires_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" json NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_request_methods_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `selfservice_recovery_request_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`config` JSON NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"config\" jsonb NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000004_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_recovery_request_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"config\" TEXT NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.cockroach.up.sql", "content": "CREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\" FOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.mysql.up.sql", "content": "CREATE TABLE `identity_recovery_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`identity_recovery_address_id` char(36) NOT NULL,\n`selfservice_recovery_request_id` char(36) NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_recovery_address_id`) REFERENCES `identity_recovery_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_recovery_request_id`) REFERENCES `selfservice_recovery_requests` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.postgres.up.sql", "content": "CREATE TABLE \"identity_recovery_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"identity_recovery_address_id\" UUID NOT NULL,\n\"selfservice_recovery_request_id\" UUID NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_recovery_request_id\") REFERENCES \"selfservice_recovery_requests\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000005_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE TABLE \"identity_recovery_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_request_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_recovery_request_id) REFERENCES selfservice_recovery_requests (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_recovery_addresses_code_uq_idx` ON `identity_recovery_tokens` (`token`);" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000006_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.mysql.up.sql", "content": "CREATE INDEX `identity_recovery_addresses_code_idx` ON `identity_recovery_tokens` (`token`);" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101057000007_create_recovery_addresses.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"identity_recovery_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200519101058000000_create_recovery_addresses.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200519101058000000_create_recovery_addresses.mysql.up.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64) BINARY;" }, { "path": "persistence/sql/migrations/sql/20200519101058000001_create_recovery_addresses.mysql.down.sql", "content": "ALTER TABLE identity_recovery_tokens MODIFY COLUMN token VARCHAR(64);" }, { "path": "persistence/sql/migrations/sql/20200519101058000001_create_recovery_addresses.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200601101000000000_create_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200601101000000001_create_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200601101000000001_create_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200601101000000002_create_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, update_successful FROM \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200601101000000002_create_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200601101000000003_create_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"update_successful\" bool NOT NULL DEFAULT 'false',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200601101000000003_create_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200601101001000000_verification.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200601101001000000_verification.mysql.up.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(32) BINARY;" }, { "path": "persistence/sql/migrations/sql/20200601101001000001_verification.mysql.down.sql", "content": "ALTER TABLE identity_verifiable_addresses MODIFY COLUMN code VARCHAR(255) BINARY;" }, { "path": "persistence/sql/migrations/sql/20200601101001000001_verification.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_requests` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000000_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000001_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_requests` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_requests` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at FROM \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000002_messages.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200605111551000003_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20200605111551000003_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000004_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000004_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000005_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000005_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000006_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced FROM \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000006_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000007_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false'\n);" }, { "path": "persistence/sql/migrations/sql/20200605111551000007_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000008_messages.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000008_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000009_messages.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000009_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000010_messages.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, nid, form, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, nid, form, via, success FROM \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000010_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000011_messages.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"_selfservice_verification_requests_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200605111551000011_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000012_messages.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\n\"form\" TEXT,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n);" }, { "path": "persistence/sql/migrations/sql/20200605111551000012_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200605111551000013_messages.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_verification_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200605111551000013_messages.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `update_successful` bool NOT NULL DEFAULT false;" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"update_successful\" bool NOT NULL DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20200607165100000000_settings.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `state`;" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `update_successful`;" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"state\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"update_successful\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000001_settings.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200607165100000002_settings.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000002_settings.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages, state FROM \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000003_settings.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, messages FROM \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000003_settings.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200607165100000004_settings.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"messages\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200607165100000004_settings.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.cockroach.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.cockroach.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.mysql.down.sql", "content": "ALTER TABLE `identities` CHANGE `schema_id` `traits_schema_id` varchar(2048) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.mysql.up.sql", "content": "ALTER TABLE `identities` CHANGE `traits_schema_id` `schema_id` varchar(2048) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.postgres.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.postgres.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.sqlite3.down.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"schema_id\" TO \"traits_schema_id\";" }, { "path": "persistence/sql/migrations/sql/20200705105359000000_rename_identities_schema.sqlite3.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"traits_schema_id\" TO \"schema_id\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_requests` DROP COLUMN `type`;" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_requests_tmp\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000000_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_requests` DROP COLUMN `type`;" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000001_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_requests` DROP COLUMN `type`;" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_requests_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, nid, messages, form, via, success) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, nid, messages, form, via, success FROM \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000002_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_requests` DROP COLUMN `type`;" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"_selfservice_verification_requests_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200810141652000003_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_requests` DROP COLUMN `type`;" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` ADD COLUMN `type` VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_requests\" DROP COLUMN \"type\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" VARCHAR (16) NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\n\"messages\" TEXT,\n\"form\" TEXT,\n\"via\" TEXT NOT NULL DEFAULT 'email',\n\"success\" bool NOT NULL DEFAULT 'FALSE'\n);" }, { "path": "persistence/sql/migrations/sql/20200810141652000004_flow_type.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" ADD COLUMN \"type\" TEXT NOT NULL DEFAULT 'browser';" }, { "path": "persistence/sql/migrations/sql/20200810141652000005_flow_type.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_verification_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000005_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000006_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_recovery_requests_tmp\" RENAME TO \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000006_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000007_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000007_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000008_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_recovery_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, nid, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, nid, messages FROM \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000008_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000009_flow_type.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_recovery_flows_nid_idx\" ON \"_selfservice_recovery_requests_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200810141652000009_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000010_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_recovery_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\n\"messages\" TEXT,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200810141652000010_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000011_flow_type.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_recovery_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000011_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000012_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_requests_tmp\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000012_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000013_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000013_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000014_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_requests_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, messages) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, messages FROM \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000014_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000015_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"messages\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200810141652000015_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000016_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_registration_requests_tmp\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000016_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000017_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000017_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000018_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_registration_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, messages FROM \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000018_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000019_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_registration_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200810141652000019_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000020_flow_type.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_requests_tmp\" RENAME TO \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000020_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000021_flow_type.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000021_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000022_flow_type.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_requests_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, messages FROM \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810141652000022_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810141652000023_flow_type.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_requests_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"messages\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200810141652000023_flow_type.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` RENAME TO `selfservice_verification_requests`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_request_methods` RENAME TO `selfservice_login_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME TO \"selfservice_verification_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000000_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_request_methods\" RENAME TO \"selfservice_login_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flows` RENAME TO `selfservice_recovery_requests`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_requests` RENAME TO `selfservice_login_flows`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME TO \"selfservice_recovery_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000001_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_requests\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flow_methods` RENAME TO `selfservice_recovery_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_request_methods` RENAME TO `selfservice_registration_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME TO \"selfservice_recovery_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000002_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_request_methods\" RENAME TO \"selfservice_registration_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flows` RENAME TO `selfservice_settings_requests`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_requests` RENAME TO `selfservice_registration_flows`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME TO \"selfservice_settings_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000003_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_requests\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flow_methods` RENAME TO `selfservice_settings_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_request_methods` RENAME TO `selfservice_settings_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME TO \"selfservice_settings_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000004_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_request_methods\" RENAME TO \"selfservice_settings_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flows` RENAME TO `selfservice_registration_requests`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_requests` RENAME TO `selfservice_settings_flows`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME TO \"selfservice_registration_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000005_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_requests\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flow_methods` RENAME TO `selfservice_registration_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_request_methods` RENAME TO `selfservice_recovery_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME TO \"selfservice_registration_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000006_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_request_methods\" RENAME TO \"selfservice_recovery_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` RENAME TO `selfservice_login_request_methods`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_requests` RENAME TO `selfservice_recovery_flows`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME TO \"selfservice_login_request_methods\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000007_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_requests\" RENAME TO \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` RENAME TO `selfservice_login_requests`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_requests` RENAME TO `selfservice_verification_flows`;" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME TO \"selfservice_login_requests\";" }, { "path": "persistence/sql/migrations/sql/20200810161022000008_flow_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_requests\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_request_id` `selfservice_login_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000000_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_request_id\" TO \"selfservice_login_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_flow_id` `selfservice_settings_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_request_id` `selfservice_registration_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_flow_id\" TO \"selfservice_settings_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000001_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_request_id\" TO \"selfservice_registration_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flow_methods` CHANGE `selfservice_registration_flow_id` `selfservice_registration_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flow_methods` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_registration_flow_methods\" RENAME COLUMN \"selfservice_registration_flow_id\" TO \"selfservice_registration_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000002_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flow_methods\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flow_methods` CHANGE `selfservice_login_flow_id` `selfservice_login_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flow_methods` CHANGE `selfservice_settings_request_id` `selfservice_settings_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flow_methods\" RENAME COLUMN \"selfservice_login_flow_id\" TO \"selfservice_login_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200810162450000003_flow_fields_rename.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_flow_methods\" RENAME COLUMN \"selfservice_settings_request_id\" TO \"selfservice_settings_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.cockroach.up.sql", "content": "DELETE FROM sessions;" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `token`;" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.mysql.up.sql", "content": "DELETE FROM sessions;" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"token\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.postgres.up.sql", "content": "DELETE FROM sessions;" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.sqlite3.down.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000000_add_session_token.sqlite3.up.sql", "content": "DELETE FROM sessions;" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `token` VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.sqlite3.down.sql", "content": "\nDROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000001_add_session_token.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" RENAME COLUMN \"token\" TO \"_token_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.mysql.up.sql", "content": "ALTER TABLE `sessions` MODIFY `token` VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ALTER COLUMN \"token\" TYPE VARCHAR (32), ALTER COLUMN \"token\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.sqlite3.down.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, nid) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, nid FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000002_add_session_token.sqlite3.up.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"token\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.mysql.up.sql", "content": "CREATE UNIQUE INDEX `sessions_token_uq_idx` ON `sessions` (`token`);" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"_sessions_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200812124254000003_add_session_token.sqlite3.up.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.cockroach.up.sql", "content": "UPDATE \"sessions\" SET \"token\" = \"_token_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.mysql.up.sql", "content": "CREATE INDEX `sessions_token_idx` ON `sessions` (`token`);" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.postgres.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.sqlite3.down.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200812124254000004_add_session_token.sqlite3.up.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000005_add_session_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000005_add_session_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"_token_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000005_add_session_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000005_add_session_token.sqlite3.up.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000006_add_session_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000006_add_session_token.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812124254000006_add_session_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000006_add_session_token.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812124254000007_add_session_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812124254000007_add_session_token.cockroach.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812124254000007_add_session_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20200812124254000007_add_session_token.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"sessions\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `active`;" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `active` boolean DEFAULT false;" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"active\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" boolean DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.sqlite3.down.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000000_add_session_revoke.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"active\" NUMERIC DEFAULT 'false';" }, { "path": "persistence/sql/migrations/sql/20200812160551000001_add_session_revoke.sqlite3.down.sql", "content": "\nDROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000001_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000002_add_session_revoke.sqlite3.down.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, nid) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, nid FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000002_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000003_add_session_revoke.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812160551000003_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000004_add_session_revoke.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200812160551000004_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000005_add_session_revoke.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"_sessions_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200812160551000005_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000006_add_session_revoke.sqlite3.down.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200812160551000006_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000007_add_session_revoke.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000007_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000008_add_session_revoke.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000008_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200812160551000009_add_session_revoke.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200812160551000009_add_session_revoke.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_flow_id` `selfservice_recovery_request_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` CHANGE `selfservice_recovery_request_id` `selfservice_recovery_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.sqlite3.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"selfservice_recovery_request_id\";" }, { "path": "persistence/sql/migrations/sql/20200830121710000000_update_recovery_token.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_request_id\" TO \"selfservice_recovery_flow_id\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `success` bool NOT NULL DEFAULT FALSE;" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"success\" bool NOT NULL DEFAULT FALSE;" }, { "path": "persistence/sql/migrations/sql/20200830130642000000_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'show_form';" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email';" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `via` VARCHAR (16) NOT NULL DEFAULT 'email';" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" VARCHAR (16) NOT NULL DEFAULT 'email';" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"via\" TEXT NOT NULL DEFAULT 'email';" }, { "path": "persistence/sql/migrations/sql/20200830130642000001_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `state`;" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"state\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000002_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `active_method`;" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"active_method\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000003_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.cockroach.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.mysql.down.sql", "content": "DROP TABLE `selfservice_verification_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.postgres.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, nid, messages, form) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, nid, messages, form FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000004_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" json NOT NULL DEFAULT '{}';" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` MODIFY `form` JSON;" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ALTER COLUMN \"form\" TYPE jsonb, ALTER COLUMN \"form\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"_selfservice_verification_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200830130642000005_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000006_add_verification_methods.mysql.down.sql", "content": "UPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);" }, { "path": "persistence/sql/migrations/sql/20200830130642000006_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000006_add_verification_methods.postgres.down.sql", "content": "UPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);" }, { "path": "persistence/sql/migrations/sql/20200830130642000006_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000006_add_verification_methods.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"nid\" char(36),\n\"messages\" TEXT,\n\"form\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200830130642000006_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000007_add_verification_methods.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `form` JSON;" }, { "path": "persistence/sql/migrations/sql/20200830130642000007_add_verification_methods.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000007_add_verification_methods.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20200830130642000007_add_verification_methods.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000007_add_verification_methods.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_verification_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000007_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000008_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000008_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000009_add_verification_methods.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000009_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000010_add_verification_methods.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, nid, messages, form) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, nid, messages, form FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000010_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000011_add_verification_methods.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"_selfservice_verification_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200830130642000011_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000012_add_verification_methods.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"nid\" char(36),\n\"messages\" TEXT,\n\"form\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200830130642000012_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000013_add_verification_methods.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_verification_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000013_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000014_add_verification_methods.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000014_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000015_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000015_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000016_add_verification_methods.sqlite3.down.sql", "content": "DROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000016_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000017_add_verification_methods.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, nid, messages, form) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, nid, messages, form FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000017_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000018_add_verification_methods.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"_selfservice_verification_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200830130642000018_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000019_add_verification_methods.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT,\n\"nid\" char(36),\n\"messages\" TEXT,\n\"form\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200830130642000019_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000020_add_verification_methods.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_verification_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830130642000020_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000021_add_verification_methods.sqlite3.down.sql", "content": "UPDATE selfservice_verification_flows SET form=(SELECT * FROM (SELECT m.config FROM selfservice_verification_flows AS r INNER JOIN selfservice_verification_flow_methods AS m ON r.id=m.selfservice_verification_flow_id) as t);" }, { "path": "persistence/sql/migrations/sql/20200830130642000021_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130642000022_add_verification_methods.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"form\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200830130642000022_add_verification_methods.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.cockroach.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.mysql.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.postgres.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130643000000_add_verification_methods.sqlite3.up.sql", "content": "UPDATE selfservice_verification_flows SET state='passed_challenge' WHERE success IS TRUE;" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.cockroach.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.mysql.up.sql", "content": "CREATE TABLE `selfservice_verification_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_verification_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.postgres.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000000_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_verification_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `active_method` VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130644000001_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"active_method\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.cockroach.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.mysql.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.postgres.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130645000000_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO selfservice_verification_flow_methods (id, method, selfservice_verification_flow_id, config, created_at, updated_at) SELECT id, 'link', id, form, created_at, updated_at FROM selfservice_verification_flows;" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `form`;" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"form\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000000_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"via\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `via`;" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"via\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000001_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, via, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `success`;" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"success\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000002_add_verification_methods.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000003_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000003_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000004_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000004_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"success\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200830130646000005_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000005_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, success, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000006_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000006_add_verification_methods.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000007_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000007_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000008_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000008_add_verification_methods.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"messages\" TEXT,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20200830130646000009_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000009_add_verification_methods.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, messages, type, state, active_method FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000010_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000010_add_verification_methods.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830130646000011_add_verification_methods.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830130646000011_add_verification_methods.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.cockroach.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.cockroach.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"identity_verification_tokens_identity_verifiable_addresses_id_fk\" FOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nCONSTRAINT \"identity_verification_tokens_selfservice_verification_flows_id_fk\" FOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.mysql.down.sql", "content": "DROP TABLE `identity_verification_tokens`;" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.mysql.up.sql", "content": "CREATE TABLE `identity_verification_tokens` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`token` VARCHAR (64) NOT NULL,\n`used` bool NOT NULL DEFAULT false,\n`used_at` DATETIME,\n`expires_at` DATETIME NOT NULL,\n`issued_at` DATETIME NOT NULL,\n`identity_verifiable_address_id` char(36) NOT NULL,\n`selfservice_verification_flow_id` char(36),\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`identity_verifiable_address_id`) REFERENCES `identity_verifiable_addresses` (`id`) ON DELETE cascade,\nFOREIGN KEY (`selfservice_verification_flow_id`) REFERENCES `selfservice_verification_flows` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.postgres.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.postgres.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"token\" VARCHAR (64) NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" timestamp,\n\"expires_at\" timestamp NOT NULL,\n\"issued_at\" timestamp NOT NULL,\n\"identity_verifiable_address_id\" UUID NOT NULL,\n\"selfservice_verification_flow_id\" UUID,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"identity_verifiable_address_id\") REFERENCES \"identity_verifiable_addresses\" (\"id\") ON DELETE cascade,\nFOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flows\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.sqlite3.down.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830154602000000_add_verification_token.sqlite3.up.sql", "content": "CREATE TABLE \"identity_verification_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON DELETE cascade,\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_verification_tokens_token_uq_idx` ON `identity_verification_tokens` (`token`);" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000001_add_verification_token.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.cockroach.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.mysql.up.sql", "content": "CREATE INDEX `identity_verification_tokens_token_idx` ON `identity_verification_tokens` (`token`);" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.postgres.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000002_add_verification_token.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_token_idx\" ON \"identity_verification_tokens\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.cockroach.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.mysql.up.sql", "content": "CREATE INDEX `identity_verification_tokens_verifiable_address_id_idx` ON `identity_verification_tokens` (`identity_verifiable_address_id`);" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.postgres.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000003_add_verification_token.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.cockroach.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.mysql.up.sql", "content": "CREATE INDEX `identity_verification_tokens_verification_flow_id_idx` ON `identity_verification_tokens` (`selfservice_verification_flow_id`);" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.postgres.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830154602000004_add_verification_token.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` DROP COLUMN `issued_at`;" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `expires_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"issued_at\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000000_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` DROP COLUMN `expires_at`;" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `issued_at` DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"expires_at\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" timestamp NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000001_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00';" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `selfservice_recovery_flow_id` char(36);" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" TYPE UUID, ALTER COLUMN \"selfservice_recovery_flow_id\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, nid) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, nid FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000002_recovery_token_expires.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.mysql.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.postgres.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000003_recovery_token_expires.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000004_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"selfservice_recovery_flow_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000004_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20200830172221000004_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000004_recovery_token_expires.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200830172221000005_recovery_token_expires.cockroach.down.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000005_recovery_token_expires.cockroach.up.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"selfservice_recovery_flow_id\" = \"_selfservice_recovery_flow_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000005_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"_identity_recovery_tokens_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200830172221000005_recovery_token_expires.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000006_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"selfservice_recovery_flow_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20200830172221000006_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_selfservice_recovery_flow_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000006_recovery_token_expires.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200830172221000006_recovery_token_expires.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000007_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"selfservice_recovery_flow_id\" TO \"_selfservice_recovery_flow_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000007_recovery_token_expires.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flows\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20200830172221000007_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000007_recovery_token_expires.sqlite3.up.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000008_recovery_token_expires.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_selfservice_recovery_requests_id_fk\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000008_recovery_token_expires.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000008_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000008_recovery_token_expires.sqlite3.up.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000009_recovery_token_expires.cockroach.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000009_recovery_token_expires.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000009_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_tokens_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000009_recovery_token_expires.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000010_recovery_token_expires.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000010_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000011_recovery_token_expires.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000011_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000012_recovery_token_expires.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at, nid) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, issued_at, nid FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000012_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000013_recovery_token_expires.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000013_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000014_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000014_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000015_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"_identity_recovery_tokens_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200830172221000015_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000016_recovery_token_expires.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"nid\" char(36),\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200830172221000016_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000017_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000017_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000018_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000018_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000019_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_tokens_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000019_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000020_recovery_token_expires.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000020_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000021_recovery_token_expires.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000021_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000022_recovery_token_expires.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000022_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000023_recovery_token_expires.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000023_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000024_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20200830172221000024_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000025_recovery_token_expires.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"_identity_recovery_tokens_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20200830172221000025_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000026_recovery_token_expires.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"nid\" char(36),\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200830172221000026_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000027_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000027_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000028_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000028_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000029_recovery_token_expires.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_tokens_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20200830172221000029_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200830172221000030_recovery_token_expires.sqlite3.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE selfservice_recovery_flow_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200830172221000030_recovery_token_expires.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.mysql.down.sql", "content": "CREATE INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses` (`code`);" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.postgres.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_code_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20200831110752000000_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.mysql.down.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_code_uq_idx` ON `identity_verifiable_addresses` (`code`);" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_code_idx` ON `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.postgres.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_code_uq_idx\" ON \"identity_verifiable_addresses\" (code);" }, { "path": "persistence/sql/migrations/sql/20200831110752000001_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_expires_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` MODIFY `expires_at` DATETIME;" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.mysql.up.sql", "content": "ALTER TABLE `identity_verifiable_addresses` DROP COLUMN `code`;" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"expires_at\" TYPE timestamp, ALTER COLUMN \"expires_at\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.postgres.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"code\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000002_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE \"identity_verifiable_addresses\" SET \"expires_at\" = \"_expires_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` MODIFY `code` VARCHAR (32) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.mysql.up.sql", "content": "ALTER TABLE `identity_verifiable_addresses` DROP COLUMN `expires_at`;" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" TYPE VARCHAR (32), ALTER COLUMN \"code\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.postgres.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"expires_at\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000003_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.mysql.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.postgres.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000004_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"expires_at\" TO \"_expires_at_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.mysql.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = LEFT(SHA2(RANDOM_BYTES(32), 256), 32) WHERE code IS NULL;\n" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.postgres.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = substr(md5(random()::text), 0, 32) WHERE code IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000005_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_code_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD COLUMN `expires_at` DATETIME;" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000006_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"code\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD COLUMN `code` VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200831110752000007_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, expires_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000008_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE \"identity_verifiable_addresses\" SET \"code\" = \"_code_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000008_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000008_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000008_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "\nDROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000009_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200831110752000009_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000009_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000009_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000010_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"code\" TO \"_code_tmp\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000010_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000010_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000010_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000011_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000011_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000011_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000011_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000012_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = substr(md5(uuid_v4()), 0, 32) WHERE code IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000012_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000012_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, code, expires_at FROM \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000012_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200831110752000013_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" timestamp;" }, { "path": "persistence/sql/migrations/sql/20200831110752000013_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000013_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000013_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000014_identity_verifiable_address_remove_code.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20200831110752000014_identity_verifiable_address_remove_code.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000014_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000014_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20200831110752000015_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"code\" TEXT NOT NULL,\n\"expires_at\" DATETIME,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20200831110752000015_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000016_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000016_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "\nDROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000017_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000017_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20200831110752000018_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "UPDATE identity_verifiable_addresses SET expires_at = CURRENT_TIMESTAMP WHERE expires_at IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000018_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000019_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "UPDATE identity_verifiable_addresses SET code = substr(hex(randomblob(32)), 0, 32) WHERE code IS NULL;" }, { "path": "persistence/sql/migrations/sql/20200831110752000019_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000020_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"expires_at\" DATETIME;" }, { "path": "persistence/sql/migrations/sql/20200831110752000020_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20200831110752000021_identity_verifiable_address_remove_code.sqlite3.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"code\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20200831110752000021_identity_verifiable_address_remove_code.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.cockroach.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.mysql.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.postgres.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.sqlite3.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'password' OR name = 'oidc';" }, { "path": "persistence/sql/migrations/sql/20201201161451000000_credential_types_values.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '78c1b41d-8341-4507-aa60-aff1d4369670', 'password' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'password');" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20201201161451000001_credential_types_values.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6fa5e2e0-bfce-4631-b62b-cf2b0252b289', 'oidc' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'oidc');" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_status_idx\";" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.cockroach.up.sql", "content": "CREATE INDEX \"courier_messages_status_idx\" ON \"courier_messages\" (status);" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.mysql.down.sql", "content": "DROP INDEX `courier_messages_status_idx` ON `courier_messages`;" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.mysql.up.sql", "content": "CREATE INDEX `courier_messages_status_idx` ON `courier_messages` (`status`);" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.postgres.down.sql", "content": "DROP INDEX \"courier_messages_status_idx\";" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.postgres.up.sql", "content": "CREATE INDEX \"courier_messages_status_idx\" ON \"courier_messages\" (status);" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_status_idx\";" }, { "path": "persistence/sql/migrations/sql/20210307130558000000_courier_status_index.sqlite3.up.sql", "content": "CREATE INDEX \"courier_messages_status_idx\" ON \"courier_messages\" (status);" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.cockroach.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"template_data\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"template_type\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.mysql.down.sql", "content": "ALTER TABLE `courier_messages` DROP COLUMN `template_data`;" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.mysql.up.sql", "content": "ALTER TABLE `courier_messages` ADD COLUMN `template_type` VARCHAR (255) NOT NULL DEFAULT \"\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.postgres.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"template_data\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"template_type\" VARCHAR (255) NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.sqlite3.down.sql", "content": "ALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000000_courier_message_template.sqlite3.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"template_type\" TEXT NOT NULL DEFAULT '';" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.cockroach.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"template_type\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"template_data\" BYTES;" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.mysql.down.sql", "content": "ALTER TABLE `courier_messages` DROP COLUMN `template_type`;" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.mysql.up.sql", "content": "ALTER TABLE `courier_messages` ADD COLUMN `template_data` BLOB;" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.postgres.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"template_type\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"template_data\" bytea;" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.sqlite3.down.sql", "content": "\nDROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000001_courier_message_template.sqlite3.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"template_data\" BLOB;" }, { "path": "persistence/sql/migrations/sql/20210307130559000002_courier_message_template.sqlite3.down.sql", "content": "INSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at) SELECT id, type, status, body, subject, recipient, created_at, updated_at FROM \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000002_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000003_courier_message_template.sqlite3.down.sql", "content": "CREATE INDEX \"courier_messages_status_idx\" ON \"_courier_messages_tmp\" (status);" }, { "path": "persistence/sql/migrations/sql/20210307130559000003_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000004_courier_message_template.sqlite3.down.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20210307130559000004_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000005_courier_message_template.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_status_idx\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000005_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000006_courier_message_template.sqlite3.down.sql", "content": "ALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000006_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000007_courier_message_template.sqlite3.down.sql", "content": "\nDROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000007_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000008_courier_message_template.sqlite3.down.sql", "content": "INSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at, template_data) SELECT id, type, status, body, subject, recipient, created_at, updated_at, template_data FROM \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000008_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000009_courier_message_template.sqlite3.down.sql", "content": "CREATE INDEX \"courier_messages_status_idx\" ON \"_courier_messages_tmp\" (status);" }, { "path": "persistence/sql/migrations/sql/20210307130559000009_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000010_courier_message_template.sqlite3.down.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"template_data\" BLOB\n);" }, { "path": "persistence/sql/migrations/sql/20210307130559000010_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210307130559000011_courier_message_template.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_status_idx\";" }, { "path": "persistence/sql/migrations/sql/20210307130559000011_courier_message_template.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.cockroach.up.sql", "content": "DROP TABLE \"selfservice_login_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.mysql.up.sql", "content": "DROP TABLE `selfservice_login_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.postgres.up.sql", "content": "DROP TABLE \"selfservice_login_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000000_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_login_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `ui`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000001_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser'\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.cockroach.down.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_verification_flow_methods_selfservice_verification_flow_methods_id_fk\" FOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.mysql.down.sql", "content": "CREATE TABLE `selfservice_verification_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_verification_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_verification_flow_id`) REFERENCES `selfservice_verification_flow_methods` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` ADD COLUMN `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.postgres.down.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_verification_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_verification_flow_id\") REFERENCES \"selfservice_verification_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"ui\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000002_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.cockroach.up.sql", "content": "UPDATE selfservice_login_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flows` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.mysql.up.sql", "content": "UPDATE selfservice_login_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.postgres.up.sql", "content": "UPDATE selfservice_login_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, nid) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, nid FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000003_form_refactoring.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME COLUMN \"ui\" TO \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_recovery_flows` DROP COLUMN `ui`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` MODIFY `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ALTER COLUMN \"ui\" TYPE jsonb, ALTER COLUMN \"ui\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"_selfservice_verification_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210311102338000004_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.cockroach.down.sql", "content": "CREATE TABLE \"selfservice_recovery_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_recovery_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_recovery_flow_methods_selfservice_recovery_flow_methods_id_fk\" FOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.mysql.down.sql", "content": "CREATE TABLE `selfservice_recovery_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_recovery_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_recovery_flow_id`) REFERENCES `selfservice_recovery_flow_methods` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.mysql.up.sql", "content": "DROP TABLE `selfservice_registration_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.postgres.down.sql", "content": "CREATE TABLE \"selfservice_recovery_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_recovery_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_recovery_flow_id\") REFERENCES \"selfservice_recovery_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.postgres.up.sql", "content": "DROP TABLE \"selfservice_registration_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000005_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"ui\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.cockroach.up.sql", "content": "UPDATE \"selfservice_login_flows\" SET \"ui\" = \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flows` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_verification_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000006_form_refactoring.sqlite3.up.sql", "content": "UPDATE selfservice_login_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flows` DROP COLUMN `ui`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` ADD COLUMN `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"ui\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"selfservice_verification_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_verification_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flow_methods (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000007_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.cockroach.down.sql", "content": "CREATE TABLE \"selfservice_settings_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_settings_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_settings_flow_methods_selfservice_settings_flow_methods_id_fk\" FOREIGN KEY (\"selfservice_settings_flow_id\") REFERENCES \"selfservice_settings_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.cockroach.up.sql", "content": "DROP TABLE \"selfservice_registration_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.mysql.down.sql", "content": "CREATE TABLE `selfservice_settings_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_settings_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_settings_flow_id`) REFERENCES `selfservice_settings_flow_methods` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.mysql.up.sql", "content": "UPDATE selfservice_registration_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.postgres.down.sql", "content": "CREATE TABLE \"selfservice_settings_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_settings_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_settings_flow_id\") REFERENCES \"selfservice_settings_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.postgres.up.sql", "content": "UPDATE selfservice_registration_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000008_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flows` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` MODIFY `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ALTER COLUMN \"ui\" TYPE jsonb, ALTER COLUMN \"ui\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_recovery_flows_tmp\" RENAME TO \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000009_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flows` DROP COLUMN `ui`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.mysql.up.sql", "content": "DROP TABLE `selfservice_settings_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.postgres.up.sql", "content": "DROP TABLE \"selfservice_settings_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000010_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.cockroach.down.sql", "content": "CREATE TABLE \"selfservice_registration_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_registration_flow_methods_selfservice_registration_flow_methods_id_fk\" FOREIGN KEY (\"selfservice_registration_flow_id\") REFERENCES \"selfservice_registration_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.cockroach.up.sql", "content": "UPDATE selfservice_registration_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.mysql.down.sql", "content": "CREATE TABLE `selfservice_registration_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_registration_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_registration_flow_id`) REFERENCES `selfservice_registration_flow_methods` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.postgres.down.sql", "content": "CREATE TABLE \"selfservice_registration_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_registration_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_registration_flow_id\") REFERENCES \"selfservice_registration_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_recovery_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, nid) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, nid FROM \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000011_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_registration_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"messages\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME COLUMN \"ui\" TO \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` ADD COLUMN `messages` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` ADD COLUMN `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"messages\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"ui\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_recovery_flows_nid_idx\" ON \"_selfservice_recovery_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210311102338000012_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_registration_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser'\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` DROP COLUMN `ui`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.mysql.up.sql", "content": "UPDATE selfservice_settings_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"ui\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.postgres.up.sql", "content": "UPDATE selfservice_settings_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_recovery_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"nid\" char(36),\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000013_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_registration_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type FROM \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.cockroach.down.sql", "content": "CREATE TABLE \"selfservice_login_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_flow_id\" UUID NOT NULL,\n\"config\" json NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nCONSTRAINT \"selfservice_login_flow_methods_selfservice_login_flow_methods_id_fk\" FOREIGN KEY (\"selfservice_login_flow_id\") REFERENCES \"selfservice_login_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.cockroach.up.sql", "content": "UPDATE \"selfservice_registration_flows\" SET \"ui\" = \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.mysql.down.sql", "content": "CREATE TABLE `selfservice_login_flow_methods` (\n`id` char(36) NOT NULL,\nPRIMARY KEY(`id`),\n`method` VARCHAR (32) NOT NULL,\n`selfservice_login_flow_id` char(36) NOT NULL,\n`config` JSON NOT NULL,\n`created_at` DATETIME NOT NULL,\n`updated_at` DATETIME NOT NULL,\nFOREIGN KEY (`selfservice_login_flow_id`) REFERENCES `selfservice_login_flow_methods` (`id`) ON DELETE cascade\n) ENGINE=InnoDB;" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` MODIFY `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.postgres.down.sql", "content": "CREATE TABLE \"selfservice_login_flow_methods\" (\n\"id\" UUID NOT NULL,\nPRIMARY KEY(\"id\"),\n\"method\" VARCHAR (32) NOT NULL,\n\"selfservice_login_flow_id\" UUID NOT NULL,\n\"config\" jsonb NOT NULL,\n\"created_at\" timestamp NOT NULL,\n\"updated_at\" timestamp NOT NULL,\nFOREIGN KEY (\"selfservice_login_flow_id\") REFERENCES \"selfservice_login_flow_methods\" (\"id\") ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ALTER COLUMN \"ui\" TYPE jsonb, ALTER COLUMN \"ui\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_recovery_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000014_form_refactoring.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.mysql.up.sql", "content": "DROP TABLE `selfservice_recovery_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.postgres.up.sql", "content": "DROP TABLE \"selfservice_recovery_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"selfservice_recovery_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_recovery_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flow_methods (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000015_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_registration_flows_tmp\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.cockroach.up.sql", "content": "DROP TABLE \"selfservice_settings_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flows` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000016_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"ui\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flows` ADD COLUMN `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"ui\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_flows_tmp\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000017_form_refactoring.sqlite3.up.sql", "content": "UPDATE selfservice_registration_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.mysql.up.sql", "content": "UPDATE selfservice_recovery_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.postgres.up.sql", "content": "UPDATE selfservice_recovery_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000018_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_registration_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.cockroach.up.sql", "content": "UPDATE selfservice_settings_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flows` MODIFY `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ALTER COLUMN \"ui\" TYPE jsonb, ALTER COLUMN \"ui\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_flows_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type FROM \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000019_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_registration_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui FROM \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME COLUMN \"ui\" TO \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.mysql.up.sql", "content": "DROP TABLE `selfservice_verification_flow_methods`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.postgres.up.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000020_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` DROP COLUMN `messages`;" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"selfservice_settings_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_settings_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_settings_flow_id) REFERENCES selfservice_settings_flow_methods (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000021_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_registration_flows_tmp\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.cockroach.up.sql", "content": "UPDATE \"selfservice_settings_flows\" SET \"ui\" = \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"ui\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000022_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_settings_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.mysql.up.sql", "content": "UPDATE selfservice_verification_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.postgres.up.sql", "content": "UPDATE selfservice_verification_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_registration_flows_tmp\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000023_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_settings_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.cockroach.up.sql", "content": "DROP TABLE \"selfservice_recovery_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` MODIFY `ui` JSON;" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ALTER COLUMN \"ui\" TYPE jsonb, ALTER COLUMN \"ui\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000024_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_settings_flows_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type FROM \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000025_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000025_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000025_form_refactoring.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_registration_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type FROM \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000025_form_refactoring.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000026_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000026_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000026_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_registration_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser'\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000026_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_settings_flows_tmp\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000027_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000027_form_refactoring.cockroach.up.sql", "content": "UPDATE selfservice_recovery_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000027_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"selfservice_registration_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_registration_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_registration_flow_id) REFERENCES selfservice_registration_flow_methods (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000027_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"ui\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000028_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000028_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME COLUMN \"ui\" TO \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000028_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"messages\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000028_form_refactoring.sqlite3.up.sql", "content": "UPDATE selfservice_settings_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000029_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000029_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000029_form_refactoring.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000029_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_settings_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000030_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000030_form_refactoring.cockroach.up.sql", "content": "UPDATE \"selfservice_recovery_flows\" SET \"ui\" = \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000030_form_refactoring.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000030_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_settings_flows_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui FROM \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000031_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000031_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" DROP COLUMN \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000031_form_refactoring.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000031_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000032_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000032_form_refactoring.cockroach.up.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000032_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser'\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000032_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_settings_flows_tmp\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000033_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000033_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"messages\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000033_form_refactoring.sqlite3.down.sql", "content": "CREATE TABLE \"selfservice_login_flow_methods\" (\n\"id\" TEXT PRIMARY KEY,\n\"method\" TEXT NOT NULL,\n\"selfservice_login_flow_id\" char(36) NOT NULL,\n\"config\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (selfservice_login_flow_id) REFERENCES selfservice_login_flow_methods (id) ON DELETE cascade\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000033_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_recovery_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000034_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000034_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000034_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000034_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_recovery_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000035_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000035_form_refactoring.cockroach.up.sql", "content": "UPDATE selfservice_verification_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000035_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000035_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_recovery_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type FROM \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000036_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000036_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME COLUMN \"ui\" TO \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000036_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000036_form_refactoring.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000037_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000037_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"ui\" json;" }, { "path": "persistence/sql/migrations/sql/20210311102338000037_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000037_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_recovery_flows_tmp\" RENAME TO \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000038_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000038_form_refactoring.cockroach.up.sql", "content": "UPDATE \"selfservice_verification_flows\" SET \"ui\" = \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000038_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000038_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"ui\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000039_form_refactoring.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000039_form_refactoring.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"_ui_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000039_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000039_form_refactoring.sqlite3.up.sql", "content": "UPDATE selfservice_recovery_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000040_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000040_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_recovery_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000041_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000041_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_recovery_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, ui) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, ui FROM \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000042_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000042_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000043_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000043_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_recovery_flows_tmp\" RENAME TO \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000044_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000044_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_verification_flow_methods\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000045_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000045_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000046_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000046_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000047_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000047_form_refactoring.sqlite3.up.sql", "content": "\nDROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000048_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000048_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000049_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000049_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"ui\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210311102338000050_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000050_form_refactoring.sqlite3.up.sql", "content": "UPDATE selfservice_verification_flows SET ui='{}';" }, { "path": "persistence/sql/migrations/sql/20210311102338000051_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000051_form_refactoring.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT,\n\"ui\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20210311102338000052_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000052_form_refactoring.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, ui) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, ui FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000053_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000053_form_refactoring.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210311102338000054_form_refactoring.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210311102338000054_form_refactoring.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.cockroach.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.mysql.down.sql", "content": "CREATE INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.postgres.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.sqlite3.down.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000000_network.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.cockroach.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD CONSTRAINT \"selfservice_login_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.mysql.down.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` ADD CONSTRAINT `selfservice_login_flows_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.postgres.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD CONSTRAINT \"selfservice_login_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000001_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_login_flows DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.cockroach.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.cockroach.up.sql", "content": "UPDATE selfservice_login_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.mysql.down.sql", "content": "CREATE INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.mysql.up.sql", "content": "UPDATE selfservice_login_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.postgres.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.postgres.up.sql", "content": "UPDATE selfservice_login_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000002_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_login_flows ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.cockroach.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP CONSTRAINT \"selfservice_login_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.mysql.down.sql", "content": "CREATE UNIQUE INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses` (`via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.postgres.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000003_network.sqlite3.up.sql", "content": "UPDATE selfservice_login_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.cockroach.down.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.mysql.down.sql", "content": "CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_idx` ON `identity_credential_identifiers` (`identifier`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.mysql.up.sql", "content": "CREATE INDEX `selfservice_login_flows_nid_idx` ON `selfservice_login_flows` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.postgres.down.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.postgres.up.sql", "content": "CREATE INDEX \"selfservice_login_flows_nid_idx\" ON \"selfservice_login_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"identity_credential_identifiers\" (identifier);" }, { "path": "persistence/sql/migrations/sql/20210410175418000004_network.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.cockroach.down.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.mysql.down.sql", "content": "ALTER TABLE `identity_credential_identifiers` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.postgres.down.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_credential_identifiers_tmp\" RENAME TO \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000005_network.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_nid_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.cockroach.up.sql", "content": "UPDATE \"selfservice_login_flows\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.mysql.down.sql", "content": "DROP INDEX `identity_credential_identifiers_identifier_nid_uq_idx` ON `identity_credential_identifiers`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` ADD CONSTRAINT `selfservice_registration_flows_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.postgres.down.sql", "content": "DROP INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD CONSTRAINT \"selfservice_registration_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000006_network.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.mysql.up.sql", "content": "UPDATE selfservice_registration_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.postgres.up.sql", "content": "UPDATE selfservice_registration_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.sqlite3.down.sql", "content": "INSERT INTO \"_identity_credential_identifiers_tmp\" (id, identifier, identity_credential_id, created_at, updated_at) SELECT id, identifier, identity_credential_id, created_at, updated_at FROM \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000007_network.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.cockroach.down.sql", "content": "ALTER TABLE \"identity_credentials\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD CONSTRAINT \"selfservice_login_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.mysql.down.sql", "content": "ALTER TABLE `identity_credentials` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.postgres.down.sql", "content": "ALTER TABLE \"identity_credentials\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_credential_identifiers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000008_network.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_login_flows_nid_idx\" ON \"selfservice_login_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.cockroach.down.sql", "content": "ALTER TABLE \"identities\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.cockroach.up.sql", "content": "CREATE INDEX \"selfservice_login_flows_nid_idx\" ON \"selfservice_login_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.mysql.down.sql", "content": "ALTER TABLE `identities` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.mysql.up.sql", "content": "CREATE INDEX `selfservice_registration_flows_nid_idx` ON `selfservice_registration_flows` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.postgres.down.sql", "content": "ALTER TABLE \"identities\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.postgres.up.sql", "content": "CREATE INDEX \"selfservice_registration_flows_nid_idx\" ON \"selfservice_registration_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_nid_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000009_network.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000010_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_registration_flows DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.cockroach.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD CONSTRAINT \"selfservice_registration_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.mysql.down.sql", "content": "ALTER TABLE `courier_messages` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` ADD CONSTRAINT `selfservice_settings_flows_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.postgres.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD CONSTRAINT \"selfservice_settings_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000011_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_registration_flows ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.cockroach.down.sql", "content": "ALTER TABLE \"continuity_containers\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.cockroach.up.sql", "content": "UPDATE selfservice_registration_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.mysql.down.sql", "content": "ALTER TABLE `continuity_containers` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.mysql.up.sql", "content": "UPDATE selfservice_settings_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.postgres.down.sql", "content": "ALTER TABLE \"continuity_containers\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.postgres.up.sql", "content": "UPDATE selfservice_settings_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.sqlite3.down.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at FROM \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000012_network.sqlite3.up.sql", "content": "UPDATE selfservice_registration_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP CONSTRAINT \"selfservice_registration_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flows` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000013_network.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_registration_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flows` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.mysql.up.sql", "content": "CREATE INDEX `selfservice_settings_flows_nid_idx` ON `selfservice_settings_flows` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.postgres.up.sql", "content": "CREATE INDEX \"selfservice_settings_flows_nid_idx\" ON \"selfservice_settings_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_credentials_tmp\" RENAME TO \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000014_network.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_registration_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid FROM \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` DROP COLUMN `nid`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"nid\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000015_network.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.cockroach.up.sql", "content": "UPDATE \"selfservice_registration_flows\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.mysql.down.sql", "content": "DROP INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` ADD CONSTRAINT `selfservice_errors_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.postgres.down.sql", "content": "DROP INDEX \"identity_recovery_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD CONSTRAINT \"selfservice_errors_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.sqlite3.down.sql", "content": "INSERT INTO \"_identity_credentials_tmp\" (id, config, identity_credential_type_id, identity_id, created_at, updated_at) SELECT id, config, identity_credential_type_id, identity_id, created_at, updated_at FROM \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000016_network.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_registration_flows_tmp\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.mysql.down.sql", "content": "DROP INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.mysql.up.sql", "content": "UPDATE selfservice_errors SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.postgres.down.sql", "content": "DROP INDEX \"identity_recovery_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.postgres.up.sql", "content": "UPDATE selfservice_errors SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_credentials_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"config\" TEXT NOT NULL,\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000017_network.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_registration_flows_nid_idx\" ON \"selfservice_registration_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD CONSTRAINT \"selfservice_registration_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.mysql.down.sql", "content": "DROP INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_errors` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.postgres.down.sql", "content": "DROP INDEX \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.sqlite3.down.sql", "content": "ALTER TABLE \"_identities_tmp\" RENAME TO \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000018_network.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.cockroach.up.sql", "content": "CREATE INDEX \"selfservice_registration_flows_nid_idx\" ON \"selfservice_registration_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.mysql.down.sql", "content": "DROP INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.mysql.up.sql", "content": "CREATE INDEX `selfservice_errors_nid_idx` ON `selfservice_errors` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.postgres.down.sql", "content": "DROP INDEX \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.postgres.up.sql", "content": "CREATE INDEX \"selfservice_errors_nid_idx\" ON \"selfservice_errors\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.sqlite3.down.sql", "content": "\nDROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000019_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_settings_flows DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.mysql.down.sql", "content": "DROP INDEX `identity_credential_identifiers_nid_idx` ON `identity_credential_identifiers`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.mysql.up.sql", "content": "ALTER TABLE `continuity_containers` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.postgres.down.sql", "content": "DROP INDEX \"identity_credential_identifiers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.postgres.up.sql", "content": "ALTER TABLE \"continuity_containers\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.sqlite3.down.sql", "content": "INSERT INTO \"_identities_tmp\" (id, schema_id, traits, created_at, updated_at) SELECT id, schema_id, traits, created_at, updated_at FROM \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000020_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_settings_flows ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD CONSTRAINT \"selfservice_settings_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.mysql.down.sql", "content": "DROP INDEX `identity_recovery_addresses_nid_idx` ON `identity_recovery_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.mysql.up.sql", "content": "ALTER TABLE `continuity_containers` ADD CONSTRAINT `continuity_containers_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.postgres.down.sql", "content": "DROP INDEX \"identity_recovery_addresses_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.postgres.up.sql", "content": "ALTER TABLE \"continuity_containers\" ADD CONSTRAINT \"continuity_containers_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.sqlite3.down.sql", "content": "CREATE TABLE \"_identities_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000021_network.sqlite3.up.sql", "content": "UPDATE selfservice_settings_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.cockroach.up.sql", "content": "UPDATE selfservice_settings_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.mysql.down.sql", "content": "DROP INDEX `identity_verifiable_addresses_nid_idx` ON `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.mysql.up.sql", "content": "UPDATE continuity_containers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.postgres.down.sql", "content": "DROP INDEX \"identity_verifiable_addresses_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.postgres.up.sql", "content": "UPDATE continuity_containers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000022_network.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_settings_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credentials_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP CONSTRAINT \"selfservice_settings_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.mysql.down.sql", "content": "DROP INDEX `identity_credentials_nid_idx` ON `identity_credentials`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.mysql.up.sql", "content": "ALTER TABLE `continuity_containers` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.postgres.down.sql", "content": "DROP INDEX \"identity_credentials_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.postgres.up.sql", "content": "ALTER TABLE \"continuity_containers\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000023_network.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_settings_flows_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui, nid) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui, nid FROM \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identities_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.mysql.down.sql", "content": "DROP INDEX `identities_nid_idx` ON `identities`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.mysql.up.sql", "content": "CREATE INDEX `continuity_containers_nid_idx` ON `continuity_containers` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.postgres.down.sql", "content": "DROP INDEX \"identities_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.postgres.up.sql", "content": "CREATE INDEX \"continuity_containers_nid_idx\" ON \"continuity_containers\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token FROM \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000024_network.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_errors_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.mysql.down.sql", "content": "DROP INDEX `selfservice_errors_nid_idx` ON `selfservice_errors`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.mysql.up.sql", "content": "ALTER TABLE `courier_messages` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.postgres.down.sql", "content": "DROP INDEX \"selfservice_errors_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT ''\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000025_network.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_settings_flows_tmp\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.cockroach.up.sql", "content": "UPDATE \"selfservice_settings_flows\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.mysql.down.sql", "content": "DROP INDEX `courier_messages_nid_idx` ON `courier_messages`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.mysql.up.sql", "content": "ALTER TABLE `courier_messages` ADD CONSTRAINT `courier_messages_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.postgres.down.sql", "content": "DROP INDEX \"courier_messages_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD CONSTRAINT \"courier_messages_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.sqlite3.down.sql", "content": "ALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000026_network.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_settings_flows_nid_idx\" ON \"selfservice_settings_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"continuity_containers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.mysql.down.sql", "content": "DROP INDEX `continuity_containers_nid_idx` ON `continuity_containers`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.mysql.up.sql", "content": "UPDATE courier_messages SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.postgres.down.sql", "content": "DROP INDEX \"continuity_containers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.postgres.up.sql", "content": "UPDATE courier_messages SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.sqlite3.down.sql", "content": "\nDROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000027_network.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_settings_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD CONSTRAINT \"selfservice_settings_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.mysql.down.sql", "content": "DROP INDEX `selfservice_settings_flows_nid_idx` ON `selfservice_settings_flows`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.mysql.up.sql", "content": "ALTER TABLE `courier_messages` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.postgres.down.sql", "content": "DROP INDEX \"selfservice_settings_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.postgres.up.sql", "content": "ALTER TABLE \"courier_messages\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.sqlite3.down.sql", "content": "INSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at, template_type, template_data) SELECT id, type, status, body, subject, recipient, created_at, updated_at, template_type, template_data FROM \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000028_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_errors DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_registration_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.cockroach.up.sql", "content": "CREATE INDEX \"selfservice_settings_flows_nid_idx\" ON \"selfservice_settings_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.mysql.down.sql", "content": "DROP INDEX `selfservice_registration_flows_nid_idx` ON `selfservice_registration_flows`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.mysql.up.sql", "content": "CREATE INDEX `courier_messages_nid_idx` ON `courier_messages` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.postgres.down.sql", "content": "DROP INDEX \"selfservice_registration_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.postgres.up.sql", "content": "CREATE INDEX \"courier_messages_nid_idx\" ON \"courier_messages\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.sqlite3.down.sql", "content": "CREATE INDEX \"courier_messages_status_idx\" ON \"_courier_messages_tmp\" (status);" }, { "path": "persistence/sql/migrations/sql/20210410175418000029_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_errors ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_login_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.mysql.down.sql", "content": "DROP INDEX `selfservice_login_flows_nid_idx` ON `selfservice_login_flows`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.mysql.up.sql", "content": "ALTER TABLE `identities` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.postgres.down.sql", "content": "DROP INDEX \"selfservice_login_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.postgres.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.sqlite3.down.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"template_type\" TEXT NOT NULL DEFAULT '',\n\"template_data\" BLOB\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000030_network.sqlite3.up.sql", "content": "UPDATE selfservice_errors SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.cockroach.down.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP CONSTRAINT \"identity_credential_identifiers_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD CONSTRAINT \"selfservice_errors_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.mysql.down.sql", "content": "ALTER TABLE `identity_credential_identifiers` DROP FOREIGN KEY `identity_credential_identifiers_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.mysql.up.sql", "content": "ALTER TABLE `identities` ADD CONSTRAINT `identities_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.postgres.down.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP CONSTRAINT \"identity_credential_identifiers_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.postgres.up.sql", "content": "ALTER TABLE \"identities\" ADD CONSTRAINT \"identities_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_status_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000031_network.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_errors_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"errors\" TEXT NOT NULL,\n\"seen_at\" DATETIME,\n\"was_seen\" bool NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL DEFAULT '',\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" DROP CONSTRAINT \"identity_recovery_addresses_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.cockroach.up.sql", "content": "UPDATE selfservice_errors SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_addresses` DROP FOREIGN KEY `identity_recovery_addresses_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.mysql.up.sql", "content": "UPDATE identities SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" DROP CONSTRAINT \"identity_recovery_addresses_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.postgres.up.sql", "content": "UPDATE identities SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.sqlite3.down.sql", "content": "ALTER TABLE \"_continuity_containers_tmp\" RENAME TO \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000032_network.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_errors_tmp\" (id, errors, seen_at, was_seen, created_at, updated_at, csrf_token, nid) SELECT id, errors, seen_at, was_seen, created_at, updated_at, csrf_token, nid FROM \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.cockroach.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP CONSTRAINT \"identity_verifiable_addresses_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP CONSTRAINT \"selfservice_errors_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.mysql.down.sql", "content": "ALTER TABLE `identity_verifiable_addresses` DROP FOREIGN KEY `identity_verifiable_addresses_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.mysql.up.sql", "content": "ALTER TABLE `identities` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.postgres.down.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP CONSTRAINT \"identity_verifiable_addresses_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.postgres.up.sql", "content": "ALTER TABLE \"identities\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.sqlite3.down.sql", "content": "\nDROP TABLE \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000033_network.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.cockroach.down.sql", "content": "ALTER TABLE \"identity_credentials\" DROP CONSTRAINT \"identity_credentials_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.mysql.down.sql", "content": "ALTER TABLE `identity_credentials` DROP FOREIGN KEY `identity_credentials_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.mysql.up.sql", "content": "CREATE INDEX `identities_nid_idx` ON `identities` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.postgres.down.sql", "content": "ALTER TABLE \"identity_credentials\" DROP CONSTRAINT \"identity_credentials_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.postgres.up.sql", "content": "CREATE INDEX \"identities_nid_idx\" ON \"identities\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.sqlite3.down.sql", "content": "INSERT INTO \"_continuity_containers_tmp\" (id, identity_id, name, payload, expires_at, created_at, updated_at) SELECT id, identity_id, name, payload, expires_at, created_at, updated_at FROM \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000034_network.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_errors_tmp\" RENAME TO \"selfservice_errors\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.cockroach.down.sql", "content": "ALTER TABLE \"identities\" DROP CONSTRAINT \"identities_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.mysql.down.sql", "content": "ALTER TABLE `identities` DROP FOREIGN KEY `identities_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.mysql.up.sql", "content": "ALTER TABLE `identity_credentials` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.postgres.down.sql", "content": "ALTER TABLE \"identities\" DROP CONSTRAINT \"identities_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.postgres.up.sql", "content": "ALTER TABLE \"identity_credentials\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.sqlite3.down.sql", "content": "CREATE TABLE \"_continuity_containers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identity_id\" char(36),\n\"name\" TEXT NOT NULL,\n\"payload\" TEXT,\n\"expires_at\" DATETIME NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000035_network.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_errors_nid_idx\" ON \"selfservice_errors\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP CONSTRAINT \"selfservice_errors_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.cockroach.up.sql", "content": "UPDATE \"selfservice_errors\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_errors` DROP FOREIGN KEY `selfservice_errors_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.mysql.up.sql", "content": "ALTER TABLE `identity_credentials` ADD CONSTRAINT `identity_credentials_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP CONSTRAINT \"selfservice_errors_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.postgres.up.sql", "content": "ALTER TABLE \"identity_credentials\" ADD CONSTRAINT \"identity_credentials_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_flows_tmp\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000036_network.sqlite3.up.sql", "content": "ALTER TABLE \"continuity_containers\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.cockroach.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP CONSTRAINT \"courier_messages_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.mysql.down.sql", "content": "ALTER TABLE `courier_messages` DROP FOREIGN KEY `courier_messages_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.mysql.up.sql", "content": "UPDATE identity_credentials SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.postgres.down.sql", "content": "ALTER TABLE \"courier_messages\" DROP CONSTRAINT \"courier_messages_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.postgres.up.sql", "content": "UPDATE identity_credentials SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000037_network.sqlite3.up.sql", "content": "ALTER TABLE continuity_containers DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.cockroach.down.sql", "content": "ALTER TABLE \"continuity_containers\" DROP CONSTRAINT \"continuity_containers_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_errors\" ADD CONSTRAINT \"selfservice_errors_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.mysql.down.sql", "content": "ALTER TABLE `continuity_containers` DROP FOREIGN KEY `continuity_containers_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.mysql.up.sql", "content": "ALTER TABLE `identity_credentials` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.postgres.down.sql", "content": "ALTER TABLE \"continuity_containers\" DROP CONSTRAINT \"continuity_containers_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.postgres.up.sql", "content": "ALTER TABLE \"identity_credentials\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_flows_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui FROM \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000038_network.sqlite3.up.sql", "content": "ALTER TABLE continuity_containers ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP CONSTRAINT \"selfservice_settings_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.cockroach.up.sql", "content": "CREATE INDEX \"selfservice_errors_nid_idx\" ON \"selfservice_errors\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flows` DROP FOREIGN KEY `selfservice_settings_flows_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.mysql.up.sql", "content": "CREATE INDEX `identity_credentials_nid_idx` ON `identity_credentials` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP CONSTRAINT \"selfservice_settings_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.postgres.up.sql", "content": "CREATE INDEX \"identity_credentials_nid_idx\" ON \"identity_credentials\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000039_network.sqlite3.up.sql", "content": "UPDATE continuity_containers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP CONSTRAINT \"selfservice_registration_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.cockroach.up.sql", "content": "ALTER TABLE \"continuity_containers\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flows` DROP FOREIGN KEY `selfservice_registration_flows_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.mysql.up.sql", "content": "ALTER TABLE `identity_credential_identifiers` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP CONSTRAINT \"selfservice_registration_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.postgres.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_registration_flows_tmp\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000040_network.sqlite3.up.sql", "content": "CREATE TABLE \"_continuity_containers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identity_id\" char(36),\n\"name\" TEXT NOT NULL,\n\"payload\" TEXT,\n\"expires_at\" DATETIME NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP CONSTRAINT \"selfservice_login_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.cockroach.up.sql", "content": "ALTER TABLE \"continuity_containers\" ADD CONSTRAINT \"continuity_containers_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` DROP FOREIGN KEY `selfservice_login_flows_nid_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.mysql.up.sql", "content": "ALTER TABLE `identity_credential_identifiers` ADD CONSTRAINT `identity_credential_identifiers_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP CONSTRAINT \"selfservice_login_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.postgres.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD CONSTRAINT \"identity_credential_identifiers_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000041_network.sqlite3.up.sql", "content": "INSERT INTO \"_continuity_containers_tmp\" (id, identity_id, name, payload, expires_at, created_at, updated_at, nid) SELECT id, identity_id, name, payload, expires_at, created_at, updated_at, nid FROM \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.cockroach.up.sql", "content": "UPDATE continuity_containers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.mysql.up.sql", "content": "UPDATE identity_credential_identifiers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.postgres.up.sql", "content": "UPDATE identity_credential_identifiers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_registration_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui FROM \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000042_network.sqlite3.up.sql", "content": "DROP TABLE \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.cockroach.up.sql", "content": "ALTER TABLE \"continuity_containers\" DROP CONSTRAINT \"continuity_containers_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.mysql.up.sql", "content": "ALTER TABLE `identity_credential_identifiers` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.postgres.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_registration_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000043_network.sqlite3.up.sql", "content": "ALTER TABLE \"_continuity_containers_tmp\" RENAME TO \"continuity_containers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.cockroach.up.sql", "content": "ALTER TABLE \"continuity_containers\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.mysql.up.sql", "content": "CREATE INDEX `identity_credential_identifiers_nid_idx` ON `identity_credential_identifiers` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.postgres.up.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_idx\" ON \"identity_credential_identifiers\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000044_network.sqlite3.up.sql", "content": "CREATE INDEX \"continuity_containers_nid_idx\" ON \"continuity_containers\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.cockroach.up.sql", "content": "ALTER TABLE \"continuity_containers\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.mysql.up.sql", "content": "DROP INDEX `identity_credential_identifiers_identifier_idx` ON `identity_credential_identifiers`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.postgres.up.sql", "content": "DROP INDEX \"identity_credential_identifiers_identifier_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000045_network.sqlite3.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.cockroach.up.sql", "content": "UPDATE \"continuity_containers\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_nid_uq_idx` ON `identity_credential_identifiers` (`nid`, `identifier`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\" ON \"identity_credential_identifiers\" (nid, identifier);" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000046_network.sqlite3.up.sql", "content": "ALTER TABLE courier_messages DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.cockroach.up.sql", "content": "ALTER TABLE \"continuity_containers\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flows` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000047_network.sqlite3.up.sql", "content": "ALTER TABLE courier_messages ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.cockroach.up.sql", "content": "ALTER TABLE \"continuity_containers\" ADD CONSTRAINT \"continuity_containers_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flows` ADD CONSTRAINT `selfservice_recovery_flows_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD CONSTRAINT \"selfservice_recovery_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000048_network.sqlite3.up.sql", "content": "UPDATE courier_messages SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.cockroach.up.sql", "content": "CREATE INDEX \"continuity_containers_nid_idx\" ON \"continuity_containers\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.mysql.up.sql", "content": "UPDATE selfservice_recovery_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.postgres.up.sql", "content": "UPDATE selfservice_recovery_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000049_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_status_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_recovery_flows` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000050_network.sqlite3.up.sql", "content": "CREATE TABLE \"_courier_messages_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"type\" INTEGER NOT NULL,\n\"status\" INTEGER NOT NULL,\n\"body\" TEXT NOT NULL,\n\"subject\" TEXT NOT NULL,\n\"recipient\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"template_type\" TEXT NOT NULL DEFAULT '',\n\"template_data\" BLOB,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD CONSTRAINT \"courier_messages_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.mysql.up.sql", "content": "CREATE INDEX `selfservice_recovery_flows_nid_idx` ON `selfservice_recovery_flows` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.postgres.up.sql", "content": "CREATE INDEX \"selfservice_recovery_flows_nid_idx\" ON \"selfservice_recovery_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000051_network.sqlite3.up.sql", "content": "CREATE INDEX \"courier_messages_status_idx\" ON \"_courier_messages_tmp\" (status);" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.cockroach.up.sql", "content": "UPDATE courier_messages SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_addresses` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000052_network.sqlite3.up.sql", "content": "INSERT INTO \"_courier_messages_tmp\" (id, type, status, body, subject, recipient, created_at, updated_at, template_type, template_data, nid) SELECT id, type, status, body, subject, recipient, created_at, updated_at, template_type, template_data, nid FROM \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" DROP CONSTRAINT \"courier_messages_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_addresses` ADD CONSTRAINT `identity_recovery_addresses_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ADD CONSTRAINT \"identity_recovery_addresses_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000053_network.sqlite3.up.sql", "content": "DROP TABLE \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.mysql.up.sql", "content": "UPDATE identity_recovery_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.postgres.up.sql", "content": "UPDATE identity_recovery_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000054_network.sqlite3.up.sql", "content": "ALTER TABLE \"_courier_messages_tmp\" RENAME TO \"courier_messages\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_addresses` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credentials_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000055_network.sqlite3.up.sql", "content": "CREATE INDEX \"courier_messages_nid_idx\" ON \"courier_messages\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.cockroach.up.sql", "content": "UPDATE \"courier_messages\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.mysql.up.sql", "content": "CREATE INDEX `identity_recovery_addresses_nid_idx` ON `identity_recovery_addresses` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_nid_idx\" ON \"identity_recovery_addresses\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identities_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000056_network.sqlite3.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.mysql.up.sql", "content": "DROP INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.postgres.up.sql", "content": "DROP INDEX \"identity_recovery_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_errors_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000057_network.sqlite3.up.sql", "content": "ALTER TABLE identities DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.cockroach.up.sql", "content": "ALTER TABLE \"courier_messages\" ADD CONSTRAINT \"courier_messages_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.mysql.up.sql", "content": "DROP INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.postgres.up.sql", "content": "DROP INDEX \"identity_recovery_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"courier_messages_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000058_network.sqlite3.up.sql", "content": "ALTER TABLE identities ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.cockroach.up.sql", "content": "CREATE INDEX \"courier_messages_nid_idx\" ON \"courier_messages\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_recovery_addresses_status_via_uq_idx` ON `identity_recovery_addresses` (`nid`, `via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"continuity_containers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000059_network.sqlite3.up.sql", "content": "UPDATE identities SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.cockroach.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.mysql.up.sql", "content": "CREATE INDEX `identity_recovery_addresses_status_via_idx` ON `identity_recovery_addresses` (`nid`, `via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_settings_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000060_network.sqlite3.up.sql", "content": "CREATE TABLE \"_identities_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.cockroach.up.sql", "content": "ALTER TABLE \"identities\" ADD CONSTRAINT \"identities_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_registration_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000061_network.sqlite3.up.sql", "content": "INSERT INTO \"_identities_tmp\" (id, schema_id, traits, created_at, updated_at, nid) SELECT id, schema_id, traits, created_at, updated_at, nid FROM \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.cockroach.up.sql", "content": "UPDATE identities SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD CONSTRAINT `identity_recovery_tokens_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_login_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000062_network.sqlite3.up.sql", "content": "DROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.cockroach.up.sql", "content": "ALTER TABLE \"identities\" DROP CONSTRAINT \"identities_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.mysql.up.sql", "content": "UPDATE identity_recovery_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.postgres.up.sql", "content": "UPDATE identity_recovery_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000063_network.sqlite3.up.sql", "content": "ALTER TABLE \"_identities_tmp\" RENAME TO \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.cockroach.up.sql", "content": "ALTER TABLE \"identities\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000064_network.sqlite3.up.sql", "content": "CREATE INDEX \"identities_nid_idx\" ON \"identities\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.cockroach.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.mysql.up.sql", "content": "CREATE INDEX `identity_recovery_tokens_nid_idx` ON `identity_recovery_tokens` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"identity_recovery_tokens\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000065_network.sqlite3.up.sql", "content": "ALTER TABLE \"identity_credentials\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.cockroach.up.sql", "content": "UPDATE \"identities\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000066_network.sqlite3.up.sql", "content": "ALTER TABLE identity_credentials DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.cockroach.up.sql", "content": "ALTER TABLE \"identities\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` ADD CONSTRAINT `selfservice_verification_flows_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD CONSTRAINT \"selfservice_verification_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000067_network.sqlite3.up.sql", "content": "ALTER TABLE identity_credentials ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.cockroach.up.sql", "content": "ALTER TABLE \"identities\" ADD CONSTRAINT \"identities_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.mysql.up.sql", "content": "UPDATE selfservice_verification_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.postgres.up.sql", "content": "UPDATE selfservice_verification_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000068_network.sqlite3.up.sql", "content": "UPDATE identity_credentials SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.cockroach.up.sql", "content": "CREATE INDEX \"identities_nid_idx\" ON \"identities\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.mysql.up.sql", "content": "ALTER TABLE `selfservice_verification_flows` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.postgres.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000069_network.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_credentials_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"config\" TEXT NOT NULL,\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credentials\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.mysql.up.sql", "content": "CREATE INDEX `selfservice_verification_flows_nid_idx` ON `selfservice_verification_flows` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.postgres.up.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"selfservice_verification_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000070_network.sqlite3.up.sql", "content": "INSERT INTO \"_identity_credentials_tmp\" (id, config, identity_credential_type_id, identity_id, created_at, updated_at, nid) SELECT id, config, identity_credential_type_id, identity_id, created_at, updated_at, nid FROM \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credentials\" ADD CONSTRAINT \"identity_credentials_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.mysql.up.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.postgres.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000071_network.sqlite3.up.sql", "content": "DROP TABLE \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.cockroach.up.sql", "content": "UPDATE identity_credentials SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.mysql.up.sql", "content": "ALTER TABLE `identity_verifiable_addresses` ADD CONSTRAINT `identity_verifiable_addresses_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.postgres.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD CONSTRAINT \"identity_verifiable_addresses_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000072_network.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_credentials_tmp\" RENAME TO \"identity_credentials\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credentials\" DROP CONSTRAINT \"identity_credentials_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.mysql.up.sql", "content": "UPDATE identity_verifiable_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.postgres.up.sql", "content": "UPDATE identity_verifiable_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000073_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_credentials_nid_idx\" ON \"identity_credentials\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credentials\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.mysql.up.sql", "content": "ALTER TABLE `identity_verifiable_addresses` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.postgres.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000074_network.sqlite3.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credentials\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.mysql.up.sql", "content": "CREATE INDEX `identity_verifiable_addresses_nid_idx` ON `identity_verifiable_addresses` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.postgres.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_nid_idx\" ON \"identity_verifiable_addresses\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000075_network.sqlite3.up.sql", "content": "ALTER TABLE identity_credential_identifiers DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.cockroach.up.sql", "content": "UPDATE \"identity_credentials\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000076_network.sqlite3.up.sql", "content": "ALTER TABLE identity_credential_identifiers ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credentials\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.mysql.up.sql", "content": "DROP INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses`;" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.postgres.up.sql", "content": "DROP INDEX \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000077_network.sqlite3.up.sql", "content": "UPDATE identity_credential_identifiers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credentials\" ADD CONSTRAINT \"identity_credentials_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_verifiable_addresses_status_via_uq_idx` ON `identity_verifiable_addresses` (`nid`, `via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000078_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_credentials_nid_idx\" ON \"identity_credentials\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.mysql.up.sql", "content": "CREATE INDEX `identity_verifiable_addresses_status_via_idx` ON `identity_verifiable_addresses` (`nid`, `via`, `value`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.postgres.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000079_network.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_credential_identifiers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.mysql.up.sql", "content": "ALTER TABLE `identity_verification_tokens` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.postgres.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000080_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_idx\" ON \"_identity_credential_identifiers_tmp\" (identifier);" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD CONSTRAINT \"identity_credential_identifiers_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.mysql.up.sql", "content": "ALTER TABLE `identity_verification_tokens` ADD CONSTRAINT `identity_verification_tokens_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.postgres.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ADD CONSTRAINT \"identity_verification_tokens_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000081_network.sqlite3.up.sql", "content": "INSERT INTO \"_identity_credential_identifiers_tmp\" (id, identifier, identity_credential_id, created_at, updated_at, nid) SELECT id, identifier, identity_credential_id, created_at, updated_at, nid FROM \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.cockroach.up.sql", "content": "UPDATE identity_credential_identifiers SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.mysql.up.sql", "content": "UPDATE identity_verification_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.postgres.up.sql", "content": "UPDATE identity_verification_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000082_network.sqlite3.up.sql", "content": "DROP TABLE \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP CONSTRAINT \"identity_credential_identifiers_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.mysql.up.sql", "content": "ALTER TABLE `identity_verification_tokens` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.postgres.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000083_network.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_credential_identifiers_tmp\" RENAME TO \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.mysql.up.sql", "content": "CREATE INDEX `identity_verification_tokens_nid_idx` ON `identity_verification_tokens` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.postgres.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_nid_idx\" ON \"identity_verification_tokens\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000084_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_idx\" ON \"identity_credential_identifiers\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000085_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.cockroach.up.sql", "content": "UPDATE \"identity_credential_identifiers\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD CONSTRAINT `sessions_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD CONSTRAINT \"sessions_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000086_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\" ON \"identity_credential_identifiers\" (nid, identifier);" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.mysql.up.sql", "content": "UPDATE sessions SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.postgres.up.sql", "content": "UPDATE sessions SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000087_network.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD CONSTRAINT \"identity_credential_identifiers_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.mysql.up.sql", "content": "ALTER TABLE `sessions` MODIFY `nid` char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ALTER COLUMN \"nid\" TYPE UUID, ALTER COLUMN \"nid\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000088_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_recovery_flows DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_idx\" ON \"identity_credential_identifiers\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.mysql.up.sql", "content": "CREATE INDEX `sessions_nid_idx` ON `sessions` (`id`, `nid`);" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.postgres.up.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"sessions\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000089_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_recovery_flows ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000090_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000090_network.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000090_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000090_network.sqlite3.up.sql", "content": "UPDATE selfservice_recovery_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000091_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000091_network.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\" ON \"identity_credential_identifiers\" (nid, identifier);" }, { "path": "persistence/sql/migrations/sql/20210410175418000091_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000091_network.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_recovery_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"csrf_token\" TEXT NOT NULL,\n\"state\" TEXT NOT NULL,\n\"recovered_identity_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36),\nFOREIGN KEY (recovered_identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000092_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000092_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000092_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000092_network.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_recovery_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, ui, nid) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, state, recovered_identity_id, created_at, updated_at, type, ui, nid FROM \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000093_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000093_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD CONSTRAINT \"selfservice_recovery_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000093_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000093_network.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000094_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000094_network.cockroach.up.sql", "content": "UPDATE selfservice_recovery_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000094_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000094_network.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_recovery_flows_tmp\" RENAME TO \"selfservice_recovery_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000095_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000095_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" DROP CONSTRAINT \"selfservice_recovery_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000095_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000095_network.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_recovery_flows_nid_idx\" ON \"selfservice_recovery_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000096_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000096_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000096_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000096_network.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000097_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000097_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000097_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000097_network.sqlite3.up.sql", "content": "ALTER TABLE identity_recovery_addresses DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000098_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000098_network.cockroach.up.sql", "content": "UPDATE \"selfservice_recovery_flows\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000098_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000098_network.sqlite3.up.sql", "content": "ALTER TABLE identity_recovery_addresses ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000099_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000099_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000099_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000099_network.sqlite3.up.sql", "content": "UPDATE identity_recovery_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000100_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000100_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_recovery_flows\" ADD CONSTRAINT \"selfservice_recovery_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000100_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000100_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000101_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000101_network.cockroach.up.sql", "content": "CREATE INDEX \"selfservice_recovery_flows_nid_idx\" ON \"selfservice_recovery_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000101_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000101_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000102_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000102_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000102_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000102_network.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_recovery_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"via\" TEXT NOT NULL,\n\"value\" TEXT NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000103_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000103_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ADD CONSTRAINT \"identity_recovery_addresses_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000103_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000103_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"_identity_recovery_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000104_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000104_network.cockroach.up.sql", "content": "UPDATE identity_recovery_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000104_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000104_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"_identity_recovery_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000105_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000105_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" DROP CONSTRAINT \"identity_recovery_addresses_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000105_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000105_network.sqlite3.up.sql", "content": "INSERT INTO \"_identity_recovery_addresses_tmp\" (id, via, value, identity_id, created_at, updated_at, nid) SELECT id, via, value, identity_id, created_at, updated_at, nid FROM \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000106_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000106_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000106_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000106_network.sqlite3.up.sql", "content": "DROP TABLE \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000107_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000107_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000107_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000107_network.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_recovery_addresses_tmp\" RENAME TO \"identity_recovery_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000108_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000108_network.cockroach.up.sql", "content": "UPDATE \"identity_recovery_addresses\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000108_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000108_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_nid_idx\" ON \"identity_recovery_addresses\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000109_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000109_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000109_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000109_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000110_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000110_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_addresses\" ADD CONSTRAINT \"identity_recovery_addresses_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000110_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000110_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000111_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000111_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_nid_idx\" ON \"identity_recovery_addresses\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000111_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000111_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000112_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000112_network.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000112_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000112_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000113_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000113_network.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000113_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000113_network.sqlite3.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000114_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000114_network.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_status_via_uq_idx\" ON \"identity_recovery_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000114_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000114_network.sqlite3.up.sql", "content": "ALTER TABLE identity_recovery_tokens DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000115_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000115_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_status_via_idx\" ON \"identity_recovery_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000115_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000115_network.sqlite3.up.sql", "content": "ALTER TABLE identity_recovery_tokens ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000116_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000116_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000116_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000116_network.sqlite3.up.sql", "content": "UPDATE identity_recovery_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000117_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000117_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000117_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000117_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000118_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000118_network.cockroach.up.sql", "content": "UPDATE identity_recovery_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000118_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000118_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000119_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000119_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000119_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000119_network.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"nid\" char(36),\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000120_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000120_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000120_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000120_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210410175418000121_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000121_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000121_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000121_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210410175418000122_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000122_network.cockroach.up.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000122_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000122_network.sqlite3.up.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000123_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000123_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000123_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000123_network.sqlite3.up.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000124_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000124_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000124_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000124_network.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000125_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000125_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"identity_recovery_tokens\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000125_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000125_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"identity_recovery_tokens\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000126_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000126_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000126_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000126_network.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000127_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000127_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD CONSTRAINT \"selfservice_verification_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000127_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000127_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_verification_flows DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000128_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000128_network.cockroach.up.sql", "content": "UPDATE selfservice_verification_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000128_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000128_network.sqlite3.up.sql", "content": "ALTER TABLE selfservice_verification_flows ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000129_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000129_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP CONSTRAINT \"selfservice_verification_flows_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000129_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000129_network.sqlite3.up.sql", "content": "UPDATE selfservice_verification_flows SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000130_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000130_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000130_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000130_network.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_verification_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"active_method\" TEXT,\n\"ui\" TEXT,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000131_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000131_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000131_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000131_network.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_verification_flows_tmp\" (id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, ui, nid) SELECT id, request_url, issued_at, expires_at, csrf_token, created_at, updated_at, type, state, active_method, ui, nid FROM \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000132_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000132_network.cockroach.up.sql", "content": "UPDATE \"selfservice_verification_flows\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000132_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000132_network.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000133_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000133_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000133_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000133_network.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_verification_flows_tmp\" RENAME TO \"selfservice_verification_flows\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000134_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000134_network.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_verification_flows\" ADD CONSTRAINT \"selfservice_verification_flows_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000134_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000134_network.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"selfservice_verification_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000135_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000135_network.cockroach.up.sql", "content": "CREATE INDEX \"selfservice_verification_flows_nid_idx\" ON \"selfservice_verification_flows\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000135_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000135_network.sqlite3.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000136_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000136_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000136_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000136_network.sqlite3.up.sql", "content": "ALTER TABLE identity_verifiable_addresses DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000137_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000137_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD CONSTRAINT \"identity_verifiable_addresses_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000137_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000137_network.sqlite3.up.sql", "content": "ALTER TABLE identity_verifiable_addresses ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000138_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000138_network.cockroach.up.sql", "content": "UPDATE identity_verifiable_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000138_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000138_network.sqlite3.up.sql", "content": "UPDATE identity_verifiable_addresses SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000139_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000139_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP CONSTRAINT \"identity_verifiable_addresses_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000139_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000139_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000140_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000140_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000140_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000140_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000141_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000141_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000141_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000141_network.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_verifiable_addresses_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"status\" TEXT NOT NULL,\n\"via\" TEXT NOT NULL,\n\"verified\" bool NOT NULL,\n\"value\" TEXT NOT NULL,\n\"verified_at\" DATETIME,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000142_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000142_network.cockroach.up.sql", "content": "UPDATE \"identity_verifiable_addresses\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000142_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000142_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000143_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000143_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000143_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000143_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"_identity_verifiable_addresses_tmp\" (via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000144_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000144_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verifiable_addresses\" ADD CONSTRAINT \"identity_verifiable_addresses_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000144_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000144_network.sqlite3.up.sql", "content": "INSERT INTO \"_identity_verifiable_addresses_tmp\" (id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, nid) SELECT id, status, via, verified, value, verified_at, identity_id, created_at, updated_at, nid FROM \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000145_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000145_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_nid_idx\" ON \"identity_verifiable_addresses\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000145_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000145_network.sqlite3.up.sql", "content": "DROP TABLE \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000146_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000146_network.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000146_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000146_network.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_verifiable_addresses_tmp\" RENAME TO \"identity_verifiable_addresses\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000147_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000147_network.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000147_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000147_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_nid_idx\" ON \"identity_verifiable_addresses\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000148_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000148_network.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000148_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000148_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000149_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000149_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000149_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000149_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_status_via_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000150_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000150_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000150_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000150_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verifiable_addresses_status_via_uq_idx\" ON \"identity_verifiable_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000151_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000151_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ADD CONSTRAINT \"identity_verification_tokens_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000151_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000151_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_status_via_idx\" ON \"identity_verifiable_addresses\" (nid, via, value);" }, { "path": "persistence/sql/migrations/sql/20210410175418000152_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000152_network.cockroach.up.sql", "content": "UPDATE identity_verification_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000152_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000152_network.sqlite3.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000153_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000153_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" DROP CONSTRAINT \"identity_verification_tokens_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000153_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000153_network.sqlite3.up.sql", "content": "ALTER TABLE identity_verification_tokens DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000154_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000154_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000154_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000154_network.sqlite3.up.sql", "content": "ALTER TABLE identity_verification_tokens ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000155_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000155_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000155_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000155_network.sqlite3.up.sql", "content": "UPDATE identity_verification_tokens SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000156_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000156_network.cockroach.up.sql", "content": "UPDATE \"identity_verification_tokens\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000156_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000156_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verification_tokens_verification_flow_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000157_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000157_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000157_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000157_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verification_tokens_verifiable_address_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000158_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000158_network.cockroach.up.sql", "content": "ALTER TABLE \"identity_verification_tokens\" ADD CONSTRAINT \"identity_verification_tokens_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000158_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000158_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verification_tokens_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000159_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000159_network.cockroach.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_nid_idx\" ON \"identity_verification_tokens\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000159_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000159_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_verification_tokens_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000160_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000160_network.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000160_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000160_network.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_verification_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000161_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000161_network.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD CONSTRAINT \"sessions_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000161_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000161_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"_identity_verification_tokens_tmp\" (selfservice_verification_flow_id);" }, { "path": "persistence/sql/migrations/sql/20210410175418000162_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000162_network.cockroach.up.sql", "content": "UPDATE sessions SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000162_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000162_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"_identity_verification_tokens_tmp\" (identity_verifiable_address_id);" }, { "path": "persistence/sql/migrations/sql/20210410175418000163_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000163_network.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" DROP CONSTRAINT \"sessions_nid_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000163_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000163_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_token_idx\" ON \"_identity_verification_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210410175418000164_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000164_network.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" RENAME COLUMN \"nid\" TO \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000164_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000164_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"_identity_verification_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210410175418000165_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000165_network.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"nid\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210410175418000165_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000165_network.sqlite3.up.sql", "content": "INSERT INTO \"_identity_verification_tokens_tmp\" (id, token, used, used_at, expires_at, issued_at, identity_verifiable_address_id, selfservice_verification_flow_id, created_at, updated_at, nid) SELECT id, token, used, used_at, expires_at, issued_at, identity_verifiable_address_id, selfservice_verification_flow_id, created_at, updated_at, nid FROM \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000166_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000166_network.cockroach.up.sql", "content": "UPDATE \"sessions\" SET \"nid\" = \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000166_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000166_network.sqlite3.up.sql", "content": "DROP TABLE \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000167_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000167_network.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"_nid_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000167_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000167_network.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_verification_tokens_tmp\" RENAME TO \"identity_verification_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000168_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000168_network.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD CONSTRAINT \"sessions_nid_fk_idx\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210410175418000168_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000168_network.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verification_tokens_nid_idx\" ON \"identity_verification_tokens\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000169_network.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000169_network.cockroach.up.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"sessions\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210410175418000169_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000169_network.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"nid\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210410175418000170_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000170_network.sqlite3.up.sql", "content": "ALTER TABLE sessions DROP COLUMN nid;" }, { "path": "persistence/sql/migrations/sql/20210410175418000171_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000171_network.sqlite3.up.sql", "content": "ALTER TABLE sessions ADD COLUMN nid CHAR(36) NULL REFERENCES networks(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210410175418000172_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000172_network.sqlite3.up.sql", "content": "UPDATE sessions SET nid = (SELECT id FROM networks LIMIT 1);" }, { "path": "persistence/sql/migrations/sql/20210410175418000173_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000173_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000174_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000174_network.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000175_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000175_network.sqlite3.up.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\n\"active\" NUMERIC DEFAULT 'false',\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210410175418000176_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000176_network.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210410175418000177_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000177_network.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210410175418000178_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000178_network.sqlite3.up.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000179_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000179_network.sqlite3.up.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000180_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000180_network.sqlite3.up.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210410175418000181_network.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210410175418000181_network.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"sessions\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.cockroach.down.sql", "content": "ALTER TABLE \"identities\" DROP COLUMN \"state_changed_at\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.cockroach.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'active';" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.mysql.down.sql", "content": "ALTER TABLE `identities` DROP COLUMN `state_changed_at`;" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.mysql.up.sql", "content": "ALTER TABLE `identities` ADD COLUMN `state` VARCHAR (255) NOT NULL DEFAULT 'active';" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.postgres.down.sql", "content": "ALTER TABLE \"identities\" DROP COLUMN \"state_changed_at\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.postgres.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"state\" VARCHAR (255) NOT NULL DEFAULT 'active';" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.sqlite3.down.sql", "content": "ALTER TABLE \"_identities_tmp\" RENAME TO \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000000_add_identity_states.sqlite3.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"state\" TEXT NOT NULL DEFAULT 'active';" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.cockroach.down.sql", "content": "ALTER TABLE \"identities\" DROP COLUMN \"state\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.cockroach.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"state_changed_at\" timestamp;" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.mysql.down.sql", "content": "ALTER TABLE `identities` DROP COLUMN `state`;" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.mysql.up.sql", "content": "ALTER TABLE `identities` ADD COLUMN `state_changed_at` DATETIME;" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.postgres.down.sql", "content": "ALTER TABLE \"identities\" DROP COLUMN \"state\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.postgres.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"state_changed_at\" timestamp;" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.sqlite3.down.sql", "content": "\nDROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000001_add_identity_states.sqlite3.up.sql", "content": "ALTER TABLE \"identities\" ADD COLUMN \"state_changed_at\" DATETIME;" }, { "path": "persistence/sql/migrations/sql/20210504121624000002_add_identity_states.sqlite3.down.sql", "content": "INSERT INTO \"_identities_tmp\" (id, schema_id, traits, created_at, updated_at, nid) SELECT id, schema_id, traits, created_at, updated_at, nid FROM \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000002_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000003_add_identity_states.sqlite3.down.sql", "content": "CREATE INDEX \"identities_nid_idx\" ON \"_identities_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210504121624000003_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000004_add_identity_states.sqlite3.down.sql", "content": "CREATE TABLE \"_identities_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210504121624000004_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000005_add_identity_states.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identities_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000005_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000006_add_identity_states.sqlite3.down.sql", "content": "ALTER TABLE \"_identities_tmp\" RENAME TO \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000006_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000007_add_identity_states.sqlite3.down.sql", "content": "\nDROP TABLE \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000007_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000008_add_identity_states.sqlite3.down.sql", "content": "INSERT INTO \"_identities_tmp\" (id, schema_id, traits, created_at, updated_at, nid, state_changed_at) SELECT id, schema_id, traits, created_at, updated_at, nid, state_changed_at FROM \"identities\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000008_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000009_add_identity_states.sqlite3.down.sql", "content": "CREATE INDEX \"identities_nid_idx\" ON \"_identities_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210504121624000009_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000010_add_identity_states.sqlite3.down.sql", "content": "CREATE TABLE \"_identities_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"schema_id\" TEXT NOT NULL,\n\"traits\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\n\"state_changed_at\" DATETIME\n);" }, { "path": "persistence/sql/migrations/sql/20210504121624000010_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210504121624000011_add_identity_states.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identities_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210504121624000011_add_identity_states.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"logout_token\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"logout_token\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `logout_token`;" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `logout_token` VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"logout_token\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"logout_token\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.sqlite3.down.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000000_logout_token.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"logout_token\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.cockroach.up.sql", "content": "UPDATE sessions SET logout_token = token;" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.mysql.up.sql", "content": "UPDATE sessions SET logout_token = token;" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.postgres.up.sql", "content": "UPDATE sessions SET logout_token = token;" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.sqlite3.down.sql", "content": "\nDROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000001_logout_token.sqlite3.up.sql", "content": "UPDATE sessions SET logout_token = token;" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" RENAME COLUMN \"logout_token\" TO \"_logout_token_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.mysql.up.sql", "content": "ALTER TABLE `sessions` MODIFY `logout_token` VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ALTER COLUMN \"logout_token\" TYPE VARCHAR (32), ALTER COLUMN \"logout_token\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.sqlite3.down.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000002_logout_token.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"logout_token\" VARCHAR (32);" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.mysql.up.sql", "content": "CREATE UNIQUE INDEX `sessions_logout_token_uq_idx` ON `sessions` (`logout_token`);" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_logout_token_uq_idx\" ON \"sessions\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"_sessions_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210618103120000003_logout_token.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.cockroach.up.sql", "content": "UPDATE \"sessions\" SET \"logout_token\" = \"_logout_token_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.mysql.up.sql", "content": "CREATE INDEX `sessions_logout_token_idx` ON `sessions` (`logout_token`);" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.postgres.up.sql", "content": "CREATE INDEX \"sessions_logout_token_idx\" ON \"sessions\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000004_logout_token.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000005_logout_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000005_logout_token.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"_logout_token_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000005_logout_token.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000005_logout_token.sqlite3.up.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\n\"active\" NUMERIC DEFAULT 'false',\n\"nid\" char(36),\n\"logout_token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210618103120000006_logout_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000006_logout_token.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_logout_token_uq_idx\" ON \"sessions\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000006_logout_token.sqlite3.down.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\n\"active\" NUMERIC DEFAULT 'false',\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210618103120000006_logout_token.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"_sessions_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210618103120000007_logout_token.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000007_logout_token.cockroach.up.sql", "content": "CREATE INDEX \"sessions_logout_token_idx\" ON \"sessions\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000007_logout_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000007_logout_token.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000008_logout_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000008_logout_token.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000009_logout_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000009_logout_token.sqlite3.up.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000010_logout_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000010_logout_token.sqlite3.up.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000011_logout_token.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000011_logout_token.sqlite3.up.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210618103120000012_logout_token.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000012_logout_token.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_logout_token_uq_idx\" ON \"sessions\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210618103120000013_logout_token.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210618103120000013_logout_token.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_logout_token_idx\" ON \"sessions\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"internal_context\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"internal_context\" json;" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.mysql.down.sql", "content": "ALTER TABLE `selfservice_settings_flows` DROP COLUMN `internal_context`;" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` ADD COLUMN `internal_context` JSON;" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.postgres.down.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"internal_context\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"internal_context\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_settings_flows_tmp\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000000_settings_flow_context.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"internal_context\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.cockroach.up.sql", "content": "UPDATE selfservice_settings_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.mysql.up.sql", "content": "UPDATE selfservice_settings_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.postgres.up.sql", "content": "UPDATE selfservice_settings_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000001_settings_flow_context.sqlite3.up.sql", "content": "UPDATE selfservice_settings_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" RENAME COLUMN \"internal_context\" TO \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.mysql.up.sql", "content": "ALTER TABLE `selfservice_settings_flows` MODIFY `internal_context` JSON NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.postgres.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ALTER COLUMN \"internal_context\" TYPE jsonb, ALTER COLUMN \"internal_context\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_settings_flows_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui, nid) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui, nid FROM \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000002_settings_flow_context.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"selfservice_settings_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000003_settings_flow_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000003_settings_flow_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ADD COLUMN \"internal_context\" json;" }, { "path": "persistence/sql/migrations/sql/20210805112414000003_settings_flow_context.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_settings_flows_nid_idx\" ON \"_selfservice_settings_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210805112414000003_settings_flow_context.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_settings_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36),\n\"internal_context\" TEXT NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210805112414000004_settings_flow_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000004_settings_flow_context.cockroach.up.sql", "content": "UPDATE \"selfservice_settings_flows\" SET \"internal_context\" = \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000004_settings_flow_context.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_settings_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"active_method\" TEXT,\n\"state\" TEXT NOT NULL DEFAULT 'show_form',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36),\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210805112414000004_settings_flow_context.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_settings_flows_nid_idx\" ON \"_selfservice_settings_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210805112414000005_settings_flow_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000005_settings_flow_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" ALTER COLUMN \"internal_context\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210805112414000005_settings_flow_context.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_settings_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000005_settings_flow_context.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_settings_flows_tmp\" (id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui, nid, internal_context) SELECT id, request_url, issued_at, expires_at, identity_id, created_at, updated_at, active_method, state, type, ui, nid, internal_context FROM \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000006_settings_flow_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000006_settings_flow_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_settings_flows\" DROP COLUMN \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000006_settings_flow_context.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000006_settings_flow_context.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210805112414000007_settings_flow_context.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210805112414000007_settings_flow_context.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_settings_flows_tmp\" RENAME TO \"selfservice_settings_flows\";" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.cockroach.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'totp';" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '5e29b036-aa47-457f-9fe6-aa8b854a752b', 'totp' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'totp');" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.mysql.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'totp';" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '5e29b036-aa47-457f-9fe6-aa8b854a752b', 'totp' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'totp');" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.postgres.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'totp';" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '5e29b036-aa47-457f-9fe6-aa8b854a752b', 'totp' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'totp');" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.sqlite3.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'totp';" }, { "path": "persistence/sql/migrations/sql/20210805122535000000_credential_types_totp.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '5e29b036-aa47-457f-9fe6-aa8b854a752b', 'totp' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'totp');" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"requested_aal\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"aal\" VARCHAR (4) NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` DROP COLUMN `requested_aal`;" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `aal` VARCHAR (4) NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"requested_aal\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"aal\" VARCHAR (4) NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000000_aal.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"aal\" TEXT NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"aal\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"authentication_methods\" json;" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `aal`;" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.mysql.up.sql", "content": "ALTER TABLE `sessions` ADD COLUMN `authentication_methods` JSON;" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"aal\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"authentication_methods\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000001_aal.sqlite3.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"authentication_methods\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.cockroach.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"authentication_methods\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.cockroach.up.sql", "content": "UPDATE sessions SET authentication_methods='[]';" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.mysql.down.sql", "content": "ALTER TABLE `sessions` DROP COLUMN `authentication_methods`;" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.mysql.up.sql", "content": "UPDATE sessions SET authentication_methods='[]';" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.postgres.down.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"authentication_methods\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.postgres.up.sql", "content": "UPDATE sessions SET authentication_methods='[]';" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000002_aal.sqlite3.up.sql", "content": "UPDATE sessions SET authentication_methods='[]';" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" RENAME COLUMN \"authentication_methods\" TO \"_authentication_methods_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.mysql.up.sql", "content": "ALTER TABLE `sessions` MODIFY `authentication_methods` JSON NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.postgres.up.sql", "content": "ALTER TABLE \"sessions\" ALTER COLUMN \"authentication_methods\" TYPE jsonb, ALTER COLUMN \"authentication_methods\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_login_flows_nid_idx\" ON \"_selfservice_login_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210810153530000003_aal.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ADD COLUMN \"authentication_methods\" json;" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` ADD COLUMN `requested_aal` VARCHAR (4) NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"requested_aal\" VARCHAR (4) NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210810153530000004_aal.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000005_aal.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000005_aal.cockroach.up.sql", "content": "UPDATE \"sessions\" SET \"authentication_methods\" = \"_authentication_methods_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000005_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_login_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000005_aal.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000006_aal.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000006_aal.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" ALTER COLUMN \"authentication_methods\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210810153530000006_aal.sqlite3.down.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000006_aal.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000007_aal.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000007_aal.cockroach.up.sql", "content": "ALTER TABLE \"sessions\" DROP COLUMN \"_authentication_methods_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000007_aal.sqlite3.down.sql", "content": "\nDROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000007_aal.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"sessions_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000008_aal.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000008_aal.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"requested_aal\" VARCHAR (4) NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000008_aal.sqlite3.down.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000008_aal.sqlite3.up.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\n\"active\" NUMERIC DEFAULT 'false',\n\"nid\" char(36),\n\"logout_token\" TEXT,\n\"aal\" TEXT NOT NULL DEFAULT 'aal1',\n\"authentication_methods\" TEXT NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210810153530000009_aal.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_logout_token_idx\" ON \"_sessions_tmp\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000009_aal.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_logout_token_idx\" ON \"_sessions_tmp\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000010_aal.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"sessions_logout_token_uq_idx\" ON \"_sessions_tmp\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000010_aal.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_logout_token_uq_idx\" ON \"_sessions_tmp\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000011_aal.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000011_aal.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000012_aal.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000012_aal.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000013_aal.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"_sessions_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210810153530000013_aal.sqlite3.up.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"_sessions_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210810153530000014_aal.sqlite3.down.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\n\"active\" NUMERIC DEFAULT 'false',\n\"nid\" char(36),\n\"logout_token\" TEXT,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210810153530000014_aal.sqlite3.up.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token, aal, authentication_methods) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token, aal, authentication_methods FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000015_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000015_aal.sqlite3.up.sql", "content": "DROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000016_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000016_aal.sqlite3.up.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000017_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000017_aal.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"requested_aal\" TEXT NOT NULL DEFAULT 'aal1';" }, { "path": "persistence/sql/migrations/sql/20210810153530000018_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000018_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000019_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000019_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000020_aal.sqlite3.down.sql", "content": "ALTER TABLE \"_sessions_tmp\" RENAME TO \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000020_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000021_aal.sqlite3.down.sql", "content": "\nDROP TABLE \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000021_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000022_aal.sqlite3.down.sql", "content": "INSERT INTO \"_sessions_tmp\" (id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token, aal) SELECT id, issued_at, expires_at, authenticated_at, identity_id, created_at, updated_at, token, active, nid, logout_token, aal FROM \"sessions\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000022_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000023_aal.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_logout_token_idx\" ON \"_sessions_tmp\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000023_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000024_aal.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"sessions_logout_token_uq_idx\" ON \"_sessions_tmp\" (logout_token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000024_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000025_aal.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_token_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000025_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000026_aal.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"sessions_token_uq_idx\" ON \"_sessions_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210810153530000026_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000027_aal.sqlite3.down.sql", "content": "CREATE INDEX \"sessions_nid_idx\" ON \"_sessions_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210810153530000027_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000028_aal.sqlite3.down.sql", "content": "CREATE TABLE \"_sessions_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"authenticated_at\" DATETIME NOT NULL,\n\"identity_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"token\" TEXT,\n\"active\" NUMERIC DEFAULT 'false',\n\"nid\" char(36),\n\"logout_token\" TEXT,\n\"aal\" TEXT NOT NULL DEFAULT 'aal1',\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210810153530000028_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000029_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000029_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000030_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_logout_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000030_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000031_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000031_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000032_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_token_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000032_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210810153530000033_aal.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"sessions_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210810153530000033_aal.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.cockroach.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'lookup_secret';" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '567a0730-7f48-4dd7-a13d-df87a51c245f', 'lookup_secret' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'lookup_secret');" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.mysql.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'lookup_secret';" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '567a0730-7f48-4dd7-a13d-df87a51c245f', 'lookup_secret' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'lookup_secret');" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.postgres.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'lookup_secret';" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '567a0730-7f48-4dd7-a13d-df87a51c245f', 'lookup_secret' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'lookup_secret');" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.sqlite3.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'lookup_secret';" }, { "path": "persistence/sql/migrations/sql/20210813150152000000_credential_types_lookup.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '567a0730-7f48-4dd7-a13d-df87a51c245f', 'lookup_secret' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'lookup_secret');" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.cockroach.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'webauthn';" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.cockroach.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.mysql.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'webauthn';" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.mysql.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.postgres.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'webauthn';" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.postgres.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.sqlite3.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'webauthn';" }, { "path": "persistence/sql/migrations/sql/20210816113956000000_webauthn.sqlite3.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"internal_context\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"internal_context\" json;" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.mysql.down.sql", "content": "ALTER TABLE `selfservice_registration_flows` DROP COLUMN `internal_context`;" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` ADD COLUMN `internal_context` JSON;" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.postgres.down.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"internal_context\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"internal_context\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_registration_flows_tmp\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"internal_context\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"internal_context\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.cockroach.up.sql", "content": "UPDATE selfservice_login_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` DROP COLUMN `internal_context`;" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.mysql.up.sql", "content": "UPDATE selfservice_login_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"internal_context\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.postgres.up.sql", "content": "UPDATE selfservice_login_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.sqlite3.up.sql", "content": "UPDATE selfservice_login_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" RENAME COLUMN \"internal_context\" TO \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` MODIFY `internal_context` JSON NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ALTER COLUMN \"internal_context\" TYPE jsonb, ALTER COLUMN \"internal_context\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_registration_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid FROM \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"selfservice_login_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"internal_context\" json;" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` ADD COLUMN `internal_context` JSON;" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"internal_context\" jsonb;" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_registration_flows_nid_idx\" ON \"_selfservice_registration_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36),\n\"requested_aal\" TEXT NOT NULL DEFAULT 'aal1',\n\"internal_context\" TEXT NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.cockroach.up.sql", "content": "UPDATE \"selfservice_login_flows\" SET \"internal_context\" = \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.mysql.up.sql", "content": "UPDATE selfservice_registration_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.postgres.up.sql", "content": "UPDATE selfservice_registration_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_registration_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36)\n);" }, { "path": "persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_login_flows_nid_idx\" ON \"_selfservice_login_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ALTER COLUMN \"internal_context\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.mysql.up.sql", "content": "ALTER TABLE `selfservice_registration_flows` MODIFY `internal_context` JSON NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.postgres.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ALTER COLUMN \"internal_context\" TYPE jsonb, ALTER COLUMN \"internal_context\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_registration_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal, internal_context) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal, internal_context FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000006_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000006_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000006_flow_internal_context.sqlite3.down.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000006_flow_internal_context.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000007_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000007_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"internal_context\" json;" }, { "path": "persistence/sql/migrations/sql/20210816142650000007_flow_internal_context.sqlite3.down.sql", "content": "\nDROP TABLE \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000007_flow_internal_context.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_login_flows_tmp\" RENAME TO \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000008_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000008_flow_internal_context.cockroach.up.sql", "content": "UPDATE selfservice_registration_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000008_flow_internal_context.sqlite3.down.sql", "content": "INSERT INTO \"_selfservice_login_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal FROM \"selfservice_login_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000008_flow_internal_context.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"internal_context\" TEXT;" }, { "path": "persistence/sql/migrations/sql/20210816142650000009_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000009_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" RENAME COLUMN \"internal_context\" TO \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000009_flow_internal_context.sqlite3.down.sql", "content": "CREATE INDEX \"selfservice_login_flows_nid_idx\" ON \"_selfservice_login_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210816142650000009_flow_internal_context.sqlite3.up.sql", "content": "UPDATE selfservice_registration_flows SET internal_context='{}';" }, { "path": "persistence/sql/migrations/sql/20210816142650000010_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000010_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"internal_context\" json;" }, { "path": "persistence/sql/migrations/sql/20210816142650000010_flow_internal_context.sqlite3.down.sql", "content": "CREATE TABLE \"_selfservice_login_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"forced\" bool NOT NULL DEFAULT 'false',\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36),\n\"requested_aal\" TEXT NOT NULL DEFAULT 'aal1'\n);" }, { "path": "persistence/sql/migrations/sql/20210816142650000010_flow_internal_context.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"selfservice_registration_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000011_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000011_flow_internal_context.cockroach.up.sql", "content": "UPDATE \"selfservice_registration_flows\" SET \"internal_context\" = \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000011_flow_internal_context.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"selfservice_login_flows_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000011_flow_internal_context.sqlite3.up.sql", "content": "CREATE TABLE \"_selfservice_registration_flows_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"request_url\" TEXT NOT NULL,\n\"issued_at\" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',\n\"expires_at\" DATETIME NOT NULL,\n\"active_method\" TEXT NOT NULL,\n\"csrf_token\" TEXT NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"type\" TEXT NOT NULL DEFAULT 'browser',\n\"ui\" TEXT,\n\"nid\" char(36),\n\"internal_context\" TEXT NOT NULL\n);" }, { "path": "persistence/sql/migrations/sql/20210816142650000012_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000012_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" ALTER COLUMN \"internal_context\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210816142650000012_flow_internal_context.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000012_flow_internal_context.sqlite3.up.sql", "content": "CREATE INDEX \"selfservice_registration_flows_nid_idx\" ON \"_selfservice_registration_flows_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210816142650000013_flow_internal_context.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000013_flow_internal_context.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"_internal_context_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000013_flow_internal_context.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000013_flow_internal_context.sqlite3.up.sql", "content": "INSERT INTO \"_selfservice_registration_flows_tmp\" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid, internal_context) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid, internal_context FROM \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000014_flow_internal_context.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000014_flow_internal_context.sqlite3.up.sql", "content": "DROP TABLE \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210816142650000015_flow_internal_context.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210816142650000015_flow_internal_context.sqlite3.up.sql", "content": "ALTER TABLE \"_selfservice_registration_flows_tmp\" RENAME TO \"selfservice_registration_flows\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.cockroach.down.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\" ON \"identity_credential_identifiers\" (nid, identifier);" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.cockroach.up.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_nid_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.mysql.down.sql", "content": "CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_nid_uq_idx` ON `identity_credential_identifiers` (`nid`, `identifier`);" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_nid_fk_idx;" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.postgres.down.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\" ON \"identity_credential_identifiers\" (nid, identifier);" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.postgres.up.sql", "content": "DROP INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_uq_idx\" ON \"identity_credential_identifiers\" (nid, identifier);" }, { "path": "persistence/sql/migrations/sql/20210817181232000000_unique_credentials.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_nid_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.cockroach.down.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP COLUMN \"identity_credential_type_id\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"identity_credential_type_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.mysql.down.sql", "content": "ALTER TABLE `identity_credential_identifiers` DROP COLUMN `identity_credential_type_id`;" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.mysql.up.sql", "content": "DROP INDEX `identity_credential_identifiers_identifier_nid_uq_idx` ON `identity_credential_identifiers`;" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.postgres.down.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP COLUMN \"identity_credential_type_id\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.postgres.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"identity_credential_type_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_credential_identifiers_tmp\" RENAME TO \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000001_unique_credentials.sqlite3.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"identity_credential_type_id\" char(36);" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_nid_type_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD CONSTRAINT \"identity_credential_identifiers_type_id_fk_idx\" FOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.mysql.down.sql", "content": "ALTER TABLE `identity_credential_identifiers` ADD CONSTRAINT `identity_credential_identifiers_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.mysql.up.sql", "content": "ALTER TABLE `identity_credential_identifiers` ADD CONSTRAINT `identity_credential_identifiers_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.postgres.down.sql", "content": "DROP INDEX \"identity_credential_identifiers_identifier_nid_type_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.postgres.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD CONSTRAINT \"identity_credential_identifiers_type_id_fk_idx\" FOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000002_unique_credentials.sqlite3.up.sql", "content": "ALTER TABLE identity_credential_identifiers DROP COLUMN identity_credential_type_id;" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.cockroach.up.sql", "content": "UPDATE identity_credential_identifiers SET identity_credential_type_id = (SELECT ict.id FROM identity_credential_types as ict JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id) WHERE ic.id = identity_credential_id);" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.mysql.down.sql", "content": "DROP INDEX `identity_credential_identifiers_identifier_nid_type_uq_idx` ON `identity_credential_identifiers`;" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.mysql.up.sql", "content": "ALTER TABLE `identity_credential_identifiers` ADD COLUMN `identity_credential_type_id` char(36);" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.postgres.up.sql", "content": "UPDATE identity_credential_identifiers SET identity_credential_type_id = (SELECT ict.id FROM identity_credential_types as ict JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id) WHERE ic.id = identity_credential_id);" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.sqlite3.down.sql", "content": "INSERT INTO \"_identity_credential_identifiers_tmp\" (id, identifier, identity_credential_id, created_at, updated_at, nid) SELECT id, identifier, identity_credential_id, created_at, updated_at, nid FROM \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000003_unique_credentials.sqlite3.up.sql", "content": "ALTER TABLE identity_credential_identifiers ADD COLUMN identity_credential_type_id CHAR(36) NULL REFERENCES identity_credential_types(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP CONSTRAINT \"identity_credential_identifiers_type_id_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_type_id_fk_idx;" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.mysql.up.sql", "content": "ALTER TABLE `identity_credential_identifiers` ADD CONSTRAINT `identity_credential_identifiers_type_id_fk_idx` FOREIGN KEY (`identity_credential_type_id`) REFERENCES `identity_credential_types` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.postgres.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ALTER COLUMN \"identity_credential_type_id\" TYPE UUID, ALTER COLUMN \"identity_credential_type_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.sqlite3.down.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_idx\" ON \"_identity_credential_identifiers_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210817181232000004_unique_credentials.sqlite3.up.sql", "content": "UPDATE identity_credential_identifiers SET identity_credential_type_id = (SELECT ict.id FROM identity_credential_types as ict JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id) WHERE ic.id = identity_credential_id);" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" RENAME COLUMN \"identity_credential_type_id\" TO \"_identity_credential_type_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_nid_fk_idx;" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.mysql.up.sql", "content": "UPDATE identity_credential_identifiers SET identity_credential_type_id = (SELECT ict.id FROM identity_credential_types as ict JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id) WHERE ic.id = identity_credential_id);" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.postgres.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_type_uq_idx\" ON \"identity_credential_identifiers\" (nid, identity_credential_type_id, identifier);" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_credential_identifiers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210817181232000005_unique_credentials.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000006_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000006_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD COLUMN \"identity_credential_type_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210817181232000006_unique_credentials.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000006_unique_credentials.mysql.up.sql", "content": "ALTER TABLE `identity_credential_identifiers` MODIFY `identity_credential_type_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210817181232000006_unique_credentials.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000006_unique_credentials.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_credential_identifiers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\n\"identity_credential_type_id\" char(36) NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210817181232000007_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000007_unique_credentials.cockroach.up.sql", "content": "UPDATE \"identity_credential_identifiers\" SET \"identity_credential_type_id\" = \"_identity_credential_type_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000007_unique_credentials.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000007_unique_credentials.mysql.up.sql", "content": "CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_nid_type_uq_idx` ON `identity_credential_identifiers` (`nid`, `identity_credential_type_id`, `identifier`);" }, { "path": "persistence/sql/migrations/sql/20210817181232000007_unique_credentials.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_identifier_nid_type_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000007_unique_credentials.sqlite3.up.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_idx\" ON \"_identity_credential_identifiers_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210817181232000008_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000008_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ALTER COLUMN \"identity_credential_type_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210817181232000008_unique_credentials.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000008_unique_credentials.sqlite3.up.sql", "content": "INSERT INTO \"_identity_credential_identifiers_tmp\" (id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id) SELECT id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id FROM \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000009_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000009_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" DROP COLUMN \"_identity_credential_type_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000009_unique_credentials.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000009_unique_credentials.sqlite3.up.sql", "content": "DROP TABLE \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000010_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000010_unique_credentials.cockroach.up.sql", "content": "ALTER TABLE \"identity_credential_identifiers\" ADD CONSTRAINT \"identity_credential_identifiers_type_id_fk_idx\" FOREIGN KEY (\"identity_credential_type_id\") REFERENCES \"identity_credential_types\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210817181232000010_unique_credentials.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000010_unique_credentials.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_credential_identifiers_tmp\" RENAME TO \"identity_credential_identifiers\";" }, { "path": "persistence/sql/migrations/sql/20210817181232000011_unique_credentials.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000011_unique_credentials.cockroach.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_type_uq_idx\" ON \"identity_credential_identifiers\" (nid, identity_credential_type_id, identifier);" }, { "path": "persistence/sql/migrations/sql/20210817181232000011_unique_credentials.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210817181232000011_unique_credentials.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_type_uq_idx\" ON \"identity_credential_identifiers\" (nid, identity_credential_type_id, identifier);" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.cockroach.down.sql", "content": "UPDATE sessions SET authentication_methods='[]' WHERE authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' AND aal='aal1';" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.cockroach.up.sql", "content": "UPDATE sessions SET authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' WHERE authentication_methods='[]' AND aal='aal1';" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.mysql.down.sql", "content": "UPDATE sessions SET authentication_methods='[]' WHERE authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' AND aal='aal1';" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.mysql.up.sql", "content": "UPDATE sessions SET authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' WHERE JSON_LENGTH(authentication_methods)=0 AND aal='aal1';\n" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.postgres.down.sql", "content": "UPDATE sessions SET authentication_methods='[]' WHERE authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' AND aal='aal1';" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.postgres.up.sql", "content": "UPDATE sessions SET authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' WHERE authentication_methods='[]' AND aal='aal1';" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.sqlite3.down.sql", "content": "UPDATE sessions SET authentication_methods='[]' WHERE authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' AND aal='aal1';" }, { "path": "persistence/sql/migrations/sql/20210829131458000000_session_aal_legacy.sqlite3.up.sql", "content": "UPDATE sessions SET authentication_methods='[{\"method\":\"v0.6_legacy_session\"}]' WHERE authentication_methods='[]' AND aal='aal1';" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"identity_id\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` DROP COLUMN `identity_id`;" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `identity_recovery_address_id` char(36);" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"identity_id\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"identity_recovery_address_id\" TYPE UUID, ALTER COLUMN \"identity_recovery_address_id\" DROP NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000000_identity_recovery_tokens.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_tokens_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_identity_id_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"identity_recovery_address_id\" TO \"_identity_recovery_address_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` DROP FOREIGN KEY `identity_recovery_tokens_identity_id_fk_idx`;" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD COLUMN `identity_id` char(36);" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_identity_id_fk_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"identity_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.sqlite3.down.sql", "content": "\nDROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000001_identity_recovery_tokens.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\" FOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"identity_recovery_address_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `identity_recovery_address_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.mysql.up.sql", "content": "UPDATE identity_recovery_tokens SET identity_id=(SELECT identity_id FROM identity_recovery_addresses WHERE id=identity_recovery_address_id) WHERE identity_id = '' OR identity_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.postgres.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"identity_recovery_address_id\" TYPE UUID, ALTER COLUMN \"identity_recovery_address_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.postgres.up.sql", "content": "UPDATE identity_recovery_tokens SET identity_id=(SELECT identity_id FROM identity_recovery_addresses WHERE id=identity_recovery_address_id) WHERE identity_id = '00000000-0000-0000-0000-000000000000' OR identity_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000002_identity_recovery_tokens.sqlite3.up.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_identity_recovery_address_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.cockroach.up.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"identity_recovery_address_id\" = \"_identity_recovery_address_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.mysql.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` MODIFY `identity_id` char(36) NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.postgres.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"identity_id\" TYPE UUID, ALTER COLUMN \"identity_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"_identity_recovery_tokens_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210913095309000003_identity_recovery_tokens.sqlite3.up.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36),\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"nid\" char(36),\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"identity_recovery_address_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_identity_recovery_address_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.mysql.up.sql", "content": "ALTER TABLE `identity_recovery_tokens` ADD CONSTRAINT `identity_recovery_tokens_identity_id_fk_idx` FOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.postgres.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_identity_id_fk_idx\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210913095309000004_identity_recovery_tokens.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"_identity_recovery_tokens_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210913095309000005_identity_recovery_tokens.cockroach.down.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"identity_recovery_address_id\" = \"_identity_recovery_address_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000005_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\" FOREIGN KEY (\"identity_recovery_address_id\") REFERENCES \"identity_recovery_addresses\" (\"id\") ON UPDATE NO ACTION ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210913095309000005_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210913095309000005_identity_recovery_tokens.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210913095309000006_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"identity_recovery_address_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210913095309000006_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"identity_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210913095309000006_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"nid\" char(36),\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210913095309000006_identity_recovery_tokens.sqlite3.up.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210913095309000007_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"identity_recovery_address_id\" TO \"_identity_recovery_address_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000007_identity_recovery_tokens.cockroach.up.sql", "content": "UPDATE identity_recovery_tokens SET identity_id=(SELECT identity_id FROM identity_recovery_addresses WHERE id=identity_recovery_address_id) WHERE identity_id = '00000000-0000-0000-0000-000000000000' OR identity_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000007_identity_recovery_tokens.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_tokens_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000007_identity_recovery_tokens.sqlite3.up.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000008_identity_recovery_tokens.cockroach.down.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP CONSTRAINT \"identity_recovery_tokens_identity_recovery_addresses_id_fk\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000008_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" RENAME COLUMN \"identity_id\" TO \"_identity_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000008_identity_recovery_tokens.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000008_identity_recovery_tokens.sqlite3.up.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000009_identity_recovery_tokens.cockroach.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000009_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD COLUMN \"identity_id\" UUID;" }, { "path": "persistence/sql/migrations/sql/20210913095309000009_identity_recovery_tokens.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000009_identity_recovery_tokens.sqlite3.up.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000010_identity_recovery_tokens.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000010_identity_recovery_tokens.cockroach.up.sql", "content": "UPDATE \"identity_recovery_tokens\" SET \"identity_id\" = \"_identity_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000010_identity_recovery_tokens.sqlite3.down.sql", "content": "ALTER TABLE \"_identity_recovery_tokens_tmp\" RENAME TO \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000010_identity_recovery_tokens.sqlite3.up.sql", "content": "ALTER TABLE identity_recovery_tokens ADD COLUMN identity_id CHAR(36) NULL REFERENCES identities(id) ON DELETE CASCADE ON UPDATE RESTRICT;" }, { "path": "persistence/sql/migrations/sql/20210913095309000011_identity_recovery_tokens.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000011_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ALTER COLUMN \"identity_id\" SET NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000011_identity_recovery_tokens.sqlite3.down.sql", "content": "DROP TABLE \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000011_identity_recovery_tokens.sqlite3.up.sql", "content": "UPDATE identity_recovery_tokens SET identity_id=(SELECT identity_id FROM identity_recovery_addresses WHERE id=identity_recovery_address_id) WHERE identity_id = '' OR identity_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000012_identity_recovery_tokens.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000012_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" DROP COLUMN \"_identity_id_tmp\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000012_identity_recovery_tokens.sqlite3.down.sql", "content": "INSERT INTO \"_identity_recovery_tokens_tmp\" (id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid, identity_id) SELECT id, token, used, used_at, identity_recovery_address_id, selfservice_recovery_flow_id, created_at, updated_at, expires_at, issued_at, nid, identity_id FROM \"identity_recovery_tokens\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000012_identity_recovery_tokens.sqlite3.up.sql", "content": "DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL AND identity_id = '';" }, { "path": "persistence/sql/migrations/sql/20210913095309000013_identity_recovery_tokens.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000013_identity_recovery_tokens.cockroach.up.sql", "content": "ALTER TABLE \"identity_recovery_tokens\" ADD CONSTRAINT \"identity_recovery_tokens_identity_id_fk_idx\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON UPDATE RESTRICT ON DELETE CASCADE;" }, { "path": "persistence/sql/migrations/sql/20210913095309000013_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_tokens_nid_idx\" ON \"_identity_recovery_tokens_tmp\" (id, nid);" }, { "path": "persistence/sql/migrations/sql/20210913095309000013_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000014_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE INDEX \"identity_recovery_addresses_code_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210913095309000014_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000015_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE UNIQUE INDEX \"identity_recovery_addresses_code_uq_idx\" ON \"_identity_recovery_tokens_tmp\" (token);" }, { "path": "persistence/sql/migrations/sql/20210913095309000015_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000016_identity_recovery_tokens.sqlite3.down.sql", "content": "CREATE TABLE \"_identity_recovery_tokens_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"identity_recovery_address_id\" char(36) NOT NULL,\n\"selfservice_recovery_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"expires_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"issued_at\" DATETIME NOT NULL DEFAULT '2000-01-01 00:00:00',\n\"nid\" char(36),\n\"identity_id\" CHAR(36),\nFOREIGN KEY (identity_recovery_address_id) REFERENCES identity_recovery_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (selfservice_recovery_flow_id) REFERENCES selfservice_recovery_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE\n);" }, { "path": "persistence/sql/migrations/sql/20210913095309000016_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000017_identity_recovery_tokens.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_tokens_nid_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000017_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000018_identity_recovery_tokens.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000018_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000019_identity_recovery_tokens.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_code_uq_idx\";" }, { "path": "persistence/sql/migrations/sql/20210913095309000019_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20210913095309000020_identity_recovery_tokens.sqlite3.down.sql", "content": "DELETE FROM identity_recovery_tokens WHERE identity_recovery_address_id IS NULL;" }, { "path": "persistence/sql/migrations/sql/20210913095309000020_identity_recovery_tokens.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220118104539000000_identity_fk_indexes.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000000_identity_fk_indexes.cockroach.up.sql", "content": "CREATE INDEX \"identity_credentials_nid_identity_id_idx\" ON \"identity_credentials\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000000_identity_fk_indexes.postgres.down.sql", "content": "DROP INDEX \"identity_verifiable_addresses_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000000_identity_fk_indexes.postgres.up.sql", "content": "CREATE INDEX \"identity_credentials_nid_identity_id_idx\" ON \"identity_credentials\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000000_identity_fk_indexes.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_verifiable_addresses_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000000_identity_fk_indexes.sqlite3.up.sql", "content": "CREATE INDEX \"identity_credentials_nid_identity_id_idx\" ON \"identity_credentials\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000001_identity_fk_indexes.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000001_identity_fk_indexes.cockroach.up.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_identity_credential_id_idx\" ON \"identity_credential_identifiers\" (identity_credential_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000001_identity_fk_indexes.postgres.down.sql", "content": "DROP INDEX \"identity_recovery_addresses_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000001_identity_fk_indexes.postgres.up.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_identity_credential_id_idx\" ON \"identity_credential_identifiers\" (identity_credential_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000001_identity_fk_indexes.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_addresses_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000001_identity_fk_indexes.sqlite3.up.sql", "content": "CREATE INDEX \"identity_credential_identifiers_nid_identity_credential_id_idx\" ON \"identity_credential_identifiers\" (identity_credential_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000002_identity_fk_indexes.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_nid_identity_credential_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000002_identity_fk_indexes.cockroach.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_nid_identity_id_idx\" ON \"identity_recovery_addresses\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000002_identity_fk_indexes.postgres.down.sql", "content": "DROP INDEX \"identity_credential_identifiers_nid_identity_credential_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000002_identity_fk_indexes.postgres.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_nid_identity_id_idx\" ON \"identity_recovery_addresses\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000002_identity_fk_indexes.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credential_identifiers_nid_identity_credential_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000002_identity_fk_indexes.sqlite3.up.sql", "content": "CREATE INDEX \"identity_recovery_addresses_nid_identity_id_idx\" ON \"identity_recovery_addresses\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000003_identity_fk_indexes.cockroach.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credentials_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000003_identity_fk_indexes.cockroach.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_nid_identity_id_idx\" ON \"identity_verifiable_addresses\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000003_identity_fk_indexes.postgres.down.sql", "content": "DROP INDEX \"identity_credentials_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000003_identity_fk_indexes.postgres.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_nid_identity_id_idx\" ON \"identity_verifiable_addresses\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220118104539000003_identity_fk_indexes.sqlite3.down.sql", "content": "DROP INDEX IF EXISTS \"identity_credentials_nid_identity_id_idx\";" }, { "path": "persistence/sql/migrations/sql/20220118104539000003_identity_fk_indexes.sqlite3.up.sql", "content": "CREATE INDEX \"identity_verifiable_addresses_nid_identity_id_idx\" ON \"identity_verifiable_addresses\" (identity_id, nid);" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.up.sql", "content": "ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.up.sql", "content": "ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.up.sql", "content": "ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.up.sql", "content": "ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.down.sql", "content": "ALTER TABLE identity_credentials DROP COLUMN version;" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.down.sql", "content": "ALTER TABLE identity_credentials DROP COLUMN version;" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.down.sql", "content": "ALTER TABLE identity_credentials DROP COLUMN version;" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.down.sql", "content": "ALTER TABLE identity_credentials DROP COLUMN version;" }, { "path": "persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220420102701000000_identity_metadata.down.sql", "content": "ALTER TABLE identities DROP COLUMN metadata_public;\nALTER TABLE identities DROP COLUMN metadata_admin;\n" }, { "path": "persistence/sql/migrations/sql/20220420102701000000_identity_metadata.mysql.up.sql", "content": "ALTER TABLE identities ADD metadata_public JSON NULL;\nALTER TABLE identities ADD metadata_admin JSON NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220420102701000000_identity_metadata.up.sql", "content": "ALTER TABLE identities ADD metadata_public jsonb NULL;\nALTER TABLE identities ADD metadata_admin jsonb NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220512102703000000_missing_indices.down.sql", "content": "CREATE INDEX sessions_nid_idx ON sessions (id, nid);\nCREATE INDEX sessions_token_idx ON sessions (token);\nCREATE INDEX sessions_logout_token_idx ON sessions (logout_token);\n\nCREATE INDEX identities_nid_idx ON identities (id, nid);\n\nCREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid);\n\nCREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid);\n\nCREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid);\n\nCREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid);\n\nCREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid);\n\nCREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid);\nCREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token);\n\nCREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid);\n\nCREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid);\nCREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token);\n\nCREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id,nid);\nCREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id,nid);\nCREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id,nid);\nCREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id,nid);\nCREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id,nid);\n\nDROP INDEX sessions_identity_id_nid_idx;\nDROP INDEX sessions_nid_id_identity_id_idx;\nDROP INDEX sessions_id_nid_idx;\nDROP INDEX sessions_token_nid_idx;\n\nDROP INDEX identities_id_nid_idx;\nDROP INDEX identities_nid_id_idx;\nDROP INDEX continuity_containers_nid_id_idx;\nDROP INDEX continuity_containers_id_nid_idx;\nDROP INDEX courier_messages_nid_id_idx;\nDROP INDEX courier_messages_id_nid_idx;\nDROP INDEX identity_credential_identifiers_nid_id_idx;\nDROP INDEX identity_credential_identifiers_id_nid_idx;\nDROP INDEX identity_credentials_nid_id_idx;\nDROP INDEX identity_credentials_id_nid_idx;\nDROP INDEX identity_recovery_addresses_nid_id_idx;\nDROP INDEX identity_recovery_addresses_id_nid_idx;\nDROP INDEX identity_recovery_tokens_nid_id_idx;\nDROP INDEX identity_recovery_tokens_id_nid_idx;\nDROP INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx;\nDROP INDEX identity_recovery_tokens_identity_recovery_address_id_idx;\nDROP INDEX identity_verification_tokens_nid_id_idx;\nDROP INDEX identity_verification_tokens_id_nid_idx;\nDROP INDEX identity_verification_tokens_token_nid_used_idx;\nDROP INDEX selfservice_login_flows_nid_id_idx;\nDROP INDEX selfservice_login_flows_id_nid_idx;\nDROP INDEX selfservice_recovery_flows_nid_id_idx;\nDROP INDEX selfservice_recovery_flows_id_nid_idx;\nDROP INDEX selfservice_registration_flows_nid_id_idx;\nDROP INDEX selfservice_registration_flows_id_nid_idx;\nDROP INDEX selfservice_settings_flows_nid_id_idx;\nDROP INDEX selfservice_settings_flows_id_nid_idx;\nDROP INDEX selfservice_verification_flows_nid_id_idx;\nDROP INDEX selfservice_verification_flows_id_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.down.sql", "content": "-- This file has a couple more indexes added which MySQL needs for its FK constraints. Other\n-- databases generate those indices automatically.\nCREATE INDEX sessions_nid_idx ON sessions (id, nid);\nCREATE INDEX sessions_nid_mysqlfk_idx ON sessions (nid);\n\nCREATE INDEX sessions_token_idx ON sessions (token);\nCREATE INDEX sessions_mysql_identity_id_idx ON sessions (identity_id);\nCREATE INDEX sessions_logout_token_idx ON sessions (logout_token);\n\nCREATE INDEX identities_nid_idx ON identities (id, nid);\nCREATE INDEX identities_nid_mysqlfk_idx ON identities (nid);\n\nCREATE INDEX continuity_containers_nid_idx ON continuity_containers (id, nid);\nCREATE INDEX continuity_containers_mysqlfk_idx ON continuity_containers (nid);\n\nCREATE INDEX courier_messages_nid_idx ON courier_messages (id, nid);\nCREATE INDEX courier_messages_mysqlfk_idx ON courier_messages (nid);\n\nCREATE INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers (id, nid);\nCREATE INDEX identity_credential_identifiers_mysqlfk_idx ON identity_credential_identifiers (nid);\n\nCREATE INDEX identity_credentials_nid_idx ON identity_credentials (id, nid);\nCREATE INDEX identity_credentials_mysqlfk_idx ON identity_credentials (nid);\n\nCREATE INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses (id, nid);\nCREATE INDEX identity_recovery_addresses_nid_mysqlfk_idx ON identity_recovery_addresses (nid);\n\nCREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (id, nid);\nCREATE INDEX identity_recovery_tokens_nid_mysqlfk_idx ON identity_recovery_tokens (nid);\nCREATE INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens (token);\nCREATE INDEX identity_recovery_tokens_srf_id_mysqlfk_idx ON identity_recovery_tokens (selfservice_recovery_flow_id);\nCREATE INDEX identity_recovery_tokens_ira_id_mysqlfk_idx ON identity_recovery_tokens (identity_recovery_address_id);\n\nCREATE INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses (id, nid);\nCREATE INDEX identity_verifiable_addresses_nid_mysqlfk_idx ON identity_verifiable_addresses (nid);\n\nCREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (id, nid);\nCREATE INDEX identity_verification_tokens_nid_mysqlfk_idx ON identity_verification_tokens (nid);\nCREATE INDEX identity_verification_tokens_token_idx ON identity_verification_tokens (token);\n\nCREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (id, nid);\nCREATE INDEX selfservice_login_flows_nid_mysqlfk_idx ON selfservice_login_flows (nid);\n\nCREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (id, nid);\nCREATE INDEX selfservice_recovery_flows_nid_mysqlfk_idx ON selfservice_recovery_flows (nid);\n\nCREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (id, nid);\nCREATE INDEX selfservice_registration_flows_nid_mysqlfk_idx ON selfservice_registration_flows (nid);\n\nCREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (id, nid);\nCREATE INDEX selfservice_settings_flows_nid_mysqlfk_idx ON selfservice_settings_flows (nid);\n\nCREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (id, nid);\nCREATE INDEX selfservice_verification_flows_nid_mysqlfk_idx ON selfservice_verification_flows (nid);\n\n\nDROP INDEX sessions_nid_id_identity_id_idx ON sessions;\nDROP INDEX sessions_id_nid_idx ON sessions;\nDROP INDEX sessions_token_nid_idx ON sessions;\n\nDROP INDEX sessions_identity_id_nid_idx ON sessions;\nDROP INDEX identities_id_nid_idx ON identities;\nDROP INDEX identities_nid_id_idx ON identities;\nDROP INDEX continuity_containers_nid_id_idx ON continuity_containers;\nDROP INDEX continuity_containers_id_nid_idx ON continuity_containers;\nDROP INDEX courier_messages_nid_id_idx ON courier_messages;\nDROP INDEX courier_messages_id_nid_idx ON courier_messages;\nDROP INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers;\nDROP INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers;\nDROP INDEX identity_credentials_nid_id_idx ON identity_credentials;\nDROP INDEX identity_credentials_id_nid_idx ON identity_credentials;\nDROP INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses;\nDROP INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses;\nDROP INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens;\nDROP INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens;\nDROP INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens;\nDROP INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens;\nDROP INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows;\nDROP INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows;\nDROP INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows;\nDROP INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows;\nDROP INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows;\nDROP INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows;\nDROP INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows;\nDROP INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows;\nDROP INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows;\nDROP INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows;\n" }, { "path": "persistence/sql/migrations/sql/20220512102703000000_missing_indices.mysql.up.sql", "content": "CREATE INDEX sessions_identity_id_nid_idx ON sessions (identity_id, nid);\n\nCREATE INDEX identities_id_nid_idx ON identities (id, nid);\nCREATE INDEX identities_nid_id_idx ON identities (nid, id);\nDROP INDEX identities_nid_idx ON identities;\n\nCREATE INDEX continuity_containers_nid_id_idx ON continuity_containers (nid, id);\nCREATE INDEX continuity_containers_id_nid_idx ON continuity_containers (id, nid);\nDROP INDEX continuity_containers_nid_idx ON continuity_containers;\n\nCREATE INDEX courier_messages_nid_id_idx ON courier_messages (nid, id);\nCREATE INDEX courier_messages_id_nid_idx ON courier_messages (id, nid);\nDROP INDEX courier_messages_nid_idx ON courier_messages;\n\nCREATE INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid, id);\nCREATE INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id, nid);\nDROP INDEX identity_credential_identifiers_nid_idx ON identity_credential_identifiers;\n\nCREATE INDEX identity_credentials_nid_id_idx ON identity_credentials (nid, id);\nCREATE INDEX identity_credentials_id_nid_idx ON identity_credentials (id, nid);\nDROP INDEX identity_credentials_nid_idx ON identity_credentials;\n\nCREATE INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid, id);\nCREATE INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id, nid);\nDROP INDEX identity_recovery_addresses_nid_idx ON identity_recovery_addresses;\n\nCREATE INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid, id);\nCREATE INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id, nid);\nCREATE INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens (selfservice_recovery_flow_id);\nCREATE INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens (identity_recovery_address_id);\nCREATE INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid, token, used);\nDROP INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_addresses_code_idx ON identity_recovery_tokens;\n\nCREATE INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid, id);\nCREATE INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id, nid);\nDROP INDEX identity_verifiable_addresses_nid_idx ON identity_verifiable_addresses;\n\nCREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id);\nCREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid);\nCREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used);\nDROP INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens;\nDROP INDEX identity_verification_tokens_token_idx ON identity_verification_tokens;\n\nCREATE INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid, id);\nCREATE INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id, nid);\nDROP INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows;\n\nCREATE INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid, id);\nCREATE INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id, nid);\nDROP INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows;\n\nCREATE INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid, id);\nCREATE INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id, nid);\nDROP INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows;\n\nCREATE INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid, id);\nCREATE INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id, nid);\nDROP INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows;\n\nCREATE INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid, id);\nCREATE INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id, nid);\nDROP INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows;\n\nCREATE INDEX sessions_nid_id_identity_id_idx ON sessions (nid, identity_id, id);\nCREATE INDEX sessions_id_nid_idx ON sessions (id, nid);\nCREATE INDEX sessions_token_nid_idx ON sessions (nid, token);\nDROP INDEX sessions_nid_idx ON sessions;\nDROP INDEX sessions_token_idx ON sessions;\nDROP INDEX sessions_logout_token_idx ON sessions;\n" }, { "path": "persistence/sql/migrations/sql/20220512102703000000_missing_indices.up.sql", "content": "CREATE INDEX sessions_identity_id_nid_idx ON sessions (identity_id, nid);\n\nCREATE INDEX identities_id_nid_idx ON identities (id, nid);\nCREATE INDEX identities_nid_id_idx ON identities (nid, id);\nDROP INDEX identities_nid_idx;\n\nCREATE INDEX continuity_containers_nid_id_idx ON continuity_containers (nid, id);\nCREATE INDEX continuity_containers_id_nid_idx ON continuity_containers (id, nid);\nDROP INDEX continuity_containers_nid_idx;\n\nCREATE INDEX courier_messages_nid_id_idx ON courier_messages (nid, id);\nCREATE INDEX courier_messages_id_nid_idx ON courier_messages (id, nid);\nDROP INDEX courier_messages_nid_idx;\n\nCREATE INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid, id);\nCREATE INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id, nid);\nDROP INDEX identity_credential_identifiers_nid_idx;\n\nCREATE INDEX identity_credentials_nid_id_idx ON identity_credentials (nid, id);\nCREATE INDEX identity_credentials_id_nid_idx ON identity_credentials (id, nid);\nDROP INDEX identity_credentials_nid_idx;\n\nCREATE INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid, id);\nCREATE INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id, nid);\nDROP INDEX identity_recovery_addresses_nid_idx;\n\nCREATE INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid, id);\nCREATE INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id, nid);\nCREATE INDEX identity_recovery_tokens_selfservice_recovery_flow_id_idx ON identity_recovery_tokens (selfservice_recovery_flow_id);\nCREATE INDEX identity_recovery_tokens_identity_recovery_address_id_idx ON identity_recovery_tokens (identity_recovery_address_id);\nCREATE INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid, token, used);\nDROP INDEX identity_recovery_addresses_code_idx;\nDROP INDEX identity_recovery_tokens_nid_idx;\n\nCREATE INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid, id);\nCREATE INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id, nid);\nDROP INDEX identity_verifiable_addresses_nid_idx;\n\nCREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id);\nCREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid);\nCREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used);\nDROP INDEX identity_verification_tokens_nid_idx;\nDROP INDEX identity_verification_tokens_token_idx;\n\nCREATE INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid, id);\nCREATE INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id, nid);\nDROP INDEX selfservice_login_flows_nid_idx;\n\nCREATE INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid, id);\nCREATE INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id, nid);\nDROP INDEX selfservice_recovery_flows_nid_idx;\n\nCREATE INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid, id);\nCREATE INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id, nid);\nDROP INDEX selfservice_registration_flows_nid_idx;\n\nCREATE INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid, id);\nCREATE INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id, nid);\nDROP INDEX selfservice_settings_flows_nid_idx;\n\nCREATE INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid, id);\nCREATE INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id, nid);\nDROP INDEX selfservice_verification_flows_nid_idx;\n\nCREATE INDEX sessions_nid_id_identity_id_idx ON sessions (nid, identity_id, id);\nCREATE INDEX sessions_id_nid_idx ON sessions (id, nid);\nCREATE INDEX sessions_token_nid_idx ON sessions (nid, token);\n\nDROP INDEX sessions_nid_idx;\nDROP INDEX sessions_token_idx;\nDROP INDEX sessions_logout_token_idx;\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"oauth2_login_challenge\";\nALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"oauth2_login_challenge\";\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.cockroach.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"oauth2_login_challenge\" UUID NULL;\nALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"oauth2_login_challenge\" UUID NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.down.sql", "content": "ALTER TABLE `selfservice_login_flows` DROP COLUMN `oauth2_login_challenge`;\nALTER TABLE `selfservice_registration_flows` DROP COLUMN `oauth2_login_challenge`;\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.mysql.up.sql", "content": "ALTER TABLE `selfservice_login_flows` ADD COLUMN `oauth2_login_challenge` CHAR(36) NULL;\nALTER TABLE `selfservice_registration_flows` ADD COLUMN `oauth2_login_challenge` CHAR(36) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"oauth2_login_challenge\";\nALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"oauth2_login_challenge\";\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.postgres.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"oauth2_login_challenge\" UUID NULL;\nALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"oauth2_login_challenge\" UUID NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.down.sql", "content": "ALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"oauth2_login_challenge\";\nALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"oauth2_login_challenge\";\n" }, { "path": "persistence/sql/migrations/sql/20220607000001000000_hydra_login_challenge.sqlite3.up.sql", "content": "ALTER TABLE \"selfservice_login_flows\" ADD COLUMN \"oauth2_login_challenge\" CHAR(36) NULL;\nALTER TABLE \"selfservice_registration_flows\" ADD COLUMN \"oauth2_login_challenge\" CHAR(36) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.cockroach.up.sql", "content": "UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE;\nUPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE;\n" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.mysql.up.sql", "content": "UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE;\nUPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE;\n" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.postgres.up.sql", "content": "UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE;\nUPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE;\n" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220610155809000000_identity_address_casing.sqlite3.up.sql", "content": "UPDATE identity_recovery_addresses SET value = LOWER(value) WHERE TRUE;\nUPDATE identity_verifiable_addresses SET value = LOWER(value) WHERE TRUE;\n" }, { "path": "persistence/sql/migrations/sql/20220802103909000000_courier_send_count.down.sql", "content": "ALTER TABLE courier_messages DROP COLUMN send_count;" }, { "path": "persistence/sql/migrations/sql/20220802103909000000_courier_send_count.up.sql", "content": "ALTER TABLE courier_messages\nADD send_count INT NOT NULL DEFAULT 0;\n" }, { "path": "persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.down.sql", "content": "ALTER TABLE identity_recovery_tokens\nDROP token_type;\n" }, { "path": "persistence/sql/migrations/sql/20220824165300000000_add_flow_type_to_identity_recovery_tokens.up.sql", "content": "ALTER TABLE identity_recovery_tokens\nADD token_type int NOT NULL DEFAULT 0;\n" }, { "path": "persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220824165300000001_populate_flow_type_in_recovery_tokens.up.sql", "content": "UPDATE identity_recovery_tokens\nSET token_type = 1\nWHERE selfservice_recovery_flow_id IS NULL;\n\nUPDATE identity_recovery_tokens\nSET token_type = 2\nWHERE selfservice_recovery_flow_id IS NOT NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.sqlite3.up.sql", "content": "-- SQLITE does not support Check constraints in all cases\n" }, { "path": "persistence/sql/migrations/sql/20220824165300000002_add_flow_type_check_constraint.up.sql", "content": "ALTER TABLE identity_recovery_tokens \nADD CONSTRAINT identity_recovery_tokens_token_type_ck CHECK (token_type = 1 OR token_type = 2);\n" }, { "path": "persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20220825134336000000_delete_verification_token_without_flow_id.up.sql", "content": "DELETE FROM identity_verification_tokens\nWHERE selfservice_verification_flow_id IS NULL;\n" }, { "path": "persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.down.sql", "content": "ALTER TABLE identity_verification_tokens\nALTER selfservice_verification_flow_id DROP NOT NULL;\n\nDROP INDEX identity_verification_tokens_token_nid_used_flow_id_idx;\nCREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used);\n" }, { "path": "persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.down.sql", "content": "ALTER TABLE identity_verification_tokens\nMODIFY selfservice_verification_flow_id CHAR(36) NULL;\n\nDROP INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens;\nCREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used);\n" }, { "path": "persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.mysql.up.sql", "content": "ALTER TABLE identity_verification_tokens\nMODIFY selfservice_verification_flow_id CHAR(36) NOT NULL;\n\nDROP INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens;\nCREATE INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid, token, used, selfservice_verification_flow_id);\n" }, { "path": "persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.down.sql", "content": "ALTER TABLE identity_verification_tokens\nRENAME TO identity_verification_tokens_;\n\nCREATE TABLE \"identity_verification_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36),\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\n\nDROP INDEX identity_verification_tokens_id_nid_idx;\nDROP INDEX identity_verification_tokens_nid_id_idx;\nDROP INDEX identity_verification_tokens_token_nid_used_flow_id_idx;\nDROP INDEX identity_verification_tokens_token_uq_idx;\nDROP INDEX identity_verification_tokens_verifiable_address_id_idx;\nDROP INDEX identity_verification_tokens_verification_flow_id_idx;\n\nCREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid);\nCREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id);\nCREATE INDEX identity_verification_tokens_token_nid_used_idx ON identity_verification_tokens (nid, token, used);\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);\n\nINSERT INTO identity_verification_tokens\nSELECT * FROM identity_verification_tokens_;\n\nDROP TABLE identity_verification_tokens_;\n" }, { "path": "persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.sqlite3.up.sql", "content": "ALTER TABLE identity_verification_tokens\nRENAME TO identity_verification_tokens_;\n\nCREATE TABLE \"identity_verification_tokens\" (\n\"id\" TEXT PRIMARY KEY,\n\"token\" TEXT NOT NULL,\n\"used\" bool NOT NULL DEFAULT 'false',\n\"used_at\" DATETIME,\n\"expires_at\" DATETIME NOT NULL,\n\"issued_at\" DATETIME NOT NULL,\n\"identity_verifiable_address_id\" char(36) NOT NULL,\n\"selfservice_verification_flow_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\nFOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON UPDATE NO ACTION ON DELETE CASCADE,\nFOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\n\nDROP INDEX identity_verification_tokens_id_nid_idx;\nDROP INDEX identity_verification_tokens_nid_id_idx;\nDROP INDEX identity_verification_tokens_token_nid_used_idx;\nDROP INDEX identity_verification_tokens_token_uq_idx;\nDROP INDEX identity_verification_tokens_verifiable_address_id_idx;\nDROP INDEX identity_verification_tokens_verification_flow_id_idx;\n\nCREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id, nid);\nCREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid, id);\nCREATE INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid, token, used, selfservice_verification_flow_id);\nCREATE UNIQUE INDEX \"identity_verification_tokens_token_uq_idx\" ON \"identity_verification_tokens\" (token);\nCREATE INDEX \"identity_verification_tokens_verifiable_address_id_idx\" ON \"identity_verification_tokens\" (identity_verifiable_address_id);\nCREATE INDEX \"identity_verification_tokens_verification_flow_id_idx\" ON \"identity_verification_tokens\" (selfservice_verification_flow_id);\n\nINSERT INTO identity_verification_tokens\nSELECT * FROM identity_verification_tokens_;\n\nDROP TABLE identity_verification_tokens_;" }, { "path": "persistence/sql/migrations/sql/20220825134336000001_not_null_constraint_verification_token_flow_id.up.sql", "content": "ALTER TABLE identity_verification_tokens\nALTER selfservice_verification_flow_id SET NOT NULL;\n\nDROP INDEX identity_verification_tokens_token_nid_used_idx;\nCREATE INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid, token, used, selfservice_verification_flow_id);\n" }, { "path": "persistence/sql/migrations/sql/20220901123209000000_recovery_code.down.sql", "content": "DROP TABLE identity_recovery_codes;\n\nALTER TABLE selfservice_recovery_flows DROP submit_count;\n\nALTER TABLE selfservice_recovery_flows DROP skip_csrf_check;\n" }, { "path": "persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.down.sql", "content": "DROP TABLE identity_recovery_codes;\n\nALTER TABLE selfservice_recovery_flows DROP submit_count;\n\nALTER TABLE selfservice_recovery_flows DROP skip_csrf_check;\n" }, { "path": "persistence/sql/migrations/sql/20220901123209000000_recovery_code.mysql.up.sql", "content": "CREATE TABLE identity_recovery_codes\n(\n id CHAR(36) NOT NULL PRIMARY KEY,\n code VARCHAR (64) NOT NULL, -- HMACed value of the actual code\n used_at timestamp NULL DEFAULT NULL,\n identity_recovery_address_id CHAR(36),\n code_type int NOT NULL,\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_recovery_flow_id CHAR(36),\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n nid CHAR(36) NOT NULL,\n identity_id CHAR(36) NOT NULL,\n CONSTRAINT identity_recovery_codes_identity_recovery_addresses_id_fk \n FOREIGN KEY (identity_recovery_address_id)\n REFERENCES identity_recovery_addresses (id)\n ON DELETE cascade,\n CONSTRAINT identity_recovery_codes_selfservice_recovery_flows_id_fk \n FOREIGN KEY (selfservice_recovery_flow_id) \n REFERENCES selfservice_recovery_flows (id)\n ON DELETE cascade,\n CONSTRAINT identity_recovery_tokens_identity_id_fk \n FOREIGN KEY (identity_id) \n REFERENCES identities (id)\n ON UPDATE RESTRICT ON DELETE CASCADE,\n CONSTRAINT identity_recovery_codes_networks_id_fk\n FOREIGN KEY (nid)\n REFERENCES networks (id)\n ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nCREATE INDEX identity_recovery_codes_nid_flow_id_idx ON identity_recovery_codes (nid, selfservice_recovery_flow_id);\nCREATE INDEX identity_recovery_codes_id_nid_idx ON identity_recovery_codes (id, nid);\n\nALTER TABLE selfservice_recovery_flows ADD submit_count int NOT NULL DEFAULT 0;\nALTER TABLE selfservice_recovery_flows ADD skip_csrf_check boolean NOT NULL DEFAULT FALSE;\n" }, { "path": "persistence/sql/migrations/sql/20220901123209000000_recovery_code.up.sql", "content": "CREATE TABLE identity_recovery_codes\n(\n id UUID NOT NULL PRIMARY KEY,\n code VARCHAR (64) NOT NULL, -- HMACed value of the actual code\n used_at timestamp NULL DEFAULT NULL,\n identity_recovery_address_id UUID,\n code_type INT NOT NULL,\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_recovery_flow_id UUID NOT NULL,\n created_at timestamp NOT NULL,\n updated_at timestamp NOT NULL,\n nid UUID NOT NULL,\n identity_id UUID NOT NULL,\n CONSTRAINT identity_recovery_codes_identity_recovery_addresses_id_fk \n FOREIGN KEY (identity_recovery_address_id)\n REFERENCES identity_recovery_addresses (id)\n ON DELETE cascade,\n CONSTRAINT identity_recovery_codes_selfservice_recovery_flows_id_fk \n FOREIGN KEY (selfservice_recovery_flow_id) \n REFERENCES selfservice_recovery_flows (id)\n ON DELETE cascade,\n CONSTRAINT identity_recovery_codes_identity_id_fk \n FOREIGN KEY (identity_id) \n REFERENCES identities (id)\n ON UPDATE RESTRICT ON DELETE CASCADE,\n CONSTRAINT identity_recovery_codes_networks_id_fk\n FOREIGN KEY (nid)\n REFERENCES networks (id)\n ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nCREATE INDEX identity_recovery_codes_nid_flow_id_idx ON identity_recovery_codes (nid, selfservice_recovery_flow_id);\nCREATE INDEX identity_recovery_codes_id_nid_idx ON identity_recovery_codes (id, nid);\n\nALTER TABLE selfservice_recovery_flows ADD submit_count int NOT NULL DEFAULT 0;\nALTER TABLE selfservice_recovery_flows ADD skip_csrf_check boolean NOT NULL DEFAULT FALSE;\n" }, { "path": "persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.down.sql", "content": "DROP TABLE \"session_devices\";\n" }, { "path": "persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.down.sql", "content": "DROP TABLE session_devices;\n" }, { "path": "persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.up.sql", "content": "CREATE TABLE `session_devices`\n(\n `id` char(36) NOT NULL,\n PRIMARY KEY (`id`),\n `ip_address` VARCHAR(50) DEFAULT '',\n `user_agent` VARCHAR(512) DEFAULT '',\n `location` VARCHAR(512) DEFAULT '',\n `session_id` char(36) NOT NULL,\n `nid` char(36) NOT NULL,\n `created_at` DATETIME NOT NULL,\n `updated_at` DATETIME NOT NULL,\n FOREIGN KEY (`session_id`) REFERENCES `sessions` (`id`) ON DELETE cascade,\n FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON DELETE cascade,\n CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)\n) ENGINE = InnoDB;\nCREATE INDEX `session_devices_id_nid_idx` ON `session_devices` (`id`, `nid`);\nCREATE INDEX `session_devices_session_id_nid_idx` ON `session_devices` (`session_id`, `nid`);\n" }, { "path": "persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.up.sql", "content": "CREATE TABLE \"session_devices\"\n(\n \"id\" UUID PRIMARY KEY NOT NULL,\n \"ip_address\" VARCHAR(50) DEFAULT '',\n \"user_agent\" VARCHAR(512) DEFAULT '',\n \"location\" VARCHAR(512) DEFAULT '',\n \"nid\" UUID NOT NULL,\n \"session_id\" UUID NOT NULL,\n \"created_at\" timestamp NOT NULL,\n \"updated_at\" timestamp NOT NULL,\n CONSTRAINT \"session_metadata_sessions_id_fk\" FOREIGN KEY (\"session_id\") REFERENCES \"sessions\" (\"id\") ON DELETE cascade,\n CONSTRAINT \"session_metadata_nid_fk\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON DELETE cascade,\n CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)\n);\nCREATE INDEX \"session_devices_id_nid_idx\" ON \"session_devices\" (id, nid);\nCREATE INDEX \"session_devices_session_id_nid_idx\" ON \"session_devices\" (session_id, nid);\n" }, { "path": "persistence/sql/migrations/sql/20221024182336000000_verification_code.down.sql", "content": "DROP TABLE identity_verification_codes;\n\nALTER TABLE\n selfservice_verification_flows DROP COLUMN submit_count;" }, { "path": "persistence/sql/migrations/sql/20221024182336000000_verification_code.mysql.up.sql", "content": "CREATE TABLE identity_verification_codes (\n id CHAR(36) NOT NULL PRIMARY KEY,\n code_hmac VARCHAR (64) NOT NULL,\n -- HMACed value of the actual code\n used_at timestamp NULL DEFAULT NULL,\n identity_verifiable_address_id CHAR(36),\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_verification_flow_id CHAR(36) NOT NULL,\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n nid CHAR(36) NOT NULL,\n CONSTRAINT identity_verification_codes_identity_verifiable_addresses_id_fk FOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON DELETE cascade,\n CONSTRAINT identity_verification_codes_selfservice_verification_flows_id_fk FOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON DELETE cascade,\n CONSTRAINT identity_verification_codes_networks_id_fk FOREIGN KEY (nid) REFERENCES networks (id) ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nALTER TABLE\n selfservice_verification_flows\nADD\n COLUMN submit_count INT NOT NULL DEFAULT 0;\n\nCREATE INDEX identity_verification_codes_nid_flow_id_idx ON identity_verification_codes (nid, selfservice_verification_flow_id);\n\nCREATE INDEX identity_verification_codes_id_nid_idx ON identity_verification_codes (id, nid);" }, { "path": "persistence/sql/migrations/sql/20221024182336000000_verification_code.up.sql", "content": "CREATE TABLE identity_verification_codes (\n id UUID NOT NULL PRIMARY KEY,\n code_hmac VARCHAR (64) NOT NULL,\n -- HMACed value of the actual code\n used_at timestamp NULL DEFAULT NULL,\n identity_verifiable_address_id UUID,\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_verification_flow_id UUID NOT NULL,\n created_at timestamp NOT NULL,\n updated_at timestamp NOT NULL,\n nid UUID NOT NULL,\n CONSTRAINT identity_verification_codes_identity_verifiable_addresses_id_fk FOREIGN KEY (identity_verifiable_address_id) REFERENCES identity_verifiable_addresses (id) ON DELETE cascade,\n CONSTRAINT identity_verification_codes_selfservice_verification_flows_id_fk FOREIGN KEY (selfservice_verification_flow_id) REFERENCES selfservice_verification_flows (id) ON DELETE cascade,\n CONSTRAINT identity_verification_codes_networks_id_fk FOREIGN KEY (nid) REFERENCES networks (id) ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nALTER TABLE\n selfservice_verification_flows\nADD\n COLUMN submit_count INT NOT NULL DEFAULT 0;\n\nCREATE INDEX identity_verification_codes_nid_flow_id_idx ON identity_verification_codes (nid, selfservice_verification_flow_id);\n\nCREATE INDEX identity_verification_codes_id_nid_idx ON identity_verification_codes (id, nid);" }, { "path": "persistence/sql/migrations/sql/20221205092803000000_add_courier_send_attempts_table.down.sql", "content": "DROP TABLE courier_message_dispatches;" }, { "path": "persistence/sql/migrations/sql/20221205092803000000_add_courier_send_attempts_table.mysql.up.sql", "content": "CREATE TABLE courier_message_dispatches (\n id CHAR(36) PRIMARY KEY,\n message_id CHAR(36) NOT NULL,\n status VARCHAR(7) NOT NULL,\n error JSON,\n nid CHAR(36) NOT NULL,\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n CONSTRAINT courier_message_dispatches_message_id_fk FOREIGN KEY (message_id) REFERENCES courier_messages (id) ON DELETE cascade,\n CONSTRAINT courier_message_dispatches_nid_fk FOREIGN KEY (nid) REFERENCES networks (id) ON DELETE cascade\n);\n\nCREATE INDEX courier_message_dispatches_id_message_id_nid_idx ON courier_message_dispatches (id, message_id, nid);" }, { "path": "persistence/sql/migrations/sql/20221205092803000000_add_courier_send_attempts_table.up.sql", "content": "CREATE TABLE courier_message_dispatches (\n id UUID PRIMARY KEY,\n message_id UUID NOT NULL,\n status VARCHAR(7) NOT NULL,\n error JSON,\n nid UUID NOT NULL,\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n CONSTRAINT courier_message_dispatches_message_id_fk FOREIGN KEY (message_id) REFERENCES courier_messages (id) ON DELETE cascade,\n CONSTRAINT courier_message_dispatches_nid_fk FOREIGN KEY (nid) REFERENCES networks (id) ON DELETE cascade\n);\n\nCREATE INDEX courier_message_dispatches_id_message_id_nid_idx ON courier_message_dispatches (id, message_id, nid);" }, { "path": "persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.down.sql", "content": "DROP INDEX IF EXISTS \"identity_recovery_codes_identity_id_nid_idx\";\n\nDROP INDEX IF EXISTS \"identity_verification_codes_verifiable_address_nid_idx\";\n\nDROP INDEX IF EXISTS \"selfservice_settings_flows_identity_id_nid_idx\";\n\nDROP INDEX IF EXISTS \"continuity_containers_identity_id_nid_idx\";\n\nDROP INDEX IF EXISTS \"selfservice_recovery_flows_recovered_identity_id_nid_idx\";\n\nDROP INDEX IF EXISTS \"identity_recovery_tokens_identity_id_nid_idx\";\n\nDROP INDEX IF EXISTS \"identity_recovery_codes_identity_recovery_address_id_nid_idx\";\n" }, { "path": "persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.down.sql", "content": "-- MySQL requires indexes on foreign keys and referenced keys so that foreign key checks can be fast and not require a table scan.\n-- In the referencing table, there must be an index where the foreign key columns are listed as the first columns in the same order.\n-- Such an index is created on the referencing table automatically if it does not exist. This index might be silently dropped later\n-- if you create another index that can be used to enforce the foreign key constraint.\n\n-- from https://dev.mysql.com/doc/refman/8.0/en/create-table-foreign-keys.html\n\n-- -> The indexes in question already existed. We have to create new ones that are just the foreign key to restore the previous state.\n\nALTER TABLE identity_recovery_codes ADD INDEX (identity_id);\n\nDROP INDEX identity_recovery_codes_identity_id_nid_idx ON identity_recovery_codes;\n\nALTER TABLE identity_verification_codes ADD INDEX (identity_verifiable_address_id);\n\nDROP INDEX identity_verification_codes_verifiable_address_nid_idx ON identity_verification_codes;\n\nALTER TABLE selfservice_settings_flows ADD INDEX (identity_id);\n\nDROP INDEX selfservice_settings_flows_identity_id_nid_idx ON selfservice_settings_flows;\n\nALTER TABLE continuity_containers ADD INDEX (identity_id);\n\nDROP INDEX continuity_containers_identity_id_nid_idx ON continuity_containers;\n\nALTER TABLE selfservice_recovery_flows ADD INDEX (recovered_identity_id);\n\nDROP INDEX selfservice_recovery_flows_recovered_identity_id_nid_idx ON selfservice_recovery_flows;\n\nALTER TABLE identity_recovery_tokens ADD INDEX (identity_id);\n\nDROP INDEX identity_recovery_tokens_identity_id_nid_idx ON identity_recovery_tokens;\n\nALTER TABLE identity_recovery_codes ADD INDEX (identity_recovery_address_id);\n\nDROP INDEX identity_recovery_codes_identity_recovery_address_id_nid_idx ON identity_recovery_codes;\n" }, { "path": "persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.up.sql", "content": "-- MySQL requires indexes on foreign keys and referenced keys so that foreign key checks can be fast and not require a table scan.\n-- In the referencing table, there must be an index where the foreign key columns are listed as the first columns in the same order.\n-- Such an index is created on the referencing table automatically if it does not exist. This index might be silently dropped later\n-- if you create another index that can be used to enforce the foreign key constraint.\n\n-- from https://dev.mysql.com/doc/refman/8.0/en/create-table-foreign-keys.html\n\n-- -> We create new indexes to be consistent with the other databases. However, dropping those will be a bit different.\n\nCREATE INDEX identity_recovery_codes_identity_id_nid_idx ON identity_recovery_codes (identity_id, nid);\n\nCREATE INDEX identity_verification_codes_verifiable_address_nid_idx ON identity_verification_codes (identity_verifiable_address_id, nid);\n\nCREATE INDEX selfservice_settings_flows_identity_id_nid_idx ON selfservice_settings_flows (identity_id, nid);\n\nCREATE INDEX continuity_containers_identity_id_nid_idx ON continuity_containers (identity_id, nid);\n\nCREATE INDEX selfservice_recovery_flows_recovered_identity_id_nid_idx ON selfservice_recovery_flows (recovered_identity_id, nid);\n\nCREATE INDEX identity_recovery_tokens_identity_id_nid_idx ON identity_recovery_tokens (identity_id, nid);\n\nCREATE INDEX identity_recovery_codes_identity_recovery_address_id_nid_idx ON identity_recovery_codes (identity_recovery_address_id, nid);\n" }, { "path": "persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.up.sql", "content": "CREATE INDEX IF NOT EXISTS \"identity_recovery_codes_identity_id_nid_idx\" ON \"identity_recovery_codes\" (identity_id, nid);\n\nCREATE INDEX IF NOT EXISTS \"identity_verification_codes_verifiable_address_nid_idx\" ON \"identity_verification_codes\" (identity_verifiable_address_id, nid);\n\nCREATE INDEX IF NOT EXISTS \"selfservice_settings_flows_identity_id_nid_idx\" ON \"selfservice_settings_flows\" (identity_id, nid);\n\nCREATE INDEX IF NOT EXISTS \"continuity_containers_identity_id_nid_idx\" ON \"continuity_containers\" (identity_id, nid);\n\nCREATE INDEX IF NOT EXISTS \"selfservice_recovery_flows_recovered_identity_id_nid_idx\" ON \"selfservice_recovery_flows\" (recovered_identity_id, nid);\n\nCREATE INDEX IF NOT EXISTS \"identity_recovery_tokens_identity_id_nid_idx\" ON \"identity_recovery_tokens\" (identity_id, nid);\n\nCREATE INDEX IF NOT EXISTS \"identity_recovery_codes_identity_recovery_address_id_nid_idx\" ON \"identity_recovery_codes\" (identity_recovery_address_id, nid);\n" }, { "path": "persistence/sql/migrations/sql/20221220124639000000_errors_index.down.sql", "content": "CREATE INDEX selfservice_errors_nid_idx ON selfservice_errors (id, nid);\n\nDROP INDEX selfservice_errors_errors_nid_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20221220124639000000_errors_index.mysql.down.sql", "content": "CREATE INDEX selfservice_errors_nid_idx ON selfservice_errors (id, nid);\n\n-- needed for foreign key constraint, was there before implicitly\nCREATE INDEX selfservice_errors_nid_only_idx ON selfservice_errors (nid);\n\nDROP INDEX selfservice_errors_errors_nid_id_idx ON selfservice_errors;\n" }, { "path": "persistence/sql/migrations/sql/20221220124639000000_errors_index.mysql.up.sql", "content": "CREATE INDEX selfservice_errors_errors_nid_id_idx ON selfservice_errors (nid, id);\n\n-- This index is not needed anymore, because the primary ID index together with the new index cover all queries.\nDROP INDEX selfservice_errors_nid_idx ON selfservice_errors;\n" }, { "path": "persistence/sql/migrations/sql/20221220124639000000_errors_index.up.sql", "content": "CREATE INDEX selfservice_errors_errors_nid_id_idx ON selfservice_errors (nid, id);\n\n-- This index is not needed anymore, because the primary ID index together with the new index cover all queries.\nDROP INDEX selfservice_errors_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20230104193739000000_courier_list_index.down.sql", "content": "DROP INDEX courier_messages_nid_created_at_id_idx;\n\nDROP INDEX courier_messages_nid_status_created_at_id_idx;\n\nDROP INDEX courier_messages_nid_recipient_created_at_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20230104193739000000_courier_list_index.mysql.down.sql", "content": "DROP INDEX courier_messages_nid_created_at_id_idx ON courier_messages;\n\nDROP INDEX courier_messages_nid_status_created_at_id_idx ON courier_messages;\n\nDROP INDEX courier_messages_nid_recipient_created_at_id_idx ON courier_messages;\n" }, { "path": "persistence/sql/migrations/sql/20230104193739000000_courier_list_index.up.sql", "content": "CREATE INDEX courier_messages_nid_created_at_id_idx ON courier_messages (nid, created_at DESC);\n\nCREATE INDEX courier_messages_nid_status_created_at_id_idx ON courier_messages (nid, status, created_at DESC);\n\nCREATE INDEX courier_messages_nid_recipient_created_at_id_idx ON courier_messages (nid, recipient, created_at DESC);\n" }, { "path": "persistence/sql/migrations/sql/20230216142104000000_session_devices_index_drop.cockroach.down.sql", "content": "CREATE UNIQUE INDEX IF NOT EXISTS unique_session_device ON session_devices (nid, session_id, ip_address, user_agent);\n" }, { "path": "persistence/sql/migrations/sql/20230216142104000000_session_devices_index_drop.cockroach.up.sql", "content": "DROP INDEX IF EXISTS session_devices@unique_session_device CASCADE;\n" }, { "path": "persistence/sql/migrations/sql/20230216142104000000_session_devices_index_drop.down.sql", "content": "CREATE UNIQUE INDEX IF NOT EXISTS unique_session_device ON session_devices (nid, session_id, ip_address, user_agent);\n" }, { "path": "persistence/sql/migrations/sql/20230216142104000000_session_devices_index_drop.mysql.down.sql", "content": "CREATE UNIQUE INDEX unique_session_device ON session_devices (nid, session_id, ip_address, user_agent);\n" }, { "path": "persistence/sql/migrations/sql/20230216142104000000_session_devices_index_drop.mysql.up.sql", "content": "ALTER TABLE session_devices DROP FOREIGN KEY session_devices_ibfk_2;\nALTER TABLE session_devices DROP INDEX unique_session_device;\nALTER TABLE session_devices ADD CONSTRAINT session_devices_ibfk_2 FOREIGN KEY (nid) REFERENCES networks(id) ON DELETE CASCADE;\n" }, { "path": "persistence/sql/migrations/sql/20230216142104000000_session_devices_index_drop.up.sql", "content": "DROP INDEX IF EXISTS session_devices.unique_session_device;\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000000_session_token_length.cockroach.down.sql", "content": "-- Downsizing is not yet supported in CockroachDB. Since this migration has no real-world impact on the application, we can safely\n-- not execute it.\n--\n-- ALTER TABLE sessions ALTER COLUMN token TYPE varchar(32);\n-- ALTER TABLE sessions ALTER COLUMN logout_token TYPE varchar(32);\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000000_session_token_length.down.sql", "content": "ALTER TABLE sessions ALTER COLUMN token TYPE varchar(32);\nALTER TABLE sessions ALTER COLUMN logout_token TYPE varchar(32);\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000000_session_token_length.mysql.down.sql", "content": "ALTER TABLE sessions MODIFY COLUMN token varchar(32) NULL;\nALTER TABLE sessions MODIFY COLUMN logout_token varchar(32) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000000_session_token_length.mysql.up.sql", "content": "ALTER TABLE sessions MODIFY COLUMN token varchar(39) NULL;\nALTER TABLE sessions MODIFY COLUMN logout_token varchar(39) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000000_session_token_length.sqlite3.down.sql", "content": "DROP INDEX sessions_token_uq_idx;\nDROP INDEX sessions_logout_token_uq_idx;\nDROP INDEX sessions_token_nid_idx;\n\nALTER TABLE sessions RENAME COLUMN token TO old_token;\nALTER TABLE sessions RENAME COLUMN logout_token TO old_logout_token;\n\nALTER TABLE sessions\n ADD COLUMN token varchar(32) NULL;\nALTER TABLE sessions\n ADD COLUMN logout_token varchar(32) NULL;\n\nUPDATE sessions\nSET token = old_token\nWHERE true;\n\nUPDATE sessions\nSET logout_token = old_logout_token\nWHERE true;\n\nALTER TABLE sessions\n DROP COLUMN old_token;\n\nALTER TABLE sessions\n DROP COLUMN old_logout_token;\n\nCREATE UNIQUE INDEX sessions_token_uq_idx ON sessions (logout_token);\nCREATE UNIQUE INDEX sessions_logout_token_uq_idx ON sessions (token);\nCREATE INDEX sessions_token_nid_idx ON sessions (nid, token);\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000000_session_token_length.sqlite3.up.sql", "content": "DROP INDEX sessions_token_uq_idx;\nDROP INDEX sessions_logout_token_uq_idx;\nDROP INDEX sessions_token_nid_idx;\n\nALTER TABLE sessions RENAME COLUMN token TO old_token;\nALTER TABLE sessions RENAME COLUMN logout_token TO old_logout_token;\nALTER TABLE sessions\n ADD COLUMN token varchar(39) NULL;\nALTER TABLE sessions\n ADD COLUMN logout_token varchar(39) NULL;\n\nUPDATE sessions\nSET token = old_token\nWHERE true;\n\nUPDATE sessions\nSET logout_token = old_logout_token\nWHERE true;\n\nALTER TABLE sessions\n DROP COLUMN old_token;\nALTER TABLE sessions\n DROP COLUMN old_logout_token;\n\nCREATE UNIQUE INDEX sessions_token_uq_idx ON sessions (logout_token);\nCREATE UNIQUE INDEX sessions_logout_token_uq_idx ON sessions (token);\nCREATE INDEX sessions_token_nid_idx ON sessions (nid, token);\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000000_session_token_length.up.sql", "content": "ALTER TABLE sessions ALTER COLUMN token TYPE varchar(39);\nALTER TABLE sessions ALTER COLUMN logout_token TYPE varchar(39);\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000001_session_token_length.down.sql", "content": "UPDATE sessions SET token = LEFT(token, 32) WHERE TRUE;\nUPDATE sessions SET logout_token = LEFT(logout_token, 32) WHERE TRUE;\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000001_session_token_length.sqlite3.down.sql", "content": "UPDATE sessions SET token = substr(token, 0, 32) WHERE TRUE;\nUPDATE sessions SET logout_token = substr(logout_token, 0, 32) WHERE TRUE;\n" }, { "path": "persistence/sql/migrations/sql/20230313141439000001_session_token_length.up.sql", "content": "--\n" }, { "path": "persistence/sql/migrations/sql/20230322144139000001_missing_login_index.down.sql", "content": "DROP INDEX identity_credential_identifiers_nid_i_ici_idx;\n" }, { "path": "persistence/sql/migrations/sql/20230322144139000001_missing_login_index.mysql.down.sql", "content": "DROP INDEX identity_credential_identifiers_nid_i_ici_idx ON identity_credential_identifiers;\n" }, { "path": "persistence/sql/migrations/sql/20230322144139000001_missing_login_index.up.sql", "content": "CREATE INDEX identity_credential_identifiers_nid_i_ici_idx ON identity_credential_identifiers (nid, identifier, identity_credential_id);\n" }, { "path": "persistence/sql/migrations/sql/20230405000000000001_create_session_token_exchanges.down.sql", "content": "DROP TABLE session_token_exchanges;\n" }, { "path": "persistence/sql/migrations/sql/20230405000000000001_create_session_token_exchanges.mysql.down.sql", "content": "DROP TABLE session_token_exchanges;\n" }, { "path": "persistence/sql/migrations/sql/20230405000000000001_create_session_token_exchanges.mysql.up.sql", "content": "CREATE TABLE session_token_exchanges (\n id CHAR(36) NOT NULL PRIMARY KEY,\n nid CHAR(36) NOT NULL,\n flow_id CHAR(36) NOT NULL,\n session_id CHAR(36) DEFAULT NULL,\n init_code VARCHAR(64) NOT NULL,\n return_to_code VARCHAR(64) NOT NULL,\n\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP\n);\n\n-- Relevant query:\n-- SELECT * from session_token_exchanges\n-- WHERE nid = ? AND code = ? AND code <> '' AND session_id IS NOT NULL\nCREATE INDEX session_token_exchanges_nid_code_idx ON session_token_exchanges (init_code, nid);\n\n-- Relevant query:\n-- UPDATE session_token_exchanges SET session_id = ? WHERE flow_id = ? AND nid = ?\nCREATE INDEX session_token_exchanges_nid_flow_id_idx ON session_token_exchanges (flow_id, nid);\n" }, { "path": "persistence/sql/migrations/sql/20230405000000000001_create_session_token_exchanges.up.sql", "content": "CREATE TABLE session_token_exchanges (\n \"id\" UUID NOT NULL PRIMARY KEY,\n \"nid\" UUID NOT NULL,\n \"flow_id\" UUID NOT NULL,\n \"session_id\" UUID DEFAULT NULL,\n \"init_code\" VARCHAR(64) NOT NULL,\n \"return_to_code\" VARCHAR(64) NOT NULL,\n\n\n \"created_at\" timestamp NOT NULL,\n \"updated_at\" timestamp NOT NULL\n);\n\n-- Relevant query:\n-- SELECT * from session_token_exchanges\n-- WHERE nid = ? AND code = ? AND code <> '' AND session_id IS NOT NULL\nCREATE INDEX session_token_exchanges_nid_code_idx ON session_token_exchanges (init_code, nid);\n\n-- Relevant query:\n-- UPDATE session_token_exchanges SET session_id = ? WHERE flow_id = ? AND nid = ?\nCREATE INDEX session_token_exchanges_nid_flow_id_idx ON session_token_exchanges (flow_id, nid);\n" }, { "path": "persistence/sql/migrations/sql/20230614000001000000_hydra_login_challenge_format.down.sql", "content": "-- ALTER TABLE selfservice_login_flows ADD COLUMN oauth2_login_challenge UUID NULL;\n-- ALTER TABLE selfservice_registration_flows ADD COLUMN oauth2_login_challenge UUID NULL;\n\nALTER TABLE selfservice_login_flows DROP COLUMN oauth2_login_challenge_data;\nALTER TABLE selfservice_registration_flows DROP COLUMN oauth2_login_challenge_data;\n" }, { "path": "persistence/sql/migrations/sql/20230614000001000000_hydra_login_challenge_format.mysql.down.sql", "content": "-- ALTER TABLE selfservice_login_flows ADD COLUMN oauth2_login_challenge CHAR(36) NULL;\n-- ALTER TABLE selfservice_registration_flows ADD COLUMN oauth2_login_challenge CHAR(36) NULL;\n\nALTER TABLE selfservice_login_flows DROP COLUMN oauth2_login_challenge_data;\nALTER TABLE selfservice_registration_flows DROP COLUMN oauth2_login_challenge_data;\n" }, { "path": "persistence/sql/migrations/sql/20230614000001000000_hydra_login_challenge_format.sqlite3.down.sql", "content": "-- ALTER TABLE `selfservice_login_flows` ADD COLUMN `oauth2_login_challenge` CHAR(36) NULL;\n-- ALTER TABLE `selfservice_registration_flows` ADD COLUMN `oauth2_login_challenge` CHAR(36) NULL;\n\nALTER TABLE \"selfservice_login_flows\" DROP COLUMN \"oauth2_login_challenge_data\";\nALTER TABLE \"selfservice_registration_flows\" DROP COLUMN \"oauth2_login_challenge_data\";\n" }, { "path": "persistence/sql/migrations/sql/20230614000001000000_hydra_login_challenge_format.up.sql", "content": "-- Drop columns in a later migration.\n-- ALTER TABLE selfservice_login_flows DROP COLUMN oauth2_login_challenge;\n-- ALTER TABLE selfservice_registration_flows DROP COLUMN oauth2_login_challenge;\n\nALTER TABLE selfservice_login_flows ADD COLUMN oauth2_login_challenge_data TEXT NULL;\nALTER TABLE selfservice_registration_flows ADD COLUMN oauth2_login_challenge_data TEXT NULL;\n" }, { "path": "persistence/sql/migrations/sql/20230619000000000001_sessions_add_sorted_indices.down.sql", "content": "CREATE INDEX sessions_identity_id_nid_idx\n ON sessions (identity_id, nid);\n\nDROP INDEX sessions_identity_id_nid_sorted_idx;\n" }, { "path": "persistence/sql/migrations/sql/20230619000000000001_sessions_add_sorted_indices.mysql.down.sql", "content": "CREATE INDEX sessions_identity_id_nid_idx\n ON sessions (identity_id, nid);\n\nDROP INDEX sessions_identity_id_nid_sorted_idx\n ON sessions;\n" }, { "path": "persistence/sql/migrations/sql/20230619000000000001_sessions_add_sorted_indices.mysql.up.sql", "content": "CREATE INDEX sessions_identity_id_nid_sorted_idx\n ON sessions (identity_id, nid, authenticated_at DESC);\n\nDROP INDEX sessions_identity_id_nid_idx\n ON sessions;\n" }, { "path": "persistence/sql/migrations/sql/20230619000000000001_sessions_add_sorted_indices.up.sql", "content": "CREATE INDEX sessions_identity_id_nid_sorted_idx\n ON sessions (identity_id, nid, authenticated_at DESC);\n\nDROP INDEX sessions_identity_id_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20230626000000000001_identity_credential_identifiers_nid_identity_credential_id_idx.down.sql", "content": "-- nothing\n" }, { "path": "persistence/sql/migrations/sql/20230626000000000001_identity_credential_identifiers_nid_identity_credential_id_idx.mysql.down.sql", "content": "-- nothing: needed for foreign key anyways\n" }, { "path": "persistence/sql/migrations/sql/20230626000000000001_identity_credential_identifiers_nid_identity_credential_id_idx.mysql.up.sql", "content": "CREATE INDEX identity_credential_identifiers_nid_identity_credential_id_idx ON identity_credential_identifiers (identity_credential_id, nid);\n" }, { "path": "persistence/sql/migrations/sql/20230626000000000001_identity_credential_identifiers_nid_identity_credential_id_idx.up.sql", "content": "-- index already exists\n" }, { "path": "persistence/sql/migrations/sql/20230703143600000001_selfservice_registration_login_flows_state.down.sql", "content": "ALTER table selfservice_registration_flows DROP COLUMN state;\nALTER table selfservice_login_flows DROP COLUMN state;\n" }, { "path": "persistence/sql/migrations/sql/20230703143600000001_selfservice_registration_login_flows_state.up.sql", "content": "ALTER table selfservice_login_flows ADD state VARCHAR(255) NULL;\nALTER table selfservice_registration_flows ADD state VARCHAR(255) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20230705000000000001_cookie_flow_request_url.cockroach.down.sql", "content": "UPDATE selfservice_login_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_recovery_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_registration_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_settings_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_verification_flows SET request_url = substr(request_url, 1, 1024);\n" }, { "path": "persistence/sql/migrations/sql/20230705000000000001_cookie_flow_request_url.down.sql", "content": "UPDATE selfservice_login_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_recovery_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_registration_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_settings_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_verification_flows SET request_url = substr(request_url, 1, 1024);\n\nALTER TABLE selfservice_login_flows ALTER COLUMN request_url TYPE VARCHAR(1024);\nALTER TABLE selfservice_recovery_flows ALTER COLUMN request_url TYPE VARCHAR(1024);\nALTER TABLE selfservice_registration_flows ALTER COLUMN request_url TYPE VARCHAR(1024);\nALTER TABLE selfservice_settings_flows ALTER COLUMN request_url TYPE VARCHAR(1024);\nALTER TABLE selfservice_verification_flows ALTER COLUMN request_url TYPE VARCHAR(1024);\n" }, { "path": "persistence/sql/migrations/sql/20230705000000000001_cookie_flow_request_url.mysql.down.sql", "content": "UPDATE selfservice_login_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_recovery_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_registration_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_settings_flows SET request_url = substr(request_url, 1, 1024);\nUPDATE selfservice_verification_flows SET request_url = substr(request_url, 1, 1024);\n\nALTER TABLE selfservice_login_flows MODIFY request_url VARCHAR(1024);\nALTER TABLE selfservice_recovery_flows MODIFY request_url VARCHAR(1024);\nALTER TABLE selfservice_registration_flows MODIFY request_url VARCHAR(1024);\nALTER TABLE selfservice_settings_flows MODIFY request_url VARCHAR(1024);\nALTER TABLE selfservice_verification_flows MODIFY request_url VARCHAR(1024);\n" }, { "path": "persistence/sql/migrations/sql/20230705000000000001_cookie_flow_request_url.mysql.up.sql", "content": "ALTER TABLE selfservice_login_flows MODIFY request_url TEXT;\nALTER TABLE selfservice_recovery_flows MODIFY request_url TEXT;\nALTER TABLE selfservice_registration_flows MODIFY request_url TEXT;\nALTER TABLE selfservice_settings_flows MODIFY request_url TEXT;\nALTER TABLE selfservice_verification_flows MODIFY request_url TEXT;\n" }, { "path": "persistence/sql/migrations/sql/20230705000000000001_cookie_flow_request_url.sqlite.down.sql", "content": "ALTER TABLE selfservice_login_flows\n ADD COLUMN request_url_new VARCHAR(1024) NOT NULL DEFAULT '';\nALTER TABLE selfservice_recovery_flows\n ADD COLUMN request_url_new VARCHAR(1024) NOT NULL DEFAULT '';\nALTER TABLE selfservice_registration_flows\n ADD COLUMN request_url_new VARCHAR(1024) NOT NULL DEFAULT '';\nALTER TABLE selfservice_settings_flows\n ADD COLUMN request_url_new VARCHAR(1024) NOT NULL DEFAULT '';\nALTER TABLE selfservice_verification_flows\n ADD COLUMN request_url_new VARCHAR(1024) NOT NULL DEFAULT '';\n\nUPDATE selfservice_login_flows\nSET request_url_new = substr(request_url, 1, 1024);\nUPDATE selfservice_recovery_flows\nSET request_url_new = substr(request_url, 1, 1024);\nUPDATE selfservice_registration_flows\nSET request_url_new = substr(request_url, 1, 1024);\nUPDATE selfservice_settings_flows\nSET request_url_new = substr(request_url, 1, 1024);\nUPDATE selfservice_verification_flows\nSET request_url_new = substr(request_url, 1, 1024);\n\nALTER TABLE selfservice_login_flows\n DROP COLUMN request_url;\nALTER TABLE selfservice_login_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_recovery_flows\n DROP COLUMN request_url;\nALTER TABLE selfservice_recovery_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_registration_flows\n DROP COLUMN request_url;\nALTER TABLE selfservice_registration_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_settings_flows\n DROP COLUMN request_url;\nALTER TABLE selfservice_settings_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_verification_flows\n DROP COLUMN request_url;\nALTER TABLE selfservice_verification_flows RENAME COLUMN request_url_new TO request_url;\n\n" }, { "path": "persistence/sql/migrations/sql/20230705000000000001_cookie_flow_request_url.sqlite.up.sql", "content": "ALTER TABLE selfservice_login_flows ADD COLUMN request_url_new TEXT NOT NULL DEFAULT '';\nALTER TABLE selfservice_recovery_flows ADD COLUMN request_url_new TEXT NOT NULL DEFAULT '';\nALTER TABLE selfservice_registration_flows ADD COLUMN request_url_new TEXT NOT NULL DEFAULT '';\nALTER TABLE selfservice_settings_flows ADD COLUMN request_url_new TEXT NOT NULL DEFAULT '';\nALTER TABLE selfservice_verification_flows ADD COLUMN request_url_new TEXT NOT NULL DEFAULT '';\n\nUPDATE selfservice_login_flows SET request_url_new = request_url;\nUPDATE selfservice_recovery_flows SET request_url_new = request_url;\nUPDATE selfservice_registration_flows SET request_url_new = request_url;\nUPDATE selfservice_settings_flows SET request_url_new = request_url;\nUPDATE selfservice_verification_flows SET request_url_new = request_url;\n\nALTER TABLE selfservice_login_flows DROP COLUMN request_url;\nALTER TABLE selfservice_login_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_recovery_flows DROP COLUMN request_url;\nALTER TABLE selfservice_recovery_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_registration_flows DROP COLUMN request_url;\nALTER TABLE selfservice_registration_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_settings_flows DROP COLUMN request_url;\nALTER TABLE selfservice_settings_flows RENAME COLUMN request_url_new TO request_url;\n\nALTER TABLE selfservice_verification_flows DROP COLUMN request_url;\nALTER TABLE selfservice_verification_flows RENAME COLUMN request_url_new TO request_url;\n\n" }, { "path": "persistence/sql/migrations/sql/20230705000000000001_cookie_flow_request_url.up.sql", "content": "ALTER TABLE selfservice_login_flows ALTER COLUMN request_url TYPE TEXT;\nALTER TABLE selfservice_recovery_flows ALTER COLUMN request_url TYPE TEXT;\nALTER TABLE selfservice_registration_flows ALTER COLUMN request_url TYPE TEXT;\nALTER TABLE selfservice_settings_flows ALTER COLUMN request_url TYPE TEXT;\nALTER TABLE selfservice_verification_flows ALTER COLUMN request_url TYPE TEXT;\n" }, { "path": "persistence/sql/migrations/sql/20230706000000000001_available_aal.down.sql", "content": "ALTER TABLE identities DROP COLUMN available_aal;\n" }, { "path": "persistence/sql/migrations/sql/20230706000000000001_available_aal.up.sql", "content": "ALTER TABLE identities ADD COLUMN available_aal VARCHAR(4) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20230707133700000000_identity_login_code.down.sql", "content": "DROP TABLE identity_login_codes;\n\nALTER TABLE selfservice_login_flows DROP submit_count;\n" }, { "path": "persistence/sql/migrations/sql/20230707133700000000_identity_login_code.mysql.up.sql", "content": "CREATE TABLE identity_login_codes\n(\n id CHAR(36) NOT NULL PRIMARY KEY,\n code VARCHAR(64) NOT NULL, -- HMACed value of the actual code\n address VARCHAR(255) NOT NULL,\n address_type CHAR(36) NOT NULL,\n used_at timestamp NULL DEFAULT NULL,\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_login_flow_id CHAR(36),\n identity_id CHAR(36) NOT NULL,\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n nid CHAR(36) NOT NULL,\n CONSTRAINT identity_login_codes_selfservice_login_flows_id_fk\n FOREIGN KEY (selfservice_login_flow_id)\n REFERENCES selfservice_login_flows (id)\n ON DELETE cascade,\n CONSTRAINT identity_login_codes_networks_id_fk\n FOREIGN KEY (nid)\n REFERENCES networks (id)\n ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nCREATE INDEX identity_login_codes_nid_flow_id_idx ON identity_login_codes (nid, selfservice_login_flow_id);\nCREATE INDEX identity_login_codes_id_nid_idx ON identity_login_codes (id, nid);\n\n\nALTER TABLE selfservice_login_flows ADD submit_count int NOT NULL DEFAULT 0;\n" }, { "path": "persistence/sql/migrations/sql/20230707133700000000_identity_login_code.up.sql", "content": "CREATE TABLE identity_login_codes\n(\n id UUID NOT NULL PRIMARY KEY,\n code VARCHAR(64) NOT NULL, -- HMACed value of the actual code\n address VARCHAR(255) NOT NULL,\n address_type CHAR(36) NOT NULL,\n used_at timestamp NULL DEFAULT NULL,\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_login_flow_id UUID NOT NULL,\n identity_id UUID NOT NULL,\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n nid UUID NOT NULL,\n CONSTRAINT identity_login_codes_selfservice_login_flows_id_fk\n FOREIGN KEY (selfservice_login_flow_id)\n REFERENCES selfservice_login_flows (id)\n ON DELETE cascade,\n CONSTRAINT identity_login_codes_networks_id_fk\n FOREIGN KEY (nid)\n REFERENCES networks (id)\n ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nCREATE INDEX identity_login_codes_nid_flow_id_idx ON identity_login_codes (nid, selfservice_login_flow_id);\nCREATE INDEX identity_login_codes_id_nid_idx ON identity_login_codes (id, nid);\n\nALTER TABLE selfservice_login_flows ADD submit_count int NOT NULL DEFAULT 0;\n" }, { "path": "persistence/sql/migrations/sql/20230707133700000001_identity_registration_code.down.sql", "content": "DROP TABLE identity_registration_codes;\n\nALTER TABLE selfservice_registration_flows DROP submit_count;\n" }, { "path": "persistence/sql/migrations/sql/20230707133700000001_identity_registration_code.mysql.up.sql", "content": "CREATE TABLE identity_registration_codes\n(\n id CHAR(36) NOT NULL PRIMARY KEY,\n code VARCHAR(64) NOT NULL, -- HMACed value of the actual code\n address VARCHAR(255) NOT NULL,\n address_type CHAR(36) NOT NULL,\n used_at timestamp NULL DEFAULT NULL,\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_registration_flow_id CHAR(36),\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n nid CHAR(36) NOT NULL,\n CONSTRAINT identity_registration_codes_selfservice_registration_flows_id_fk\n FOREIGN KEY (selfservice_registration_flow_id)\n REFERENCES selfservice_registration_flows (id)\n ON DELETE cascade,\n CONSTRAINT identity_registration_codes_networks_id_fk\n FOREIGN KEY (nid)\n REFERENCES networks (id)\n ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nCREATE INDEX identity_registration_codes_nid_flow_id_idx ON identity_registration_codes (nid, selfservice_registration_flow_id);\nCREATE INDEX identity_registration_codes_id_nid_idx ON identity_registration_codes (id, nid);\n\nALTER TABLE selfservice_registration_flows ADD submit_count int NOT NULL DEFAULT 0;\n" }, { "path": "persistence/sql/migrations/sql/20230707133700000001_identity_registration_code.up.sql", "content": "CREATE TABLE identity_registration_codes\n(\n id UUID NOT NULL PRIMARY KEY,\n code VARCHAR(64) NOT NULL, -- HMACed value of the actual code\n address VARCHAR(255) NOT NULL,\n address_type CHAR(36) NOT NULL,\n used_at timestamp NULL DEFAULT NULL,\n expires_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n issued_at timestamp NOT NULL DEFAULT '2000-01-01 00:00:00',\n selfservice_registration_flow_id UUID NOT NULL,\n created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n nid UUID NOT NULL,\n CONSTRAINT identity_registration_codes_selfservice_registration_flows_id_fk\n FOREIGN KEY (selfservice_registration_flow_id)\n REFERENCES selfservice_registration_flows (id)\n ON DELETE cascade,\n CONSTRAINT identity_registration_codes_networks_id_fk\n FOREIGN KEY (nid)\n REFERENCES networks (id)\n ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\nCREATE INDEX identity_registration_codes_nid_flow_id_idx ON identity_registration_codes (nid, selfservice_registration_flow_id);\nCREATE INDEX identity_registration_codes_id_nid_idx ON identity_registration_codes (id, nid);\n\nALTER TABLE selfservice_registration_flows ADD submit_count int NOT NULL DEFAULT 0;\n" }, { "path": "persistence/sql/migrations/sql/20230712173852000000_credential_types_code.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'code';\n" }, { "path": "persistence/sql/migrations/sql/20230712173852000000_credential_types_code.up.sql", "content": "INSERT INTO identity_credential_types (id, name) SELECT '14f3b7e2-8725-4068-be39-8a796485fd97', 'code' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'code');\n" }, { "path": "persistence/sql/migrations/sql/20230811000000000001_verification_add_oauth2_login_challenge.down.sql", "content": "ALTER TABLE selfservice_verification_flows DROP COLUMN oauth2_login_challenge;\n" }, { "path": "persistence/sql/migrations/sql/20230811000000000001_verification_add_oauth2_login_challenge.up.sql", "content": "ALTER TABLE selfservice_verification_flows ADD COLUMN oauth2_login_challenge TEXT NULL;\n" }, { "path": "persistence/sql/migrations/sql/20230818000000000001_verification_add_oauth2_login_challenge_identity_id.down.sql", "content": "ALTER TABLE selfservice_verification_flows DROP COLUMN session_id;\n\n" }, { "path": "persistence/sql/migrations/sql/20230818000000000001_verification_add_oauth2_login_challenge_identity_id.mysql.up.sql", "content": "ALTER TABLE selfservice_verification_flows ADD COLUMN session_id VARCHAR(36);\n" }, { "path": "persistence/sql/migrations/sql/20230818000000000001_verification_add_oauth2_login_challenge_identity_id.up.sql", "content": "ALTER TABLE selfservice_verification_flows ADD COLUMN session_id UUID;\n" }, { "path": "persistence/sql/migrations/sql/20230823000000000001_verification_add_oauth2_login_challenge_params.down.sql", "content": "ALTER TABLE selfservice_verification_flows DROP COLUMN identity_id;\nALTER TABLE selfservice_verification_flows DROP COLUMN authentication_methods;\n" }, { "path": "persistence/sql/migrations/sql/20230823000000000001_verification_add_oauth2_login_challenge_params.mysql.up.sql", "content": "ALTER TABLE selfservice_verification_flows ADD COLUMN identity_id VARCHAR(36);\nALTER TABLE selfservice_verification_flows ADD COLUMN authentication_methods JSON;\n" }, { "path": "persistence/sql/migrations/sql/20230823000000000001_verification_add_oauth2_login_challenge_params.sqlite.up.sql", "content": "ALTER TABLE selfservice_verification_flows ADD COLUMN identity_id VARCHAR(36);\nALTER TABLE selfservice_verification_flows ADD COLUMN authentication_methods TEXT;\n" }, { "path": "persistence/sql/migrations/sql/20230823000000000001_verification_add_oauth2_login_challenge_params.up.sql", "content": "ALTER TABLE selfservice_verification_flows ADD COLUMN identity_id UUID;\nALTER TABLE selfservice_verification_flows ADD COLUMN authentication_methods JSON;\n" }, { "path": "persistence/sql/migrations/sql/20230907085000000000_add_organization_id.down.sql", "content": "alter table selfservice_login_flows drop column organization_id;\nalter table selfservice_registration_flows drop column organization_id;\nalter table identities drop column organization_id;\n" }, { "path": "persistence/sql/migrations/sql/20230907085000000000_add_organization_id.mysql.up.sql", "content": "alter table selfservice_login_flows add column organization_id char(36) null;\nalter table selfservice_registration_flows add column organization_id char(36) null;\nalter table identities add column organization_id char(36) null;\n" }, { "path": "persistence/sql/migrations/sql/20230907085000000000_add_organization_id.up.sql", "content": "alter table selfservice_login_flows add column organization_id uuid null;\nalter table selfservice_registration_flows add column organization_id uuid null;\nalter table identities add column organization_id uuid null;\n" }, { "path": "persistence/sql/migrations/sql/20230920171028000000_identity_search_index.cockroach.down.sql", "content": "DROP INDEX IF EXISTS identity_credential_identifiers_nid_identifier_gin;\n" }, { "path": "persistence/sql/migrations/sql/20230920171028000000_identity_search_index.cockroach.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_identifier_gin ON identity_credential_identifiers USING GIN (nid, identifier gin_trgm_ops);\n" }, { "path": "persistence/sql/migrations/sql/20230920171028000000_identity_search_index.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20230920171028000000_identity_search_index.postgres.down.sql", "content": "DROP INDEX identity_credential_identifiers_nid_identifier_gin;\n" }, { "path": "persistence/sql/migrations/sql/20230920171028000000_identity_search_index.postgres.up.sql", "content": "CREATE EXTENSION IF NOT EXISTS pg_trgm;\nCREATE EXTENSION IF NOT EXISTS btree_gin;\n\nCREATE INDEX identity_credential_identifiers_nid_identifier_gin ON identity_credential_identifiers USING GIN (nid, identifier gin_trgm_ops);\n" }, { "path": "persistence/sql/migrations/sql/20230920171028000000_identity_search_index.up.sql", "content": "\n" }, { "path": "persistence/sql/migrations/sql/20231108111100000000_credential_types_passkey.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'passkey';" }, { "path": "persistence/sql/migrations/sql/20231108111100000000_credential_types_passkey.up.sql", "content": "INSERT INTO identity_credential_types (id, name)\nSELECT '8d0ca544-9bf6-45d3-bd75-0bbb3aeba3c7', 'passkey'\nWHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'passkey');" }, { "path": "persistence/sql/migrations/sql/20231130094628000000_courier_message_channel.down.sql", "content": "ALTER TABLE\n courier_messages DROP column channel;\n" }, { "path": "persistence/sql/migrations/sql/20231130094628000000_courier_message_channel.up.sql", "content": "ALTER TABLE\n courier_messages\nADD\n column channel VARCHAR(32) NULL;" }, { "path": "persistence/sql/migrations/sql/20240119094628000000_sessions_created_at_index.down.sql", "content": "DROP INDEX sessions_nid_created_at_id_idx;" }, { "path": "persistence/sql/migrations/sql/20240119094628000000_sessions_created_at_index.mysql.down.sql", "content": "DROP INDEX sessions_nid_created_at_id_idx ON sessions;" }, { "path": "persistence/sql/migrations/sql/20240119094628000000_sessions_created_at_index.up.sql", "content": "CREATE INDEX sessions_nid_created_at_id_idx ON sessions (nid, created_at DESC, id ASC);" }, { "path": "persistence/sql/migrations/sql/20240213095000000000_identity_credentials_user_handle_index.cockroach.down.sql", "content": "DROP INDEX identity_credentials_user_handle_idx;" }, { "path": "persistence/sql/migrations/sql/20240213095000000000_identity_credentials_user_handle_index.cockroach.up.sql", "content": "CREATE INVERTED INDEX identity_credentials_user_handle_idx\n ON identity_credentials (config)\n WHERE config ->> 'user_handle' IS NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20240213095000000000_identity_credentials_user_handle_index.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240213095000000000_identity_credentials_user_handle_index.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240214113828000000_courier_dispatch_indices.down.sql", "content": "CREATE INDEX IF NOT EXISTS courier_message_dispatches_id_message_id_nid_idx ON courier_message_dispatches (id ASC, message_id ASC, nid ASC);\n\nDROP INDEX courier_message_dispatches_message_id_idx;\nDROP INDEX courier_message_dispatches_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20240214113828000000_courier_dispatch_indices.mysql.down.sql", "content": "CREATE INDEX courier_message_dispatches_id_message_id_nid_idx ON courier_message_dispatches (id ASC, message_id ASC, nid ASC);\n\n-- These can't be removed because of foreign key constraints which disallow index deletion in MySQL.\n\n-- DROP INDEX courier_message_dispatches_message_id_idx ON courier_message_dispatches;\n-- DROP INDEX courier_message_dispatches_nid_idx ON courier_message_dispatches;\n" }, { "path": "persistence/sql/migrations/sql/20240214113828000000_courier_dispatch_indices.mysql.up.sql", "content": "-- Remove unused index\nDROP INDEX courier_message_dispatches_id_message_id_nid_idx ON courier_message_dispatches;\n\n-- For pop eager load\nCREATE INDEX courier_message_dispatches_message_id_idx ON courier_message_dispatches (message_id, created_at DESC);\n\n-- For delete by nid\nCREATE INDEX courier_message_dispatches_nid_idx ON courier_message_dispatches (nid);\n" }, { "path": "persistence/sql/migrations/sql/20240214113828000000_courier_dispatch_indices.up.sql", "content": "-- Remove unused index\nDROP INDEX courier_message_dispatches_id_message_id_nid_idx;\n\n-- For pop eager load\nCREATE INDEX IF NOT EXISTS courier_message_dispatches_message_id_idx ON courier_message_dispatches (message_id, created_at DESC);\n\n-- For delete by nid\nCREATE INDEX IF NOT EXISTS courier_message_dispatches_nid_idx ON courier_message_dispatches (nid);\n" }, { "path": "persistence/sql/migrations/sql/20240221000000000000_identity_recovery_codes_flow_id_idx.cockroach.down.sql", "content": "DROP INDEX IF EXISTS identity_login_codes@identity_login_codes_identity_id_idx;\nDROP INDEX IF EXISTS identity_login_codes@identity_login_codes_flow_id_idx;\nDROP INDEX IF EXISTS identity_recovery_codes@identity_recovery_codes_flow_id_idx;\nDROP INDEX IF EXISTS identity_registration_codes@identity_registration_codes_flow_id_idx;\nDROP INDEX IF EXISTS identity_verification_codes@identity_verification_codes_flow_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20240221000000000000_identity_recovery_codes_flow_id_idx.down.sql", "content": "DROP INDEX IF EXISTS identity_login_codes.identity_login_codes_identity_id_idx;\nDROP INDEX IF EXISTS identity_login_codes.identity_login_codes_flow_id_idx;\nDROP INDEX IF EXISTS identity_recovery_codes.identity_recovery_codes_flow_id_idx;\nDROP INDEX IF EXISTS identity_registration_codes.identity_registration_codes_flow_id_idx;\nDROP INDEX IF EXISTS identity_verification_codes.identity_verification_codes_flow_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20240221000000000000_identity_recovery_codes_flow_id_idx.mysql.down.sql", "content": "ALTER TABLE `identity_recovery_codes`\n DROP FOREIGN KEY `identity_recovery_codes_identity_id_fk`,\n ADD CONSTRAINT `identity_recovery_tokens_identity_id_fk` FOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE CASCADE ON UPDATE RESTRICT;\n\nALTER TABLE `identity_login_codes`\n DROP FOREIGN KEY `identity_login_codes_identity_id_fk`;\n" }, { "path": "persistence/sql/migrations/sql/20240221000000000000_identity_recovery_codes_flow_id_idx.mysql.up.sql", "content": "-- This FK was previously misnamed.\nALTER TABLE `identity_recovery_codes`\n DROP FOREIGN KEY `identity_recovery_tokens_identity_id_fk`,\n ADD CONSTRAINT `identity_recovery_codes_identity_id_fk` FOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE CASCADE ON UPDATE RESTRICT;\n\n-- Missing FK\nALTER TABLE `identity_login_codes`\n ADD CONSTRAINT `identity_login_codes_identity_id_fk` FOREIGN KEY (`identity_id`) REFERENCES `identities` (`id`) ON DELETE CASCADE ON UPDATE RESTRICT;\n\n-- MySQL has created the remaining indices automatically together with the foreign key constraints.\n\n-- CREATE INDEX identity_login_codes_identity_id_idx ON identity_login_codes (identity_id ASC);\n-- CREATE INDEX identity_login_codes_flow_id_idx ON identity_login_codes (selfservice_login_flow_id ASC);\n-- CREATE INDEX identity_registration_codes_flow_id_idx ON identity_registration_codes (selfservice_registration_flow_id ASC);\n-- CREATE INDEX identity_recovery_codes_flow_id_idx ON identity_recovery_codes (selfservice_recovery_flow_id ASC);\n-- CREATE INDEX identity_verification_codes_flow_id_idx ON identity_verification_codes (selfservice_verification_flow_id ASC);\n" }, { "path": "persistence/sql/migrations/sql/20240221000000000000_identity_recovery_codes_flow_id_idx.sqlite.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_login_codes_identity_id_idx ON identity_login_codes (identity_id ASC);\nCREATE INDEX IF NOT EXISTS identity_login_codes_flow_id_idx ON identity_login_codes (selfservice_login_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_registration_codes_flow_id_idx ON identity_registration_codes (selfservice_registration_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_flow_id_idx ON identity_recovery_codes (selfservice_recovery_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_verification_codes_flow_id_idx ON identity_verification_codes (selfservice_verification_flow_id ASC);\n" }, { "path": "persistence/sql/migrations/sql/20240221000000000000_identity_recovery_codes_flow_id_idx.up.sql", "content": "ALTER TABLE identity_login_codes\n ADD CONSTRAINT identity_login_codes_identity_id_fk FOREIGN KEY (identity_id) REFERENCES identities (id) ON DELETE CASCADE ON UPDATE RESTRICT;\n\nCREATE INDEX IF NOT EXISTS identity_login_codes_identity_id_idx ON identity_login_codes (identity_id ASC);\nCREATE INDEX IF NOT EXISTS identity_login_codes_flow_id_idx ON identity_login_codes (selfservice_login_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_registration_codes_flow_id_idx ON identity_registration_codes (selfservice_registration_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_flow_id_idx ON identity_recovery_codes (selfservice_recovery_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_verification_codes_flow_id_idx ON identity_verification_codes (selfservice_verification_flow_id ASC);\n" }, { "path": "persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.down.sql", "content": "CREATE EXTENSION IF NOT EXISTS pg_trgm;\nCREATE EXTENSION IF NOT EXISTS btree_gin;\n\nCREATE INDEX identity_credential_identifiers_nid_identifier_gin ON identity_credential_identifiers USING GIN (nid, identifier gin_trgm_ops);\n" }, { "path": "persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.up.sql", "content": "DROP INDEX identity_credential_identifiers_nid_identifier_gin;\n" }, { "path": "persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240325153839000000_drop_identity_search_index.cockroach.down.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_identifier_gin ON identity_credential_identifiers USING GIN (nid, identifier gin_trgm_ops);\n" }, { "path": "persistence/sql/migrations/sql/20240325153839000000_drop_identity_search_index.cockroach.up.sql", "content": "DROP INDEX IF EXISTS identity_credential_identifiers_nid_identifier_gin;\n" }, { "path": "persistence/sql/migrations/sql/20240325153839000000_drop_identity_search_index.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240325153839000000_drop_identity_search_index.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240425095000000000_identity_credentials_fix_user_handle_index.cockroach.down.sql", "content": "DROP INDEX identity_credentials_config_user_handle_idx;" }, { "path": "persistence/sql/migrations/sql/20240425095000000000_identity_credentials_fix_user_handle_index.cockroach.up.sql", "content": "CREATE INDEX identity_credentials_config_user_handle_idx\n ON identity_credentials ((config ->> 'user_handle'))\n WHERE config ->> 'user_handle' IS NOT NULL\n;\n" }, { "path": "persistence/sql/migrations/sql/20240425095000000000_identity_credentials_fix_user_handle_index.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240425095000000000_identity_credentials_fix_user_handle_index.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240425095000000001_identity_credentials_fix_user_handle_index.cockroach.down.sql", "content": "CREATE INVERTED INDEX identity_credentials_user_handle_idx\n ON identity_credentials (config)\n WHERE config ->> 'user_handle' IS NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20240425095000000001_identity_credentials_fix_user_handle_index.cockroach.up.sql", "content": "DROP INDEX identity_credentials_user_handle_idx;\n" }, { "path": "persistence/sql/migrations/sql/20240425095000000001_identity_credentials_fix_user_handle_index.down.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240425095000000001_identity_credentials_fix_user_handle_index.up.sql", "content": "" }, { "path": "persistence/sql/migrations/sql/20240923095000000001_organization_id_index.down.sql", "content": "DROP INDEX identities_nid_organization_id_idx;" }, { "path": "persistence/sql/migrations/sql/20240923095000000001_organization_id_index.mysql.down.sql", "content": "DROP INDEX identities_nid_organization_id_idx ON identities;\n" }, { "path": "persistence/sql/migrations/sql/20240923095000000001_organization_id_index.up.sql", "content": "CREATE INDEX identities_nid_organization_id_idx ON identities (organization_id);\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000001_drop_unused_indices_identity_credentials.down.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credentials_id_nid_idx ON identity_credentials (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_credentials_nid_id_idx ON identity_credentials (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS identity_credentials_nid_identity_id_idx ON identity_credentials (identity_id ASC, nid ASC);\n\nDROP INDEX IF EXISTS identity_credentials_identity_id_idx;\nDROP INDEX IF EXISTS identity_credentials_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000001_drop_unused_indices_identity_credentials.mysql.down.sql", "content": "CREATE INDEX identity_credentials_id_nid_idx ON identity_credentials (id ASC, nid ASC);\nCREATE INDEX identity_credentials_nid_id_idx ON identity_credentials (nid ASC, id ASC);\n\nDROP INDEX identity_credentials_nid_idx ON identity_credentials;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000001_drop_unused_indices_identity_credentials.mysql.up.sql", "content": "CREATE INDEX identity_credentials_nid_idx ON identity_credentials (nid ASC);\n\nDROP INDEX identity_credentials_id_nid_idx ON identity_credentials;\nDROP INDEX identity_credentials_nid_id_idx ON identity_credentials;\n\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000001_drop_unused_indices_identity_credentials.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credentials_identity_id_idx ON identity_credentials (identity_id ASC);\nCREATE INDEX IF NOT EXISTS identity_credentials_nid_idx ON identity_credentials (nid ASC);\n\nDROP INDEX IF EXISTS identity_credentials_id_nid_idx;\nDROP INDEX IF EXISTS identity_credentials_nid_id_idx;\nDROP INDEX IF EXISTS identity_credentials_nid_identity_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000002_drop_unused_indices_sessions.down.sql", "content": "CREATE INDEX IF NOT EXISTS sessions_nid_id_identity_id_idx ON sessions(nid ASC, identity_id ASC, id ASC);\nCREATE INDEX IF NOT EXISTS sessions_id_nid_idx ON sessions(id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS sessions_token_nid_idx ON sessions(nid ASC, token ASC);\nCREATE INDEX IF NOT EXISTS sessions_identity_id_nid_sorted_idx ON sessions(identity_id ASC, nid ASC, authenticated_at DESC);\nCREATE INDEX IF NOT EXISTS sessions_nid_created_at_id_idx ON sessions(nid ASC, created_at DESC, id ASC);\n\nDROP INDEX IF EXISTS sessions_list_idx;\nDROP INDEX IF EXISTS sessions_list_active_idx;\nDROP INDEX IF EXISTS sessions_list_identity_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000002_drop_unused_indices_sessions.mysql.down.sql", "content": "CREATE INDEX sessions_nid_id_identity_id_idx ON sessions(nid ASC, identity_id ASC, id ASC);\nCREATE INDEX sessions_id_nid_idx ON sessions(id ASC, nid ASC);\nCREATE INDEX sessions_token_nid_idx ON sessions(nid ASC, token ASC);\nCREATE INDEX sessions_identity_id_nid_sorted_idx ON sessions(identity_id ASC, nid ASC, authenticated_at DESC);\nCREATE INDEX sessions_nid_created_at_id_idx ON sessions(nid ASC, created_at DESC, id ASC);\n\nDROP INDEX sessions_list_idx ON sessions;\nDROP INDEX sessions_list_active_idx ON sessions;\nDROP INDEX sessions_list_identity_idx ON sessions;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000002_drop_unused_indices_sessions.mysql.up.sql", "content": "CREATE INDEX sessions_list_idx ON sessions (nid ASC, created_at DESC, id ASC);\nCREATE INDEX sessions_list_active_idx ON sessions (nid ASC, expires_at ASC, active ASC, created_at DESC, id ASC);\nCREATE INDEX sessions_list_identity_idx ON sessions (identity_id ASC, nid ASC, created_at DESC);\n\nDROP INDEX sessions_nid_id_identity_id_idx ON sessions;\nDROP INDEX sessions_id_nid_idx ON sessions;\nDROP INDEX sessions_token_nid_idx ON sessions;\nDROP INDEX sessions_identity_id_nid_sorted_idx ON sessions;\nDROP INDEX sessions_nid_created_at_id_idx ON sessions;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000002_drop_unused_indices_sessions.up.sql", "content": "CREATE INDEX IF NOT EXISTS sessions_list_idx ON sessions (nid ASC, created_at DESC, id ASC);\nCREATE INDEX IF NOT EXISTS sessions_list_active_idx ON sessions (nid ASC, expires_at ASC, active ASC, created_at DESC, id ASC);\nCREATE INDEX IF NOT EXISTS sessions_list_identity_idx ON sessions (identity_id ASC, nid ASC, created_at DESC);\n\nDROP INDEX IF EXISTS sessions_nid_id_identity_id_idx;\nDROP INDEX IF EXISTS sessions_id_nid_idx;\nDROP INDEX IF EXISTS sessions_token_nid_idx;\nDROP INDEX IF EXISTS sessions_identity_id_nid_sorted_idx;\nDROP INDEX IF EXISTS sessions_nid_created_at_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000003_drop_unused_indices_credential_identifiers.cockroach.down.sql", "content": "-- THIS IS COCKROACH ONLY\nALTER INDEX identity_credential_identifiers_identifier_nid_type_uq_idx RENAME TO identity_credential_identifiers_identifier_nid_type_uq_idx_deleteme;\nCREATE UNIQUE INDEX IF NOT EXISTS identity_credential_identifiers_identifier_nid_type_uq_idx ON identity_credential_identifiers(nid ASC, identity_credential_type_id ASC, identifier ASC);\nDROP INDEX IF EXISTS identity_credential_identifiers_identifier_nid_type_uq_idx_deleteme;\n--\n\nCREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_identity_credential_id_idx ON identity_credential_identifiers (identity_credential_id ASC, nid ASC);\n\nDROP INDEX IF EXISTS identity_credential_identifiers_identity_credential_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000003_drop_unused_indices_credential_identifiers.cockroach.up.sql", "content": "-- THIS IS COCKROACH ONLY\nALTER INDEX identity_credential_identifiers_identifier_nid_type_uq_idx RENAME TO identity_credential_identifiers_identifier_nid_type_uq_idx_deleteme;\nCREATE UNIQUE INDEX IF NOT EXISTS identity_credential_identifiers_identifier_nid_type_uq_idx ON identity_credential_identifiers (nid ASC, identity_credential_type_id ASC, identifier ASC) STORING (identity_credential_id);\nDROP INDEX IF EXISTS identity_credential_identifiers_identifier_nid_type_uq_idx_deleteme;\n--\n\nCREATE INDEX IF NOT EXISTS identity_credential_identifiers_identity_credential_id_idx ON identity_credential_identifiers (identity_credential_id ASC);\n\nDROP INDEX IF EXISTS identity_credential_identifiers_nid_id_idx;\nDROP INDEX IF EXISTS identity_credential_identifiers_id_nid_idx;\nDROP INDEX IF EXISTS identity_credential_identifiers_nid_identity_credential_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000003_drop_unused_indices_credential_identifiers.down.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_identity_credential_id_idx ON identity_credential_identifiers (identity_credential_id ASC, nid ASC);\n\nDROP INDEX IF EXISTS identity_credential_identifiers_identity_credential_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000003_drop_unused_indices_credential_identifiers.mysql.down.sql", "content": "CREATE INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers (nid ASC, id ASC);\nCREATE INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers (id ASC, nid ASC);\nCREATE INDEX identity_credential_identifiers_nid_identity_credential_id_idx ON identity_credential_identifiers (identity_credential_id ASC, nid ASC);\n\nDROP INDEX identity_credential_identifiers_identity_credential_id_idx ON identity_credential_identifiers;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000003_drop_unused_indices_credential_identifiers.mysql.up.sql", "content": "CREATE INDEX identity_credential_identifiers_identity_credential_id_idx ON identity_credential_identifiers (identity_credential_id ASC);\n\nDROP INDEX identity_credential_identifiers_nid_id_idx ON identity_credential_identifiers;\nDROP INDEX identity_credential_identifiers_id_nid_idx ON identity_credential_identifiers;\nDROP INDEX identity_credential_identifiers_nid_identity_credential_id_idx ON identity_credential_identifiers;\n" }, { "path": "persistence/sql/migrations/sql/20241023142500000003_drop_unused_indices_credential_identifiers.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_identity_credential_id_idx ON identity_credential_identifiers (identity_credential_id ASC);\n\nDROP INDEX IF EXISTS identity_credential_identifiers_nid_id_idx;\nDROP INDEX IF EXISTS identity_credential_identifiers_id_nid_idx;\nDROP INDEX IF EXISTS identity_credential_identifiers_nid_identity_credential_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241029102200000001_self_service.down.sql", "content": "CREATE INDEX IF NOT EXISTS selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id ASC, nid ASC);\nDROP INDEX IF EXISTS selfservice_login_flows_nid_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_errors_errors_nid_id_idx ON selfservice_errors (nid ASC, id ASC);\nDROP INDEX IF EXISTS selfservice_errors_nid_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS selfservice_recovery_flows_recovered_identity_id_nid_idx ON selfservice_recovery_flows (recovered_identity_id ASC, nid ASC);\nDROP INDEX IF EXISTS selfservice_recovery_flows_nid_idx;\nDROP INDEX IF EXISTS selfservice_recovery_flows_recovered_identity_id_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id ASC, nid ASC);\nDROP INDEX IF EXISTS selfservice_registration_flows_nid_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS selfservice_settings_flows_identity_id_nid_idx ON selfservice_settings_flows (identity_id ASC, nid ASC);\nDROP INDEX IF EXISTS selfservice_settings_flows_nid_idx;\nDROP INDEX IF EXISTS selfservice_settings_flows_identity_id_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id ASC, nid ASC);\nDROP INDEX IF EXISTS selfservice_verification_flows_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241029102200000001_self_service.mysql.down.sql", "content": "CREATE INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows (nid ASC, id ASC);\nCREATE INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows (id ASC, nid ASC);\nDROP INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows;\n\nCREATE INDEX selfservice_errors_errors_nid_id_idx ON selfservice_errors (nid ASC, id ASC);\nDROP INDEX selfservice_errors_nid_idx ON selfservice_errors;\n\nCREATE INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows (nid ASC, id ASC);\nCREATE INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows (id ASC, nid ASC);\nCREATE INDEX selfservice_recovery_flows_recovered_identity_id_nid_idx ON selfservice_recovery_flows (recovered_identity_id ASC, nid ASC);\nDROP INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows;\nDROP INDEX selfservice_recovery_flows_recovered_identity_id_idx ON selfservice_recovery_flows;\n\nCREATE INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows (nid ASC, id ASC);\nCREATE INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows (id ASC, nid ASC);\nDROP INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows;\n\nCREATE INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows (nid ASC, id ASC);\nCREATE INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows (id ASC, nid ASC);\nCREATE INDEX selfservice_settings_flows_identity_id_nid_idx ON selfservice_settings_flows (identity_id ASC, nid ASC);\nDROP INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows;\nDROP INDEX selfservice_settings_flows_identity_id_idx ON selfservice_settings_flows;\n\nCREATE INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows (nid ASC, id ASC);\nCREATE INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows (id ASC, nid ASC);\nDROP INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows;\n" }, { "path": "persistence/sql/migrations/sql/20241029102200000001_self_service.mysql.up.sql", "content": "CREATE INDEX selfservice_login_flows_nid_idx ON selfservice_login_flows (nid ASC);\nDROP INDEX selfservice_login_flows_nid_id_idx ON selfservice_login_flows;\nDROP INDEX selfservice_login_flows_id_nid_idx ON selfservice_login_flows;\n\nCREATE INDEX selfservice_errors_nid_idx ON selfservice_errors (nid ASC);\nDROP INDEX selfservice_errors_errors_nid_id_idx ON selfservice_errors;\n\nCREATE INDEX selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (nid ASC);\nCREATE INDEX selfservice_recovery_flows_recovered_identity_id_idx ON selfservice_recovery_flows (recovered_identity_id ASC);\nDROP INDEX selfservice_recovery_flows_nid_id_idx ON selfservice_recovery_flows;\nDROP INDEX selfservice_recovery_flows_id_nid_idx ON selfservice_recovery_flows;\nDROP INDEX selfservice_recovery_flows_recovered_identity_id_nid_idx ON selfservice_recovery_flows;\n\nCREATE INDEX selfservice_registration_flows_nid_idx ON selfservice_registration_flows (nid ASC);\nDROP INDEX selfservice_registration_flows_nid_id_idx ON selfservice_registration_flows;\nDROP INDEX selfservice_registration_flows_id_nid_idx ON selfservice_registration_flows;\n\nCREATE INDEX selfservice_settings_flows_nid_idx ON selfservice_settings_flows (nid ASC);\nCREATE INDEX selfservice_settings_flows_identity_id_idx ON selfservice_settings_flows (identity_id ASC);\nDROP INDEX selfservice_settings_flows_nid_id_idx ON selfservice_settings_flows;\nDROP INDEX selfservice_settings_flows_id_nid_idx ON selfservice_settings_flows;\nDROP INDEX selfservice_settings_flows_identity_id_nid_idx ON selfservice_settings_flows;\n\nCREATE INDEX selfservice_verification_flows_nid_idx ON selfservice_verification_flows (nid ASC);\nDROP INDEX selfservice_verification_flows_nid_id_idx ON selfservice_verification_flows;\nDROP INDEX selfservice_verification_flows_id_nid_idx ON selfservice_verification_flows;\n" }, { "path": "persistence/sql/migrations/sql/20241029102200000001_self_service.up.sql", "content": "CREATE INDEX IF NOT EXISTS selfservice_login_flows_nid_idx ON selfservice_login_flows (nid ASC);\nDROP INDEX IF EXISTS selfservice_login_flows_nid_id_idx;\nDROP INDEX IF EXISTS selfservice_login_flows_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_errors_nid_idx ON selfservice_errors (nid ASC);\nDROP INDEX IF EXISTS selfservice_errors_errors_nid_id_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_recovery_flows_recovered_identity_id_idx ON selfservice_recovery_flows (recovered_identity_id ASC);\nCREATE INDEX IF NOT EXISTS selfservice_recovery_flows_nid_idx ON selfservice_recovery_flows (nid ASC);\nDROP INDEX IF EXISTS selfservice_recovery_flows_nid_id_idx;\nDROP INDEX IF EXISTS selfservice_recovery_flows_id_nid_idx;\nDROP INDEX IF EXISTS selfservice_recovery_flows_recovered_identity_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_registration_flows_nid_idx ON selfservice_registration_flows (nid ASC);\nDROP INDEX IF EXISTS selfservice_registration_flows_nid_id_idx;\nDROP INDEX IF EXISTS selfservice_registration_flows_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_settings_flows_nid_idx ON selfservice_settings_flows (nid ASC);\nCREATE INDEX IF NOT EXISTS selfservice_settings_flows_identity_id_idx ON selfservice_settings_flows (identity_id ASC);\nDROP INDEX IF EXISTS selfservice_settings_flows_nid_id_idx;\nDROP INDEX IF EXISTS selfservice_settings_flows_id_nid_idx;\nDROP INDEX IF EXISTS selfservice_settings_flows_identity_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS selfservice_verification_flows_nid_idx ON selfservice_verification_flows (nid ASC);\nDROP INDEX IF EXISTS selfservice_verification_flows_nid_id_idx;\nDROP INDEX IF EXISTS selfservice_verification_flows_id_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241029153900000001_identities.autocommit.down.sql", "content": "CREATE INDEX IF NOT EXISTS identities_id_nid_idx ON identities (id ASC, nid ASC);\n\nCREATE INDEX IF NOT EXISTS identity_recovery_addresses_status_via_idx ON identity_recovery_addresses (nid ASC, via ASC, value ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_addresses_nid_identity_id_idx ON identity_recovery_addresses (identity_id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id ASC, nid ASC);\nDROP INDEX IF EXISTS identity_recovery_addresses_identity_id_idx;\n\nCREATE INDEX IF NOT EXISTS identity_verifiable_addresses_status_via_idx ON identity_verifiable_addresses (nid ASC, via ASC, value ASC);\nCREATE INDEX IF NOT EXISTS identity_verifiable_addresses_nid_identity_id_idx ON identity_verifiable_addresses (identity_id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id ASC, nid ASC);\nDROP INDEX IF EXISTS identity_verifiable_addresses_identity_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241029153900000001_identities.autocommit.up.sql", "content": "DROP INDEX IF EXISTS identities_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_recovery_addresses_identity_id_idx ON identity_recovery_addresses(identity_id ASC);\nDROP INDEX IF EXISTS identity_recovery_addresses_status_via_idx;\nDROP INDEX IF EXISTS identity_recovery_addresses_nid_identity_id_idx;\nDROP INDEX IF EXISTS identity_recovery_addresses_nid_id_idx;\nDROP INDEX IF EXISTS identity_recovery_addresses_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_verifiable_addresses_identity_id_idx ON identity_verifiable_addresses (identity_id ASC);\nDROP INDEX IF EXISTS identity_verifiable_addresses_status_via_idx;\nDROP INDEX IF EXISTS identity_verifiable_addresses_nid_identity_id_idx;\nDROP INDEX IF EXISTS identity_verifiable_addresses_nid_id_idx;\nDROP INDEX IF EXISTS identity_verifiable_addresses_id_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241029153900000001_identities.mysql.down.sql", "content": "CREATE INDEX identities_id_nid_idx ON identities (id ASC, nid ASC);\n\nCREATE INDEX identity_recovery_addresses_status_via_idx ON identity_recovery_addresses (nid ASC, via ASC, value ASC);\n-- While this index did not exist in the past, it is needed in MySQL for foreign key relations. We accept\n-- that this index is \"unaccounted\" for if we execute down and then up migrations on MySQL.\nCREATE INDEX identity_recovery_addresses_identity_id_fk_idx ON identity_recovery_addresses (identity_id ASC);\nCREATE INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses (nid ASC, id ASC);\nCREATE INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses (id ASC, nid ASC);\nDROP INDEX identity_recovery_addresses_identity_id_idx ON identity_recovery_addresses;\n\nCREATE INDEX identity_verifiable_addresses_status_via_idx ON identity_verifiable_addresses (nid ASC, via ASC, value ASC);\n-- While this index did not exist in the past, it is needed in MySQL for foreign key relations. We accept\n-- that this index is \"unaccounted\" for if we execute down and then up migrations on MySQL.\nCREATE INDEX identity_verifiable_addresses_identity_id_fk_idx ON identity_verifiable_addresses (identity_id ASC);\nCREATE INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses (nid ASC, id ASC);\nCREATE INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses (id ASC, nid ASC);\nDROP INDEX identity_verifiable_addresses_identity_id_idx ON identity_verifiable_addresses;\n" }, { "path": "persistence/sql/migrations/sql/20241029153900000001_identities.mysql.up.sql", "content": "DROP INDEX identities_id_nid_idx ON identities;\n\nCREATE INDEX identity_recovery_addresses_identity_id_idx ON identity_recovery_addresses (identity_id ASC);\nDROP INDEX identity_recovery_addresses_status_via_idx ON identity_recovery_addresses;\n-- DROP INDEX identity_recovery_addresses_nid_identity_id_idx ON identity_recovery_addresses;\nDROP INDEX identity_recovery_addresses_nid_id_idx ON identity_recovery_addresses;\nDROP INDEX identity_recovery_addresses_id_nid_idx ON identity_recovery_addresses;\n\nCREATE INDEX identity_verifiable_addresses_identity_id_idx ON identity_verifiable_addresses (identity_id ASC);\nDROP INDEX identity_verifiable_addresses_status_via_idx ON identity_verifiable_addresses;\n-- DROP INDEX identity_verifiable_addresses_nid_identity_id_idx ON identity_verifiable_addresses;\nDROP INDEX identity_verifiable_addresses_nid_id_idx ON identity_verifiable_addresses;\nDROP INDEX identity_verifiable_addresses_id_nid_idx ON identity_verifiable_addresses;\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000001_remaining_unused_indices.autocommit.down.sql", "content": "CREATE INDEX IF NOT EXISTS session_devices_id_nid_idx ON session_devices (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS session_devices_session_id_nid_idx ON session_devices (session_id ASC, nid ASC);\nDROP INDEX IF EXISTS session_devices_nid_idx;\nDROP INDEX IF EXISTS session_devices_session_id_idx;\n\nCREATE INDEX IF NOT EXISTS session_token_exchanges_nid_code_idx ON session_token_exchanges (init_code ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS session_token_exchanges_nid_flow_id_idx ON session_token_exchanges (flow_id ASC, nid ASC);\nDROP INDEX IF EXISTS session_token_exchanges_flow_id_nid_init_code_idx;\nDROP INDEX IF EXISTS session_token_exchanges_nid_init_code_idx;\n\nCREATE INDEX IF NOT EXISTS courier_messages_status_idx ON courier_messages (status ASC);\nCREATE INDEX IF NOT EXISTS courier_messages_nid_id_idx ON courier_messages (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS courier_messages_id_nid_idx ON courier_messages (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS courier_messages_nid_created_at_id_idx ON courier_messages (nid ASC, created_at DESC);\nDROP INDEX IF EXISTS courier_messages_status_id_idx;\nDROP INDEX IF EXISTS courier_messages_nid_id_created_at_idx;\n\nCREATE INDEX IF NOT EXISTS continuity_containers_nid_id_idx ON continuity_containers (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS continuity_containers_id_nid_idx ON continuity_containers (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS continuity_containers_identity_id_nid_idx ON continuity_containers (identity_id ASC, nid ASC);\nDROP INDEX IF EXISTS continuity_containers_identity_id_idx;\nDROP INDEX IF EXISTS continuity_containers_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_verification_codes_nid_flow_id_idx ON identity_verification_codes (nid ASC, selfservice_verification_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_verification_codes_id_nid_idx ON identity_verification_codes (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_verification_codes_verifiable_address_nid_idx ON identity_verification_codes (identity_verifiable_address_id ASC, nid ASC);\nDROP INDEX IF EXISTS identity_verification_codes_identity_verifiable_address_id_idx;\nDROP INDEX IF EXISTS identity_verification_codes_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid ASC, token ASC, used ASC, selfservice_verification_flow_id ASC);\nDROP INDEX IF EXISTS identity_verification_tokens_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_registration_codes_nid_flow_id_idx ON identity_registration_codes (nid ASC, selfservice_registration_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_registration_codes_id_nid_idx ON identity_registration_codes (id ASC, nid ASC);\nDROP INDEX IF EXISTS identity_registration_codes_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid ASC, id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid ASC, token ASC, used ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_tokens_identity_id_nid_idx ON identity_recovery_tokens (identity_id ASC, nid ASC);\nDROP INDEX IF EXISTS identity_recovery_tokens_identity_id_idx;\nDROP INDEX IF EXISTS identity_recovery_tokens_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_nid_flow_id_idx ON identity_recovery_codes (nid ASC, selfservice_recovery_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_id_nid_idx ON identity_recovery_codes (id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_identity_id_nid_idx ON identity_recovery_codes (identity_id ASC, nid ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_identity_recovery_address_id_nid_idx ON identity_recovery_codes (identity_recovery_address_id ASC, nid ASC);\nDROP INDEX IF EXISTS identity_recovery_codes_identity_recovery_address_id_idx;\nDROP INDEX IF EXISTS identity_recovery_codes_identity_id_idx;\nDROP INDEX IF EXISTS identity_recovery_codes_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_login_codes_nid_flow_id_idx ON identity_login_codes (nid ASC, selfservice_login_flow_id ASC);\nCREATE INDEX IF NOT EXISTS identity_login_codes_id_nid_idx ON identity_login_codes (id ASC, nid ASC);\nDROP INDEX IF EXISTS identity_login_codes_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000001_remaining_unused_indices.autocommit.up.sql", "content": "CREATE INDEX IF NOT EXISTS session_devices_nid_idx ON session_devices (nid ASC);\nCREATE INDEX IF NOT EXISTS session_devices_session_id_idx ON session_devices (session_id ASC);\nDROP INDEX IF EXISTS session_devices_id_nid_idx;\nDROP INDEX IF EXISTS session_devices_session_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS session_token_exchanges_flow_id_nid_init_code_idx ON session_token_exchanges (flow_id ASC, nid ASC, init_code ASC);\nCREATE INDEX IF NOT EXISTS session_token_exchanges_nid_init_code_idx ON session_token_exchanges (nid ASC, init_code ASC);\nDROP INDEX IF EXISTS session_token_exchanges_nid_code_idx;\nDROP INDEX IF EXISTS session_token_exchanges_nid_flow_id_idx;\n\nCREATE INDEX IF NOT EXISTS courier_messages_status_id_idx ON courier_messages (status ASC, id ASC);\nCREATE INDEX IF NOT EXISTS courier_messages_nid_id_created_at_idx ON courier_messages (nid ASC, id ASC, created_at DESC);\nDROP INDEX IF EXISTS courier_messages_status_idx;\nDROP INDEX IF EXISTS courier_messages_nid_id_idx;\nDROP INDEX IF EXISTS courier_messages_id_nid_idx;\nDROP INDEX IF EXISTS courier_messages_nid_created_at_id_idx;\n\nCREATE INDEX IF NOT EXISTS continuity_containers_identity_id_idx ON continuity_containers (identity_id ASC);\nCREATE INDEX IF NOT EXISTS continuity_containers_nid_idx ON continuity_containers (nid ASC);\nDROP INDEX IF EXISTS continuity_containers_nid_id_idx;\nDROP INDEX IF EXISTS continuity_containers_id_nid_idx;\nDROP INDEX IF EXISTS continuity_containers_identity_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_verification_codes_identity_verifiable_address_id_idx ON identity_verification_codes (identity_verifiable_address_id ASC);\nCREATE INDEX IF NOT EXISTS identity_verification_codes_nid_idx ON identity_verification_codes (nid ASC);\nDROP INDEX IF EXISTS identity_verification_codes_nid_flow_id_idx;\nDROP INDEX IF EXISTS identity_verification_codes_id_nid_idx;\nDROP INDEX IF EXISTS identity_verification_codes_verifiable_address_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_verification_tokens_nid_idx ON identity_verification_tokens (nid ASC);\nDROP INDEX IF EXISTS identity_verification_tokens_nid_id_idx;\nDROP INDEX IF EXISTS identity_verification_tokens_id_nid_idx;\nDROP INDEX IF EXISTS identity_verification_tokens_token_nid_used_flow_id_idx;\n\nCREATE INDEX IF NOT EXISTS identity_registration_codes_nid_idx ON identity_registration_codes (nid ASC);\nDROP INDEX IF EXISTS identity_registration_codes_nid_flow_id_idx;\nDROP INDEX IF EXISTS identity_registration_codes_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_recovery_tokens_identity_id_idx ON identity_recovery_tokens (identity_id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_tokens_nid_idx ON identity_recovery_tokens (nid ASC);\nDROP INDEX IF EXISTS identity_recovery_tokens_nid_id_idx;\nDROP INDEX IF EXISTS identity_recovery_tokens_id_nid_idx;\nDROP INDEX IF EXISTS identity_recovery_tokens_token_nid_used_idx;\nDROP INDEX IF EXISTS identity_recovery_tokens_identity_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_identity_recovery_address_id_idx ON identity_recovery_codes (identity_recovery_address_id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_identity_id_idx ON identity_recovery_codes (identity_id ASC);\nCREATE INDEX IF NOT EXISTS identity_recovery_codes_nid_idx ON identity_recovery_codes (nid ASC);\nDROP INDEX IF EXISTS identity_recovery_codes_nid_flow_id_idx;\nDROP INDEX IF EXISTS identity_recovery_codes_id_nid_idx;\nDROP INDEX IF EXISTS identity_recovery_codes_identity_id_nid_idx;\nDROP INDEX IF EXISTS identity_recovery_codes_identity_recovery_address_id_nid_idx;\n\nCREATE INDEX IF NOT EXISTS identity_login_codes_nid_idx ON identity_login_codes (nid ASC);\nDROP INDEX IF EXISTS identity_login_codes_nid_flow_id_idx;\nDROP INDEX IF EXISTS identity_login_codes_id_nid_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000001_remaining_unused_indices.mysql.down.sql", "content": "CREATE INDEX session_devices_id_nid_idx ON session_devices (nid ASC, id ASC); -- the original index is id, nid - but then we can't drop session_devices_nid_idx\nCREATE INDEX session_devices_session_id_nid_idx ON session_devices (session_id ASC, nid ASC);\nDROP INDEX session_devices_nid_idx ON session_devices;\nDROP INDEX session_devices_session_id_idx ON session_devices;\n\nCREATE INDEX session_token_exchanges_nid_code_idx ON session_token_exchanges (init_code ASC, nid ASC);\nCREATE INDEX session_token_exchanges_nid_flow_id_idx ON session_token_exchanges (flow_id ASC, nid ASC);\nDROP INDEX session_token_exchanges_flow_id_nid_init_code_idx ON session_token_exchanges;\nDROP INDEX session_token_exchanges_nid_init_code_idx ON session_token_exchanges;\n\nCREATE INDEX courier_messages_status_idx ON courier_messages (status ASC);\nCREATE INDEX courier_messages_nid_id_idx ON courier_messages (nid ASC, id ASC);\nCREATE INDEX courier_messages_id_nid_idx ON courier_messages (id ASC, nid ASC);\nCREATE INDEX courier_messages_nid_created_at_id_idx ON courier_messages (nid ASC, created_at DESC);\nDROP INDEX courier_messages_status_id_idx ON courier_messages;\nDROP INDEX courier_messages_nid_id_created_at_idx ON courier_messages;\n\nCREATE INDEX continuity_containers_nid_id_idx ON continuity_containers (nid ASC, id ASC);\nCREATE INDEX continuity_containers_id_nid_idx ON continuity_containers (id ASC, nid ASC);\nCREATE INDEX continuity_containers_identity_id_nid_idx ON continuity_containers (identity_id ASC, nid ASC);\nDROP INDEX continuity_containers_identity_id_idx ON continuity_containers;\nDROP INDEX continuity_containers_nid_idx ON continuity_containers;\n\nCREATE INDEX identity_verification_codes_nid_flow_id_idx ON identity_verification_codes (nid ASC, selfservice_verification_flow_id ASC);\nCREATE INDEX identity_verification_codes_id_nid_idx ON identity_verification_codes (id ASC, nid ASC);\nCREATE INDEX identity_verification_codes_verifiable_address_nid_idx ON identity_verification_codes (identity_verifiable_address_id ASC, nid ASC);\nDROP INDEX identity_verification_codes_verifiable_address_idx ON identity_verification_codes;\nDROP INDEX identity_verification_codes_nid_idx ON identity_verification_codes;\n\nCREATE INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens (nid ASC, id ASC);\nCREATE INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens (id ASC, nid ASC);\nCREATE INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens (nid ASC, token ASC, used ASC, selfservice_verification_flow_id ASC);\nDROP INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens;\n\nCREATE INDEX identity_registration_codes_nid_flow_id_idx ON identity_registration_codes (nid ASC, selfservice_registration_flow_id ASC);\nCREATE INDEX identity_registration_codes_id_nid_idx ON identity_registration_codes (id ASC, nid ASC);\nDROP INDEX identity_registration_codes_nid_idx ON identity_registration_codes;\n\nCREATE INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens (nid ASC, id ASC);\nCREATE INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens (id ASC, nid ASC);\nCREATE INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens (nid ASC, token ASC, used ASC);\nCREATE INDEX identity_recovery_tokens_identity_id_nid_idx ON identity_recovery_tokens (identity_id ASC, nid ASC);\nDROP INDEX identity_recovery_tokens_identity_id_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens;\n\nCREATE INDEX identity_recovery_codes_nid_flow_id_idx ON identity_recovery_codes (nid ASC, selfservice_recovery_flow_id ASC);\nCREATE INDEX identity_recovery_codes_id_nid_idx ON identity_recovery_codes (id ASC, nid ASC);\nCREATE INDEX identity_recovery_codes_identity_id_nid_idx ON identity_recovery_codes (identity_id ASC, nid ASC);\nCREATE INDEX identity_recovery_codes_identity_recovery_address_id_nid_idx ON identity_recovery_codes (identity_recovery_address_id ASC, nid ASC);\nDROP INDEX identity_recovery_codes_address_id_idx ON identity_recovery_codes;\nDROP INDEX identity_recovery_codes_identity_id_idx ON identity_recovery_codes;\nDROP INDEX identity_recovery_codes_nid_idx ON identity_recovery_codes;\n\nCREATE INDEX identity_login_codes_nid_flow_id_idx ON identity_login_codes (nid ASC, selfservice_login_flow_id ASC);\nCREATE INDEX identity_login_codes_id_nid_idx ON identity_login_codes (id ASC, nid ASC);\nDROP INDEX identity_login_codes_nid_idx ON identity_login_codes;\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000001_remaining_unused_indices.mysql.up.sql", "content": "CREATE INDEX session_devices_nid_idx ON session_devices (nid ASC);\nCREATE INDEX session_devices_session_id_idx ON session_devices (session_id ASC);\nDROP INDEX session_devices_id_nid_idx ON session_devices;\nDROP INDEX session_devices_session_id_nid_idx ON session_devices;\n\nCREATE INDEX session_token_exchanges_flow_id_nid_init_code_idx ON session_token_exchanges (flow_id ASC, nid ASC, init_code ASC);\nCREATE INDEX session_token_exchanges_nid_init_code_idx ON session_token_exchanges (nid ASC, init_code ASC);\nDROP INDEX session_token_exchanges_nid_code_idx ON session_token_exchanges;\nDROP INDEX session_token_exchanges_nid_flow_id_idx ON session_token_exchanges;\n\nCREATE INDEX courier_messages_status_id_idx ON courier_messages (status ASC, id ASC);\nCREATE INDEX courier_messages_nid_id_created_at_idx ON courier_messages (nid ASC, id ASC, created_at DESC);\nDROP INDEX courier_messages_status_idx ON courier_messages;\nDROP INDEX courier_messages_nid_id_idx ON courier_messages;\nDROP INDEX courier_messages_id_nid_idx ON courier_messages;\nDROP INDEX courier_messages_nid_created_at_id_idx ON courier_messages;\n\nCREATE INDEX continuity_containers_identity_id_idx ON continuity_containers (identity_id ASC);\nCREATE INDEX continuity_containers_nid_idx ON continuity_containers (nid ASC);\nDROP INDEX continuity_containers_nid_id_idx ON continuity_containers;\nDROP INDEX continuity_containers_id_nid_idx ON continuity_containers;\nDROP INDEX continuity_containers_identity_id_nid_idx ON continuity_containers;\n\nCREATE INDEX identity_verification_codes_verifiable_address_idx ON identity_verification_codes (identity_verifiable_address_id ASC);\nCREATE INDEX identity_verification_codes_nid_idx ON identity_verification_codes (nid ASC);\nDROP INDEX identity_verification_codes_nid_flow_id_idx ON identity_verification_codes;\nDROP INDEX identity_verification_codes_id_nid_idx ON identity_verification_codes;\nDROP INDEX identity_verification_codes_verifiable_address_nid_idx ON identity_verification_codes;\n\nCREATE INDEX identity_verification_tokens_nid_idx ON identity_verification_tokens (nid ASC);\nDROP INDEX identity_verification_tokens_nid_id_idx ON identity_verification_tokens;\nDROP INDEX identity_verification_tokens_id_nid_idx ON identity_verification_tokens;\nDROP INDEX identity_verification_tokens_token_nid_used_flow_id_idx ON identity_verification_tokens;\n\nCREATE INDEX identity_registration_codes_nid_idx ON identity_registration_codes (nid ASC);\nDROP INDEX identity_registration_codes_nid_flow_id_idx ON identity_registration_codes;\nDROP INDEX identity_registration_codes_id_nid_idx ON identity_registration_codes;\n\nCREATE INDEX identity_recovery_tokens_identity_id_idx ON identity_recovery_tokens (identity_id ASC);\nCREATE INDEX identity_recovery_tokens_nid_idx ON identity_recovery_tokens (nid ASC);\nDROP INDEX identity_recovery_tokens_nid_id_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_tokens_id_nid_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_tokens_token_nid_used_idx ON identity_recovery_tokens;\nDROP INDEX identity_recovery_tokens_identity_id_nid_idx ON identity_recovery_tokens;\n\nCREATE INDEX identity_recovery_codes_address_id_idx ON identity_recovery_codes (identity_recovery_address_id ASC);\nCREATE INDEX identity_recovery_codes_identity_id_idx ON identity_recovery_codes (identity_id ASC);\nCREATE INDEX identity_recovery_codes_nid_idx ON identity_recovery_codes (nid ASC);\nDROP INDEX identity_recovery_codes_nid_flow_id_idx ON identity_recovery_codes;\nDROP INDEX identity_recovery_codes_id_nid_idx ON identity_recovery_codes;\nDROP INDEX identity_recovery_codes_identity_id_nid_idx ON identity_recovery_codes;\nDROP INDEX identity_recovery_codes_identity_recovery_address_id_nid_idx ON identity_recovery_codes;\n\nCREATE INDEX identity_login_codes_nid_idx ON identity_login_codes (nid ASC);\nDROP INDEX identity_login_codes_nid_flow_id_idx ON identity_login_codes;\nDROP INDEX identity_login_codes_id_nid_idx ON identity_login_codes;\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000002_foreign_key.autocommit.down.sql", "content": "ALTER TABLE session_token_exchanges DROP CONSTRAINT session_token_exchanges_nid_fk;\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000002_foreign_key.autocommit.up.sql", "content": "ALTER TABLE session_token_exchanges ADD CONSTRAINT session_token_exchanges_nid_fk FOREIGN KEY (nid) REFERENCES networks (id) ON DELETE CASCADE;\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000002_foreign_key.sqlite.down.sql", "content": "-- Step 1: Create a temporary table without the nid column and foreign key constraint\nCREATE TABLE session_token_exchanges_temp\n(\n id TEXT NOT NULL,\n flow_id TEXT NOT NULL,\n session_id TEXT,\n init_code VARCHAR(64) NOT NULL,\n return_to_code VARCHAR(64) NOT NULL,\n created_at TIMESTAMP NOT NULL,\n updated_at TIMESTAMP NOT NULL,\n PRIMARY KEY (id)\n);\n\n-- Step 2: Copy data from the original table to the temporary table (excluding the nid column)\nINSERT INTO session_token_exchanges_temp (id, flow_id, session_id, init_code, return_to_code, created_at, updated_at)\nSELECT id, flow_id, session_id, init_code, return_to_code, created_at, updated_at\nFROM session_token_exchanges;\n\n-- Step 3: Drop the original table\nDROP TABLE session_token_exchanges;\n\n-- Step 4: Rename the temporary table to the original table name\nALTER TABLE session_token_exchanges_temp RENAME TO session_token_exchanges;\n\n-- Step 5: Recreate indexes as needed (excluding nid)\nCREATE INDEX session_token_exchanges_nid_code_idx ON session_token_exchanges (init_code);\nCREATE INDEX session_token_exchanges_nid_flow_id_idx ON session_token_exchanges (flow_id);\n" }, { "path": "persistence/sql/migrations/sql/20241031094100000002_foreign_key.sqlite.up.sql", "content": "-- Step 1: Create a temporary table with the new column and foreign key constraint\nCREATE TABLE session_token_exchanges_temp\n(\n id TEXT NOT NULL,\n nid TEXT NOT NULL,\n flow_id TEXT NOT NULL,\n session_id TEXT,\n init_code VARCHAR(64) NOT NULL,\n return_to_code VARCHAR(64) NOT NULL,\n created_at TIMESTAMP NOT NULL,\n updated_at TIMESTAMP NOT NULL,\n PRIMARY KEY (id),\n FOREIGN KEY (nid) REFERENCES networks (id) ON DELETE CASCADE\n);\n\n-- Step 2: Copy data from the original table to the temporary table\nINSERT INTO session_token_exchanges_temp (id, nid, flow_id, session_id, init_code, return_to_code, created_at,\n updated_at)\nSELECT id,\n nid,\n flow_id,\n session_id,\n init_code,\n return_to_code,\n created_at,\n updated_at\nFROM session_token_exchanges;\n\n-- Step 3: Drop the original table\nDROP TABLE session_token_exchanges;\n\n-- Step 4: Rename the temporary table to the original table name\nALTER TABLE session_token_exchanges_temp RENAME TO session_token_exchanges;\n\n-- Step 5: Recreate indexes as needed\nCREATE INDEX session_token_exchanges_nid_code_idx ON session_token_exchanges (init_code, nid);\nCREATE INDEX session_token_exchanges_nid_flow_id_idx ON session_token_exchanges (flow_id, nid);\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000001_identities.autocommit.down.sql", "content": "DROP INDEX IF EXISTS identity_credential_identifiers_nid_ici_i_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000001_identities.autocommit.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_ici_i_idx\n ON identity_credential_identifiers (nid ASC, identity_credential_id ASC, identifier ASC);\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000001_identities.mysql.down.sql", "content": "DROP INDEX identity_credential_identifiers_nid_ici_i_idx ON identity_credential_identifiers;\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000001_identities.mysql.up.sql", "content": "CREATE INDEX identity_credential_identifiers_nid_ici_i_idx\n ON identity_credential_identifiers (nid ASC, identity_credential_id ASC, identifier ASC);\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000002_identities.autocommit.down.sql", "content": "\nDROP INDEX IF EXISTS identity_credential_identifiers_ici_nid_i_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000002_identities.autocommit.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_ici_nid_i_idx\n ON identity_credential_identifiers (identity_credential_id ASC, nid ASC, identifier ASC);\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000002_identities.mysql.down.sql", "content": "DROP INDEX identity_credential_identifiers_ici_nid_i_idx ON identity_credential_identifiers;\n" }, { "path": "persistence/sql/migrations/sql/20241106142200000002_identities.mysql.up.sql", "content": "CREATE INDEX identity_credential_identifiers_ici_nid_i_idx\n ON identity_credential_identifiers (identity_credential_id ASC, nid ASC, identifier ASC);\n" }, { "path": "persistence/sql/migrations/sql/20241108105000000001_index_cleanup.autocommit.down.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_nid_ici_i_idx\n ON identity_credential_identifiers (nid ASC, identity_credential_id ASC, identifier ASC);\n\nCREATE INDEX IF NOT EXISTS identity_credential_identifiers_identity_credential_id_idx\n ON identity_credential_identifiers (identity_credential_id ASC);\n" }, { "path": "persistence/sql/migrations/sql/20241108105000000001_index_cleanup.autocommit.up.sql", "content": "-- This index is replaced by identity_credential_identifiers_ici_nid_i_idx (included in the previous OEL release)\nDROP INDEX IF EXISTS identity_credential_identifiers_nid_ici_i_idx;\n\n-- This index is replaced by identity_credential_identifiers_ici_nid_i_idx (included in the previous OEL release)\nDROP INDEX IF EXISTS identity_credential_identifiers_identity_credential_id_idx;\n" }, { "path": "persistence/sql/migrations/sql/20241108105000000001_index_cleanup.mysql.down.sql", "content": "CREATE INDEX identity_credential_identifiers_nid_ici_i_idx\n ON identity_credential_identifiers (nid ASC, identity_credential_id ASC, identifier ASC);\n\nCREATE INDEX identity_credential_identifiers_identity_credential_id_idx\n ON identity_credential_identifiers (identity_credential_id ASC);\n" }, { "path": "persistence/sql/migrations/sql/20241108105000000001_index_cleanup.mysql.up.sql", "content": "-- This index is replaced by identity_credential_identifiers_ici_nid_i_idx (included in the previous OEL release)\nDROP INDEX identity_credential_identifiers_nid_ici_i_idx ON identity_credential_identifiers;\n\n-- This index is replaced by identity_credential_identifiers_ici_nid_i_idx (included in the previous OEL release)\nDROP INDEX identity_credential_identifiers_identity_credential_id_idx ON identity_credential_identifiers;\n" }, { "path": "persistence/sql/migrations/sql/20241203105600000000_saml_credential_type.down.sql", "content": "DELETE FROM identity_credential_types WHERE name = 'saml';" }, { "path": "persistence/sql/migrations/sql/20241203105600000000_saml_credential_type.up.sql", "content": "INSERT INTO identity_credential_types (id, name)\nSELECT '7bddcf6c-f50e-4a18-9b0f-429114c33419', 'saml'\n WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'saml');" }, { "path": "persistence/sql/migrations/sql/20250505150900000000_code_address_type.autocommit.down.sql", "content": "ALTER TABLE identity_login_codes ALTER COLUMN address_type TYPE CHAR(36);\nALTER TABLE identity_registration_codes ALTER COLUMN address_type TYPE CHAR(36);\n" }, { "path": "persistence/sql/migrations/sql/20250505150900000000_code_address_type.autocommit.up.sql", "content": "ALTER TABLE identity_login_codes ALTER COLUMN address_type TYPE VARCHAR(36);\nALTER TABLE identity_registration_codes ALTER COLUMN address_type TYPE VARCHAR(36);\n" }, { "path": "persistence/sql/migrations/sql/20250505150900000000_code_address_type.mysql.down.sql", "content": "ALTER TABLE identity_login_codes MODIFY address_type CHAR(36);\nALTER TABLE identity_registration_codes MODIFY address_type CHAR(36);\n" }, { "path": "persistence/sql/migrations/sql/20250505150900000000_code_address_type.mysql.up.sql", "content": "ALTER TABLE identity_login_codes MODIFY address_type VARCHAR(36);\nALTER TABLE identity_registration_codes MODIFY address_type VARCHAR(36);\n" }, { "path": "persistence/sql/migrations/sql/20250505150900000000_code_address_type.sqlite.down.sql", "content": "ALTER TABLE identity_login_codes ADD COLUMN address_type_old CHAR(36);\nUPDATE identity_login_codes SET address_type_old = address_type;\nALTER TABLE identity_login_codes DROP COLUMN address_type;\nALTER TABLE identity_login_codes RENAME COLUMN address_type_old TO address_type;\n\nALTER TABLE identity_registration_codes ADD COLUMN address_type_old CHAR(36);\nUPDATE identity_registration_codes SET address_type_old = address_type;\nALTER TABLE identity_registration_codes DROP COLUMN address_type;\nALTER TABLE identity_registration_codes RENAME COLUMN address_type_old TO address_type;\n" }, { "path": "persistence/sql/migrations/sql/20250505150900000000_code_address_type.sqlite.up.sql", "content": "ALTER TABLE identity_login_codes ADD COLUMN address_type_old VARCHAR(36);\nUPDATE identity_login_codes SET address_type_old = address_type;\nALTER TABLE identity_login_codes DROP COLUMN address_type;\nALTER TABLE identity_login_codes RENAME COLUMN address_type_old TO address_type;\n\nALTER TABLE identity_registration_codes ADD COLUMN address_type_old VARCHAR(36);\nUPDATE identity_registration_codes SET address_type_old = address_type;\nALTER TABLE identity_registration_codes DROP COLUMN address_type;\nALTER TABLE identity_registration_codes RENAME COLUMN address_type_old TO address_type;\n" }, { "path": "persistence/sql/migrations/sql/20250708190000000000_identities_external_id.autocommit.down.sql", "content": "ALTER TABLE identities DROP COLUMN external_id;" }, { "path": "persistence/sql/migrations/sql/20250708190000000000_identities_external_id.autocommit.up.sql", "content": "ALTER TABLE identities ADD COLUMN external_id VARCHAR(64) NULL CHECK (external_id IS NULL OR external_id != '');" }, { "path": "persistence/sql/migrations/sql/20250708190000000000_identities_external_id.cockroach.autocommit.down.sql", "content": "ALTER TABLE identities DROP COLUMN IF EXISTS external_id;" }, { "path": "persistence/sql/migrations/sql/20250708190000000000_identities_external_id.cockroach.autocommit.up.sql", "content": "ALTER TABLE identities ADD COLUMN IF NOT EXISTS external_id VARCHAR(64) NULL CHECK (external_id IS NULL OR external_id != '');" }, { "path": "persistence/sql/migrations/sql/20250708190000000001_identities_external_id_index.cockroach.autocommit.up.sql", "content": "CREATE UNIQUE INDEX IF NOT EXISTS identities_nid_external_id_idx\n ON identities (external_id, nid) USING HASH WHERE external_id IS NOT NULL AND external_id != '';" }, { "path": "persistence/sql/migrations/sql/20250708190000000001_identities_external_id_index.down.sql", "content": "DROP INDEX IF EXISTS identities_nid_external_id_idx;" }, { "path": "persistence/sql/migrations/sql/20250708190000000001_identities_external_id_index.mysql.down.sql", "content": "DROP INDEX identities_nid_external_id_idx ON identities;" }, { "path": "persistence/sql/migrations/sql/20250708190000000001_identities_external_id_index.mysql.up.sql", "content": "CREATE UNIQUE INDEX identities_nid_external_id_idx\n ON identities (nid, external_id);" }, { "path": "persistence/sql/migrations/sql/20250708190000000001_identities_external_id_index.up.sql", "content": "CREATE UNIQUE INDEX IF NOT EXISTS identities_nid_external_id_idx\n ON identities (nid, external_id) WHERE external_id IS NOT NULL;" }, { "path": "persistence/sql/migrations/sql/20250710085000000000_add_schema_id.cockroach.autocommit.down.sql", "content": "ALTER TABLE selfservice_login_flows DROP COLUMN IF EXISTS identity_schema_id;\nALTER TABLE selfservice_registration_flows DROP COLUMN IF EXISTS identity_schema_id;" }, { "path": "persistence/sql/migrations/sql/20250710085000000000_add_schema_id.cockroach.autocommit.up.sql", "content": "ALTER TABLE selfservice_login_flows ADD COLUMN IF NOT EXISTS identity_schema_id VARCHAR(128) NULL;\nALTER TABLE selfservice_registration_flows ADD COLUMN IF NOT EXISTS identity_schema_id VARCHAR(128) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20250710085000000000_add_schema_id.down.sql", "content": "ALTER TABLE selfservice_login_flows DROP COLUMN identity_schema_id;\nALTER TABLE selfservice_registration_flows DROP COLUMN identity_schema_id;" }, { "path": "persistence/sql/migrations/sql/20250710085000000000_add_schema_id.up.sql", "content": "ALTER TABLE selfservice_login_flows ADD COLUMN identity_schema_id VARCHAR(128) NULL;\nALTER TABLE selfservice_registration_flows ADD COLUMN identity_schema_id VARCHAR(128) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.down.sql", "content": "ALTER TABLE identity_credential_identifiers DROP COLUMN identity_id;\nALTER TABLE session_devices DROP COLUMN identity_id;\n" }, { "path": "persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers ADD COLUMN identity_id char(36) NULL;\nALTER TABLE session_devices ADD COLUMN identity_id char(36) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.sqlite.down.sql", "content": "-- For SQLite, we do all operations in a single migration for simplicity.\n\nCREATE TABLE \"_identity_credential_identifiers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\n\"identity_credential_type_id\" char(36) NOT NULL,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE\n);\n\nINSERT INTO _identity_credential_identifiers_tmp (id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id)\n SELECT id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id\n FROM identity_credential_identifiers;\n\nDROP TABLE identity_credential_identifiers;\nALTER TABLE \"_identity_credential_identifiers_tmp\" RENAME TO \"identity_credential_identifiers\";\n\n\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_type_uq_idx\" ON \"identity_credential_identifiers\" (nid, identity_credential_type_id, identifier);\nCREATE INDEX identity_credential_identifiers_nid_i_ici_idx ON \"identity_credential_identifiers\" (nid, identifier, identity_credential_id);\nCREATE INDEX identity_credential_identifiers_ici_nid_i_idx ON \"identity_credential_identifiers\" (identity_credential_id ASC, nid ASC, identifier ASC);\n\n\nCREATE TABLE IF NOT EXISTS \"_session_devices_tmp\"\n(\n \"id\" UUID PRIMARY KEY NOT NULL,\n \"ip_address\" VARCHAR(50) DEFAULT '',\n \"user_agent\" VARCHAR(512) DEFAULT '',\n \"location\" VARCHAR(512) DEFAULT '',\n \"nid\" UUID NOT NULL,\n \"session_id\" UUID NOT NULL,\n \"created_at\" timestamp NOT NULL,\n \"updated_at\" timestamp NOT NULL,\n CONSTRAINT \"session_metadata_sessions_id_fk\" FOREIGN KEY (\"session_id\") REFERENCES \"sessions\" (\"id\") ON DELETE cascade,\n CONSTRAINT \"session_metadata_nid_fk\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON DELETE cascade,\n CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)\n);\n\nINSERT INTO \"_session_devices_tmp\" (id, ip_address, user_agent, location, nid, session_id, created_at, updated_at)\n SELECT id, ip_address, user_agent, location, nid, session_id, created_at, updated_at\n FROM session_devices;\n\nDROP TABLE session_devices;\nALTER TABLE \"_session_devices_tmp\" RENAME TO \"session_devices\";\n\nCREATE INDEX session_devices_nid_idx ON session_devices (nid ASC);\nCREATE INDEX session_devices_session_id_idx ON session_devices (session_id ASC);\n" }, { "path": "persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.sqlite.up.sql", "content": "-- For SQLite, we do all operations in a single migration for simplicity.\n\nCREATE TABLE IF NOT EXISTS \"_identity_credential_identifiers_tmp\" (\n\"id\" TEXT PRIMARY KEY,\n\"identifier\" TEXT NOT NULL,\n\"identity_credential_id\" char(36) NOT NULL,\n\"created_at\" DATETIME NOT NULL,\n\"updated_at\" DATETIME NOT NULL,\n\"nid\" char(36),\n\"identity_credential_type_id\" char(36) NOT NULL,\n\"identity_id\" char(36) NOT NULL,\nFOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE,\nFOREIGN KEY (nid) REFERENCES networks (id) ON UPDATE RESTRICT ON DELETE CASCADE,\nFOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE RESTRICT ON DELETE CASCADE,\nFOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON UPDATE RESTRICT ON DELETE CASCADE\n);\n\n\nINSERT INTO _identity_credential_identifiers_tmp (id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id, identity_id)\n SELECT ici.id, ici.identifier, ici.identity_credential_id, ici.created_at, ici.updated_at, ici.nid, ici.identity_credential_type_id, ic.identity_id\n FROM identity_credential_identifiers ici\n INNER JOIN identity_credentials ic ON ici.identity_credential_id = ic.id AND ici.nid = ic.nid;\n\nDROP TABLE identity_credential_identifiers;\nALTER TABLE \"_identity_credential_identifiers_tmp\" RENAME TO \"identity_credential_identifiers\";\n\nCREATE UNIQUE INDEX \"identity_credential_identifiers_identifier_nid_type_uq_idx\" ON \"identity_credential_identifiers\" (nid, identity_credential_type_id, identifier);\nCREATE INDEX identity_credential_identifiers_nid_i_ici_idx ON \"identity_credential_identifiers\" (nid, identifier, identity_credential_id);\nCREATE INDEX identity_credential_identifiers_ici_nid_i_idx ON \"identity_credential_identifiers\" (identity_credential_id ASC, nid ASC, identifier ASC);\n\n\nCREATE TABLE IF NOT EXISTS \"_session_devices_tmp\"\n(\n \"id\" UUID PRIMARY KEY NOT NULL,\n \"identity_id\" UUID NOT NULL,\n \"ip_address\" VARCHAR(50) DEFAULT '',\n \"user_agent\" VARCHAR(512) DEFAULT '',\n \"location\" VARCHAR(512) DEFAULT '',\n \"nid\" UUID NOT NULL,\n \"session_id\" UUID NOT NULL,\n \"created_at\" timestamp NOT NULL,\n \"updated_at\" timestamp NOT NULL,\n CONSTRAINT \"session_metadata_sessions_id_fk\" FOREIGN KEY (\"session_id\") REFERENCES \"sessions\" (\"id\") ON DELETE cascade,\n CONSTRAINT \"session_metadata_nid_fk\" FOREIGN KEY (\"nid\") REFERENCES \"networks\" (\"id\") ON DELETE cascade,\n CONSTRAINT \"session_devices_identity_id_fk\" FOREIGN KEY (\"identity_id\") REFERENCES \"identities\" (\"id\") ON DELETE cascade,\n CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)\n);\n\nINSERT INTO \"_session_devices_tmp\" (id, identity_id, ip_address, user_agent, location, nid, session_id, created_at, updated_at)\n SELECT sd.id, s.identity_id, sd.ip_address, sd.user_agent, sd.location, sd.nid, sd.session_id, sd.created_at, sd.updated_at\n FROM session_devices sd JOIN sessions s ON sd.session_id = s.id;\n\nDROP TABLE session_devices;\nALTER TABLE \"_session_devices_tmp\" RENAME TO \"session_devices\";\n\nCREATE INDEX session_devices_nid_idx ON session_devices (nid ASC);\nCREATE INDEX session_devices_session_id_idx ON session_devices (session_id ASC);\n" }, { "path": "persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.up.sql", "content": "ALTER TABLE identity_credential_identifiers ADD COLUMN identity_id UUID NULL;\nALTER TABLE session_devices ADD COLUMN identity_id UUID NULL;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000003_identity_id_not_null_fks.cockroach.up.sql", "content": "ALTER TABLE identity_credential_identifiers\n ALTER identity_id SET NOT NULL,\n ADD CONSTRAINT IF NOT EXISTS \"identity_credential_identifiers_identities_id_fk\" FOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE;\n\n\nALTER TABLE session_devices\n ALTER identity_id SET NOT NULL,\n ADD CONSTRAINT IF NOT EXISTS \"session_devices_identities_id_fk\" FOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000003_identity_id_not_null_fks.down.sql", "content": "ALTER TABLE identity_credential_identifiers\n DROP CONSTRAINT identity_credential_identifiers_identities_id_fk,\n ALTER identity_id DROP NOT NULL;\n\nALTER TABLE session_devices\n DROP CONSTRAINT session_devices_identities_id_fk,\n ALTER identity_id DROP NOT NULL;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000003_identity_id_not_null_fks.mysql.down.sql", "content": "ALTER TABLE identity_credential_identifiers\n DROP CONSTRAINT `identity_credential_identifiers_identity_id_fk`,\n MODIFY identity_id char(36) NULL;\n\nALTER TABLE session_devices\n DROP CONSTRAINT `session_devices_identity_id_fk`,\n MODIFY identity_id char(36) NULL;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000003_identity_id_not_null_fks.mysql.up.sql", "content": "ALTER TABLE identity_credential_identifiers\n MODIFY identity_id char(36) NOT NULL,\n ADD CONSTRAINT `identity_credential_identifiers_identity_id_fk` FOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE;\n\nALTER TABLE session_devices\n MODIFY identity_id char(36) NOT NULL,\n ADD CONSTRAINT `session_devices_identity_id_fk` FOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000003_identity_id_not_null_fks.postgres.up.sql", "content": "ALTER TABLE identity_credential_identifiers\n ALTER identity_id SET NOT NULL,\n ADD CONSTRAINT \"identity_credential_identifiers_identities_id_fk\" FOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE;\n\n\nALTER TABLE session_devices\n ALTER identity_id SET NOT NULL,\n ADD CONSTRAINT \"session_devices_identities_id_fk\" FOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000003_identity_id_not_null_fks.sqlite.down.sql", "content": "-- Nothing, all done in 20251104000000000000_identifiers_devices_identity_id.sqlite.down.sql\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000003_identity_id_not_null_fks.sqlite.up.sql", "content": "-- Nothing, all done in 20251104000000000000_identifiers_devices_identity_id.sqlite.up.sql\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.cockroach.down.sql", "content": "DROP INDEX IF EXISTS identity_credential_identifiers@identity_credential_identifiers_identities_id_fk_idx; \nDROP INDEX IF EXISTS session_devices@session_devices_identities_id_fk_idx;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.cockroach.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_identities_id_fk_idx ON identity_credential_identifiers (identity_id);\nCREATE INDEX IF NOT EXISTS session_devices_identities_id_fk_idx ON session_devices (identity_id);\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.mysql.down.sql", "content": "-- Cannot drop index '...': needed in a foreign key constraint\n\n-- DROP INDEX identity_credential_identifiers_identity_id_fk_idx ON identity_credential_identifiers;\n-- DROP INDEX session_devices_identity_id_fk_idx ON session_devices;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.mysql.up.sql", "content": "CREATE INDEX identity_credential_identifiers_identity_id_fk_idx ON identity_credential_identifiers (identity_id);\nCREATE INDEX session_devices_identity_id_fk_idx ON session_devices (identity_id);\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.postgres.down.sql", "content": "DROP INDEX IF EXISTS identity_credential_identifiers_identities_id_fk_idx; \nDROP INDEX IF EXISTS session_devices_identities_id_fk_idx;\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.postgres.up.sql", "content": "CREATE INDEX IF NOT EXISTS identity_credential_identifiers_identities_id_fk_idx ON identity_credential_identifiers (identity_id);\nCREATE INDEX IF NOT EXISTS session_devices_identities_id_fk_idx ON session_devices (identity_id);\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.sqlite.down.sql", "content": "-- Nothing, all done in 20251104000000000000_identifiers_devices_identity_id.sqlite.down.sql\n" }, { "path": "persistence/sql/migrations/sql/20251105000000000004_identity_id_not_null_fks.sqlite.up.sql", "content": "-- Nothing, all done in 20251104000000000000_identifiers_devices_identity_id.sqlite.up.sql\n" }, { "path": "persistence/sql/migrations/sql/20251215000000000000_courier_messages_add_request_headers.down.sql", "content": "ALTER TABLE courier_messages DROP COLUMN IF EXISTS request_headers;" }, { "path": "persistence/sql/migrations/sql/20251215000000000000_courier_messages_add_request_headers.mysql.down.sql", "content": "ALTER TABLE courier_messages DROP COLUMN request_headers;" }, { "path": "persistence/sql/migrations/sql/20251215000000000000_courier_messages_add_request_headers.mysql.up.sql", "content": "ALTER TABLE courier_messages\n ADD COLUMN request_headers JSON;" }, { "path": "persistence/sql/migrations/sql/20251215000000000000_courier_messages_add_request_headers.sqlite.down.sql", "content": "ALTER TABLE courier_messages DROP COLUMN request_headers;" }, { "path": "persistence/sql/migrations/sql/20251215000000000000_courier_messages_add_request_headers.sqlite.up.sql", "content": "ALTER TABLE courier_messages\n ADD COLUMN request_headers JSONB;" }, { "path": "persistence/sql/migrations/sql/20251215000000000000_courier_messages_add_request_headers.up.sql", "content": "ALTER TABLE courier_messages\n ADD COLUMN IF NOT EXISTS request_headers JSONB;" }, { "path": "persistence/sql/migrations/sql/20260114175904000000_drop_identity_credentials_nid_idx.down.sql", "content": "CREATE INDEX identity_credentials_nid_idx ON identity_credentials (nid);\n" }, { "path": "persistence/sql/migrations/sql/20260114175904000000_drop_identity_credentials_nid_idx.mysql.down.sql", "content": "-- CREATE INDEX identity_credentials_nid_idx ON identity_credentials (nid);\n-- didn't actually drop it in the up migration because \"needed in a foreign key constraint\"\n" }, { "path": "persistence/sql/migrations/sql/20260114175904000000_drop_identity_credentials_nid_idx.mysql.up.sql", "content": "-- DROP INDEX identity_credentials_nid_idx ON identity_credentials;\n-- can't drop because \"needed in a foreign key constraint\"\n" }, { "path": "persistence/sql/migrations/sql/20260114175904000000_drop_identity_credentials_nid_idx.up.sql", "content": "DROP INDEX IF EXISTS identity_credentials_nid_idx;\n" }, { "path": "persistence/sql/persister.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"embed\"\n\t\"io/fs\"\n\t\"slices\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/sirupsen/logrus\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence\"\n\t\"github.com/ory/kratos/persistence/sql/devices\"\n\tidpersistence \"github.com/ory/kratos/persistence/sql/identity\"\n\tgomigrations \"github.com/ory/kratos/persistence/sql/migrations/go\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/fsx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/networkx\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/popx\"\n)\n\nvar _ persistence.Persister = new(Persister)\n\n//go:embed migrations/sql/*.sql\nvar Migrations embed.FS\n\ntype (\n\tpersisterDependencies interface {\n\t\tlogrusx.Provider\n\t\tconfig.Provider\n\t\tcontextx.Provider\n\t\totelx.Provider\n\t\tschema.IdentitySchemaProvider\n\t\tidentity.ValidationProvider\n\t}\n\tPersister struct {\n\t\tnid uuid.UUID\n\t\tc *pop.Connection\n\t\tmb *popx.MigrationBox\n\t\tmbs popx.MigrationStatuses\n\t\tr persisterDependencies\n\n\t\tidentity.PrivilegedPool\n\t\tsession.DevicePersister\n\t}\n)\n\ntype options struct {\n\textraMigrations []fs.FS\n\textraGoMigrations popx.Migrations\n\tdisableLogging bool\n}\n\ntype Option = func(o *options)\n\nfunc WithExtraMigrations(fss ...fs.FS) Option {\n\treturn func(o *options) {\n\t\to.extraMigrations = fss\n\t}\n}\n\nfunc WithExtraGoMigrations(ms ...popx.Migration) Option {\n\treturn func(o *options) {\n\t\to.extraGoMigrations = ms\n\t}\n}\n\nfunc WithDisabledLogging(v bool) Option {\n\treturn func(o *options) {\n\t\to.disableLogging = v\n\t}\n}\n\nfunc NewPersister(r persisterDependencies, c *pop.Connection, opts ...Option) (*Persister, error) {\n\to := &options{}\n\tfor _, f := range opts {\n\t\tf(o)\n\t}\n\tlogger := r.Logger()\n\tif o.disableLogging {\n\t\tlogger.Logrus().SetLevel(logrus.WarnLevel)\n\t}\n\tm, err := popx.NewMigrationBox(\n\t\tfsx.Merge(append([]fs.FS{Migrations, networkx.Migrations}, o.extraMigrations...)...),\n\t\tc, logger,\n\t\tpopx.WithGoMigrations(slices.Concat(gomigrations.All, o.extraGoMigrations)),\n\t)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Persister{\n\t\tc: c,\n\t\tmb: m,\n\t\tr: r,\n\t\tPrivilegedPool: idpersistence.NewPersister(r, c),\n\t\tDevicePersister: devices.NewPersister(r, c),\n\t}, nil\n}\n\nfunc (p *Persister) NetworkID(ctx context.Context) uuid.UUID {\n\treturn p.r.Contextualizer().Network(ctx, p.nid)\n}\n\nfunc (p Persister) WithNetworkID(nid uuid.UUID) persistence.Persister {\n\tp.nid = nid\n\tif pp, ok := p.PrivilegedPool.(interface {\n\t\tWithNetworkID(uuid.UUID) identity.PrivilegedPool\n\t}); ok {\n\t\tp.PrivilegedPool = pp.WithNetworkID(nid)\n\t}\n\tif dp, ok := p.DevicePersister.(interface {\n\t\tWithNetworkID(uuid.UUID) session.DevicePersister\n\t}); ok {\n\t\tp.DevicePersister = dp.WithNetworkID(nid)\n\t}\n\treturn &p\n}\n\nfunc (p *Persister) DetermineNetwork(ctx context.Context) (*networkx.Network, error) {\n\treturn networkx.Determine(p.Connection(ctx))\n}\n\nfunc (p *Persister) Connection(ctx context.Context) *pop.Connection {\n\treturn p.c.WithContext(ctx)\n}\n\nfunc (p *Persister) MigrationStatus(ctx context.Context) (_ popx.MigrationStatuses, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.MigrationStatus\")\n\tdefer otelx.End(span, &err)\n\n\tif p.mbs != nil {\n\t\treturn p.mbs, nil\n\t}\n\n\tstatus, err := p.mb.Status(ctx)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(err)\n\t}\n\n\tif !status.HasPending() {\n\t\tp.mbs = status\n\t}\n\n\treturn status, nil\n}\n\nfunc (p *Persister) MigrateDown(ctx context.Context, steps int) error {\n\treturn p.mb.Down(ctx, steps)\n}\n\nfunc (p *Persister) MigrateUp(ctx context.Context) error {\n\treturn p.mb.Up(ctx)\n}\n\nfunc (p *Persister) MigrationBox() *popx.MigrationBox {\n\treturn p.mb\n}\n\nfunc (p *Persister) Close(ctx context.Context) error {\n\treturn errors.WithStack(p.GetConnection(ctx).Close())\n}\n\nfunc (p *Persister) Ping(ctx context.Context) error {\n\treturn errors.WithStack(p.c.Store.SQLDB().PingContext(ctx))\n}\n\nfunc (p *Persister) CleanupDatabase(ctx context.Context, wait time.Duration, older time.Duration, batchSize int) error {\n\tcurrentTime := time.Now().Add(-older)\n\tp.r.Logger().Printf(\"Cleaning up records older than %s\\n\", currentTime)\n\n\tp.r.Logger().Println(\"Cleaning up expired sessions\")\n\tif err := p.DeleteExpiredSessions(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Cleaning up expired continuity containers\")\n\tif err := p.DeleteExpiredContinuitySessions(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Cleaning up expired login flows\")\n\tif err := p.DeleteExpiredLoginFlows(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Cleaning up expired recovery flows\")\n\tif err := p.DeleteExpiredRecoveryFlows(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Cleaning up expired registration flows\")\n\tif err := p.DeleteExpiredRegistrationFlows(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Cleaning up expired settings flows\")\n\tif err := p.DeleteExpiredSettingsFlows(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Cleaning up expired verification flows\")\n\tif err := p.DeleteExpiredVerificationFlows(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Cleaning up expired session token exchangers\")\n\tif err := p.DeleteExpiredExchangers(ctx, currentTime, batchSize); err != nil {\n\t\treturn err\n\t}\n\ttime.Sleep(wait)\n\n\tp.r.Logger().Println(\"Successfully cleaned up the latest batch of the SQL database! \" +\n\t\t\"This should be re-run periodically, to be sure that all expired data is purged.\")\n\treturn nil\n}\n" }, { "path": "persistence/sql/persister_cleanup_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/pkg\"\n)\n\nfunc TestPersister_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup\", func(t *testing.T) {\n\t\tassert.Nil(t, p.CleanupDatabase(ctx, 0, 0, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.CleanupDatabase(ctx, 0, 0, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_Continuity_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup continuity sessions\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup continuity sessions\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredContinuitySessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_Login_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup login flows\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup login flows\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredLoginFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_Recovery_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup recovery flows\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup recovery flows\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredRecoveryFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_Registration_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup registration flows\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup registration flows\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredRegistrationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_Session_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup sessions\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup sessions\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredSessions(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_Settings_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup setting flows\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup setting flows\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredSettingsFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_Verification_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup verification flows\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup verification flows\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredVerificationFlows(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n\nfunc TestPersister_SessionTokenExchange_Cleanup(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\tcurrentTime := time.Now()\n\tctx := context.Background()\n\n\tt.Run(\"case=should not throw error on cleanup session token exchangers\", func(t *testing.T) {\n\t\tassert.Nil(t, p.DeleteExpiredExchangers(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n\n\tt.Run(\"case=should throw error on cleanup session token exchangers if DB is closed\", func(t *testing.T) {\n\t\trequire.NoError(t, p.GetConnection(ctx).Close())\n\t\tassert.Error(t, p.DeleteExpiredExchangers(ctx, currentTime, reg.Config().DatabaseCleanupBatchSize(ctx)))\n\t})\n}\n" }, { "path": "persistence/sql/persister_code.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"crypto/subtle\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\ntype oneTimeCodeProvider interface {\n\tGetID() uuid.UUID\n\tValidate() error\n\tTableName(ctx context.Context) string\n\tGetHMACCode() string\n}\n\ntype codeOptions struct {\n\tIdentityID *uuid.UUID\n}\n\ntype codeOption func(o *codeOptions)\n\nfunc withCheckIdentityID(id uuid.UUID) codeOption {\n\treturn func(o *codeOptions) {\n\t\to.IdentityID = &id\n\t}\n}\n\nfunc useOneTimeCode[P any, U interface {\n\t*P\n\toneTimeCodeProvider\n}](ctx context.Context, p *Persister, flowID uuid.UUID, userProvidedCode, flowTableName, foreignKeyName string, opts ...codeOption,\n) (target U, err error) {\n\tmaxSubmissions := p.r.Config().SelfServiceCodeMethodMaxSubmissions(ctx)\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.useOneTimeCode\", trace.WithAttributes(attribute.Int(\"max_submissions\", maxSubmissions)))\n\tdefer otelx.End(span, &err)\n\n\to := new(codeOptions)\n\tfor _, opt := range opts {\n\t\topt(o)\n\t}\n\n\t// Before we do anything else, increment the submit count and check if we're\n\t// being brute-forced. This is a separate statement/transaction to the rest\n\t// of the operations so that it is correct for all transaction isolation\n\t// levels.\n\tsubmitCount, err := incrementOTPCodeSubmitCount(ctx, p, flowID, flowTableName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif submitCount > maxSubmissions {\n\t\treturn nil, errors.WithStack(code.ErrCodeSubmittedTooOften)\n\t}\n\n\tnid := p.NetworkID(ctx)\n\n\tif err := p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\tvar codes []U\n\t\tcodesQuery := tx.Where(fmt.Sprintf(\"nid = ? AND %s = ?\", foreignKeyName), nid, flowID)\n\t\tif o.IdentityID != nil {\n\t\t\tcodesQuery = codesQuery.Where(\"identity_id = ?\", *o.IdentityID)\n\t\t}\n\n\t\tif err := sqlcon.HandleError(codesQuery.All(&codes)); err != nil {\n\t\t\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\t\treturn errors.WithStack(code.ErrCodeNotFound)\n\t\t\t}\n\t\t\treturn err\n\t\t}\n\n\tsecrets:\n\t\tfor _, secret := range p.r.Config().SecretsSession(ctx) {\n\t\t\tsuppliedCode := []byte(hmacValueWithSecret(userProvidedCode, secret))\n\t\t\tfor i := range codes {\n\t\t\t\tc := codes[i]\n\t\t\t\tif subtle.ConstantTimeCompare([]byte(c.GetHMACCode()), suppliedCode) == 0 {\n\t\t\t\t\t// Not the supplied code\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\ttarget = c\n\t\t\t\tbreak secrets\n\t\t\t}\n\t\t}\n\n\t\tif target.Validate() != nil {\n\t\t\t// Return no error, as that would roll back the transaction. We re-validate the code after the transaction.\n\t\t\treturn nil\n\t\t}\n\n\t\t//#nosec G201 -- TableName is static\n\t\treturn tx.RawQuery(fmt.Sprintf(\"UPDATE %s SET used_at = ? WHERE id = ? AND nid = ?\", target.TableName(ctx)), time.Now().UTC(), target.GetID(), nid).Exec()\n\t}); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\tif err := target.Validate(); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn target, nil\n}\n\nfunc incrementOTPCodeSubmitCount(ctx context.Context, p *Persister, flowID uuid.UUID, flowTableName string) (submitCount int, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.incrementOTPCodeSubmitCount\",\n\t\ttrace.WithAttributes(attribute.Stringer(\"flow_id\", flowID), attribute.String(\"flow_table_name\", flowTableName)))\n\tdefer otelx.End(span, &err)\n\tdefer func() {\n\t\tspan.SetAttributes(attribute.Int(\"submit_count\", submitCount))\n\t}()\n\n\tnid := p.NetworkID(ctx)\n\n\t// The branch below is a marginal performance optimization for databases\n\t// supporting RETURNING (one query instead of two). There is no real\n\t// security difference here, but there is an observable difference in\n\t// behavior.\n\t//\n\t// Databases supporting RETURNING will perform the increment+select\n\t// atomically. That means that always exactly 5 attempts will be allowed for\n\t// each flow, no matter how many concurrent attempts are made.\n\t//\n\t// Databases without support for RETURNING (MySQL) will perform the UPDATE\n\t// and SELECT in two queries, which are not atomic. The effect is that there\n\t// will still never be more than 5 attempts for each flow, but there may be\n\t// fewer before we reject. Under normal operation, this is never a problem\n\t// because a human will never submit their code as quickly as would be\n\t// required to trigger this race condition.\n\t//\n\t// In a very strict sense of the word, the MySQL implementation is even more\n\t// secure than the RETURNING implementation. But we're ok either way :)\n\tif p.c.Dialect.Name() == \"mysql\" {\n\t\t//#nosec G201 -- TableName is static\n\t\tqUpdate := fmt.Sprintf(\"UPDATE %s SET submit_count = submit_count + 1 WHERE id = ? AND nid = ?\", flowTableName)\n\t\tif err := p.GetConnection(ctx).RawQuery(qUpdate, flowID, nid).Exec(); err != nil {\n\t\t\treturn 0, sqlcon.HandleError(err)\n\t\t}\n\t\t//#nosec G201 -- TableName is static\n\t\tqSelect := fmt.Sprintf(\"SELECT submit_count FROM %s WHERE id = ? AND nid = ?\", flowTableName)\n\t\terr = sqlcon.HandleError(p.GetConnection(ctx).RawQuery(qSelect, flowID, nid).First(&submitCount))\n\t} else {\n\t\t//#nosec G201 -- TableName is static\n\t\tq := fmt.Sprintf(\"UPDATE %s SET submit_count = submit_count + 1 WHERE id = ? AND nid = ? RETURNING submit_count\", flowTableName)\n\t\terr = sqlcon.HandleError(p.Connection(ctx).RawQuery(q, flowID, nid).First(&submitCount))\n\t}\n\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\treturn 0, errors.WithStack(code.ErrCodeNotFound)\n\t}\n\n\treturn submitCount, err\n}\n" }, { "path": "persistence/sql/persister_continuity.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n\n\t\"github.com/ory/kratos/continuity\"\n)\n\nvar _ continuity.Persister = new(Persister)\n\nfunc (p *Persister) SaveContinuitySession(ctx context.Context, c *continuity.Container) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.SaveContinuitySession\")\n\tdefer otelx.End(span, &err)\n\n\tc.NID = p.NetworkID(ctx)\n\treturn sqlcon.HandleError(p.GetConnection(ctx).Create(c))\n}\n\nfunc (p *Persister) SetContinuitySessionExpiry(ctx context.Context, id uuid.UUID, expiresAt time.Time) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.SetContinuitySessionExpiry\")\n\tdefer otelx.End(span, &err)\n\n\tif rows, err := p.GetConnection(ctx).\n\t\tWhere(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).\n\t\tUpdateQuery(&continuity.Container{\n\t\t\tExpiresAt: expiresAt,\n\t\t}, \"expires_at\"); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t} else if rows == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\n\treturn nil\n}\n\nfunc (p *Persister) GetContinuitySession(ctx context.Context, id uuid.UUID) (_ *continuity.Container, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetContinuitySession\")\n\tdefer otelx.End(span, &err)\n\n\tvar c continuity.Container\n\tif err := p.GetConnection(ctx).Where(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).First(&c); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\treturn &c, nil\n}\n\nfunc (p *Persister) DeleteContinuitySession(ctx context.Context, id uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteContinuitySession\")\n\tdefer otelx.End(span, &err)\n\n\tif count, err := p.GetConnection(ctx).RawQuery(\n\t\t//#nosec G201 -- TableName is static\n\t\tfmt.Sprintf(\"DELETE FROM %s WHERE id=? AND nid=?\",\n\t\t\tcontinuity.Container{}.TableName()), id, p.NetworkID(ctx)).ExecWithCount(); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t} else if count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\treturn nil\n}\n\nfunc (p *Persister) DeleteExpiredContinuitySessions(ctx context.Context, expiresAt time.Time, limit int) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteExpiredContinuitySessions\")\n\tdefer otelx.End(span, &err)\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT ?) AS s)\",\n\t\tcontinuity.Container{}.TableName(),\n\t),\n\t\texpiresAt,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_courier.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"encoding/json\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/courier\"\n\t\"github.com/ory/kratos/persistence/sql/update\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/otelx\"\n\tkeysetpagination \"github.com/ory/x/pagination/keysetpagination_v2\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/uuidx\"\n)\n\nvar _ courier.Persister = new(Persister)\n\nfunc (p *Persister) AddMessage(ctx context.Context, m *courier.Message) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.AddMessage\")\n\tdefer otelx.End(span, &err)\n\n\tm.NID = p.NetworkID(ctx)\n\tm.Status = courier.MessageStatusQueued\n\treturn sqlcon.HandleError(p.GetConnection(ctx).Create(m)) // do not create eager to avoid identity injection.\n}\n\nfunc (p *Persister) ListMessages(ctx context.Context, filter courier.ListCourierMessagesParameters, opts []keysetpagination.Option) (_ []courier.Message, _ *keysetpagination.Paginator, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ListMessages\")\n\tdefer otelx.End(span, &err)\n\n\tq := p.GetConnection(ctx).Where(\"nid=?\", p.NetworkID(ctx))\n\n\tif filter.Status != nil {\n\t\tq = q.Where(\"status=?\", *filter.Status)\n\t}\n\n\tif filter.Recipient != \"\" {\n\t\tq = q.Where(\"recipient=?\", filter.Recipient)\n\t}\n\n\topts = append(opts, keysetpagination.WithDefaultToken(courier.Message{}.DefaultPageToken()))\n\topts = append(opts, keysetpagination.WithDefaultSize(10))\n\tpaginator, err := keysetpagination.NewPaginator(opts...)\n\tif err != nil {\n\t\treturn nil, nil, err\n\t}\n\n\tmessages := make([]courier.Message, paginator.Size())\n\tif err := q.Scope(keysetpagination.Paginate[courier.Message](paginator)).\n\t\tAll(&messages); err != nil {\n\t\treturn nil, nil, sqlcon.HandleError(err)\n\t}\n\n\tmessages, nextPage := keysetpagination.Result(messages, paginator)\n\n\treturn messages, nextPage, nil\n}\n\nfunc (p *Persister) NextMessages(ctx context.Context, limit uint8) (messages []courier.Message, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.NextMessages\")\n\tdefer otelx.End(span, &err)\n\n\tif err := p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\tvar m []courier.Message\n\t\tif err := tx.\n\t\t\tWhere(\"nid = ? AND status = ?\",\n\t\t\t\tp.NetworkID(ctx),\n\t\t\t\tcourier.MessageStatusQueued,\n\t\t\t).\n\t\t\tOrder(\"created_at ASC\").\n\t\t\tLimit(int(limit)).\n\t\t\tAll(&m); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif len(m) == 0 {\n\t\t\treturn sql.ErrNoRows\n\t\t}\n\n\t\tfor i := range m {\n\t\t\tmessage := &m[i]\n\t\t\tmessage.Status = courier.MessageStatusProcessing\n\t\t\tif err := update.Generic(ctx, p.GetConnection(ctx), p.r.Tracer(ctx).Tracer(), message, \"status\"); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\tmessages = m\n\t\treturn nil\n\t}); err != nil {\n\t\tif errors.Cause(err) == sql.ErrNoRows {\n\t\t\treturn nil, errors.WithStack(courier.ErrQueueEmpty)\n\t\t}\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\tif len(messages) == 0 {\n\t\treturn nil, errors.WithStack(courier.ErrQueueEmpty)\n\t}\n\n\treturn messages, nil\n}\n\nfunc (p *Persister) LatestQueuedMessage(ctx context.Context) (_ *courier.Message, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.LatestQueuedMessage\")\n\tdefer otelx.End(span, &err)\n\n\tvar m courier.Message\n\tif err := p.GetConnection(ctx).\n\t\tWhere(\"nid = ? AND status = ?\",\n\t\t\tp.NetworkID(ctx),\n\t\t\tcourier.MessageStatusQueued,\n\t\t).\n\t\tOrder(\"created_at DESC\").\n\t\tFirst(&m); err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, errors.WithStack(courier.ErrQueueEmpty)\n\t\t}\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &m, nil\n}\n\nfunc (p *Persister) SetMessageStatus(ctx context.Context, id uuid.UUID, ms courier.MessageStatus) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.SetMessageStatus\")\n\tdefer otelx.End(span, &err)\n\n\tcount, err := p.GetConnection(ctx).RawQuery(\n\t\t\"UPDATE courier_messages SET status = ? WHERE id = ? AND nid = ?\",\n\t\tms,\n\t\tid,\n\t\tp.NetworkID(ctx),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\n\treturn nil\n}\n\nfunc (p *Persister) IncrementMessageSendCount(ctx context.Context, id uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.IncrementMessageSendCount\")\n\tdefer otelx.End(span, &err)\n\n\tcount, err := p.GetConnection(ctx).RawQuery(\n\t\t\"UPDATE courier_messages SET send_count = send_count + 1 WHERE id = ? AND nid = ?\",\n\t\tid,\n\t\tp.NetworkID(ctx),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\n\treturn nil\n}\n\nfunc (p *Persister) FetchMessage(ctx context.Context, msgID uuid.UUID) (_ *courier.Message, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.FetchMessage\")\n\tdefer otelx.End(span, &err)\n\n\tvar message courier.Message\n\tif err := p.GetConnection(ctx).\n\t\tWhere(\"id = ? AND nid = ?\", msgID, p.NetworkID(ctx)).\n\t\tEager().\n\t\tFirst(&message); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &message, nil\n}\n\nfunc (p *Persister) RecordDispatch(ctx context.Context, msgID uuid.UUID, status courier.CourierMessageDispatchStatus, err error) error {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.RecordDispatch\")\n\tdefer otelx.End(span, &err)\n\n\tdispatch := courier.MessageDispatch{\n\t\tID: uuidx.NewV4(),\n\t\tMessageID: msgID,\n\t\tStatus: status,\n\t\tNID: p.NetworkID(ctx),\n\t}\n\n\tif err != nil {\n\t\t// We use herodot as a carrier for the error's data\n\t\ther := herodot.ToDefaultError(err, \"\")\n\t\tcontent, mErr := json.Marshal(her)\n\t\tif mErr != nil {\n\t\t\treturn errors.WithStack(mErr)\n\t\t}\n\t\tdispatch.Error = content\n\t}\n\n\tif err := p.GetConnection(ctx).Create(&dispatch); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\n\treturn nil\n}\n" }, { "path": "persistence/sql/persister_errorx.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/attribute\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/jsonschema/v3\"\n\t\"github.com/ory/kratos/selfservice/errorx\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nvar _ errorx.Persister = new(Persister)\n\nfunc (p *Persister) CreateErrorContainer(ctx context.Context, csrfToken string, errs error) (containerID uuid.UUID, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateErrorContainer\")\n\tdefer otelx.End(span, &err)\n\n\tmessage, err := encodeSelfServiceErrors(errs)\n\tif err != nil {\n\t\treturn uuid.Nil, err\n\t}\n\n\tc := &errorx.ErrorContainer{\n\t\tID: uuid.Nil,\n\t\tNID: p.NetworkID(ctx),\n\t\tCSRFToken: csrfToken,\n\t\tErrors: message,\n\t\tWasSeen: false,\n\t}\n\n\tif err := p.GetConnection(ctx).Create(c); err != nil {\n\t\treturn uuid.Nil, sqlcon.HandleError(err)\n\t}\n\n\tspan.SetAttributes(attribute.String(\"id\", c.ID.String()))\n\n\treturn c.ID, nil\n}\n\nfunc (p *Persister) ReadErrorContainer(ctx context.Context, id uuid.UUID) (_ *errorx.ErrorContainer, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ReadErrorContainer\")\n\tdefer otelx.End(span, &err)\n\n\tvar ec errorx.ErrorContainer\n\tif err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {\n\t\tif err := c.Where(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).First(&ec); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\n\t\tif err := c.RawQuery(\n\t\t\t\"UPDATE selfservice_errors SET was_seen = true, seen_at = ? WHERE id = ? AND nid = ?\",\n\t\t\ttime.Now().UTC(), id, p.NetworkID(ctx)).Exec(); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\t\treturn nil\n\t}); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &ec, nil\n}\n\nfunc (p *Persister) ClearErrorContainers(ctx context.Context, olderThan time.Duration, force bool) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ClearErrorContainers\")\n\tdefer otelx.End(span, &err)\n\n\tif force {\n\t\terr = p.GetConnection(ctx).RawQuery(\n\t\t\t\"DELETE FROM selfservice_errors WHERE nid = ? AND seen_at < ? AND seen_at IS NOT NULL\",\n\t\t\tp.NetworkID(ctx), time.Now().UTC().Add(-olderThan)).Exec()\n\t} else {\n\t\terr = p.GetConnection(ctx).RawQuery(\n\t\t\t\"DELETE FROM selfservice_errors WHERE nid = ? AND was_seen=true AND seen_at < ? AND seen_at IS NOT NULL\",\n\t\t\tp.NetworkID(ctx), time.Now().UTC().Add(-olderThan)).Exec()\n\t}\n\n\treturn sqlcon.HandleError(err)\n}\n\nfunc encodeSelfServiceErrors(e error) ([]byte, error) {\n\tif e == nil {\n\t\treturn nil, errors.WithStack(herodot.ErrInternalServerError.WithDebug(\"A nil error was passed to the error manager which is most likely a code bug.\"))\n\t}\n\n\tif c := new(herodot.DefaultError); errors.As(e, &c) {\n\t\te = c\n\t} else if c := new(jsonschema.ValidationError); errors.As(e, &c) {\n\t\te = c\n\t} else {\n\t\te = herodot.ToDefaultError(e, \"\")\n\t}\n\n\tenc, err := json.Marshal(e)\n\tif err != nil {\n\t\treturn nil, errors.WithStack(herodot.ErrInternalServerError.WithReason(\"Unable to encode error messages.\").WithDebug(err.Error()))\n\t}\n\n\treturn enc, nil\n}\n" }, { "path": "persistence/sql/persister_hmac.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"crypto/hmac\"\n\t\"crypto/sha512\"\n\t\"fmt\"\n)\n\nfunc (p *Persister) hmacValue(ctx context.Context, value string) string {\n\treturn hmacValueWithSecret(value, p.r.Config().SecretsSession(ctx)[0])\n}\n\nfunc hmacValueWithSecret(value string, secret []byte) string {\n\th := hmac.New(sha512.New512_256, secret)\n\t_, _ = h.Write([]byte(value))\n\treturn fmt.Sprintf(\"%x\", h.Sum(nil))\n}\n" }, { "path": "persistence/sql/persister_hmac_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\t\"github.com/ory/kratos/driver/config\"\n\t\"github.com/ory/kratos/embedx\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/schema\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/configx\"\n\t\"github.com/ory/x/contextx\"\n\t\"github.com/ory/x/logrusx\"\n\t\"github.com/ory/x/otelx\"\n)\n\ntype logRegistryOnly struct {\n\tl *logrusx.Logger\n\tc *config.Config\n}\n\nfunc (l *logRegistryOnly) Config() *config.Config {\n\treturn l.c\n}\n\nfunc (l *logRegistryOnly) Contextualizer() contextx.Contextualizer {\n\t// TODO implement me\n\tpanic(\"implement me\")\n}\n\nfunc (l *logRegistryOnly) Logger() *logrusx.Logger {\n\tif l.l == nil {\n\t\tl.l = logrusx.New(\"kratos\", \"testing\")\n\t}\n\treturn l.l\n}\n\nfunc (l *logRegistryOnly) Audit() *logrusx.Logger {\n\tpanic(\"implement me\")\n}\n\nfunc (l *logRegistryOnly) Tracer(context.Context) *otelx.Tracer {\n\treturn otelx.NewNoop()\n}\n\nfunc (l *logRegistryOnly) IdentityTraitsSchemas(context.Context) (schema.IdentitySchemaList, error) {\n\tpanic(\"implement me\")\n}\n\nfunc (l *logRegistryOnly) IdentityValidator() *identity.Validator {\n\tpanic(\"implement me\")\n}\n\nvar _ persisterDependencies = &logRegistryOnly{}\n\nfunc TestPersisterHMAC(t *testing.T) {\n\tt.Parallel()\n\n\tctx := context.Background()\n\tbaseSecret := \"foobarbaz\"\n\tbaseSecretBytes := []byte(baseSecret)\n\topts := []configx.OptionModifier{configx.SkipValidation(), configx.WithValue(config.ViperKeySecretsDefault, []string{baseSecret})}\n\tconf := config.MustNew(t, logrusx.New(\"\", \"\"), contextx.NewTestConfigProvider(embedx.ConfigSchema, opts...), opts...)\n\tc, err := pop.NewConnection(&pop.ConnectionDetails{URL: \"sqlite://foo?mode=memory\"})\n\trequire.NoError(t, err)\n\tp, err := NewPersister(&logRegistryOnly{c: conf}, c)\n\trequire.NoError(t, err)\n\n\tt.Run(\"case=behaves deterministically\", func(t *testing.T) {\n\t\tassert.Equal(t, hmacValueWithSecret(\"hashme\", baseSecretBytes), p.hmacValue(ctx, \"hashme\"))\n\t\tassert.NotEqual(t, hmacValueWithSecret(\"notme\", baseSecretBytes), p.hmacValue(ctx, \"hashme\"))\n\t\tassert.NotEqual(t, hmacValueWithSecret(\"hashme\", baseSecretBytes), p.hmacValue(ctx, \"notme\"))\n\t})\n\n\thash := p.hmacValue(ctx, \"hashme\")\n\tnewSecret := \"not\" + baseSecret\n\n\tt.Run(\"case=with only new sectet\", func(t *testing.T) {\n\t\tctx = contextx.WithConfigValue(ctx, config.ViperKeySecretsDefault, []string{newSecret})\n\t\tassert.NotEqual(t, hmacValueWithSecret(\"hashme\", baseSecretBytes), p.hmacValue(ctx, \"hashme\"))\n\t\tassert.Equal(t, hmacValueWithSecret(\"hashme\", []byte(newSecret)), p.hmacValue(ctx, \"hashme\"))\n\t})\n\n\tt.Run(\"case=with new and old secret\", func(t *testing.T) {\n\t\tctx = contextx.WithConfigValue(ctx, config.ViperKeySecretsDefault, []string{newSecret, baseSecret})\n\t\tassert.Equal(t, hmacValueWithSecret(\"hashme\", []byte(newSecret)), p.hmacValue(ctx, \"hashme\"))\n\t\tassert.NotEqual(t, hash, p.hmacValue(ctx, \"hashme\"))\n\t})\n}\n" }, { "path": "persistence/sql/persister_login.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/kratos/persistence/sql/update\"\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nvar _ login.FlowPersister = new(Persister)\n\nfunc (p *Persister) CreateLoginFlow(ctx context.Context, r *login.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateLoginFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.NID = p.NetworkID(ctx)\n\tr.EnsureInternalContext()\n\treturn p.GetConnection(ctx).Create(r)\n}\n\nfunc (p *Persister) UpdateLoginFlow(ctx context.Context, r *login.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateLoginFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.EnsureInternalContext()\n\tcp := *r\n\tcp.NID = p.NetworkID(ctx)\n\treturn update.Generic(ctx, p.GetConnection(ctx), p.r.Tracer(ctx).Tracer(), cp)\n}\n\nfunc (p *Persister) GetLoginFlow(ctx context.Context, id uuid.UUID) (_ *login.Flow, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetLoginFlow\")\n\tdefer otelx.End(span, &err)\n\n\tconn := p.GetConnection(ctx)\n\n\tvar r login.Flow\n\tif err := conn.Where(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).First(&r); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &r, nil\n}\n\nfunc (p *Persister) ForceLoginFlow(ctx context.Context, id uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ForceLoginFlow\")\n\tdefer otelx.End(span, &err)\n\n\treturn p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) error {\n\t\tlr, err := p.GetLoginFlow(ctx, id)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tlr.Refresh = true\n\t\treturn tx.Save(lr, \"nid\")\n\t})\n}\n\nfunc (p *Persister) DeleteExpiredLoginFlows(ctx context.Context, expiresAt time.Time, limit int) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteExpiredLoginFlows\")\n\tdefer otelx.End(span, &err)\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT ?) AS s)\",\n\t\tlogin.Flow{}.TableName(),\n\t),\n\t\texpiresAt,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_login_code.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/kratos/selfservice/flow/login\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nfunc (p *Persister) CreateLoginCode(ctx context.Context, params *code.CreateLoginCodeParams) (_ *code.LoginCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateLoginCode\")\n\tdefer otelx.End(span, &err)\n\n\tnow := time.Now().UTC()\n\tloginCode := &code.LoginCode{\n\t\tIdentityID: params.IdentityID,\n\t\tAddress: params.Address,\n\t\tAddressType: params.AddressType,\n\t\tCodeHMAC: p.hmacValue(ctx, params.RawCode),\n\t\tIssuedAt: now,\n\t\tExpiresAt: now.UTC().Add(p.r.Config().SelfServiceCodeMethodLifespan(ctx)),\n\t\tFlowID: params.FlowID,\n\t\tNID: p.NetworkID(ctx),\n\t\tID: uuid.Nil,\n\t}\n\n\tif err := p.GetConnection(ctx).Create(loginCode); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn loginCode, nil\n}\n\nfunc (p *Persister) UseLoginCode(ctx context.Context, flowID uuid.UUID, identityID uuid.UUID, userProvidedCode string) (_ *code.LoginCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UseLoginCode\")\n\tdefer otelx.End(span, &err)\n\n\tcodeRow, err := useOneTimeCode[code.LoginCode](ctx, p, flowID, userProvidedCode, login.Flow{}.TableName(), \"selfservice_login_flow_id\", withCheckIdentityID(identityID))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn codeRow, nil\n}\n\nfunc (p *Persister) GetUsedLoginCode(ctx context.Context, flowID uuid.UUID) (_ *code.LoginCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetUsedLoginCode\")\n\tdefer otelx.End(span, &err)\n\n\tvar loginCode code.LoginCode\n\tif err := p.Connection(ctx).Where(\"selfservice_login_flow_id = ? AND nid = ? AND used_at IS NOT NULL\", flowID, p.NetworkID(ctx)).First(&loginCode); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\treturn &loginCode, nil\n}\n\nfunc (p *Persister) DeleteLoginCodesOfFlow(ctx context.Context, flowID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteLoginCodesOfFlow\")\n\tdefer otelx.End(span, &err)\n\n\treturn p.GetConnection(ctx).Where(\"selfservice_login_flow_id = ? AND nid = ?\", flowID, p.NetworkID(ctx)).Delete(&code.LoginCode{})\n}\n" }, { "path": "persistence/sql/persister_recovery.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence/sql/update\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nvar (\n\t_ recovery.FlowPersister = new(Persister)\n\t_ link.RecoveryTokenPersister = new(Persister)\n)\n\nfunc (p *Persister) CreateRecoveryFlow(ctx context.Context, r *recovery.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateRecoveryFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.NID = p.NetworkID(ctx)\n\treturn p.GetConnection(ctx).Create(r)\n}\n\nfunc (p *Persister) GetRecoveryFlow(ctx context.Context, id uuid.UUID) (_ *recovery.Flow, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetRecoveryFlow\")\n\tdefer otelx.End(span, &err)\n\n\tvar r recovery.Flow\n\tif err := p.GetConnection(ctx).Where(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).First(&r); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &r, nil\n}\n\nfunc (p *Persister) UpdateRecoveryFlow(ctx context.Context, r *recovery.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateRecoveryFlow\")\n\tdefer otelx.End(span, &err)\n\n\tcp := *r\n\tcp.NID = p.NetworkID(ctx)\n\treturn update.Generic(ctx, p.GetConnection(ctx), p.r.Tracer(ctx).Tracer(), cp)\n}\n\nfunc (p *Persister) CreateRecoveryToken(ctx context.Context, token *link.RecoveryToken) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateRecoveryToken\")\n\tdefer otelx.End(span, &err)\n\n\tt := token.Token\n\ttoken.Token = p.hmacValue(ctx, t)\n\ttoken.NID = p.NetworkID(ctx)\n\n\t// This should not create the request eagerly because otherwise we might accidentally create an address that isn't\n\t// supposed to be in the database.\n\tif err := p.GetConnection(ctx).Create(token); err != nil {\n\t\treturn err\n\t}\n\n\ttoken.Token = t\n\treturn nil\n}\n\nfunc (p *Persister) UseRecoveryToken(ctx context.Context, fID uuid.UUID, token string) (_ *link.RecoveryToken, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UseRecoveryToken\")\n\tdefer otelx.End(span, &err)\n\n\tvar rt link.RecoveryToken\n\n\tnid := p.NetworkID(ctx)\n\tif err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) {\n\t\tfor _, secret := range p.r.Config().SecretsSession(ctx) {\n\t\t\tif err = tx.Where(\"token = ? AND nid = ? AND NOT used AND selfservice_recovery_flow_id = ?\", hmacValueWithSecret(token, secret), nid, fID).First(&rt); err != nil {\n\t\t\t\tif !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvar ra identity.RecoveryAddress\n\t\tif err := tx.Where(\"id = ? AND nid = ?\", rt.RecoveryAddressID, nid).First(&ra); err != nil {\n\t\t\tif !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t\trt.RecoveryAddress = &ra\n\n\t\t//#nosec G201 -- TableName is static\n\t\treturn tx.RawQuery(fmt.Sprintf(\"UPDATE %s SET used=true, used_at=? WHERE id=? AND nid = ?\", rt.TableName(ctx)), time.Now().UTC(), rt.ID, nid).Exec()\n\t})); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &rt, nil\n}\n\nfunc (p *Persister) DeleteRecoveryToken(ctx context.Context, token string) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteRecoveryToken\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\treturn p.GetConnection(ctx).RawQuery(fmt.Sprintf(\"DELETE FROM %s WHERE token=? AND nid = ?\", new(link.RecoveryToken).TableName(ctx)), token, p.NetworkID(ctx)).Exec()\n}\n\nfunc (p *Persister) DeleteExpiredRecoveryFlows(ctx context.Context, expiresAt time.Time, limit int) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteExpiredRecoveryFlows\")\n\tdefer otelx.End(span, &err)\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT ?) AS s)\",\n\t\trecovery.Flow{}.TableName(),\n\t),\n\t\texpiresAt,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_recovery_code.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/selfservice/flow/recovery\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nfunc (p *Persister) CreateRecoveryCode(ctx context.Context, params *code.CreateRecoveryCodeParams) (_ *code.RecoveryCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateRecoveryCode\")\n\tdefer otelx.End(span, &err)\n\n\tnow := time.Now()\n\trecoveryCode := &code.RecoveryCode{\n\t\tID: uuid.Nil,\n\t\tCodeHMAC: p.hmacValue(ctx, params.RawCode),\n\t\tExpiresAt: now.UTC().Add(params.ExpiresIn),\n\t\tIssuedAt: now,\n\t\tCodeType: params.CodeType,\n\t\tFlowID: params.FlowID,\n\t\tNID: p.NetworkID(ctx),\n\t\tIdentityID: params.IdentityID,\n\t}\n\n\tif params.RecoveryAddress != nil {\n\t\trecoveryCode.RecoveryAddress = params.RecoveryAddress\n\t\trecoveryCode.RecoveryAddressID = uuid.NullUUID{\n\t\t\tUUID: params.RecoveryAddress.ID,\n\t\t\tValid: true,\n\t\t}\n\t}\n\n\t// This should not create the request eagerly because otherwise we might accidentally create an address that isn't\n\t// supposed to be in the database.\n\tif err := p.GetConnection(ctx).Create(recoveryCode); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn recoveryCode, nil\n}\n\n// UseRecoveryCode attempts to \"use\" the supplied code in the flow\n//\n// If the supplied code matched a code from the flow, no error is returned\n// If an invalid code was submitted with this flow more than 5 times, an error is returned\nfunc (p *Persister) UseRecoveryCode(ctx context.Context, flowID uuid.UUID, userProvidedCode string) (_ *code.RecoveryCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UseRecoveryCode\")\n\tdefer otelx.End(span, &err)\n\n\tcodeRow, err := useOneTimeCode[code.RecoveryCode](ctx, p, flowID, userProvidedCode, recovery.Flow{}.TableName(), \"selfservice_recovery_flow_id\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar ra identity.RecoveryAddress\n\tif err := sqlcon.HandleError(p.GetConnection(ctx).Where(\"id = ? AND nid = ?\", codeRow.RecoveryAddressID, p.NetworkID(ctx)).First(&ra)); err != nil {\n\t\tif errors.Is(err, sqlcon.ErrNoRows) {\n\t\t\t// This is ok, it can happen when an administrator initiates account recovery. This works even if the\n\t\t\t// user has no recovery address!\n\t\t} else {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\tcodeRow.RecoveryAddress = &ra\n\n\treturn codeRow, nil\n}\n\nfunc (p *Persister) DeleteRecoveryCodesOfFlow(ctx context.Context, flowID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteRecoveryCodesOfFlow\")\n\tdefer otelx.End(span, &err)\n\n\treturn p.GetConnection(ctx).Where(\"selfservice_recovery_flow_id = ? AND nid = ?\", flowID, p.NetworkID(ctx)).Delete(&code.RecoveryCode{})\n}\n" }, { "path": "persistence/sql/persister_registration.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n\n\t\"github.com/ory/kratos/persistence/sql/update\"\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n)\n\nfunc (p *Persister) CreateRegistrationFlow(ctx context.Context, r *registration.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateRegistrationFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.NID = p.NetworkID(ctx)\n\tr.EnsureInternalContext()\n\treturn p.GetConnection(ctx).Create(r)\n}\n\nfunc (p *Persister) UpdateRegistrationFlow(ctx context.Context, r *registration.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateRegistrationFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.EnsureInternalContext()\n\tcp := *r\n\tcp.NID = p.NetworkID(ctx)\n\treturn update.Generic(ctx, p.GetConnection(ctx), p.r.Tracer(ctx).Tracer(), cp)\n}\n\nfunc (p *Persister) GetRegistrationFlow(ctx context.Context, id uuid.UUID) (_ *registration.Flow, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetRegistrationFlow\")\n\tdefer otelx.End(span, &err)\n\n\tvar r registration.Flow\n\tif err := p.GetConnection(ctx).Where(\"id = ? AND nid = ?\",\n\t\tid, p.NetworkID(ctx)).First(&r); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &r, nil\n}\n\nfunc (p *Persister) DeleteExpiredRegistrationFlows(ctx context.Context, expiresAt time.Time, limit int) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteExpiredRegistrationFlows\")\n\tdefer otelx.End(span, &err)\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT ?) AS s)\",\n\t\tregistration.Flow{}.TableName(),\n\t),\n\t\texpiresAt,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_registration_code.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/go-faker/faker/v4/pkg/slice\"\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/selfservice/flow/registration\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nfunc (p *Persister) CreateRegistrationCode(ctx context.Context, params *code.CreateRegistrationCodeParams) (_ *code.RegistrationCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateRegistrationCode\")\n\tdefer otelx.End(span, &err)\n\n\tnow := time.Now().UTC()\n\tregistrationCode := &code.RegistrationCode{\n\t\tAddress: params.Address,\n\t\tAddressType: params.AddressType,\n\t\tCodeHMAC: p.hmacValue(ctx, params.RawCode),\n\t\tIssuedAt: now,\n\t\tExpiresAt: now.UTC().Add(p.r.Config().SelfServiceCodeMethodLifespan(ctx)),\n\t\tFlowID: params.FlowID,\n\t\tNID: p.NetworkID(ctx),\n\t\tID: uuid.Nil,\n\t}\n\n\tif err := p.GetConnection(ctx).Create(registrationCode); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn registrationCode, nil\n}\n\nfunc (p *Persister) UseRegistrationCode(ctx context.Context, flowID uuid.UUID, userProvidedCode string, addresses ...string) (_ *code.RegistrationCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UseRegistrationCode\")\n\tdefer otelx.End(span, &err)\n\n\tcodeRow, err := useOneTimeCode[code.RegistrationCode](ctx, p, flowID, userProvidedCode, registration.Flow{}.TableName(), \"selfservice_registration_flow_id\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// ensure that the identifiers extracted from the traits are contained in the registration code\n\tif !slice.Contains(addresses, codeRow.Address) {\n\t\treturn nil, errors.WithStack(code.ErrCodeNotFound)\n\t}\n\n\treturn codeRow, nil\n}\n\nfunc (p *Persister) GetUsedRegistrationCode(ctx context.Context, flowID uuid.UUID) (_ *code.RegistrationCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetUsedRegistrationCode\")\n\tdefer otelx.End(span, &err)\n\n\tvar registrationCode code.RegistrationCode\n\tif err := p.Connection(ctx).Where(\"selfservice_registration_flow_id = ? AND used_at IS NOT NULL AND nid = ?\", flowID, p.NetworkID(ctx)).First(®istrationCode); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn ®istrationCode, nil\n}\n\nfunc (p *Persister) DeleteRegistrationCodesOfFlow(ctx context.Context, flowID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteRegistrationCodesOfFlow\")\n\tdefer otelx.End(span, &err)\n\n\treturn p.GetConnection(ctx).Where(\"selfservice_registration_flow_id = ? AND nid = ?\", flowID, p.NetworkID(ctx)).Delete(&code.RegistrationCode{})\n}\n" }, { "path": "persistence/sql/persister_session.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/trace\"\n\t\"golang.org/x/sync/errgroup\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/session\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/kratos/x/events\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/pagination/keysetpagination\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/stringsx\"\n)\n\nvar _ session.Persister = new(Persister)\n\nconst (\n\tSessionDeviceUserAgentMaxLength = 512\n\tSessionDeviceLocationMaxLength = 512\n\tpaginationMaxItemsSize = 1000\n\tpaginationDefaultItemsSize = 250\n)\n\nfunc (p *Persister) GetSession(ctx context.Context, sid uuid.UUID, expandables session.Expandables) (_ *session.Session, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetSession\")\n\tdefer otelx.End(span, &err)\n\n\tvar s session.Session\n\ts.Devices = make([]session.Device, 0)\n\tnid := p.NetworkID(ctx)\n\n\tq := p.GetConnection(ctx).Q()\n\t// if len(expandables) > 0 {\n\tif expandables.Has(session.ExpandSessionDevices) {\n\t\tq = q.Eager(expandables.ToEager()...)\n\t}\n\n\tif err := q.Where(\"id = ? AND nid = ?\", sid, nid).First(&s); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\tif expandables.Has(session.ExpandSessionIdentity) {\n\t\t// This is needed because of how identities are fetched from the store (if we use eager not all fields are\n\t\t// available!).\n\t\ti, err := p.GetIdentity(ctx, s.IdentityID, identity.ExpandDefault)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\ts.Identity = i\n\t}\n\n\ts.Active = s.IsActive()\n\treturn &s, nil\n}\n\nfunc (p *Persister) ListSessions(ctx context.Context, active *bool, paginatorOpts []keysetpagination.Option, expandables session.Expandables) (_ []session.Session, _ *keysetpagination.Paginator, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ListSessions\")\n\tdefer otelx.End(span, &err)\n\n\ts := make([]session.Session, 0)\n\tnid := p.NetworkID(ctx)\n\n\tpaginatorOpts = append(paginatorOpts, keysetpagination.WithDefaultSize(paginationDefaultItemsSize))\n\tpaginatorOpts = append(paginatorOpts, keysetpagination.WithMaxSize(paginationMaxItemsSize))\n\tpaginatorOpts = append(paginatorOpts, keysetpagination.WithDefaultToken(new(session.Session).DefaultPageToken()))\n\tpaginatorOpts = append(paginatorOpts, keysetpagination.WithColumn(\"created_at\", \"DESC\"))\n\tpaginator := keysetpagination.GetPaginator(paginatorOpts...)\n\n\tif _, err := uuid.FromString(paginator.Token().Parse(\"id\")[\"id\"]); err != nil {\n\t\treturn nil, nil, errors.WithStack(x.PageTokenInvalid)\n\t}\n\n\tif err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {\n\t\tq := c.Where(\"nid = ?\", nid)\n\t\tif active != nil {\n\t\t\tif *active {\n\t\t\t\tq.Where(\"active = ? AND expires_at >= ?\", *active, time.Now().UTC())\n\t\t\t} else {\n\t\t\t\tq.Where(\"(active = ? OR expires_at < ?)\", *active, time.Now().UTC())\n\t\t\t}\n\t\t}\n\n\t\tif len(expandables) > 0 {\n\t\t\tq = q.EagerPreload(expandables.ToEager()...)\n\t\t}\n\n\t\t// Get the paginated list of matching items\n\t\tif err := q.Scope(keysetpagination.Paginate[session.Session](paginator)).All(&s); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\n\t\treturn nil\n\t}); err != nil {\n\t\treturn nil, nil, err\n\t}\n\n\tfor k := range s {\n\t\tif s[k].Identity == nil {\n\t\t\tcontinue\n\t\t}\n\t\tif err := p.InjectTraitsSchemaURL(ctx, s[k].Identity); err != nil {\n\t\t\treturn nil, nil, err\n\t\t}\n\t}\n\n\ts, nextPage := keysetpagination.Result(s, paginator)\n\treturn s, nextPage, nil\n}\n\n// ListSessionsByIdentity retrieves sessions for an identity from the store.\nfunc (p *Persister) ListSessionsByIdentity(\n\tctx context.Context,\n\tiID uuid.UUID,\n\tactive *bool,\n\tpage, perPage int,\n\texcept uuid.UUID,\n\texpandables session.Expandables,\n) (_ []session.Session, _ int64, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ListSessionsByIdentity\")\n\tdefer otelx.End(span, &err)\n\n\ts := make([]session.Session, 0)\n\tt := int64(0)\n\tnid := p.NetworkID(ctx)\n\n\tif err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {\n\t\tq := c.Where(\"identity_id = ? AND nid = ?\", iID, nid)\n\t\tif except != uuid.Nil {\n\t\t\tq = q.Where(\"id != ?\", except)\n\t\t}\n\t\tif active != nil {\n\t\t\tif *active {\n\t\t\t\tq.Where(\"active = ? AND expires_at >= ?\", *active, time.Now().UTC())\n\t\t\t} else {\n\t\t\t\tq.Where(\"(active = ? OR expires_at < ?)\", *active, time.Now().UTC())\n\t\t\t}\n\t\t}\n\n\t\tif len(expandables) > 0 {\n\t\t\tq = q.EagerPreload(expandables.ToEager()...)\n\t\t}\n\n\t\t// Get the total count of matching items\n\t\ttotal, err := q.Count(new(session.Session))\n\t\tif err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\t\tt = int64(total)\n\n\t\tq.Order(\"created_at DESC\")\n\n\t\t// Get the paginated list of matching items\n\t\tif err := q.Paginate(page, perPage).All(&s); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\t\treturn nil\n\t}); err != nil {\n\t\treturn nil, 0, err\n\t}\n\n\treturn s, t, nil\n}\n\n// ExtendSession updates the expiry of a session.\nfunc (p *Persister) ExtendSession(ctx context.Context, sessionID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.ExtendSession\")\n\tdefer otelx.End(span, &err)\n\n\tnid := p.NetworkID(ctx)\n\ts := new(session.Session)\n\tvar didRefresh bool\n\tif err := errors.WithStack(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) {\n\t\tlockBehavior := \"\"\n\t\tif tx.Dialect.Name() == dbal.DriverCockroachDB {\n\t\t\t// SKIP LOCKED returns no rows if the row is locked by another transaction.\n\t\t\tlockBehavior = \"FOR UPDATE SKIP LOCKED\"\n\t\t}\n\n\t\tif err := tx.\n\t\t\tWhere(\n\t\t\t\t// We make use of the fact that CRDB supports FOR UPDATE as part of the WHERE clause.\n\t\t\t\tfmt.Sprintf(\"id = ? AND nid = ? %s\", lockBehavior),\n\t\t\t\tsessionID, nid,\n\t\t\t).First(s); err != nil {\n\n\t\t\t// This is a special case for CockroachDB. If the row is locked, we do not see the session. Therefor we return\n\t\t\t// a 404 not found error indicating to the user that the session might already be updated by someone else.\n\t\t\tif errors.Is(err, sqlcon.ErrNoRows) && tx.Dialect.Name() == dbal.DriverCockroachDB {\n\t\t\t\treturn errors.WithStack(herodot.ErrNotFound.WithReason(\"The session you are trying to extend is already being extended by another request or does not exist.\"))\n\t\t\t}\n\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\n\t\tif !s.CanBeRefreshed(ctx, p.r.Config()) {\n\t\t\t// This prevents excessive writes to the database.\n\t\t\treturn nil\n\t\t}\n\n\t\tdidRefresh = true\n\t\ts = s.Refresh(ctx, p.r.Config())\n\n\t\tif _, err := tx.Where(\"id = ? AND nid = ?\", sessionID, nid).UpdateQuery(s, \"expires_at\"); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\n\t\treturn nil\n\t})); err != nil {\n\t\treturn err\n\t}\n\n\tif didRefresh {\n\t\ttrace.SpanFromContext(ctx).AddEvent(events.NewSessionLifespanExtended(ctx, s.ID, s.IdentityID, s.ExpiresAt))\n\t}\n\n\treturn nil\n}\n\n// UpsertSession creates a session if not found else updates.\n// This operation also inserts Session device records when a session is being created.\n// The update operation skips updating Session device records since only one record would need to be updated in this case.\nfunc (p *Persister) UpsertSession(ctx context.Context, s *session.Session) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpsertSession\")\n\tdefer otelx.End(span, &err)\n\n\ts.NID = p.NetworkID(ctx)\n\tif s.Identity != nil {\n\t\ts.IdentityID = s.Identity.ID\n\t} else if s.IdentityID.IsNil() {\n\t\treturn errors.WithStack(herodot.ErrInternalServerError.WithReasonf(\"cannot upsert session without an identity or identity ID set\"))\n\t}\n\n\tvar updated bool\n\tdefer func() {\n\t\tif err != nil {\n\t\t\treturn\n\t\t}\n\t\tif updated {\n\t\t\ttrace.SpanFromContext(ctx).AddEvent(events.NewSessionChanged(ctx, string(s.AuthenticatorAssuranceLevel), s.ID, s.IdentityID))\n\t\t} else {\n\t\t\ttrace.SpanFromContext(ctx).AddEvent(events.NewSessionIssued(ctx, string(s.AuthenticatorAssuranceLevel), s.ID, s.IdentityID))\n\t\t}\n\t}()\n\n\treturn errors.WithStack(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) {\n\t\tupdated = false\n\t\texists := false\n\t\tif !s.ID.IsNil() {\n\t\t\texists, err = tx.Where(\"id = ? AND nid = ?\", s.ID, s.NID).Exists(new(session.Session))\n\t\t\tif err != nil {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t}\n\n\t\tif exists {\n\t\t\t// This must not be eager or identities will be created / updated\n\t\t\t// Only update session and not corresponding session device records\n\t\t\tif err := tx.Update(s, \"issued_at\", \"identity_id\", \"nid\"); err != nil {\n\t\t\t\treturn sqlcon.HandleError(err)\n\t\t\t}\n\t\t\tupdated = true\n\t\t\treturn nil\n\t\t}\n\n\t\t// This must not be eager or identities will be created / updated\n\t\tif err := sqlcon.HandleError(tx.Create(s)); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tfor i := range s.Devices {\n\t\t\tdevice := &(s.Devices[i])\n\t\t\tdevice.SessionID = s.ID\n\t\t\tdevice.NID = s.NID\n\t\t\tdevice.IdentityID = new(s.IdentityID)\n\n\t\t\tif device.Location != nil {\n\t\t\t\tdevice.Location = new(stringsx.TruncateByteLen(*device.Location, SessionDeviceLocationMaxLength))\n\t\t\t}\n\t\t\tif device.UserAgent != nil {\n\t\t\t\tdevice.UserAgent = new(stringsx.TruncateByteLen(*device.UserAgent, SessionDeviceUserAgentMaxLength))\n\t\t\t}\n\n\t\t\tif err := p.CreateDevice(ctx, device); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\treturn nil\n\t}))\n}\n\nfunc (p *Persister) DeleteSession(ctx context.Context, sid uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteSession\")\n\tdefer otelx.End(span, &err)\n\n\tnid := p.NetworkID(ctx)\n\t//#nosec G201 -- TableName is static\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\"DELETE FROM %s WHERE id = ? AND nid = ?\", session.Session{}.TableName()),\n\t\tsid,\n\t\tnid,\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\treturn nil\n}\n\nfunc (p *Persister) DeleteSessionsByIdentity(ctx context.Context, identityID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteSessionsByIdentity\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %s WHERE identity_id = ? AND nid = ?\",\n\t\tsession.Session{}.TableName(),\n\t),\n\t\tidentityID,\n\t\tp.NetworkID(ctx),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\treturn nil\n}\n\nfunc (p *Persister) GetSessionByToken(ctx context.Context, token string, expand session.Expandables, identityExpand identity.Expandables) (res *session.Session, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetSessionByToken\")\n\tdefer otelx.End(span, &err)\n\n\tvar s session.Session\n\ts.Devices = make([]session.Device, 0)\n\tnid := p.NetworkID(ctx)\n\n\tcon := p.GetConnection(ctx)\n\tif err := con.Where(\"token = ? AND nid = ?\", token, nid).First(&s); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\tvar (\n\t\ti *identity.Identity\n\t\tsd []session.Device\n\t)\n\n\teg, ctx := errgroup.WithContext(ctx)\n\tif expand.Has(session.ExpandSessionDevices) {\n\t\teg.Go(func() error {\n\t\t\treturn sqlcon.HandleError(con.WithContext(ctx).\n\t\t\t\tWhere(\"session_id = ? AND nid = ?\", s.ID, nid).All(&sd))\n\t\t})\n\t}\n\n\t// This is needed because of how identities are fetched from the store (if we use eager not all fields are\n\t// available!).\n\tif expand.Has(session.ExpandSessionIdentity) {\n\t\teg.Go(func() (err error) {\n\t\t\ti, err = p.GetIdentity(ctx, s.IdentityID, identityExpand)\n\t\t\treturn err\n\t\t})\n\t}\n\n\tif err := eg.Wait(); err != nil {\n\t\treturn nil, err\n\t}\n\n\ts.Identity = i\n\ts.Devices = sd\n\n\treturn &s, nil\n}\n\nfunc (p *Persister) DeleteSessionByToken(ctx context.Context, token string) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteSessionByToken\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %s WHERE token = ? AND nid = ?\",\n\t\tsession.Session{}.TableName(),\n\t),\n\t\ttoken,\n\t\tp.NetworkID(ctx),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\treturn nil\n}\n\nfunc (p *Persister) RevokeSessionByToken(ctx context.Context, token string) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.RevokeSessionByToken\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"UPDATE %s SET active = false WHERE token = ? AND nid = ?\",\n\t\tsession.Session{}.TableName(),\n\t),\n\t\ttoken,\n\t\tp.NetworkID(ctx),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\treturn nil\n}\n\n// RevokeSessionById revokes a given session\nfunc (p *Persister) RevokeSessionById(ctx context.Context, sID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.RevokeSessionById\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"UPDATE %s SET active = false WHERE id = ? AND nid = ?\",\n\t\tsession.Session{}.TableName(),\n\t),\n\t\tsID,\n\t\tp.NetworkID(ctx),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\tif count == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\treturn nil\n}\n\n// RevokeSession revokes a given session. If the session does not exist or was not modified,\n// it effectively has been revoked already, and therefore that case does not return an error.\nfunc (p *Persister) RevokeSession(ctx context.Context, iID, sID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.RevokeSession\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"UPDATE %s SET active = false WHERE id = ? AND identity_id = ? AND nid = ?\",\n\t\tsession.Session{}.TableName(),\n\t),\n\t\tsID,\n\t\tiID,\n\t\tp.NetworkID(ctx),\n\t).Exec()\n\tif err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t}\n\treturn nil\n}\n\n// RevokeSessionsIdentityExcept marks all except the given session of an identity inactive.\nfunc (p *Persister) RevokeSessionsIdentityExcept(ctx context.Context, iID, sID uuid.UUID) (res int, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.RevokeSessionsIdentityExcept\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\tcount, err := p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"UPDATE %s SET active = false WHERE identity_id = ? AND id != ? AND nid = ?\",\n\t\tsession.Session{}.TableName(),\n\t),\n\t\tiID,\n\t\tsID,\n\t\tp.NetworkID(ctx),\n\t).ExecWithCount()\n\tif err != nil {\n\t\treturn 0, sqlcon.HandleError(err)\n\t}\n\treturn count, nil\n}\n\nfunc (p *Persister) DeleteExpiredSessions(ctx context.Context, expiresAt time.Time, limit int) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteExpiredSessions\")\n\tdefer otelx.End(span, &err)\n\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT ?) AS s)\",\n\t\tsession.Session{}.TableName(),\n\t),\n\t\texpiresAt,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_sessiontokenexchanger.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/selfservice/sessiontokenexchange\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/randx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nvar _ sessiontokenexchange.Persister = new(Persister)\n\nfunc updateLimitClause(conn *pop.Connection) string {\n\t// Not all databases support limiting in update clauses.\n\tswitch conn.Dialect.Name() {\n\tcase \"sqlite3\", \"postgres\":\n\t\treturn \"\"\n\tdefault:\n\t\treturn \"LIMIT 1\"\n\t}\n}\n\nfunc (p *Persister) CreateSessionTokenExchanger(ctx context.Context, flowID uuid.UUID) (e *sessiontokenexchange.Exchanger, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateSessionTokenExchanger\")\n\tdefer otelx.End(span, &err)\n\n\te = &sessiontokenexchange.Exchanger{\n\t\tNID: p.NetworkID(ctx),\n\t\tFlowID: flowID,\n\t\tInitCode: randx.MustString(64, randx.AlphaNum),\n\t\tReturnToCode: randx.MustString(64, randx.AlphaNum),\n\t}\n\n\treturn e, p.GetConnection(ctx).Create(e)\n}\n\nfunc (p *Persister) GetExchangerFromCode(ctx context.Context, initCode string, returnToCode string) (e *sessiontokenexchange.Exchanger, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetExchangerFromCode\")\n\tdefer otelx.End(span, &err)\n\n\te = new(sessiontokenexchange.Exchanger)\n\tconn := p.GetConnection(ctx)\n\tif err = conn.Where(`\nnid = ? AND\ninit_code = ? AND init_code <> '' AND\nreturn_to_code = ? AND return_to_code <> '' AND\nsession_id IS NOT NULL`,\n\t\tp.NetworkID(ctx), initCode, returnToCode).First(e); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn e, nil\n}\n\nfunc (p *Persister) UpdateSessionOnExchanger(ctx context.Context, flowID uuid.UUID, sessionID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateSessionOnExchanger\")\n\tdefer otelx.End(span, &err)\n\n\tconn := p.GetConnection(ctx)\n\tquery := fmt.Sprintf(\"UPDATE %s SET session_id = ? WHERE flow_id = ? AND nid = ? %s\",\n\t\tconn.Dialect.Quote(new(sessiontokenexchange.Exchanger).TableName()),\n\t\tupdateLimitClause(conn),\n\t)\n\n\treturn sqlcon.HandleError(conn.RawQuery(query, sessionID, flowID, p.NetworkID(ctx)).Exec())\n}\n\nfunc (p *Persister) CodeForFlow(ctx context.Context, flowID uuid.UUID) (codes *sessiontokenexchange.Codes, found bool, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CodeForFlow\")\n\tdefer otelx.End(span, &err)\n\n\tvar e sessiontokenexchange.Exchanger\n\tswitch err = sqlcon.HandleError(p.GetConnection(ctx).\n\t\tWhere(\"flow_id = ? AND nid = ? AND init_code <> '' and return_to_code <> ''\", flowID, p.NetworkID(ctx)).\n\t\tFirst(&e)); {\n\tcase err == nil:\n\t\treturn &sessiontokenexchange.Codes{\n\t\t\tInitCode: e.InitCode,\n\t\t\tReturnToCode: e.ReturnToCode,\n\t\t}, true, nil\n\tcase errors.Is(err, sqlcon.ErrNoRows):\n\t\treturn nil, false, nil\n\tdefault:\n\t\treturn nil, false, err\n\t}\n}\n\nfunc (p *Persister) MoveToNewFlow(ctx context.Context, oldFlow, newFlow uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.MoveToNewFlow\")\n\tdefer otelx.End(span, &err)\n\n\tconn := p.GetConnection(ctx)\n\tquery := fmt.Sprintf(\"UPDATE %s SET flow_id = ? WHERE flow_id = ? AND nid = ? %s\",\n\t\tconn.Dialect.Quote(new(sessiontokenexchange.Exchanger).TableName()),\n\t\tupdateLimitClause(conn),\n\t)\n\n\treturn sqlcon.HandleError(conn.RawQuery(query, newFlow, oldFlow, p.NetworkID(ctx)).Exec())\n}\n\nfunc (p *Persister) DeleteExpiredExchangers(ctx context.Context, at time.Time, limit int) error {\n\texpiredAfter := at.Add(1 * time.Hour)\n\tconn := p.GetConnection(ctx)\n\n\t//#nosec G201 -- TableName is static\n\terr := conn.RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s c WHERE created_at <= ? and nid = ? ORDER BY created_at ASC LIMIT ?) AS s)\",\n\t\tsessiontokenexchange.Exchanger{}.TableName(),\n\t),\n\t\texpiredAfter,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_settings.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence/sql/update\"\n\n\t\"github.com/gofrs/uuid\"\n\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n\n\t\"github.com/ory/kratos/selfservice/flow/settings\"\n)\n\nvar _ settings.FlowPersister = new(Persister)\n\nfunc (p *Persister) CreateSettingsFlow(ctx context.Context, r *settings.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateSettingsFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.NID = p.NetworkID(ctx)\n\tr.EnsureInternalContext()\n\treturn sqlcon.HandleError(p.GetConnection(ctx).Create(r))\n}\n\nfunc (p *Persister) GetSettingsFlow(ctx context.Context, id uuid.UUID) (_ *settings.Flow, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetSettingsFlow\")\n\tdefer otelx.End(span, &err)\n\n\tvar r settings.Flow\n\n\terr = p.GetConnection(ctx).Where(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).First(&r)\n\tif err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\tr.Identity, err = p.GetIdentity(ctx, r.IdentityID, identity.ExpandDefault)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &r, nil\n}\n\nfunc (p *Persister) UpdateSettingsFlow(ctx context.Context, r *settings.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateSettingsFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.EnsureInternalContext()\n\tcp := *r\n\tcp.NID = p.NetworkID(ctx)\n\treturn update.Generic(ctx, p.GetConnection(ctx), p.r.Tracer(ctx).Tracer(), cp)\n}\n\nfunc (p *Persister) DeleteExpiredSettingsFlows(ctx context.Context, expiresAt time.Time, limit int) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteExpiredSettingsFlows\")\n\tdefer otelx.End(span, &err)\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT ?) AS s)\",\n\t\tsettings.Flow{}.TableName(),\n\t),\n\t\texpiresAt,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_test.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql_test\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"os\"\n\t\"regexp\"\n\t\"strings\"\n\t\"sync\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/cockroachdb/cockroach-go/v2/testserver\"\n\t\"github.com/pkg/errors\"\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\t\"golang.org/x/sync/errgroup\"\n\n\tcontinuity \"github.com/ory/kratos/continuity/test\"\n\t\"github.com/ory/kratos/corpx\"\n\tcourier \"github.com/ory/kratos/courier/test\"\n\t\"github.com/ory/kratos/driver/config\"\n\tri \"github.com/ory/kratos/identity\"\n\tidentity \"github.com/ory/kratos/identity/test\"\n\t\"github.com/ory/kratos/persistence/sql\"\n\t\"github.com/ory/kratos/persistence/sql/batch\"\n\tsqltesthelpers \"github.com/ory/kratos/persistence/sql/testhelpers\"\n\t\"github.com/ory/kratos/pkg\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n\t\"github.com/ory/kratos/schema\"\n\terrorx \"github.com/ory/kratos/selfservice/errorx/test\"\n\tlf \"github.com/ory/kratos/selfservice/flow/login\"\n\tlogin \"github.com/ory/kratos/selfservice/flow/login/test\"\n\trecovery \"github.com/ory/kratos/selfservice/flow/recovery/test\"\n\tregistration \"github.com/ory/kratos/selfservice/flow/registration/test\"\n\tsettings \"github.com/ory/kratos/selfservice/flow/settings/test\"\n\tverification \"github.com/ory/kratos/selfservice/flow/verification/test\"\n\tsessiontokenexchange \"github.com/ory/kratos/selfservice/sessiontokenexchange/test\"\n\tcode \"github.com/ory/kratos/selfservice/strategy/code/test\"\n\tlink \"github.com/ory/kratos/selfservice/strategy/link/test\"\n\tsession \"github.com/ory/kratos/session/test\"\n\t\"github.com/ory/kratos/x\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/pop/v6/logging\"\n\t\"github.com/ory/x/dbal\"\n\t\"github.com/ory/x/popx\"\n\t\"github.com/ory/x/sqlcon\"\n\t\"github.com/ory/x/sqlcon/dockertest\"\n\t\"github.com/ory/x/sqlxx\"\n\t\"github.com/ory/x/urlx\"\n)\n\nfunc init() {\n\tcorpx.RegisterFakes()\n\tpop.SetNowFunc(func() time.Time {\n\t\treturn time.Now().UTC().Round(time.Second)\n\t})\n}\n\nfunc TestMain(m *testing.M) {\n\tos.Exit(m.Run())\n}\n\nfunc pl(t testing.TB) func(lvl logging.Level, s string, args ...interface{}) {\n\treturn func(lvl logging.Level, s string, args ...interface{}) {\n\t\tif pop.Debug == false {\n\t\t\treturn\n\t\t}\n\n\t\tif lvl == logging.SQL {\n\t\t\tif len(args) > 0 {\n\t\t\t\txargs := make([]string, len(args))\n\t\t\t\tfor i, a := range args {\n\t\t\t\t\tswitch a.(type) {\n\t\t\t\t\tcase string:\n\t\t\t\t\t\txargs[i] = fmt.Sprintf(\"%q\", a)\n\t\t\t\t\tdefault:\n\t\t\t\t\t\txargs[i] = fmt.Sprintf(\"%v\", a)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\ts = fmt.Sprintf(\"%s - %s | %s\", lvl, s, xargs)\n\t\t\t} else {\n\t\t\t\ts = fmt.Sprintf(\"%s - %s\", lvl, s)\n\t\t\t}\n\t\t} else {\n\t\t\ts = fmt.Sprintf(s, args...)\n\t\t\ts = fmt.Sprintf(\"%s - %s\", lvl, s)\n\t\t}\n\t\tt.Log(s)\n\t}\n}\n\nfunc createCleanDatabases(t testing.TB) map[string]string {\n\tconns := map[string]string{\n\t\t\"sqlite\": dbal.NewSQLiteTestDatabase(t),\n\t}\n\tconnsMtx := sync.Mutex{}\n\n\tif !testing.Short() {\n\t\tfuncs := map[string]func(t testing.TB) string{\n\t\t\t\"postgres\": func(t testing.TB) string {\n\t\t\t\treturn dockertest.RunTestPostgreSQLWithVersion(t, \"16\")\n\t\t\t},\n\t\t\t\"mysql\": func(t testing.TB) string {\n\t\t\t\treturn dockertest.RunTestMySQLWithVersion(t, \"8.4\")\n\t\t\t},\n\t\t\t\"cockroach\": newLocalTestCRDBServer,\n\t\t}\n\n\t\tvar wg sync.WaitGroup\n\t\twg.Add(len(funcs))\n\n\t\tfor k, f := range funcs {\n\t\t\tgo func(s string, f func(t testing.TB) string) {\n\t\t\t\tdefer wg.Done()\n\t\t\t\tdb := f(t)\n\t\t\t\tconnsMtx.Lock()\n\t\t\t\tconns[s] = db\n\t\t\t\tconnsMtx.Unlock()\n\t\t\t}(k, f)\n\t\t}\n\n\t\twg.Wait()\n\t}\n\n\tps := make(map[string]string, len(conns))\n\tpsMtx := sync.Mutex{}\n\n\tvar wg sync.WaitGroup\n\twg.Add(len(conns))\n\tfor name, dsn := range conns {\n\t\tgo func(name, dsn string) {\n\t\t\tdefer wg.Done()\n\n\t\t\tif name != \"sqlite\" {\n\t\t\t\trequire.EventuallyWithT(t, func(t *assert.CollectT) {\n\t\t\t\t\tc, err := pop.NewConnection(&pop.ConnectionDetails{URL: dsn})\n\t\t\t\t\trequire.NoError(t, err)\n\t\t\t\t\trequire.NoError(t, c.Open())\n\t\t\t\t\tdbName := \"testdb\" + strings.ReplaceAll(x.NewUUID().String(), \"-\", \"\")\n\t\t\t\t\trequire.NoError(t, c.RawQuery(\"CREATE DATABASE \"+dbName).Exec())\n\t\t\t\t\tdsn = regexp.MustCompile(`/[a-z0-9]+\\?`).ReplaceAllString(dsn, \"/\"+dbName+\"?\")\n\t\t\t\t}, 20*time.Second, 100*time.Millisecond)\n\t\t\t}\n\n\t\t\tt.Logf(\"Connecting to %s: %s\", name, dsn)\n\n\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\tp := reg.Persister().(*sql.Persister)\n\n\t\t\tt.Logf(\"Applying %s migrations\", name)\n\t\t\tpop.SetLogger(pl(t))\n\t\t\trequire.NoError(t, p.MigrateUp(context.Background()))\n\t\t\tt.Logf(\"%s migrations applied\", name)\n\t\t\tstatus, err := p.MigrationStatus(context.Background())\n\t\t\trequire.NoError(t, err)\n\t\t\trequire.False(t, status.HasPending())\n\n\t\t\tpsMtx.Lock()\n\t\t\tps[name] = dsn\n\t\t\tpsMtx.Unlock()\n\n\t\t\tt.Logf(\"Database %s initialized successfully\", name)\n\t\t}(name, dsn)\n\t}\n\n\twg.Wait()\n\treturn ps\n}\n\nfunc TestPersister(t *testing.T) {\n\tt.Parallel()\n\n\tconns := createCleanDatabases(t)\n\tctx := testhelpers.WithDefaultIdentitySchema(context.Background(), \"file://./stub/identity.schema.json\")\n\n\tfor name, dsn := range conns {\n\t\tt.Run(fmt.Sprintf(\"database=%s\", name), func(t *testing.T) {\n\t\t\tt.Parallel()\n\n\t\t\tt.Logf(\"DSN: %s\", dsn)\n\n\t\t\tt.Run(\"racy identity creation\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\tvar wg sync.WaitGroup\n\n\t\t\t\tfor i := range 10 {\n\t\t\t\t\twg.Add(1)\n\t\t\t\t\tgo func() {\n\t\t\t\t\t\tdefer wg.Done()\n\n\t\t\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t\t\t_, ps := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\t\t\tid := ri.NewIdentity(\"\")\n\t\t\t\t\t\tid.SetCredentials(ri.CredentialsTypePassword, ri.Credentials{\n\t\t\t\t\t\t\tType: ri.CredentialsTypePassword,\n\t\t\t\t\t\t\tIdentifiers: []string{fmt.Sprintf(\"racy identity %d\", i)},\n\t\t\t\t\t\t\tConfig: sqlxx.JSONRawMessage(`{\"foo\":\"bar\"}`),\n\t\t\t\t\t\t})\n\t\t\t\t\t\tid.Traits = ri.Traits(\"{}\")\n\n\t\t\t\t\t\trequire.NoError(t, ps.CreateIdentity(ctx, id))\n\t\t\t\t\t}()\n\t\t\t\t}\n\n\t\t\t\twg.Wait()\n\t\t\t})\n\n\t\t\tt.Run(\"case=credential types exist\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tfor _, ct := range []ri.CredentialsType{ri.CredentialsTypeOIDC, ri.CredentialsTypePassword} {\n\t\t\t\t\trequire.NoError(t, p.(*sql.Persister).Connection(context.Background()).Where(\"name = ?\", ct).First(&ri.CredentialsTypeTable{}))\n\t\t\t\t}\n\t\t\t})\n\n\t\t\tt.Run(\"contract=identity.TestPool\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tidentity.TestPool(ctx, p, reg.IdentityManager(), name)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=registration.TestFlowPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tregistration.TestFlowPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=errorx.TestPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\terrorx.TestPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=login.TestFlowPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tlogin.TestFlowPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=settings.TestFlowPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tsettings.TestFlowPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=session.TestPersister\", func(t *testing.T) {\n\t\t\t\t// Don't run this in parallel on SQLite as it causes table locks.\n\t\t\t\tif name != \"sqlite\" {\n\t\t\t\t\tt.Parallel()\n\t\t\t\t}\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tsession.TestPersister(ctx, reg.Config(), p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=sessiontokenexchange.TestPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tsessiontokenexchange.TestPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=courier.TestPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tupsert, insert := sqltesthelpers.DefaultNetworkWrapper(p)\n\t\t\t\tcourier.TestPersister(ctx, upsert, insert)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=verification.TestFlowPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tverification.TestFlowPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=recovery.TestFlowPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\trecovery.TestFlowPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=link.TestPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tlink.TestPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=code.TestPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tcode.TestPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=continuity.TestPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tcontinuity.TestPersister(ctx, p)(t)\n\t\t\t})\n\t\t\tt.Run(\"contract=batch.TestPersister\", func(t *testing.T) {\n\t\t\t\tt.Parallel()\n\t\t\t\t_, reg := pkg.NewRegistryDefaultWithDSN(t, dsn)\n\t\t\t\t_, p := testhelpers.NewNetwork(t, ctx, reg.Persister())\n\t\t\t\tbatch.TestPersister(ctx, reg.Tracer(ctx), p)(t)\n\t\t\t})\n\t\t})\n\t}\n}\n\nfunc getErr(args ...interface{}) error {\n\tif len(args) == 0 {\n\t\treturn nil\n\t}\n\tlastArg := args[len(args)-1]\n\tif e, ok := lastArg.(error); ok {\n\t\treturn e\n\t}\n\treturn nil\n}\n\nfunc TestPersister_Transaction(t *testing.T) {\n\tt.Parallel()\n\n\t_, reg := pkg.NewFastRegistryWithMocks(t)\n\tp := reg.Persister()\n\n\tt.Run(\"case=should not create identity because callback returned error\", func(t *testing.T) {\n\t\ti := &ri.Identity{\n\t\t\tID: x.NewUUID(),\n\t\t\tState: ri.StateActive,\n\t\t\tTraits: ri.Traits(`{}`),\n\t\t}\n\t\terrMessage := \"failing because why not\"\n\t\terr := p.Transaction(context.Background(), func(_ context.Context, connection *pop.Connection) error {\n\t\t\trequire.NoError(t, connection.Create(i))\n\t\t\treturn errors.New(errMessage)\n\t\t})\n\t\trequire.Error(t, err)\n\t\tassert.Contains(t, err.Error(), errMessage)\n\t\t_, err = p.GetIdentity(context.Background(), i.ID, ri.ExpandNothing)\n\t\trequire.Error(t, err)\n\t\tassert.Equal(t, sqlcon.ErrNoRows.Error(), err.Error())\n\t})\n\n\tt.Run(\"case=functions should use the context connection\", func(t *testing.T) {\n\t\tc := p.GetConnection(context.Background())\n\t\terrMessage := \"some stupid error you can't debug\"\n\t\tlr := &lf.Flow{\n\t\t\tID: x.NewUUID(),\n\t\t}\n\t\terr := c.Transaction(func(tx *pop.Connection) error {\n\t\t\tctx := popx.WithTransaction(context.Background(), tx)\n\t\t\trequire.NoError(t, p.CreateLoginFlow(ctx, lr), \"%+v\", lr)\n\t\t\trequire.NoError(t, getErr(p.GetLoginFlow(ctx, lr.ID)), \"%+v\", lr)\n\t\t\treturn errors.New(errMessage)\n\t\t})\n\t\trequire.Error(t, err)\n\t\tassert.Contains(t, err.Error(), errMessage)\n\t\t_, err = p.GetLoginFlow(context.Background(), lr.ID)\n\t\trequire.Error(t, err)\n\t\tassert.Equal(t, sqlcon.ErrNoRows.Error(), err.Error())\n\t})\n}\n\nfunc Benchmark_BatchCreateIdentities(b *testing.B) {\n\tconns := createCleanDatabases(b)\n\tctx := context.Background()\n\tbatchSizes := []int{1, 10, 100, 500, 800, 900, 1000, 2000, 3000}\n\tparallelRequests := []int{1, 4, 8, 16}\n\n\tfor name, dsn := range conns {\n\t\t_, reg := pkg.NewRegistryDefaultWithDSN(b, dsn)\n\t\tb.Run(fmt.Sprintf(\"database=%s\", name), func(b *testing.B) {\n\t\t\tconf := reg.Config()\n\t\t\t_, p := testhelpers.NewNetwork(b, ctx, reg.Persister())\n\t\t\tmultipleEmailsSchema := schema.Schema{\n\t\t\t\tID: \"multiple_emails\",\n\t\t\t\tURL: urlx.ParseOrPanic(\"file://./stub/handler/multiple_emails.schema.json\"),\n\t\t\t\tRawURL: \"file://./stub/identity-2.schema.json\",\n\t\t\t}\n\t\t\tconf.MustSet(ctx, config.ViperKeyIdentitySchemas, []config.Schema{\n\t\t\t\t{\n\t\t\t\t\tID: multipleEmailsSchema.ID,\n\t\t\t\t\tURL: multipleEmailsSchema.RawURL,\n\t\t\t\t},\n\t\t\t})\n\t\t\tconf.MustSet(ctx, config.ViperKeyPublicBaseURL, \"http://localhost/\")\n\n\t\t\trun := 0\n\t\t\tfor _, batchSize := range batchSizes {\n\t\t\t\tb.Run(fmt.Sprintf(\"batch-size=%d\", batchSize), func(b *testing.B) {\n\t\t\t\t\tfor _, paralellism := range parallelRequests {\n\t\t\t\t\t\tb.Run(fmt.Sprintf(\"parallelism=%d\", paralellism), func(b *testing.B) {\n\t\t\t\t\t\t\tstart := time.Now()\n\t\t\t\t\t\t\tfor i := 0; i < b.N; i++ {\n\t\t\t\t\t\t\t\twg := new(errgroup.Group)\n\t\t\t\t\t\t\t\tfor paralell := 0; paralell < paralellism; paralell++ {\n\t\t\t\t\t\t\t\t\tparalell := paralell\n\t\t\t\t\t\t\t\t\twg.Go(func() error {\n\t\t\t\t\t\t\t\t\t\tidentities := make([]*ri.Identity, batchSize)\n\t\t\t\t\t\t\t\t\t\tprefix := fmt.Sprintf(\"bench-insert-run-%d\", run+paralell)\n\t\t\t\t\t\t\t\t\t\tfor j := range identities {\n\t\t\t\t\t\t\t\t\t\t\tidentities[j] = identity.NewTestIdentity(1, prefix, j)\n\t\t\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\t\t\treturn p.CreateIdentities(ctx, identities...)\n\t\t\t\t\t\t\t\t\t})\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tassert.NoError(b, wg.Wait())\n\t\t\t\t\t\t\t\trun += paralellism\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tend := time.Now()\n\t\t\t\t\t\t\tb.ReportMetric(float64(paralellism*batchSize*b.N), \"identites_created\")\n\t\t\t\t\t\t\tb.ReportMetric(float64(paralellism*batchSize*b.N)/end.Sub(start).Seconds(), \"identities/s\")\n\t\t\t\t\t\t})\n\t\t\t\t\t}\n\t\t\t\t})\n\t\t\t}\n\t\t})\n\t}\n}\n\nfunc newLocalTestCRDBServer(t testing.TB) string {\n\tts, err := testserver.NewTestServer(testserver.CustomVersionOpt(\"v25.4.1\"))\n\trequire.NoError(t, err)\n\tt.Cleanup(ts.Stop)\n\n\trequire.NoError(t, ts.WaitForInit())\n\n\tts.PGURL().Scheme = \"cockroach\"\n\treturn ts.PGURL().String()\n}\n" }, { "path": "persistence/sql/persister_transaction_helpers.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\n\t\"github.com/ory/x/popx\"\n\n\t\"github.com/ory/pop/v6\"\n)\n\nfunc (p *Persister) Transaction(ctx context.Context, callback func(ctx context.Context, connection *pop.Connection) error) error {\n\treturn popx.Transaction(ctx, p.c.WithContext(ctx), callback)\n}\n\nfunc (p *Persister) GetConnection(ctx context.Context) *pop.Connection {\n\treturn popx.GetConnection(ctx, p.c.WithContext(ctx))\n}\n" }, { "path": "persistence/sql/persister_verification.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/persistence/sql/update\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/strategy/link\"\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nvar _ verification.FlowPersister = new(Persister)\n\nfunc (p *Persister) CreateVerificationFlow(ctx context.Context, r *verification.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateVerificationFlow\")\n\tdefer otelx.End(span, &err)\n\n\tr.NID = p.NetworkID(ctx)\n\t// This should not create the request eagerly because otherwise we might accidentally create an address\n\t// that isn't supposed to be in the database.\n\treturn p.GetConnection(ctx).Create(r)\n}\n\nfunc (p *Persister) GetVerificationFlow(ctx context.Context, id uuid.UUID) (_ *verification.Flow, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.GetVerificationFlow\")\n\tdefer otelx.End(span, &err)\n\n\tvar r verification.Flow\n\tif err := p.GetConnection(ctx).Where(\"id = ? AND nid = ?\", id, p.NetworkID(ctx)).First(&r); err != nil {\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\n\treturn &r, nil\n}\n\nfunc (p *Persister) UpdateVerificationFlow(ctx context.Context, r *verification.Flow) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UpdateVerificationFlow\")\n\tdefer otelx.End(span, &err)\n\n\tcp := *r\n\tcp.NID = p.NetworkID(ctx)\n\treturn update.Generic(ctx, p.GetConnection(ctx), p.r.Tracer(ctx).Tracer(), cp)\n}\n\nfunc (p *Persister) CreateVerificationToken(ctx context.Context, token *link.VerificationToken) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateVerificationToken\")\n\tdefer otelx.End(span, &err)\n\n\tt := token.Token\n\ttoken.Token = p.hmacValue(ctx, t)\n\ttoken.NID = p.NetworkID(ctx)\n\n\t// This should not create the request eagerly because otherwise we might accidentally create an address that isn't\n\t// supposed to be in the database.\n\tif err := p.GetConnection(ctx).Create(token); err != nil {\n\t\treturn err\n\t}\n\ttoken.Token = t\n\treturn nil\n}\n\nfunc (p *Persister) UseVerificationToken(ctx context.Context, fID uuid.UUID, token string) (_ *link.VerificationToken, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UseVerificationToken\")\n\tdefer otelx.End(span, &err)\n\n\tvar rt link.VerificationToken\n\n\tnid := p.NetworkID(ctx)\n\tif err := sqlcon.HandleError(p.Transaction(ctx, func(ctx context.Context, tx *pop.Connection) (err error) {\n\t\tfor _, secret := range p.r.Config().SecretsSession(ctx) {\n\t\t\tif err = tx.Where(\"token = ? AND nid = ? AND NOT used AND selfservice_verification_flow_id = ?\", hmacValueWithSecret(token, secret), nid, fID).First(&rt); err != nil {\n\t\t\t\tif !errors.Is(sqlcon.HandleError(err), sqlcon.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvar va identity.VerifiableAddress\n\t\tif err := tx.Where(\"id = ? AND nid = ?\", rt.VerifiableAddressID, nid).First(&va); err != nil {\n\t\t\treturn sqlcon.HandleError(err)\n\t\t}\n\n\t\trt.VerifiableAddress = &va\n\n\t\t//#nosec G201 -- TableName is static\n\t\treturn tx.RawQuery(fmt.Sprintf(\"UPDATE %s SET used=true, used_at=? WHERE id=? AND nid = ?\", rt.TableName(ctx)), time.Now().UTC(), rt.ID, nid).Exec()\n\t})); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &rt, nil\n}\n\nfunc (p *Persister) DeleteVerificationToken(ctx context.Context, token string) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteVerificationToken\")\n\tdefer otelx.End(span, &err)\n\n\tnid := p.NetworkID(ctx)\n\t//#nosec G201 -- TableName is static\n\treturn p.GetConnection(ctx).RawQuery(fmt.Sprintf(\"DELETE FROM %s WHERE token=? AND nid = ?\", new(link.VerificationToken).TableName(ctx)), token, nid).Exec()\n}\n\nfunc (p *Persister) DeleteExpiredVerificationFlows(ctx context.Context, expiresAt time.Time, limit int) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteExpiredVerificationFlows\")\n\tdefer otelx.End(span, &err)\n\t//#nosec G201 -- TableName is static\n\terr = p.GetConnection(ctx).RawQuery(fmt.Sprintf(\n\t\t\"DELETE FROM %[1]s WHERE id in (SELECT id FROM (SELECT id FROM %[1]s c WHERE expires_at <= ? and nid = ? ORDER BY expires_at ASC LIMIT ?) AS s)\",\n\t\tverification.Flow{}.TableName(),\n\t),\n\t\texpiresAt,\n\t\tp.NetworkID(ctx),\n\t\tlimit,\n\t).Exec()\n\n\treturn sqlcon.HandleError(err)\n}\n" }, { "path": "persistence/sql/persister_verification_code.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage sql\n\nimport (\n\t\"context\"\n\t\"time\"\n\n\t\"github.com/gofrs/uuid\"\n\t\"github.com/pkg/errors\"\n\n\t\"github.com/ory/herodot\"\n\t\"github.com/ory/kratos/identity\"\n\t\"github.com/ory/kratos/selfservice/flow/verification\"\n\t\"github.com/ory/kratos/selfservice/strategy/code\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nfunc (p *Persister) CreateVerificationCode(ctx context.Context, params *code.CreateVerificationCodeParams) (_ *code.VerificationCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.CreateVerificationCode\")\n\tdefer otelx.End(span, &err)\n\n\tnow := time.Now().UTC()\n\tverificationCode := &code.VerificationCode{\n\t\tID: uuid.Nil,\n\t\tCodeHMAC: p.hmacValue(ctx, params.RawCode),\n\t\tExpiresAt: now.Add(params.ExpiresIn),\n\t\tIssuedAt: now,\n\t\tFlowID: params.FlowID,\n\t\tNID: p.NetworkID(ctx),\n\t}\n\n\tif params.VerifiableAddress == nil {\n\t\treturn nil, errors.WithStack(herodot.ErrNotFound.WithReason(\"can't create a verification code without a verifiable address\"))\n\t}\n\n\tverificationCode.VerifiableAddress = params.VerifiableAddress\n\tverificationCode.VerifiableAddressID = uuid.NullUUID{\n\t\tUUID: params.VerifiableAddress.ID,\n\t\tValid: true,\n\t}\n\n\t// This should not create the request eagerly because otherwise we might accidentally create an address that isn't\n\t// supposed to be in the database.\n\tif err := p.GetConnection(ctx).Create(verificationCode); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn verificationCode, nil\n}\n\nfunc (p *Persister) UseVerificationCode(ctx context.Context, flowID uuid.UUID, userProvidedCode string) (_ *code.VerificationCode, err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.UseVerificationCode\")\n\tdefer otelx.End(span, &err)\n\n\tcodeRow, err := useOneTimeCode[code.VerificationCode](ctx, p, flowID, userProvidedCode, verification.Flow{}.TableName(), \"selfservice_verification_flow_id\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar va identity.VerifiableAddress\n\tif err := p.Connection(ctx).Where(\"id = ? AND nid = ?\", codeRow.VerifiableAddressID, p.NetworkID(ctx)).First(&va); err != nil {\n\t\t// This should fail on not found errors too, because the verifiable address must exist for the flow to work.\n\t\treturn nil, sqlcon.HandleError(err)\n\t}\n\tcodeRow.VerifiableAddress = &va\n\n\treturn codeRow, nil\n}\n\nfunc (p *Persister) DeleteVerificationCodesOfFlow(ctx context.Context, fID uuid.UUID) (err error) {\n\tctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, \"persistence.sql.DeleteVerificationCodesOfFlow\")\n\tdefer otelx.End(span, &err)\n\n\treturn p.GetConnection(ctx).Where(\"selfservice_verification_flow_id = ? AND nid = ?\", fID, p.NetworkID(ctx)).Delete(&code.VerificationCode{})\n}\n" }, { "path": "persistence/sql/stub/expand.schema.json", "content": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"additionalProperties\": false,\n \"properties\": {\n \"traits\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"email\": {\n \"format\": \"email\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n },\n \"webauthn\": {\n \"identifier\": true\n },\n \"totp\": {\n \"account_name\": true\n }\n },\n \"recovery\": {\n \"via\": \"email\"\n },\n \"verification\": {\n \"via\": \"email\"\n }\n },\n \"title\": \"Email address\",\n \"type\": \"string\",\n \"maxLength\": 320\n },\n \"name\": {\n \"minLength\": 1,\n \"title\": \"Name\",\n \"type\": \"string\",\n \"maxLength\": 256\n }\n },\n \"required\": [\n \"email\",\n \"name\"\n ],\n \"type\": \"object\"\n }\n },\n \"title\": \"Person\",\n \"type\": \"object\"\n}\n" }, { "path": "persistence/sql/stub/identity-2.schema.json", "content": "{\n \"$id\": \"https://example.com/registration.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"bar\": {\n \"type\": \"string\"\n }\n }\n }\n }\n}\n" }, { "path": "persistence/sql/stub/identity.schema.json", "content": "{\n \"$id\": \"https://example.com/registration.schema.json\",\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"title\": \"Person\",\n \"type\": \"object\",\n \"properties\": {\n \"traits\": {\n \"type\": \"object\",\n \"properties\": {\n \"bar\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\",\n \"ory.sh/kratos\": {\n \"credentials\": {\n \"password\": {\n \"identifier\": true\n }\n }\n }\n }\n }\n }\n }\n}\n" }, { "path": "persistence/sql/testhelpers/network.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage testhelpers\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\tdb \"github.com/gofrs/uuid\"\n\n\tcourier \"github.com/ory/kratos/courier/test\"\n\t\"github.com/ory/kratos/persistence\"\n\t\"github.com/ory/kratos/pkg/testhelpers\"\n)\n\nfunc DefaultNetworkWrapper(p persistence.Persister) (courier.NetworkWrapper, courier.NetworkWrapper) {\n\treturn func(t *testing.T, ctx context.Context) (db.UUID, courier.PersisterWrapper) {\n\t\t\treturn testhelpers.NewNetworkUnlessExisting(t, ctx, p)\n\t\t}, func(t *testing.T, ctx context.Context) (db.UUID, courier.PersisterWrapper) {\n\t\t\treturn testhelpers.NewNetwork(t, ctx, p)\n\t\t}\n}\n" }, { "path": "persistence/sql/update/update.go", "content": "// Copyright © 2023 Ory Corp\n// SPDX-License-Identifier: Apache-2.0\n\npackage update\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/pkg/errors\"\n\t\"go.opentelemetry.io/otel/trace\"\n\n\t\"github.com/ory/pop/v6\"\n\t\"github.com/ory/pop/v6/columns\"\n\t\"github.com/ory/x/otelx\"\n\t\"github.com/ory/x/sqlcon\"\n)\n\nfunc Generic(ctx context.Context, c *pop.Connection, tracer trace.Tracer, v any, columnNames ...string) (err error) {\n\tctx, span := tracer.Start(ctx, \"persistence.sql.update\")\n\tdefer otelx.End(span, &err)\n\n\tquoter, ok := c.Dialect.(interface{ Quote(key string) string })\n\tif !ok {\n\t\treturn errors.Errorf(\"store is not a quoter: %T\", c.Store)\n\t}\n\n\tmodel := pop.NewModel(v, ctx)\n\ttn := model.TableName()\n\n\tcols := columns.Columns{}\n\tif len(columnNames) > 0 && tn == model.TableName() {\n\t\tcols = columns.NewColumnsWithAlias(tn, model.As, model.IDField())\n\t\tcols.Add(columnNames...)\n\t} else {\n\t\tcols = columns.ForStructWithAlias(v, tn, model.As, model.IDField())\n\t}\n\n\t//#nosec G201 -- TableName is static\n\tstmt := fmt.Sprintf(\"UPDATE %s AS %s SET %s WHERE (%s) AND %s.nid = :nid\",\n\t\tquoter.Quote(model.TableName()),\n\t\tmodel.Alias(),\n\t\tcols.Writeable().QuotedUpdateString(quoter),\n\t\tmodel.WhereNamedID(),\n\t\tmodel.Alias(),\n\t)\n\n\tif result, err := c.Store.NamedExecContext(ctx, stmt, v); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t} else if affected, err := result.RowsAffected(); err != nil {\n\t\treturn sqlcon.HandleError(err)\n\t} else if affected == 0 {\n\t\treturn errors.WithStack(sqlcon.ErrNoRows)\n\t}\n\n\treturn nil\n}\n" }, { "path": "pkg/client-go/.gitignore", "content": "# Compiled Object files, Static and Dynamic libs (Shared Objects)\n*.o\n*.a\n*.so\n\n# Folders\n_obj\n_test\n\n# Architecture specific extensions/prefixes\n*.[568vq]\n[568vq].out\n\n*.cgo1.go\n*.cgo2.c\n_cgo_defun.c\n_cgo_gotypes.go\n_cgo_export.*\n\n_testmain.go\n\n*.exe\n*.test\n*.prof\n" }, { "path": "pkg/client-go/.openapi-generator/FILES", "content": ".gitignore\n.openapi-generator-ignore\n.travis.yml\nREADME.md\napi/openapi.yaml\napi_courier.go\napi_frontend.go\napi_identity.go\napi_metadata.go\nclient.go\nconfiguration.go\ndocs/AuthenticatorAssuranceLevel.md\ndocs/BatchPatchIdentitiesResponse.md\ndocs/ConsistencyRequestParameters.md\ndocs/ContinueWith.md\ndocs/ContinueWithRecoveryUi.md\ndocs/ContinueWithRecoveryUiFlow.md\ndocs/ContinueWithRedirectBrowserTo.md\ndocs/ContinueWithSetOrySessionToken.md\ndocs/ContinueWithSettingsUi.md\ndocs/ContinueWithSettingsUiFlow.md\ndocs/ContinueWithVerificationUi.md\ndocs/ContinueWithVerificationUiFlow.md\ndocs/CourierAPI.md\ndocs/CourierMessageStatus.md\ndocs/CourierMessageType.md\ndocs/CreateFedcmFlowResponse.md\ndocs/CreateIdentityBody.md\ndocs/CreateRecoveryCodeForIdentityBody.md\ndocs/CreateRecoveryLinkForIdentityBody.md\ndocs/DeleteMySessionsCount.md\ndocs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md\ndocs/ErrorBrowserLocationChangeRequired.md\ndocs/ErrorFlowReplaced.md\ndocs/ErrorGeneric.md\ndocs/FlowError.md\ndocs/FrontendAPI.md\ndocs/GenericError.md\ndocs/GetVersion200Response.md\ndocs/HealthNotReadyStatus.md\ndocs/HealthStatus.md\ndocs/Identity.md\ndocs/IdentityAPI.md\ndocs/IdentityCredentials.md\ndocs/IdentityCredentialsCode.md\ndocs/IdentityCredentialsCodeAddress.md\ndocs/IdentityCredentialsOidc.md\ndocs/IdentityCredentialsOidcProvider.md\ndocs/IdentityCredentialsPassword.md\ndocs/IdentityPatch.md\ndocs/IdentityPatchResponse.md\ndocs/IdentitySchemaContainer.md\ndocs/IdentityWithCredentials.md\ndocs/IdentityWithCredentialsOidc.md\ndocs/IdentityWithCredentialsOidcConfig.md\ndocs/IdentityWithCredentialsOidcConfigProvider.md\ndocs/IdentityWithCredentialsPassword.md\ndocs/IdentityWithCredentialsPasswordConfig.md\ndocs/IdentityWithCredentialsSaml.md\ndocs/IdentityWithCredentialsSamlConfig.md\ndocs/IdentityWithCredentialsSamlConfigProvider.md\ndocs/IsAlive200Response.md\ndocs/IsReady503Response.md\ndocs/JsonPatch.md\ndocs/LoginFlow.md\ndocs/LoginFlowState.md\ndocs/LogoutFlow.md\ndocs/Message.md\ndocs/MessageDispatch.md\ndocs/MetadataAPI.md\ndocs/NeedsPrivilegedSessionError.md\ndocs/OAuth2Client.md\ndocs/OAuth2ConsentRequestOpenIDConnectContext.md\ndocs/OAuth2LoginRequest.md\ndocs/PatchIdentitiesBody.md\ndocs/PerformNativeLogoutBody.md\ndocs/Provider.md\ndocs/RecoveryCodeForIdentity.md\ndocs/RecoveryFlow.md\ndocs/RecoveryFlowState.md\ndocs/RecoveryIdentityAddress.md\ndocs/RecoveryLinkForIdentity.md\ndocs/RegistrationFlow.md\ndocs/RegistrationFlowState.md\ndocs/SelfServiceFlowExpiredError.md\ndocs/Session.md\ndocs/SessionAuthenticationMethod.md\ndocs/SessionDevice.md\ndocs/SettingsFlow.md\ndocs/SettingsFlowState.md\ndocs/SuccessfulCodeExchangeResponse.md\ndocs/SuccessfulNativeLogin.md\ndocs/SuccessfulNativeRegistration.md\ndocs/TokenPagination.md\ndocs/TokenPaginationHeaders.md\ndocs/UiContainer.md\ndocs/UiNode.md\ndocs/UiNodeAnchorAttributes.md\ndocs/UiNodeAttributes.md\ndocs/UiNodeDivisionAttributes.md\ndocs/UiNodeImageAttributes.md\ndocs/UiNodeInputAttributes.md\ndocs/UiNodeMeta.md\ndocs/UiNodeScriptAttributes.md\ndocs/UiNodeTextAttributes.md\ndocs/UiText.md\ndocs/UpdateFedcmFlowBody.md\ndocs/UpdateIdentityBody.md\ndocs/UpdateLoginFlowBody.md\ndocs/UpdateLoginFlowWithCodeMethod.md\ndocs/UpdateLoginFlowWithIdentifierFirstMethod.md\ndocs/UpdateLoginFlowWithLookupSecretMethod.md\ndocs/UpdateLoginFlowWithOidcMethod.md\ndocs/UpdateLoginFlowWithPasskeyMethod.md\ndocs/UpdateLoginFlowWithPasswordMethod.md\ndocs/UpdateLoginFlowWithSamlMethod.md\ndocs/UpdateLoginFlowWithTotpMethod.md\ndocs/UpdateLoginFlowWithWebAuthnMethod.md\ndocs/UpdateRecoveryFlowBody.md\ndocs/UpdateRecoveryFlowWithCodeMethod.md\ndocs/UpdateRecoveryFlowWithLinkMethod.md\ndocs/UpdateRegistrationFlowBody.md\ndocs/UpdateRegistrationFlowWithCodeMethod.md\ndocs/UpdateRegistrationFlowWithOidcMethod.md\ndocs/UpdateRegistrationFlowWithPasskeyMethod.md\ndocs/UpdateRegistrationFlowWithPasswordMethod.md\ndocs/UpdateRegistrationFlowWithProfileMethod.md\ndocs/UpdateRegistrationFlowWithSamlMethod.md\ndocs/UpdateRegistrationFlowWithWebAuthnMethod.md\ndocs/UpdateSettingsFlowBody.md\ndocs/UpdateSettingsFlowWithLookupMethod.md\ndocs/UpdateSettingsFlowWithOidcMethod.md\ndocs/UpdateSettingsFlowWithPasskeyMethod.md\ndocs/UpdateSettingsFlowWithPasswordMethod.md\ndocs/UpdateSettingsFlowWithProfileMethod.md\ndocs/UpdateSettingsFlowWithSamlMethod.md\ndocs/UpdateSettingsFlowWithTotpMethod.md\ndocs/UpdateSettingsFlowWithWebAuthnMethod.md\ndocs/UpdateVerificationFlowBody.md\ndocs/UpdateVerificationFlowWithCodeMethod.md\ndocs/UpdateVerificationFlowWithLinkMethod.md\ndocs/VerifiableIdentityAddress.md\ndocs/VerificationFlow.md\ndocs/VerificationFlowState.md\ndocs/Version.md\ngit_push.sh\ngo.mod\ngo.sum\nmodel_authenticator_assurance_level.go\nmodel_batch_patch_identities_response.go\nmodel_consistency_request_parameters.go\nmodel_continue_with.go\nmodel_continue_with_recovery_ui.go\nmodel_continue_with_recovery_ui_flow.go\nmodel_continue_with_redirect_browser_to.go\nmodel_continue_with_set_ory_session_token.go\nmodel_continue_with_settings_ui.go\nmodel_continue_with_settings_ui_flow.go\nmodel_continue_with_verification_ui.go\nmodel_continue_with_verification_ui_flow.go\nmodel_courier_message_status.go\nmodel_courier_message_type.go\nmodel_create_fedcm_flow_response.go\nmodel_create_identity_body.go\nmodel_create_recovery_code_for_identity_body.go\nmodel_create_recovery_link_for_identity_body.go\nmodel_delete_my_sessions_count.go\nmodel_error_authenticator_assurance_level_not_satisfied.go\nmodel_error_browser_location_change_required.go\nmodel_error_flow_replaced.go\nmodel_error_generic.go\nmodel_flow_error.go\nmodel_generic_error.go\nmodel_get_version_200_response.go\nmodel_health_not_ready_status.go\nmodel_health_status.go\nmodel_identity.go\nmodel_identity_credentials.go\nmodel_identity_credentials_code.go\nmodel_identity_credentials_code_address.go\nmodel_identity_credentials_oidc.go\nmodel_identity_credentials_oidc_provider.go\nmodel_identity_credentials_password.go\nmodel_identity_patch.go\nmodel_identity_patch_response.go\nmodel_identity_schema_container.go\nmodel_identity_with_credentials.go\nmodel_identity_with_credentials_oidc.go\nmodel_identity_with_credentials_oidc_config.go\nmodel_identity_with_credentials_oidc_config_provider.go\nmodel_identity_with_credentials_password.go\nmodel_identity_with_credentials_password_config.go\nmodel_identity_with_credentials_saml.go\nmodel_identity_with_credentials_saml_config.go\nmodel_identity_with_credentials_saml_config_provider.go\nmodel_is_alive_200_response.go\nmodel_is_ready_503_response.go\nmodel_json_patch.go\nmodel_login_flow.go\nmodel_login_flow_state.go\nmodel_logout_flow.go\nmodel_message.go\nmodel_message_dispatch.go\nmodel_needs_privileged_session_error.go\nmodel_o_auth2_client.go\nmodel_o_auth2_consent_request_open_id_connect_context.go\nmodel_o_auth2_login_request.go\nmodel_patch_identities_body.go\nmodel_perform_native_logout_body.go\nmodel_provider.go\nmodel_recovery_code_for_identity.go\nmodel_recovery_flow.go\nmodel_recovery_flow_state.go\nmodel_recovery_identity_address.go\nmodel_recovery_link_for_identity.go\nmodel_registration_flow.go\nmodel_registration_flow_state.go\nmodel_self_service_flow_expired_error.go\nmodel_session.go\nmodel_session_authentication_method.go\nmodel_session_device.go\nmodel_settings_flow.go\nmodel_settings_flow_state.go\nmodel_successful_code_exchange_response.go\nmodel_successful_native_login.go\nmodel_successful_native_registration.go\nmodel_token_pagination.go\nmodel_token_pagination_headers.go\nmodel_ui_container.go\nmodel_ui_node.go\nmodel_ui_node_anchor_attributes.go\nmodel_ui_node_attributes.go\nmodel_ui_node_division_attributes.go\nmodel_ui_node_image_attributes.go\nmodel_ui_node_input_attributes.go\nmodel_ui_node_meta.go\nmodel_ui_node_script_attributes.go\nmodel_ui_node_text_attributes.go\nmodel_ui_text.go\nmodel_update_fedcm_flow_body.go\nmodel_update_identity_body.go\nmodel_update_login_flow_body.go\nmodel_update_login_flow_with_code_method.go\nmodel_update_login_flow_with_identifier_first_method.go\nmodel_update_login_flow_with_lookup_secret_method.go\nmodel_update_login_flow_with_oidc_method.go\nmodel_update_login_flow_with_passkey_method.go\nmodel_update_login_flow_with_password_method.go\nmodel_update_login_flow_with_saml_method.go\nmodel_update_login_flow_with_totp_method.go\nmodel_update_login_flow_with_web_authn_method.go\nmodel_update_recovery_flow_body.go\nmodel_update_recovery_flow_with_code_method.go\nmodel_update_recovery_flow_with_link_method.go\nmodel_update_registration_flow_body.go\nmodel_update_registration_flow_with_code_method.go\nmodel_update_registration_flow_with_oidc_method.go\nmodel_update_registration_flow_with_passkey_method.go\nmodel_update_registration_flow_with_password_method.go\nmodel_update_registration_flow_with_profile_method.go\nmodel_update_registration_flow_with_saml_method.go\nmodel_update_registration_flow_with_web_authn_method.go\nmodel_update_settings_flow_body.go\nmodel_update_settings_flow_with_lookup_method.go\nmodel_update_settings_flow_with_oidc_method.go\nmodel_update_settings_flow_with_passkey_method.go\nmodel_update_settings_flow_with_password_method.go\nmodel_update_settings_flow_with_profile_method.go\nmodel_update_settings_flow_with_saml_method.go\nmodel_update_settings_flow_with_totp_method.go\nmodel_update_settings_flow_with_web_authn_method.go\nmodel_update_verification_flow_body.go\nmodel_update_verification_flow_with_code_method.go\nmodel_update_verification_flow_with_link_method.go\nmodel_verifiable_identity_address.go\nmodel_verification_flow.go\nmodel_verification_flow_state.go\nmodel_version.go\nresponse.go\ntest/api_courier_test.go\ntest/api_frontend_test.go\ntest/api_identity_test.go\ntest/api_metadata_test.go\nutils.go\n" }, { "path": "pkg/client-go/.openapi-generator/VERSION", "content": "7.12.0\n" }, { "path": "pkg/client-go/.openapi-generator-ignore", "content": "# OpenAPI Generator Ignore\n# Generated by openapi-generator https://github.com/openapitools/openapi-generator\n\n# Use this file to prevent files from being overwritten by the generator.\n# The patterns follow closely to .gitignore or .dockerignore.\n\n# As an example, the C# client generator defines ApiClient.cs.\n# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:\n#ApiClient.cs\n\n# You can match any string of characters against a directory, file or extension with a single asterisk (*):\n#foo/*/qux\n# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux\n\n# You can recursively match patterns against a directory, file or extension with a double asterisk (**):\n#foo/**/qux\n# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux\n\n# You can also negate patterns with an exclamation (!).\n# For example, you can ignore all files in a docs folder with the file extension .md:\n#docs/*.md\n# Then explicitly reverse the ignore rule for a single file:\n#!docs/README.md\n" }, { "path": "pkg/client-go/.travis.yml", "content": "language: go\n\ninstall:\n - go get -d -v .\n\nscript:\n - go build -v ./\n\n" }, { "path": "pkg/client-go/README.md", "content": "# Go API client for client\n\nThis is the API specification for Ory Identities with features such as registration, login, recovery, account verification, profile settings, password reset, identity management, session management, email and sms delivery, and more.\n\n\n## Overview\nThis API client was generated by the [OpenAPI Generator](https://openapi-generator.tech) project. By using the [OpenAPI-spec](https://www.openapis.org/) from a remote server, you can easily generate an API client.\n\n- API version: \n- Package version: 1.0.0\n- Generator version: 7.12.0\n- Build package: org.openapitools.codegen.languages.GoClientCodegen\n\n## Installation\n\nInstall the following dependencies:\n\n```sh\ngo get github.com/stretchr/testify/assert\ngo get golang.org/x/net/context\n```\n\nPut the package under your project folder and add the following in import:\n\n```go\nimport client \"github.com/ory/client-go\"\n```\n\nTo use a proxy, set the environment variable `HTTP_PROXY`:\n\n```go\nos.Setenv(\"HTTP_PROXY\", \"http://proxy_name:proxy_port\")\n```\n\n## Configuration of Server URL\n\nDefault configuration comes with `Servers` field that contains server objects as defined in the OpenAPI specification.\n\n### Select Server Configuration\n\nFor using other server than the one defined on index 0 set context value `client.ContextServerIndex` of type `int`.\n\n```go\nctx := context.WithValue(context.Background(), client.ContextServerIndex, 1)\n```\n\n### Templated Server URL\n\nTemplated server URL is formatted using default variables from configuration or from context value `client.ContextServerVariables` of type `map[string]string`.\n\n```go\nctx := context.WithValue(context.Background(), client.ContextServerVariables, map[string]string{\n\t\"basePath\": \"v2\",\n})\n```\n\nNote, enum values are always validated and all unused variables are silently ignored.\n\n### URLs Configuration per Operation\n\nEach operation can use different server URL defined using `OperationServers` map in the `Configuration`.\nAn operation is uniquely identified by `\"{classname}Service.{nickname}\"` string.\nSimilar rules for overriding default operation server index and variables applies by using `client.ContextOperationServerIndices` and `client.ContextOperationServerVariables` context maps.\n\n```go\nctx := context.WithValue(context.Background(), client.ContextOperationServerIndices, map[string]int{\n\t\"{classname}Service.{nickname}\": 2,\n})\nctx = context.WithValue(context.Background(), client.ContextOperationServerVariables, map[string]map[string]string{\n\t\"{classname}Service.{nickname}\": {\n\t\t\"port\": \"8443\",\n\t},\n})\n```\n\n## Documentation for API Endpoints\n\nAll URIs are relative to *http://localhost*\n\nClass | Method | HTTP request | Description\n------------ | ------------- | ------------- | -------------\n*CourierAPI* | [**GetCourierMessage**](docs/CourierAPI.md#getcouriermessage) | **Get** /admin/courier/messages/{id} | Get a Message\n*CourierAPI* | [**ListCourierMessages**](docs/CourierAPI.md#listcouriermessages) | **Get** /admin/courier/messages | List Messages\n*FrontendAPI* | [**CreateBrowserLoginFlow**](docs/FrontendAPI.md#createbrowserloginflow) | **Get** /self-service/login/browser | Create Login Flow for Browsers\n*FrontendAPI* | [**CreateBrowserLogoutFlow**](docs/FrontendAPI.md#createbrowserlogoutflow) | **Get** /self-service/logout/browser | Create a Logout URL for Browsers\n*FrontendAPI* | [**CreateBrowserRecoveryFlow**](docs/FrontendAPI.md#createbrowserrecoveryflow) | **Get** /self-service/recovery/browser | Create Recovery Flow for Browsers\n*FrontendAPI* | [**CreateBrowserRegistrationFlow**](docs/FrontendAPI.md#createbrowserregistrationflow) | **Get** /self-service/registration/browser | Create Registration Flow for Browsers\n*FrontendAPI* | [**CreateBrowserSettingsFlow**](docs/FrontendAPI.md#createbrowsersettingsflow) | **Get** /self-service/settings/browser | Create Settings Flow for Browsers\n*FrontendAPI* | [**CreateBrowserVerificationFlow**](docs/FrontendAPI.md#createbrowserverificationflow) | **Get** /self-service/verification/browser | Create Verification Flow for Browser Clients\n*FrontendAPI* | [**CreateFedcmFlow**](docs/FrontendAPI.md#createfedcmflow) | **Get** /self-service/fed-cm/parameters | Get FedCM Parameters\n*FrontendAPI* | [**CreateNativeLoginFlow**](docs/FrontendAPI.md#createnativeloginflow) | **Get** /self-service/login/api | Create Login Flow for Native Apps\n*FrontendAPI* | [**CreateNativeRecoveryFlow**](docs/FrontendAPI.md#createnativerecoveryflow) | **Get** /self-service/recovery/api | Create Recovery Flow for Native Apps\n*FrontendAPI* | [**CreateNativeRegistrationFlow**](docs/FrontendAPI.md#createnativeregistrationflow) | **Get** /self-service/registration/api | Create Registration Flow for Native Apps\n*FrontendAPI* | [**CreateNativeSettingsFlow**](docs/FrontendAPI.md#createnativesettingsflow) | **Get** /self-service/settings/api | Create Settings Flow for Native Apps\n*FrontendAPI* | [**CreateNativeVerificationFlow**](docs/FrontendAPI.md#createnativeverificationflow) | **Get** /self-service/verification/api | Create Verification Flow for Native Apps\n*FrontendAPI* | [**DisableMyOtherSessions**](docs/FrontendAPI.md#disablemyothersessions) | **Delete** /sessions | Disable my other sessions\n*FrontendAPI* | [**DisableMySession**](docs/FrontendAPI.md#disablemysession) | **Delete** /sessions/{id} | Disable one of my sessions\n*FrontendAPI* | [**ExchangeSessionToken**](docs/FrontendAPI.md#exchangesessiontoken) | **Get** /sessions/token-exchange | Exchange Session Token\n*FrontendAPI* | [**GetFlowError**](docs/FrontendAPI.md#getflowerror) | **Get** /self-service/errors | Get User-Flow Errors\n*FrontendAPI* | [**GetLoginFlow**](docs/FrontendAPI.md#getloginflow) | **Get** /self-service/login/flows | Get Login Flow\n*FrontendAPI* | [**GetRecoveryFlow**](docs/FrontendAPI.md#getrecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow\n*FrontendAPI* | [**GetRegistrationFlow**](docs/FrontendAPI.md#getregistrationflow) | **Get** /self-service/registration/flows | Get Registration Flow\n*FrontendAPI* | [**GetSettingsFlow**](docs/FrontendAPI.md#getsettingsflow) | **Get** /self-service/settings/flows | Get Settings Flow\n*FrontendAPI* | [**GetVerificationFlow**](docs/FrontendAPI.md#getverificationflow) | **Get** /self-service/verification/flows | Get Verification Flow\n*FrontendAPI* | [**GetWebAuthnJavaScript**](docs/FrontendAPI.md#getwebauthnjavascript) | **Get** /.well-known/ory/webauthn.js | Get WebAuthn JavaScript\n*FrontendAPI* | [**ListMySessions**](docs/FrontendAPI.md#listmysessions) | **Get** /sessions | Get My Active Sessions\n*FrontendAPI* | [**PerformNativeLogout**](docs/FrontendAPI.md#performnativelogout) | **Delete** /self-service/logout/api | Perform Logout for Native Apps\n*FrontendAPI* | [**ToSession**](docs/FrontendAPI.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To\n*FrontendAPI* | [**UpdateFedcmFlow**](docs/FrontendAPI.md#updatefedcmflow) | **Post** /self-service/fed-cm/token | Submit a FedCM token\n*FrontendAPI* | [**UpdateLoginFlow**](docs/FrontendAPI.md#updateloginflow) | **Post** /self-service/login | Submit a Login Flow\n*FrontendAPI* | [**UpdateLogoutFlow**](docs/FrontendAPI.md#updatelogoutflow) | **Get** /self-service/logout | Update Logout Flow\n*FrontendAPI* | [**UpdateRecoveryFlow**](docs/FrontendAPI.md#updaterecoveryflow) | **Post** /self-service/recovery | Update Recovery Flow\n*FrontendAPI* | [**UpdateRegistrationFlow**](docs/FrontendAPI.md#updateregistrationflow) | **Post** /self-service/registration | Update Registration Flow\n*FrontendAPI* | [**UpdateSettingsFlow**](docs/FrontendAPI.md#updatesettingsflow) | **Post** /self-service/settings | Complete Settings Flow\n*FrontendAPI* | [**UpdateVerificationFlow**](docs/FrontendAPI.md#updateverificationflow) | **Post** /self-service/verification | Complete Verification Flow\n*IdentityAPI* | [**BatchPatchIdentities**](docs/IdentityAPI.md#batchpatchidentities) | **Patch** /admin/identities | Create multiple identities\n*IdentityAPI* | [**CreateIdentity**](docs/IdentityAPI.md#createidentity) | **Post** /admin/identities | Create an Identity\n*IdentityAPI* | [**CreateRecoveryCodeForIdentity**](docs/IdentityAPI.md#createrecoverycodeforidentity) | **Post** /admin/recovery/code | Create a Recovery Code\n*IdentityAPI* | [**CreateRecoveryLinkForIdentity**](docs/IdentityAPI.md#createrecoverylinkforidentity) | **Post** /admin/recovery/link | Create a Recovery Link\n*IdentityAPI* | [**DeleteIdentity**](docs/IdentityAPI.md#deleteidentity) | **Delete** /admin/identities/{id} | Delete an Identity\n*IdentityAPI* | [**DeleteIdentityCredentials**](docs/IdentityAPI.md#deleteidentitycredentials) | **Delete** /admin/identities/{id}/credentials/{type} | Delete a credential for a specific identity\n*IdentityAPI* | [**DeleteIdentitySessions**](docs/IdentityAPI.md#deleteidentitysessions) | **Delete** /admin/identities/{id}/sessions | Delete & Invalidate an Identity's Sessions\n*IdentityAPI* | [**DisableSession**](docs/IdentityAPI.md#disablesession) | **Delete** /admin/sessions/{id} | Deactivate a Session\n*IdentityAPI* | [**ExtendSession**](docs/IdentityAPI.md#extendsession) | **Patch** /admin/sessions/{id}/extend | Extend a Session\n*IdentityAPI* | [**GetIdentity**](docs/IdentityAPI.md#getidentity) | **Get** /admin/identities/{id} | Get an Identity\n*IdentityAPI* | [**GetIdentityByExternalID**](docs/IdentityAPI.md#getidentitybyexternalid) | **Get** /admin/identities/by/external/{externalID} | Get an Identity by its External ID\n*IdentityAPI* | [**GetIdentitySchema**](docs/IdentityAPI.md#getidentityschema) | **Get** /schemas/{id} | Get Identity JSON Schema\n*IdentityAPI* | [**GetSession**](docs/IdentityAPI.md#getsession) | **Get** /admin/sessions/{id} | Get Session\n*IdentityAPI* | [**ListIdentities**](docs/IdentityAPI.md#listidentities) | **Get** /admin/identities | List Identities\n*IdentityAPI* | [**ListIdentitySchemas**](docs/IdentityAPI.md#listidentityschemas) | **Get** /schemas | Get all Identity Schemas\n*IdentityAPI* | [**ListIdentitySessions**](docs/IdentityAPI.md#listidentitysessions) | **Get** /admin/identities/{id}/sessions | List an Identity's Sessions\n*IdentityAPI* | [**ListSessions**](docs/IdentityAPI.md#listsessions) | **Get** /admin/sessions | List All Sessions\n*IdentityAPI* | [**PatchIdentity**](docs/IdentityAPI.md#patchidentity) | **Patch** /admin/identities/{id} | Patch an Identity\n*IdentityAPI* | [**UpdateIdentity**](docs/IdentityAPI.md#updateidentity) | **Put** /admin/identities/{id} | Update an Identity\n*MetadataAPI* | [**GetVersion**](docs/MetadataAPI.md#getversion) | **Get** /version | Return Running Software Version.\n*MetadataAPI* | [**IsAlive**](docs/MetadataAPI.md#isalive) | **Get** /health/alive | Check HTTP Server Status\n*MetadataAPI* | [**IsReady**](docs/MetadataAPI.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status\n\n\n## Documentation For Models\n\n - [AuthenticatorAssuranceLevel](docs/AuthenticatorAssuranceLevel.md)\n - [BatchPatchIdentitiesResponse](docs/BatchPatchIdentitiesResponse.md)\n - [ConsistencyRequestParameters](docs/ConsistencyRequestParameters.md)\n - [ContinueWith](docs/ContinueWith.md)\n - [ContinueWithRecoveryUi](docs/ContinueWithRecoveryUi.md)\n - [ContinueWithRecoveryUiFlow](docs/ContinueWithRecoveryUiFlow.md)\n - [ContinueWithRedirectBrowserTo](docs/ContinueWithRedirectBrowserTo.md)\n - [ContinueWithSetOrySessionToken](docs/ContinueWithSetOrySessionToken.md)\n - [ContinueWithSettingsUi](docs/ContinueWithSettingsUi.md)\n - [ContinueWithSettingsUiFlow](docs/ContinueWithSettingsUiFlow.md)\n - [ContinueWithVerificationUi](docs/ContinueWithVerificationUi.md)\n - [ContinueWithVerificationUiFlow](docs/ContinueWithVerificationUiFlow.md)\n - [CourierMessageStatus](docs/CourierMessageStatus.md)\n - [CourierMessageType](docs/CourierMessageType.md)\n - [CreateFedcmFlowResponse](docs/CreateFedcmFlowResponse.md)\n - [CreateIdentityBody](docs/CreateIdentityBody.md)\n - [CreateRecoveryCodeForIdentityBody](docs/CreateRecoveryCodeForIdentityBody.md)\n - [CreateRecoveryLinkForIdentityBody](docs/CreateRecoveryLinkForIdentityBody.md)\n - [DeleteMySessionsCount](docs/DeleteMySessionsCount.md)\n - [ErrorAuthenticatorAssuranceLevelNotSatisfied](docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md)\n - [ErrorBrowserLocationChangeRequired](docs/ErrorBrowserLocationChangeRequired.md)\n - [ErrorFlowReplaced](docs/ErrorFlowReplaced.md)\n - [ErrorGeneric](docs/ErrorGeneric.md)\n - [FlowError](docs/FlowError.md)\n - [GenericError](docs/GenericError.md)\n - [GetVersion200Response](docs/GetVersion200Response.md)\n - [HealthNotReadyStatus](docs/HealthNotReadyStatus.md)\n - [HealthStatus](docs/HealthStatus.md)\n - [Identity](docs/Identity.md)\n - [IdentityCredentials](docs/IdentityCredentials.md)\n - [IdentityCredentialsCode](docs/IdentityCredentialsCode.md)\n - [IdentityCredentialsCodeAddress](docs/IdentityCredentialsCodeAddress.md)\n - [IdentityCredentialsOidc](docs/IdentityCredentialsOidc.md)\n - [IdentityCredentialsOidcProvider](docs/IdentityCredentialsOidcProvider.md)\n - [IdentityCredentialsPassword](docs/IdentityCredentialsPassword.md)\n - [IdentityPatch](docs/IdentityPatch.md)\n - [IdentityPatchResponse](docs/IdentityPatchResponse.md)\n - [IdentitySchemaContainer](docs/IdentitySchemaContainer.md)\n - [IdentityWithCredentials](docs/IdentityWithCredentials.md)\n - [IdentityWithCredentialsOidc](docs/IdentityWithCredentialsOidc.md)\n - [IdentityWithCredentialsOidcConfig](docs/IdentityWithCredentialsOidcConfig.md)\n - [IdentityWithCredentialsOidcConfigProvider](docs/IdentityWithCredentialsOidcConfigProvider.md)\n - [IdentityWithCredentialsPassword](docs/IdentityWithCredentialsPassword.md)\n - [IdentityWithCredentialsPasswordConfig](docs/IdentityWithCredentialsPasswordConfig.md)\n - [IdentityWithCredentialsSaml](docs/IdentityWithCredentialsSaml.md)\n - [IdentityWithCredentialsSamlConfig](docs/IdentityWithCredentialsSamlConfig.md)\n - [IdentityWithCredentialsSamlConfigProvider](docs/IdentityWithCredentialsSamlConfigProvider.md)\n - [IsAlive200Response](docs/IsAlive200Response.md)\n - [IsReady503Response](docs/IsReady503Response.md)\n - [JsonPatch](docs/JsonPatch.md)\n - [LoginFlow](docs/LoginFlow.md)\n - [LoginFlowState](docs/LoginFlowState.md)\n - [LogoutFlow](docs/LogoutFlow.md)\n - [Message](docs/Message.md)\n - [MessageDispatch](docs/MessageDispatch.md)\n - [NeedsPrivilegedSessionError](docs/NeedsPrivilegedSessionError.md)\n - [OAuth2Client](docs/OAuth2Client.md)\n - [OAuth2ConsentRequestOpenIDConnectContext](docs/OAuth2ConsentRequestOpenIDConnectContext.md)\n - [OAuth2LoginRequest](docs/OAuth2LoginRequest.md)\n - [PatchIdentitiesBody](docs/PatchIdentitiesBody.md)\n - [PerformNativeLogoutBody](docs/PerformNativeLogoutBody.md)\n - [Provider](docs/Provider.md)\n - [RecoveryCodeForIdentity](docs/RecoveryCodeForIdentity.md)\n - [RecoveryFlow](docs/RecoveryFlow.md)\n - [RecoveryFlowState](docs/RecoveryFlowState.md)\n - [RecoveryIdentityAddress](docs/RecoveryIdentityAddress.md)\n - [RecoveryLinkForIdentity](docs/RecoveryLinkForIdentity.md)\n - [RegistrationFlow](docs/RegistrationFlow.md)\n - [RegistrationFlowState](docs/RegistrationFlowState.md)\n - [SelfServiceFlowExpiredError](docs/SelfServiceFlowExpiredError.md)\n - [Session](docs/Session.md)\n - [SessionAuthenticationMethod](docs/SessionAuthenticationMethod.md)\n - [SessionDevice](docs/SessionDevice.md)\n - [SettingsFlow](docs/SettingsFlow.md)\n - [SettingsFlowState](docs/SettingsFlowState.md)\n - [SuccessfulCodeExchangeResponse](docs/SuccessfulCodeExchangeResponse.md)\n - [SuccessfulNativeLogin](docs/SuccessfulNativeLogin.md)\n - [SuccessfulNativeRegistration](docs/SuccessfulNativeRegistration.md)\n - [TokenPagination](docs/TokenPagination.md)\n - [TokenPaginationHeaders](docs/TokenPaginationHeaders.md)\n - [UiContainer](docs/UiContainer.md)\n - [UiNode](docs/UiNode.md)\n - [UiNodeAnchorAttributes](docs/UiNodeAnchorAttributes.md)\n - [UiNodeAttributes](docs/UiNodeAttributes.md)\n - [UiNodeDivisionAttributes](docs/UiNodeDivisionAttributes.md)\n - [UiNodeImageAttributes](docs/UiNodeImageAttributes.md)\n - [UiNodeInputAttributes](docs/UiNodeInputAttributes.md)\n - [UiNodeMeta](docs/UiNodeMeta.md)\n - [UiNodeScriptAttributes](docs/UiNodeScriptAttributes.md)\n - [UiNodeTextAttributes](docs/UiNodeTextAttributes.md)\n - [UiText](docs/UiText.md)\n - [UpdateFedcmFlowBody](docs/UpdateFedcmFlowBody.md)\n - [UpdateIdentityBody](docs/UpdateIdentityBody.md)\n - [UpdateLoginFlowBody](docs/UpdateLoginFlowBody.md)\n - [UpdateLoginFlowWithCodeMethod](docs/UpdateLoginFlowWithCodeMethod.md)\n - [UpdateLoginFlowWithIdentifierFirstMethod](docs/UpdateLoginFlowWithIdentifierFirstMethod.md)\n - [UpdateLoginFlowWithLookupSecretMethod](docs/UpdateLoginFlowWithLookupSecretMethod.md)\n - [UpdateLoginFlowWithOidcMethod](docs/UpdateLoginFlowWithOidcMethod.md)\n - [UpdateLoginFlowWithPasskeyMethod](docs/UpdateLoginFlowWithPasskeyMethod.md)\n - [UpdateLoginFlowWithPasswordMethod](docs/UpdateLoginFlowWithPasswordMethod.md)\n - [UpdateLoginFlowWithSamlMethod](docs/UpdateLoginFlowWithSamlMethod.md)\n - [UpdateLoginFlowWithTotpMethod](docs/UpdateLoginFlowWithTotpMethod.md)\n - [UpdateLoginFlowWithWebAuthnMethod](docs/UpdateLoginFlowWithWebAuthnMethod.md)\n - [UpdateRecoveryFlowBody](docs/UpdateRecoveryFlowBody.md)\n - [UpdateRecoveryFlowWithCodeMethod](docs/UpdateRecoveryFlowWithCodeMethod.md)\n - [UpdateRecoveryFlowWithLinkMethod](docs/UpdateRecoveryFlowWithLinkMethod.md)\n - [UpdateRegistrationFlowBody](docs/UpdateRegistrationFlowBody.md)\n - [UpdateRegistrationFlowWithCodeMethod](docs/UpdateRegistrationFlowWithCodeMethod.md)\n - [UpdateRegistrationFlowWithOidcMethod](docs/UpdateRegistrationFlowWithOidcMethod.md)\n - [UpdateRegistrationFlowWithPasskeyMethod](docs/UpdateRegistrationFlowWithPasskeyMethod.md)\n - [UpdateRegistrationFlowWithPasswordMethod](docs/UpdateRegistrationFlowWithPasswordMethod.md)\n - [UpdateRegistrationFlowWithProfileMethod](docs/UpdateRegistrationFlowWithProfileMethod.md)\n - [UpdateRegistrationFlowWithSamlMethod](docs/UpdateRegistrationFlowWithSamlMethod.md)\n - [UpdateRegistrationFlowWithWebAuthnMethod](docs/UpdateRegistrationFlowWithWebAuthnMethod.md)\n - [UpdateSettingsFlowBody](docs/UpdateSettingsFlowBody.md)\n - [UpdateSettingsFlowWithLookupMethod](docs/UpdateSettingsFlowWithLookupMethod.md)\n - [UpdateSettingsFlowWithOidcMethod](docs/UpdateSettingsFlowWithOidcMethod.md)\n - [UpdateSettingsFlowWithPasskeyMethod](docs/UpdateSettingsFlowWithPasskeyMethod.md)\n - [UpdateSettingsFlowWithPasswordMethod](docs/UpdateSettingsFlowWithPasswordMethod.md)\n - [UpdateSettingsFlowWithProfileMethod](docs/UpdateSettingsFlowWithProfileMethod.md)\n - [UpdateSettingsFlowWithSamlMethod](docs/UpdateSettingsFlowWithSamlMethod.md)\n - [UpdateSettingsFlowWithTotpMethod](docs/UpdateSettingsFlowWithTotpMethod.md)\n - [UpdateSettingsFlowWithWebAuthnMethod](docs/UpdateSettingsFlowWithWebAuthnMethod.md)\n - [UpdateVerificationFlowBody](docs/UpdateVerificationFlowBody.md)\n - [UpdateVerificationFlowWithCodeMethod](docs/UpdateVerificationFlowWithCodeMethod.md)\n - [UpdateVerificationFlowWithLinkMethod](docs/UpdateVerificationFlowWithLinkMethod.md)\n - [VerifiableIdentityAddress](docs/VerifiableIdentityAddress.md)\n - [VerificationFlow](docs/VerificationFlow.md)\n - [VerificationFlowState](docs/VerificationFlowState.md)\n - [Version](docs/Version.md)\n\n\n## Documentation For Authorization\n\n\nAuthentication schemes defined for the API:\n### oryAccessToken\n\n- **Type**: API key\n- **API key parameter name**: Authorization\n- **Location**: HTTP header\n\nNote, each API key must be added to a map of `map[string]APIKey` where the key is: oryAccessToken and passed in as the auth context for each request.\n\nExample\n\n```go\nauth := context.WithValue(\n\t\tcontext.Background(),\n\t\tclient.ContextAPIKeys,\n\t\tmap[string]client.APIKey{\n\t\t\t\"oryAccessToken\": {Key: \"API_KEY_STRING\"},\n\t\t},\n\t)\nr, err := client.Service.Operation(auth, args)\n```\n\n\n## Documentation for Utility Methods\n\nDue to the fact that model structure members are all pointers, this package contains\na number of utility functions to easily obtain pointers to values of basic types.\nEach of these functions takes a value of the given basic type and returns a pointer to it:\n\n* `PtrBool`\n* `PtrInt`\n* `PtrInt32`\n* `PtrInt64`\n* `PtrFloat`\n* `PtrFloat32`\n* `PtrFloat64`\n* `PtrString`\n* `PtrTime`\n\n## Author\n\noffice@ory.sh\n\n" }, { "path": "pkg/client-go/api_courier.go", "content": "/*\nOry Identities API\n\nThis is the API specification for Ory Identities with features such as registration, login, recovery, account verification, profile settings, password reset, identity management, session management, email and sms delivery, and more.\n\nAPI version:\nContact: office@ory.sh\n*/\n\n// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.\n\npackage client\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n)\n\ntype CourierAPI interface {\n\n\t/*\n\t\tGetCourierMessage Get a Message\n\n\t\tGets a specific messages by the given ID.\n\n\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t@param id MessageID is the ID of the message.\n\t\t@return CourierAPIGetCourierMessageRequest\n\t*/\n\tGetCourierMessage(ctx context.Context, id string) CourierAPIGetCourierMessageRequest\n\n\t// GetCourierMessageExecute executes the request\n\t// @return Message\n\tGetCourierMessageExecute(r CourierAPIGetCourierMessageRequest) (*Message, *http.Response, error)\n\n\t/*\n\t\tListCourierMessages List Messages\n\n\t\tLists all messages by given status and recipient.\n\n\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t@return CourierAPIListCourierMessagesRequest\n\t*/\n\tListCourierMessages(ctx context.Context) CourierAPIListCourierMessagesRequest\n\n\t// ListCourierMessagesExecute executes the request\n\t// @return []Message\n\tListCourierMessagesExecute(r CourierAPIListCourierMessagesRequest) ([]Message, *http.Response, error)\n}\n\n// CourierAPIService CourierAPI service\ntype CourierAPIService service\n\ntype CourierAPIGetCourierMessageRequest struct {\n\tctx context.Context\n\tApiService CourierAPI\n\tid string\n}\n\nfunc (r CourierAPIGetCourierMessageRequest) Execute() (*Message, *http.Response, error) {\n\treturn r.ApiService.GetCourierMessageExecute(r)\n}\n\n/*\nGetCourierMessage Get a Message\n\nGets a specific messages by the given ID.\n\n\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t@param id MessageID is the ID of the message.\n\t@return CourierAPIGetCourierMessageRequest\n*/\nfunc (a *CourierAPIService) GetCourierMessage(ctx context.Context, id string) CourierAPIGetCourierMessageRequest {\n\treturn CourierAPIGetCourierMessageRequest{\n\t\tApiService: a,\n\t\tctx: ctx,\n\t\tid: id,\n\t}\n}\n\n// Execute executes the request\n//\n//\t@return Message\nfunc (a *CourierAPIService) GetCourierMessageExecute(r CourierAPIGetCourierMessageRequest) (*Message, *http.Response, error) {\n\tvar (\n\t\tlocalVarHTTPMethod = http.MethodGet\n\t\tlocalVarPostBody interface{}\n\t\tformFiles []formFile\n\t\tlocalVarReturnValue *Message\n\t)\n\n\tlocalBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, \"CourierAPIService.GetCourierMessage\")\n\tif err != nil {\n\t\treturn localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}\n\t}\n\n\tlocalVarPath := localBasePath + \"/admin/courier/messages/{id}\"\n\tlocalVarPath = strings.Replace(localVarPath, \"{\"+\"id\"+\"}\", url.PathEscape(parameterValueToString(r.id, \"id\")), -1)\n\n\tlocalVarHeaderParams := make(map[string]string)\n\tlocalVarQueryParams := url.Values{}\n\tlocalVarFormParams := url.Values{}\n\n\t// to determine the Content-Type header\n\tlocalVarHTTPContentTypes := []string{}\n\n\t// set Content-Type header\n\tlocalVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)\n\tif localVarHTTPContentType != \"\" {\n\t\tlocalVarHeaderParams[\"Content-Type\"] = localVarHTTPContentType\n\t}\n\n\t// to determine the Accept header\n\tlocalVarHTTPHeaderAccepts := []string{\"application/json\"}\n\n\t// set Accept header\n\tlocalVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)\n\tif localVarHTTPHeaderAccept != \"\" {\n\t\tlocalVarHeaderParams[\"Accept\"] = localVarHTTPHeaderAccept\n\t}\n\tif r.ctx != nil {\n\t\t// API Key Authentication\n\t\tif auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {\n\t\t\tif apiKey, ok := auth[\"oryAccessToken\"]; ok {\n\t\t\t\tvar key string\n\t\t\t\tif apiKey.Prefix != \"\" {\n\t\t\t\t\tkey = apiKey.Prefix + \" \" + apiKey.Key\n\t\t\t\t} else {\n\t\t\t\t\tkey = apiKey.Key\n\t\t\t\t}\n\t\t\t\tlocalVarHeaderParams[\"Authorization\"] = key\n\t\t\t}\n\t\t}\n\t}\n\treq, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)\n\tif err != nil {\n\t\treturn localVarReturnValue, nil, err\n\t}\n\n\tlocalVarHTTPResponse, err := a.client.callAPI(req)\n\tif err != nil || localVarHTTPResponse == nil {\n\t\treturn localVarReturnValue, localVarHTTPResponse, err\n\t}\n\n\tlocalVarBody, err := io.ReadAll(localVarHTTPResponse.Body)\n\tlocalVarHTTPResponse.Body.Close()\n\tlocalVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))\n\tif err != nil {\n\t\treturn localVarReturnValue, localVarHTTPResponse, err\n\t}\n\n\tif localVarHTTPResponse.StatusCode >= 300 {\n\t\tnewErr := &GenericOpenAPIError{\n\t\t\tbody: localVarBody,\n\t\t\terror: localVarHTTPResponse.Status,\n\t\t}\n\t\tif localVarHTTPResponse.StatusCode == 400 {\n\t\t\tvar v ErrorGeneric\n\t\t\terr = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get(\"Content-Type\"))\n\t\t\tif err != nil {\n\t\t\t\tnewErr.error = err.Error()\n\t\t\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t\t\t}\n\t\t\tnewErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)\n\t\t\tnewErr.model = v\n\t\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t\t}\n\t\tvar v ErrorGeneric\n\t\terr = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get(\"Content-Type\"))\n\t\tif err != nil {\n\t\t\tnewErr.error = err.Error()\n\t\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t\t}\n\t\tnewErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)\n\t\tnewErr.model = v\n\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t}\n\n\terr = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get(\"Content-Type\"))\n\tif err != nil {\n\t\tnewErr := &GenericOpenAPIError{\n\t\t\tbody: localVarBody,\n\t\t\terror: err.Error(),\n\t\t}\n\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t}\n\n\treturn localVarReturnValue, localVarHTTPResponse, nil\n}\n\ntype CourierAPIListCourierMessagesRequest struct {\n\tctx context.Context\n\tApiService CourierAPI\n\tpageSize *int64\n\tpageToken *string\n\tstatus *CourierMessageStatus\n\trecipient *string\n}\n\n// Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\nfunc (r CourierAPIListCourierMessagesRequest) PageSize(pageSize int64) CourierAPIListCourierMessagesRequest {\n\tr.pageSize = &pageSize\n\treturn r\n}\n\n// Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\nfunc (r CourierAPIListCourierMessagesRequest) PageToken(pageToken string) CourierAPIListCourierMessagesRequest {\n\tr.pageToken = &pageToken\n\treturn r\n}\n\n// Status filters out messages based on status. If no value is provided, it doesn't take effect on filter.\nfunc (r CourierAPIListCourierMessagesRequest) Status(status CourierMessageStatus) CourierAPIListCourierMessagesRequest {\n\tr.status = &status\n\treturn r\n}\n\n// Recipient filters out messages based on recipient. If no value is provided, it doesn't take effect on filter.\nfunc (r CourierAPIListCourierMessagesRequest) Recipient(recipient string) CourierAPIListCourierMessagesRequest {\n\tr.recipient = &recipient\n\treturn r\n}\n\nfunc (r CourierAPIListCourierMessagesRequest) Execute() ([]Message, *http.Response, error) {\n\treturn r.ApiService.ListCourierMessagesExecute(r)\n}\n\n/*\nListCourierMessages List Messages\n\nLists all messages by given status and recipient.\n\n\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t@return CourierAPIListCourierMessagesRequest\n*/\nfunc (a *CourierAPIService) ListCourierMessages(ctx context.Context) CourierAPIListCourierMessagesRequest {\n\treturn CourierAPIListCourierMessagesRequest{\n\t\tApiService: a,\n\t\tctx: ctx,\n\t}\n}\n\n// Execute executes the request\n//\n//\t@return []Message\nfunc (a *CourierAPIService) ListCourierMessagesExecute(r CourierAPIListCourierMessagesRequest) ([]Message, *http.Response, error) {\n\tvar (\n\t\tlocalVarHTTPMethod = http.MethodGet\n\t\tlocalVarPostBody interface{}\n\t\tformFiles []formFile\n\t\tlocalVarReturnValue []Message\n\t)\n\n\tlocalBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, \"CourierAPIService.ListCourierMessages\")\n\tif err != nil {\n\t\treturn localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}\n\t}\n\n\tlocalVarPath := localBasePath + \"/admin/courier/messages\"\n\n\tlocalVarHeaderParams := make(map[string]string)\n\tlocalVarQueryParams := url.Values{}\n\tlocalVarFormParams := url.Values{}\n\n\tif r.pageSize != nil {\n\t\tparameterAddToHeaderOrQuery(localVarQueryParams, \"page_size\", r.pageSize, \"form\", \"\")\n\t} else {\n\t\tvar defaultValue int64 = 250\n\t\tr.pageSize = &defaultValue\n\t}\n\tif r.pageToken != nil {\n\t\tparameterAddToHeaderOrQuery(localVarQueryParams, \"page_token\", r.pageToken, \"form\", \"\")\n\t}\n\tif r.status != nil {\n\t\tparameterAddToHeaderOrQuery(localVarQueryParams, \"status\", r.status, \"form\", \"\")\n\t}\n\tif r.recipient != nil {\n\t\tparameterAddToHeaderOrQuery(localVarQueryParams, \"recipient\", r.recipient, \"form\", \"\")\n\t}\n\t// to determine the Content-Type header\n\tlocalVarHTTPContentTypes := []string{}\n\n\t// set Content-Type header\n\tlocalVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)\n\tif localVarHTTPContentType != \"\" {\n\t\tlocalVarHeaderParams[\"Content-Type\"] = localVarHTTPContentType\n\t}\n\n\t// to determine the Accept header\n\tlocalVarHTTPHeaderAccepts := []string{\"application/json\"}\n\n\t// set Accept header\n\tlocalVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)\n\tif localVarHTTPHeaderAccept != \"\" {\n\t\tlocalVarHeaderParams[\"Accept\"] = localVarHTTPHeaderAccept\n\t}\n\tif r.ctx != nil {\n\t\t// API Key Authentication\n\t\tif auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {\n\t\t\tif apiKey, ok := auth[\"oryAccessToken\"]; ok {\n\t\t\t\tvar key string\n\t\t\t\tif apiKey.Prefix != \"\" {\n\t\t\t\t\tkey = apiKey.Prefix + \" \" + apiKey.Key\n\t\t\t\t} else {\n\t\t\t\t\tkey = apiKey.Key\n\t\t\t\t}\n\t\t\t\tlocalVarHeaderParams[\"Authorization\"] = key\n\t\t\t}\n\t\t}\n\t}\n\treq, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)\n\tif err != nil {\n\t\treturn localVarReturnValue, nil, err\n\t}\n\n\tlocalVarHTTPResponse, err := a.client.callAPI(req)\n\tif err != nil || localVarHTTPResponse == nil {\n\t\treturn localVarReturnValue, localVarHTTPResponse, err\n\t}\n\n\tlocalVarBody, err := io.ReadAll(localVarHTTPResponse.Body)\n\tlocalVarHTTPResponse.Body.Close()\n\tlocalVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))\n\tif err != nil {\n\t\treturn localVarReturnValue, localVarHTTPResponse, err\n\t}\n\n\tif localVarHTTPResponse.StatusCode >= 300 {\n\t\tnewErr := &GenericOpenAPIError{\n\t\t\tbody: localVarBody,\n\t\t\terror: localVarHTTPResponse.Status,\n\t\t}\n\t\tif localVarHTTPResponse.StatusCode == 400 {\n\t\t\tvar v ErrorGeneric\n\t\t\terr = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get(\"Content-Type\"))\n\t\t\tif err != nil {\n\t\t\t\tnewErr.error = err.Error()\n\t\t\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t\t\t}\n\t\t\tnewErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)\n\t\t\tnewErr.model = v\n\t\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t\t}\n\t\tvar v ErrorGeneric\n\t\terr = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get(\"Content-Type\"))\n\t\tif err != nil {\n\t\t\tnewErr.error = err.Error()\n\t\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t\t}\n\t\tnewErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)\n\t\tnewErr.model = v\n\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t}\n\n\terr = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get(\"Content-Type\"))\n\tif err != nil {\n\t\tnewErr := &GenericOpenAPIError{\n\t\t\tbody: localVarBody,\n\t\t\terror: err.Error(),\n\t\t}\n\t\treturn localVarReturnValue, localVarHTTPResponse, newErr\n\t}\n\n\treturn localVarReturnValue, localVarHTTPResponse, nil\n}\n" }, { "path": "pkg/client-go/api_frontend.go", "content": "/*\nOry Identities API\n\nThis is the API specification for Ory Identities with features such as registration, login, recovery, account verification, profile settings, password reset, identity management, session management, email and sms delivery, and more.\n\nAPI version:\nContact: office@ory.sh\n*/\n\n// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.\n\npackage client\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n)\n\ntype FrontendAPI interface {\n\n\t/*\n\t\t\tCreateBrowserLoginFlow Create Login Flow for Browsers\n\n\t\t\tThis endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\n\t\tcookies and anti-CSRF measures required for browser-based flows.\n\n\t\tIf this endpoint is opened as a link in the browser, it will be redirected to\n\t\t`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\n\t\texists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n\t\t`?refresh=true` was set.\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\n\t\tcase of an error, the `error.id` of the JSON response body can be one of:\n\n\t\t`session_already_available`: The user is already signed in.\n\t\t`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n\t\t`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\t\t`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\n\t\tThe optional query parameter login_challenge is set when using Kratos with\n\t\tHydra in an OAuth2 flow. See the oauth2_provider.url configuration\n\t\toption.\n\n\t\tThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\n\t\tMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateBrowserLoginFlowRequest\n\t*/\n\tCreateBrowserLoginFlow(ctx context.Context) FrontendAPICreateBrowserLoginFlowRequest\n\n\t// CreateBrowserLoginFlowExecute executes the request\n\t// @return LoginFlow\n\tCreateBrowserLoginFlowExecute(r FrontendAPICreateBrowserLoginFlowRequest) (*LoginFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateBrowserLogoutFlow Create a Logout URL for Browsers\n\n\t\t\tThis endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.\n\n\t\tThis endpoint is NOT INTENDED for API clients and only works\n\t\twith browsers (Chrome, Firefox, ...). For API clients you can\n\t\tcall the `/self-service/logout/api` URL directly with the Ory Session Token.\n\n\t\tThe URL is only valid for the currently signed in user. If no user is signed in, this endpoint returns\n\t\ta 401 error.\n\n\t\tWhen calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateBrowserLogoutFlowRequest\n\t*/\n\tCreateBrowserLogoutFlow(ctx context.Context) FrontendAPICreateBrowserLogoutFlowRequest\n\n\t// CreateBrowserLogoutFlowExecute executes the request\n\t// @return LogoutFlow\n\tCreateBrowserLogoutFlowExecute(r FrontendAPICreateBrowserLogoutFlowRequest) (*LogoutFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateBrowserRecoveryFlow Create Recovery Flow for Browsers\n\n\t\t\tThis endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to\n\t\t`selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\n\t\texists, the browser is returned to the configured return URL.\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects\n\t\tor a 400 bad request error if the user is already authenticated.\n\n\t\tThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\n\t\tMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateBrowserRecoveryFlowRequest\n\t*/\n\tCreateBrowserRecoveryFlow(ctx context.Context) FrontendAPICreateBrowserRecoveryFlowRequest\n\n\t// CreateBrowserRecoveryFlowExecute executes the request\n\t// @return RecoveryFlow\n\tCreateBrowserRecoveryFlowExecute(r FrontendAPICreateBrowserRecoveryFlowRequest) (*RecoveryFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateBrowserRegistrationFlow Create Registration Flow for Browsers\n\n\t\t\tThis endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate\n\t\tcookies and anti-CSRF measures required for browser-based flows.\n\n\t\tIf this endpoint is opened as a link in the browser, it will be redirected to\n\t\t`selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\n\t\texists already, the browser will be redirected to `urls.default_redirect_url`.\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\n\t\tcase of an error, the `error.id` of the JSON response body can be one of:\n\n\t\t`session_already_available`: The user is already signed in.\n\t\t`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\t\t`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.\n\n\t\tThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\n\t\tMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateBrowserRegistrationFlowRequest\n\t*/\n\tCreateBrowserRegistrationFlow(ctx context.Context) FrontendAPICreateBrowserRegistrationFlowRequest\n\n\t// CreateBrowserRegistrationFlowExecute executes the request\n\t// @return RegistrationFlow\n\tCreateBrowserRegistrationFlowExecute(r FrontendAPICreateBrowserRegistrationFlowRequest) (*RegistrationFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateBrowserSettingsFlow Create Settings Flow for Browsers\n\n\t\t\tThis endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to\n\t\t`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid\n\t\tOry Kratos Session Cookie is included in the request, a login flow will be initialized.\n\n\t\tIf this endpoint is opened as a link in the browser, it will be redirected to\n\t\t`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid user session\n\t\twas set, the browser will be redirected to the login endpoint.\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the settings flow without any redirects\n\t\tor a 401 forbidden error if no valid session was set.\n\n\t\tDepending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator\n\t\tAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\n\t\tcredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\n\t\tto sign in with the second factor (happens automatically for server-side browser flows) or change the configuration.\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\n\t\tcase of an error, the `error.id` of the JSON response body can be one of:\n\n\t\t`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\t\t`session_inactive`: No Ory Session was found - sign in a user first.\n\t\t`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\n\t\tThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\n\t\tMore information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateBrowserSettingsFlowRequest\n\t*/\n\tCreateBrowserSettingsFlow(ctx context.Context) FrontendAPICreateBrowserSettingsFlowRequest\n\n\t// CreateBrowserSettingsFlowExecute executes the request\n\t// @return SettingsFlow\n\tCreateBrowserSettingsFlowExecute(r FrontendAPICreateBrowserSettingsFlowRequest) (*SettingsFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateBrowserVerificationFlow Create Verification Flow for Browser Clients\n\n\t\t\tThis endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to\n\t\t`selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.\n\n\t\tThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\n\n\t\tMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateBrowserVerificationFlowRequest\n\t*/\n\tCreateBrowserVerificationFlow(ctx context.Context) FrontendAPICreateBrowserVerificationFlowRequest\n\n\t// CreateBrowserVerificationFlowExecute executes the request\n\t// @return VerificationFlow\n\tCreateBrowserVerificationFlowExecute(r FrontendAPICreateBrowserVerificationFlowRequest) (*VerificationFlow, *http.Response, error)\n\n\t/*\n\t\tCreateFedcmFlow Get FedCM Parameters\n\n\t\tThis endpoint returns a list of all available FedCM providers. It is only supported on the Ory Network.\n\n\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t@return FrontendAPICreateFedcmFlowRequest\n\t*/\n\tCreateFedcmFlow(ctx context.Context) FrontendAPICreateFedcmFlowRequest\n\n\t// CreateFedcmFlowExecute executes the request\n\t// @return CreateFedcmFlowResponse\n\tCreateFedcmFlowExecute(r FrontendAPICreateFedcmFlowRequest) (*CreateFedcmFlowResponse, *http.Response, error)\n\n\t/*\n\t\t\tCreateNativeLoginFlow Create Login Flow for Native Apps\n\n\t\t\tThis endpoint initiates a login flow for native apps that do not use a browser, such as mobile devices, smart TVs, and so on.\n\n\t\tIf a valid provided session cookie or session token is provided, a 400 Bad Request error\n\t\twill be returned unless the URL query parameter `?refresh=true` is set.\n\n\t\tTo fetch an existing login flow call `/self-service/login/flows?flow=`.\n\n\t\tYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\n\t\tPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\n\t\tyou vulnerable to a variety of CSRF attacks, including CSRF login attacks.\n\n\t\tIn the case of an error, the `error.id` of the JSON response body can be one of:\n\n\t\t`session_already_available`: The user is already signed in.\n\t\t`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n\t\t`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\n\t\tThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\t\tMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateNativeLoginFlowRequest\n\t*/\n\tCreateNativeLoginFlow(ctx context.Context) FrontendAPICreateNativeLoginFlowRequest\n\n\t// CreateNativeLoginFlowExecute executes the request\n\t// @return LoginFlow\n\tCreateNativeLoginFlowExecute(r FrontendAPICreateNativeLoginFlowRequest) (*LoginFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateNativeRecoveryFlow Create Recovery Flow for Native Apps\n\n\t\t\tThis endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\n\t\tIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\n\t\tOn an existing recovery flow, use the `getRecoveryFlow` API endpoint.\n\n\t\tYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\n\t\tPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\n\t\tyou vulnerable to a variety of CSRF attacks.\n\n\t\tThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\t\tMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateNativeRecoveryFlowRequest\n\t*/\n\tCreateNativeRecoveryFlow(ctx context.Context) FrontendAPICreateNativeRecoveryFlowRequest\n\n\t// CreateNativeRecoveryFlowExecute executes the request\n\t// @return RecoveryFlow\n\tCreateNativeRecoveryFlowExecute(r FrontendAPICreateNativeRecoveryFlowRequest) (*RecoveryFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateNativeRegistrationFlow Create Registration Flow for Native Apps\n\n\t\t\tThis endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.\n\n\t\tIf a valid provided session cookie or session token is provided, a 400 Bad Request error\n\t\twill be returned unless the URL query parameter `?refresh=true` is set.\n\n\t\tTo fetch an existing registration flow call `/self-service/registration/flows?flow=`.\n\n\t\tYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\n\t\tPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\n\t\tyou vulnerable to a variety of CSRF attacks.\n\n\t\tIn the case of an error, the `error.id` of the JSON response body can be one of:\n\n\t\t`session_already_available`: The user is already signed in.\n\t\t`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\n\t\tThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\t\tMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateNativeRegistrationFlowRequest\n\t*/\n\tCreateNativeRegistrationFlow(ctx context.Context) FrontendAPICreateNativeRegistrationFlowRequest\n\n\t// CreateNativeRegistrationFlowExecute executes the request\n\t// @return RegistrationFlow\n\tCreateNativeRegistrationFlowExecute(r FrontendAPICreateNativeRegistrationFlowRequest) (*RegistrationFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateNativeSettingsFlow Create Settings Flow for Native Apps\n\n\t\t\tThis endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.\n\t\tYou must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.\n\n\t\tTo fetch an existing settings flow call `/self-service/settings/flows?flow=`.\n\n\t\tYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\n\t\tPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\n\t\tyou vulnerable to a variety of CSRF attacks.\n\n\t\tDepending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator\n\t\tAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\n\t\tcredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\n\t\tto sign in with the second factor or change the configuration.\n\n\t\tIn the case of an error, the `error.id` of the JSON response body can be one of:\n\n\t\t`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\t\t`session_inactive`: No Ory Session was found - sign in a user first.\n\n\t\tThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\t\tMore information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateNativeSettingsFlowRequest\n\t*/\n\tCreateNativeSettingsFlow(ctx context.Context) FrontendAPICreateNativeSettingsFlowRequest\n\n\t// CreateNativeSettingsFlowExecute executes the request\n\t// @return SettingsFlow\n\tCreateNativeSettingsFlowExecute(r FrontendAPICreateNativeSettingsFlowRequest) (*SettingsFlow, *http.Response, error)\n\n\t/*\n\t\t\tCreateNativeVerificationFlow Create Verification Flow for Native Apps\n\n\t\t\tThis endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\n\n\t\tTo fetch an existing verification flow call `/self-service/verification/flows?flow=`.\n\n\t\tYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\n\t\tPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\n\t\tyou vulnerable to a variety of CSRF attacks.\n\n\t\tThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\t\tMore information can be found at [Ory Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPICreateNativeVerificationFlowRequest\n\t*/\n\tCreateNativeVerificationFlow(ctx context.Context) FrontendAPICreateNativeVerificationFlowRequest\n\n\t// CreateNativeVerificationFlowExecute executes the request\n\t// @return VerificationFlow\n\tCreateNativeVerificationFlowExecute(r FrontendAPICreateNativeVerificationFlowRequest) (*VerificationFlow, *http.Response, error)\n\n\t/*\n\t\t\tDisableMyOtherSessions Disable my other sessions\n\n\t\t\tCalling this endpoint invalidates all except the current session that belong to the logged-in user.\n\t\tSession data are not deleted.\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPIDisableMyOtherSessionsRequest\n\t*/\n\tDisableMyOtherSessions(ctx context.Context) FrontendAPIDisableMyOtherSessionsRequest\n\n\t// DisableMyOtherSessionsExecute executes the request\n\t// @return DeleteMySessionsCount\n\tDisableMyOtherSessionsExecute(r FrontendAPIDisableMyOtherSessionsRequest) (*DeleteMySessionsCount, *http.Response, error)\n\n\t/*\n\t\t\tDisableMySession Disable one of my sessions\n\n\t\t\tCalling this endpoint invalidates the specified session. The current session cannot be revoked.\n\t\tSession data are not deleted.\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@param id ID is the session's ID.\n\t\t\t@return FrontendAPIDisableMySessionRequest\n\t*/\n\tDisableMySession(ctx context.Context, id string) FrontendAPIDisableMySessionRequest\n\n\t// DisableMySessionExecute executes the request\n\tDisableMySessionExecute(r FrontendAPIDisableMySessionRequest) (*http.Response, error)\n\n\t/*\n\t\tExchangeSessionToken Exchange Session Token\n\n\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t@return FrontendAPIExchangeSessionTokenRequest\n\t*/\n\tExchangeSessionToken(ctx context.Context) FrontendAPIExchangeSessionTokenRequest\n\n\t// ExchangeSessionTokenExecute executes the request\n\t// @return SuccessfulNativeLogin\n\tExchangeSessionTokenExecute(r FrontendAPIExchangeSessionTokenRequest) (*SuccessfulNativeLogin, *http.Response, error)\n\n\t/*\n\t\t\tGetFlowError Get User-Flow Errors\n\n\t\t\tThis endpoint returns the error associated with a user-facing self service errors.\n\n\t\tThis endpoint supports stub values to help you implement the error UI:\n\n\t\t`?id=stub:500` - returns a stub 500 (Internal Server Error) error.\n\n\t\tMore information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPIGetFlowErrorRequest\n\t*/\n\tGetFlowError(ctx context.Context) FrontendAPIGetFlowErrorRequest\n\n\t// GetFlowErrorExecute executes the request\n\t// @return FlowError\n\tGetFlowErrorExecute(r FrontendAPIGetFlowErrorRequest) (*FlowError, *http.Response, error)\n\n\t/*\n\t\t\tGetLoginFlow Get Login Flow\n\n\t\t\tThis endpoint returns a login flow's context with, for example, error details and other information.\n\n\t\tBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\n\t\tFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\n\t\tIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\n\t\tand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n\t\t```js\n\t\tpseudo-code example\n\t\trouter.get('/login', async function (req, res) {\n\t\tconst flow = await client.getLoginFlow(req.header('cookie'), req.query['flow'])\n\n\t\tres.render('login', flow)\n\t\t})\n\t\t```\n\n\t\tThis request may fail due to several reasons. The `error.id` can be one of:\n\n\t\t`session_already_available`: The user is already signed in.\n\t\t`self_service_flow_expired`: The flow is expired and you should request a new one.\n\n\t\tMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPIGetLoginFlowRequest\n\t*/\n\tGetLoginFlow(ctx context.Context) FrontendAPIGetLoginFlowRequest\n\n\t// GetLoginFlowExecute executes the request\n\t// @return LoginFlow\n\tGetLoginFlowExecute(r FrontendAPIGetLoginFlowRequest) (*LoginFlow, *http.Response, error)\n\n\t/*\n\t\t\tGetRecoveryFlow Get Recovery Flow\n\n\t\t\tThis endpoint returns a recovery flow's context with, for example, error details and other information.\n\n\t\tBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\n\t\tFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\n\t\tIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\n\t\tand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n\t\t```js\n\t\tpseudo-code example\n\t\trouter.get('/recovery', async function (req, res) {\n\t\tconst flow = await client.getRecoveryFlow(req.header('Cookie'), req.query['flow'])\n\n\t\tres.render('recovery', flow)\n\t\t})\n\t\t```\n\n\t\tMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPIGetRecoveryFlowRequest\n\t*/\n\tGetRecoveryFlow(ctx context.Context) FrontendAPIGetRecoveryFlowRequest\n\n\t// GetRecoveryFlowExecute executes the request\n\t// @return RecoveryFlow\n\tGetRecoveryFlowExecute(r FrontendAPIGetRecoveryFlowRequest) (*RecoveryFlow, *http.Response, error)\n\n\t/*\n\t\t\tGetRegistrationFlow Get Registration Flow\n\n\t\t\tThis endpoint returns a registration flow's context with, for example, error details and other information.\n\n\t\tBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\n\t\tFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\n\t\tIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\n\t\tand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n\t\t```js\n\t\tpseudo-code example\n\t\trouter.get('/registration', async function (req, res) {\n\t\tconst flow = await client.getRegistrationFlow(req.header('cookie'), req.query['flow'])\n\n\t\tres.render('registration', flow)\n\t\t})\n\t\t```\n\n\t\tThis request may fail due to several reasons. The `error.id` can be one of:\n\n\t\t`session_already_available`: The user is already signed in.\n\t\t`self_service_flow_expired`: The flow is expired and you should request a new one.\n\n\t\tMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPIGetRegistrationFlowRequest\n\t*/\n\tGetRegistrationFlow(ctx context.Context) FrontendAPIGetRegistrationFlowRequest\n\n\t// GetRegistrationFlowExecute executes the request\n\t// @return RegistrationFlow\n\tGetRegistrationFlowExecute(r FrontendAPIGetRegistrationFlowRequest) (*RegistrationFlow, *http.Response, error)\n\n\t/*\n\t\t\tGetSettingsFlow Get Settings Flow\n\n\t\t\tWhen accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie\n\t\tor the Ory Kratos Session Token are set.\n\n\t\tDepending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator\n\t\tAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\n\t\tcredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\n\t\tto sign in with the second factor or change the configuration.\n\n\t\tYou can access this endpoint without credentials when using Ory Kratos' Admin API.\n\n\t\tIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\n\t\tcase of an error, the `error.id` of the JSON response body can be one of:\n\n\t\t`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\t\t`session_inactive`: No Ory Session was found - sign in a user first.\n\t\t`security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other\n\t\tidentity logged in instead.\n\n\t\tMore information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPIGetSettingsFlowRequest\n\t*/\n\tGetSettingsFlow(ctx context.Context) FrontendAPIGetSettingsFlowRequest\n\n\t// GetSettingsFlowExecute executes the request\n\t// @return SettingsFlow\n\tGetSettingsFlowExecute(r FrontendAPIGetSettingsFlowRequest) (*SettingsFlow, *http.Response, error)\n\n\t/*\n\t\t\tGetVerificationFlow Get Verification Flow\n\n\t\t\tThis endpoint returns a verification flow's context with, for example, error details and other information.\n\n\t\tBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\n\t\tFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\n\t\tIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\n\t\tand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n\t\t```js\n\t\tpseudo-code example\n\t\trouter.get('/recovery', async function (req, res) {\n\t\tconst flow = await client.getVerificationFlow(req.header('cookie'), req.query['flow'])\n\n\t\tres.render('verification', flow)\n\t\t})\n\t\t```\n\n\t\tMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).\n\n\t\t\t@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().\n\t\t\t@return FrontendAPIGetVerificationFlowRequest\n\t*/\n\tGetVerificationFlow(ctx context.Context) FrontendAPIGetVerificationFlowRequest\n\n\t// GetVerificationFlowExecute executes the request\n\t// @return VerificationFlow\n\tGetVerificationFlowExecute(r FrontendAPIGetVerificationFlowRequest) (*VerificationFlow, *http.Response, error)\n\n\t/*\n\t\t\tGetWebAuthnJavaScript Get WebAuthn JavaScript\n\n\t\t\tThis endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.\n\n\t\tIf you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:\n\n\t\t```html\n\t\t