From 1e16beeab7e12d9b3e6e46abb5c8783e2de042ce Mon Sep 17 00:00:00 2001 From: zepatrik Date: Mon, 18 Mar 2024 17:20:25 +0100 Subject: [PATCH 1/3] fix: drop trigram index on identifiers --- internal/client-go/go.sum | 1 + persistence/sql/identity/persister_identity.go | 12 +++--------- ...8143139000000_drop_identity_search_index.down.sql | 1 + ...0000_drop_identity_search_index.postgres.down.sql | 4 ++++ ...000000_drop_identity_search_index.postgres.up.sql | 1 + ...318143139000000_drop_identity_search_index.up.sql | 0 6 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql create mode 100644 persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.down.sql create mode 100644 persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.up.sql create mode 100644 persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.up.sql diff --git a/internal/client-go/go.sum b/internal/client-go/go.sum index c966c8ddfd0d..6cc3f5911d11 100644 --- a/internal/client-go/go.sum +++ b/internal/client-go/go.sum @@ -4,6 +4,7 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/persistence/sql/identity/persister_identity.go b/persistence/sql/identity/persister_identity.go index cdbd46427d38..2709968d5f0a 100644 --- a/persistence/sql/identity/persister_identity.go +++ b/persistence/sql/identity/persister_identity.go @@ -265,7 +265,7 @@ INNER JOIN identity_credentials AND identity_credentials.identity_credential_type_id = ( SELECT id FROM identity_credential_types - WHERE name = ? + WHERE name = ? ) WHERE identity_credentials.config ->> '%s' = ? AND identities.nid = ? @@ -824,14 +824,8 @@ func (p *IdentityPersister) ListIdentities(ctx context.Context, params identity. identifier := params.CredentialsIdentifier identifierOperator := "=" if identifier == "" && params.CredentialsIdentifierSimilar != "" { - identifier = params.CredentialsIdentifierSimilar - identifierOperator = "%" - switch con.Dialect.Name() { - case "postgres", "cockroach": - default: - identifier = "%" + identifier + "%" - identifierOperator = "LIKE" - } + identifier = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(params.CredentialsIdentifierSimilar, "\\", "\\\\"), "%", "\\%"), "_", "\\_") + "%" + identifierOperator = "LIKE" } if len(identifier) > 0 { diff --git a/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql new file mode 100644 index 000000000000..159cb60805d1 --- /dev/null +++ b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql @@ -0,0 +1 @@ +DROP INDEX identity_credential_identifiers_nid_identifier_gin; diff --git a/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.down.sql b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.down.sql new file mode 100644 index 000000000000..70d519fb44bc --- /dev/null +++ b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.down.sql @@ -0,0 +1,4 @@ +CREATE EXTENSION IF NOT EXISTS pg_trgm; +CREATE EXTENSION IF NOT EXISTS btree_gin; + +CREATE INDEX identity_credential_identifiers_nid_identifier_gin ON identity_credential_identifiers USING GIN (nid, identifier gin_trgm_ops); diff --git a/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.up.sql b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.up.sql new file mode 100644 index 000000000000..159cb60805d1 --- /dev/null +++ b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.postgres.up.sql @@ -0,0 +1 @@ +DROP INDEX identity_credential_identifiers_nid_identifier_gin; diff --git a/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.up.sql b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.up.sql new file mode 100644 index 000000000000..e69de29bb2d1 From abbcc9d2f9fb8a23619ed909e89b50ce5e4a9ca6 Mon Sep 17 00:00:00 2001 From: zepatrik Date: Thu, 21 Mar 2024 14:03:53 +0100 Subject: [PATCH 2/3] fix: remove invalid down migration --- .../sql/20240318143139000000_drop_identity_search_index.down.sql | 1 - 1 file changed, 1 deletion(-) diff --git a/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql index 159cb60805d1..e69de29bb2d1 100644 --- a/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql +++ b/persistence/sql/migrations/sql/20240318143139000000_drop_identity_search_index.down.sql @@ -1 +0,0 @@ -DROP INDEX identity_credential_identifiers_nid_identifier_gin; From 342660bdf4abed7c9fef1d5e4c00e326f0ec38dc Mon Sep 17 00:00:00 2001 From: zepatrik Date: Thu, 21 Mar 2024 15:56:27 +0100 Subject: [PATCH 3/3] chore: extract escape logic and add test --- .../sql/identity/persister_identity.go | 2 +- x/sql.go | 10 ++++++ x/sql_test.go | 34 +++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 x/sql.go create mode 100644 x/sql_test.go diff --git a/persistence/sql/identity/persister_identity.go b/persistence/sql/identity/persister_identity.go index 2709968d5f0a..8c001bc87e6e 100644 --- a/persistence/sql/identity/persister_identity.go +++ b/persistence/sql/identity/persister_identity.go @@ -824,7 +824,7 @@ func (p *IdentityPersister) ListIdentities(ctx context.Context, params identity. identifier := params.CredentialsIdentifier identifierOperator := "=" if identifier == "" && params.CredentialsIdentifierSimilar != "" { - identifier = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(params.CredentialsIdentifierSimilar, "\\", "\\\\"), "%", "\\%"), "_", "\\_") + "%" + identifier = x.EscapeLikePattern(params.CredentialsIdentifierSimilar) + "%" identifierOperator = "LIKE" } diff --git a/x/sql.go b/x/sql.go new file mode 100644 index 000000000000..3c9a1c181f86 --- /dev/null +++ b/x/sql.go @@ -0,0 +1,10 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package x + +import "strings" + +func EscapeLikePattern(s string) string { + return strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(s, "\\", "\\\\"), "%", "\\%"), "_", "\\_") +} diff --git a/x/sql_test.go b/x/sql_test.go new file mode 100644 index 000000000000..f8c523dc9e17 --- /dev/null +++ b/x/sql_test.go @@ -0,0 +1,34 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package x + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestEscapeLikePattern(t *testing.T) { + for name, tc := range map[string]struct { + input string + expected string + }{ + "empty": { + input: "", + expected: "", + }, + "no escape": { + input: "foo", + expected: "foo", + }, + "escape": { + input: "foo%bar_baz\\", + expected: "foo\\%bar\\_baz\\\\", + }, + } { + t.Run(name, func(t *testing.T) { + require.Equal(t, tc.expected, EscapeLikePattern(tc.input)) + }) + } +}