Implement OpenID Connect identity provider

3 files changed, 63 insertions, 0 deletions

diff --git a/db/migrate/20161209165216_create_doorkeeper_openid_connect_tables.rb b/db/migrate/20161209165216_create_doorkeeper_openid_connect_tables.rb
new file mode 100644
index 00000000000..e63d5927f86
--- /dev/null
+++ b/db/migrate/20161209165216_create_doorkeeper_openid_connect_tables.rb
@@ -0,0 +1,37 @@
+class CreateDoorkeeperOpenidConnectTables < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    create_table :oauth_openid_requests do |t|
+      t.integer :access_grant_id, null: false
+      t.string :nonce, null: false
+    end
+
+    if Gitlab::Database.postgresql?
+      # add foreign key without validation to avoid downtime on PostgreSQL,
+      # also see db/post_migrate/20170209140523_validate_foreign_keys_on_oauth_openid_requests.rb
+      execute %q{
+        ALTER TABLE "oauth_openid_requests"
+          ADD CONSTRAINT "fk_oauth_openid_requests_oauth_access_grants_access_grant_id"
+          FOREIGN KEY ("access_grant_id")
+          REFERENCES "oauth_access_grants" ("id")
+          NOT VALID;
+      }
+    else
+      execute %q{
+        ALTER TABLE oauth_openid_requests
+          ADD CONSTRAINT fk_oauth_openid_requests_oauth_access_grants_access_grant_id
+          FOREIGN KEY (access_grant_id)
+          REFERENCES oauth_access_grants (id);
+      }
+    end
+  end
+
+  def down
+    drop_table :oauth_openid_requests
+  end
+end
diff --git a/db/post_migrate/20170209140523_validate_foreign_keys_on_oauth_openid_requests.rb b/db/post_migrate/20170209140523_validate_foreign_keys_on_oauth_openid_requests.rb
new file mode 100644
index 00000000000..e206f9af636
--- /dev/null
+++ b/db/post_migrate/20170209140523_validate_foreign_keys_on_oauth_openid_requests.rb
@@ -0,0 +1,20 @@
+class ValidateForeignKeysOnOauthOpenidRequests < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    if Gitlab::Database.postgresql?
+      execute %q{
+        ALTER TABLE "oauth_openid_requests"
+          VALIDATE CONSTRAINT "fk_oauth_openid_requests_oauth_access_grants_access_grant_id";
+      }
+    end
+  end
+
+  def down
+    # noop
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 624cf9432d0..8984ab3aac1 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -878,6 +878,11 @@ ActiveRecord::Schema.define(version: 20170306170512) do
   add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type", using: :btree
   add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true, using: :btree
 
+  create_table "oauth_openid_requests", force: :cascade do |t|
+    t.integer "access_grant_id", null: false
+    t.string "nonce", null: false
+  end
+
   create_table "pages_domains", force: :cascade do |t|
     t.integer "project_id"
     t.text "certificate"
@@ -1374,6 +1379,7 @@ ActiveRecord::Schema.define(version: 20170306170512) do
   add_foreign_key "merge_request_metrics", "merge_requests", on_delete: :cascade
   add_foreign_key "merge_requests_closing_issues", "issues", on_delete: :cascade
   add_foreign_key "merge_requests_closing_issues", "merge_requests", on_delete: :cascade
+  add_foreign_key "oauth_openid_requests", "oauth_access_grants", column: "access_grant_id", name: "fk_oauth_openid_requests_oauth_access_grants_access_grant_id"
   add_foreign_key "personal_access_tokens", "users"
   add_foreign_key "project_authorizations", "projects", on_delete: :cascade
   add_foreign_key "project_authorizations", "users", on_delete: :cascade