Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix External ID not set during DC Sync #3804

Merged
merged 1 commit into from
Oct 21, 2023

Conversation

BlackDex
Copy link
Collaborator

@BlackDex BlackDex commented Aug 27, 2023

While working on the fix for #3777 I realized the location where the external_id
is stored was wrong. It was stored in the users table, but it actually
should have been stored in the users_organizations table.

This will move the column to the right table. It will not move the
values of the external_id column, because if there are more
organizations, there is no way to really know which organization it is
linked to. Setups using the Directory Connector can clear the sync
cache, and sync again, that will store all the external_id values at
the right location.

Also changed the function to revoke,restore an org-user and set_external_id to return a boolean.
It will state if the value has been changed or not, and if not, we can
prevent a save call to the database.

The users table is not changed to remove the external_id column, thi
to prevent issue when users want to revert back to an earlier version
for some reason. We can do this after a few minor release i think.

Fixes #3777

@BlackDex BlackDex force-pushed the fix-3777 branch 2 times, most recently from 5fd9a10 to adeb23f Compare August 31, 2023 10:35
src/api/core/public.rs Outdated Show resolved Hide resolved
@BlackDex BlackDex force-pushed the fix-3777 branch 3 times, most recently from 58c79ab to e257192 Compare September 1, 2023 07:24
@BlackDex BlackDex marked this pull request as draft September 1, 2023 21:57
@BlackDex
Copy link
Collaborator Author

BlackDex commented Sep 1, 2023

Converted to a draft. I have the code fixed, but i need to do the SQL migrations and testing before this can be merged.

I'm moving the external_id into the user_org table.

@BlackDex BlackDex force-pushed the fix-3777 branch 2 times, most recently from 43e8eb6 to a5017aa Compare September 2, 2023 22:07
@BlackDex BlackDex marked this pull request as ready for review September 2, 2023 22:09
@BlackDex
Copy link
Collaborator Author

BlackDex commented Sep 5, 2023

The only thing i encountered is, that you can't revert back that easily after this PR has been merged to a previous version.
The reason is we have removed a column from the users table which causes an issue with older versions.

This makes me wonder what we should do here?
Leave the column there for a while, and create some tech-debt ticket/todo to remove it in the future say, x new minor release, or x date or something?

@dani-garcia what do you think?

@stefan0xC
Copy link
Contributor

Since we in general don't support downgrading I think we could remove the column the next release after the release with this PR (so if there should be an issue they can roll back to the latest working release). Provided that the next release fixes the armv6 issue which currently compels users to downgrade back to 1.29.1. Otherwise we should probably delay removing the column for another release (or warn affected users to use the -alpine images images instead because downgrading to a previous version - especially one without this change - might require a manual restore of the column).

@BlackDex
Copy link
Collaborator Author

BlackDex commented Sep 5, 2023

I agree, lets remove the deletion of the column for now.

@BlackDex BlackDex force-pushed the fix-3777 branch 3 times, most recently from bf2fdc8 to 6ae189e Compare October 8, 2023 13:11
While working on the fix I realised the location where the `external_id`
is stored was wrong. It was stored in the `users` table, but it actually
should have been stored in the `users_organizations` table.

This will move the column to the right table. It will not move the
values of the `external_id` column, because if there are more
organizations, there is no way to really know which organization it is
linked to. Setups using the Directory Connector can clear the sync
cache, and sync again, that will store all the `external_id` values at
the right location.

Also changed the function to revoke,restore an org-user and set_external_id to return a boolean.
It will state if the value has been changed or not, and if not, we can
prevent a `save` call to the database.

The `users` table is not changed to remove the `external_id` column, thi
to prevent issue when users want to revert back to an earlier version
for some reason. We can do this after a few minor release i think.

Fixes dani-garcia#3777
@dani-garcia dani-garcia merged commit 6822e44 into dani-garcia:main Oct 21, 2023
3 checks passed
@BlackDex BlackDex deleted the fix-3777 branch October 21, 2023 21:05
jayknyn pushed a commit to ayamsecure/secrets that referenced this pull request Oct 28, 2023
Fix External ID not set during DC Sync
arthurgeek referenced this pull request in arthurgeek/vaultwarden-fly-template Nov 12, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [vaultwarden/server](https://togithub.com/dani-garcia/vaultwarden) |
stage | minor | `1.29.2-alpine` -> `1.30.0-alpine` |

---

### Release Notes

<details>
<summary>dani-garcia/vaultwarden (vaultwarden/server)</summary>

###
[`v1.30.0`](https://togithub.com/dani-garcia/vaultwarden/releases/tag/1.30.0)

[Compare
Source](https://togithub.com/dani-garcia/vaultwarden/compare/1.29.2...1.30.0)

⚠️ **Note:** The WebSockets service for live sync has been integrated in
the main HTTP server, which means simpler proxy setups that don't
require a separate rule to redirect WS traffic to port 3012. Please
check the updated examples in the
[wiki](https://togithub.com/dani-garcia/vaultwarden/wiki/Proxy-examples).
It's recommended to migrate to this new setup as using the old server on
port 3012 is deprecated, won't receive new features and will be removed
in a future release.

#### Major changes and New Features

- Added `passkey` support, allowing the browser extensions to store and
use your `passkeys`, make sure the extension is updated to version
`2023.10.0` or newer for passkey support.
-   Updated web vault to 2023.10.0.
-   Fixed crashes in ARMv6 devices
- Fixed crashes when trying to create/edit a cipher in the mobile
applications.

#### What's Changed

- Update Rust and Crates by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3808](https://togithub.com/dani-garcia/vaultwarden/pull/3808)
- update web-vault to v2023.8.2 by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3821](https://togithub.com/dani-garcia/vaultwarden/pull/3821)
- Fix Login With Device without MasterPassword by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3831](https://togithub.com/dani-garcia/vaultwarden/pull/3831)
- Update GitHub Workflow by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3910](https://togithub.com/dani-garcia/vaultwarden/pull/3910)
- Fix arm builds by [@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3911](https://togithub.com/dani-garcia/vaultwarden/pull/3911)
- Fix typos by [@&#8203;tuhanayim](https://togithub.com/tuhanayim) in
[https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959)
- csp: rename anonaddy.com to addy.io by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3950](https://togithub.com/dani-garcia/vaultwarden/pull/3950)
- filter handlebars logs by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3859](https://togithub.com/dani-garcia/vaultwarden/pull/3859)
- Remove unnecessary variable clone by
[@&#8203;mvalois](https://togithub.com/mvalois) in
[https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981)
- README.md: Fix grammar nit by
[@&#8203;AndreasHGK](https://togithub.com/AndreasHGK) in
[https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965)
- Fix small issues by [@&#8203;BlackDex](https://togithub.com/BlackDex)
in
[https://github.com/dani-garcia/vaultwarden/pull/3964](https://togithub.com/dani-garcia/vaultwarden/pull/3964)
- Adds LastActive on /admin/users API route by
[@&#8203;mvalois](https://togithub.com/mvalois) in
[https://github.com/dani-garcia/vaultwarden/pull/3951](https://togithub.com/dani-garcia/vaultwarden/pull/3951)
- Reopen log file on SIGHUP by
[@&#8203;tobiasmboelz](https://togithub.com/tobiasmboelz) in
[https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909)
- Fix External ID not set during DC Sync by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3804](https://togithub.com/dani-garcia/vaultwarden/pull/3804)
- New config option disable email change by
[@&#8203;admav](https://togithub.com/admav) in
[https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986)
- 2FA Confirmation Code Email subject line change to fix triggering
Google spam blocker by
[@&#8203;aureateflux](https://togithub.com/aureateflux) in
[https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572)
- Implement cipher key encryption by
[@&#8203;dani-garcia](https://togithub.com/dani-garcia) in
[https://github.com/dani-garcia/vaultwarden/pull/3990](https://togithub.com/dani-garcia/vaultwarden/pull/3990)
- Container building changes by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3958](https://togithub.com/dani-garcia/vaultwarden/pull/3958)
- Fix issue with MariaDB/MySQL migrations by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3994](https://togithub.com/dani-garcia/vaultwarden/pull/3994)
- feat: Working passkeys storage by
[@&#8203;GeekCornerGH](https://togithub.com/GeekCornerGH) in
[https://github.com/dani-garcia/vaultwarden/pull/4025](https://togithub.com/dani-garcia/vaultwarden/pull/4025)
- ci: add trivy workflow by
[@&#8203;mightyBroccoli](https://togithub.com/mightyBroccoli) in
[https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997)
- Fix importing Bitwarden exports by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/4030](https://togithub.com/dani-garcia/vaultwarden/pull/4030)

#### New Contributors

- [@&#8203;tuhanayim](https://togithub.com/tuhanayim) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959)
- [@&#8203;mvalois](https://togithub.com/mvalois) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981)
- [@&#8203;AndreasHGK](https://togithub.com/AndreasHGK) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965)
- [@&#8203;tobiasmboelz](https://togithub.com/tobiasmboelz) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909)
- [@&#8203;admav](https://togithub.com/admav) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986)
- [@&#8203;aureateflux](https://togithub.com/aureateflux) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572)
- [@&#8203;mightyBroccoli](https://togithub.com/mightyBroccoli) made
their first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997)

**Full Changelog**:
dani-garcia/vaultwarden@1.29.2...1.30.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on saturday" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/arthurgeek/vaultwarden-fly-template).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
arthurgeek referenced this pull request in arthurgeek/vaultwarden-fly Nov 12, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [vaultwarden/server](https://togithub.com/dani-garcia/vaultwarden) |
stage | minor | `1.29.2-alpine` -> `1.30.0-alpine` |

---

### Release Notes

<details>
<summary>dani-garcia/vaultwarden (vaultwarden/server)</summary>

###
[`v1.30.0`](https://togithub.com/dani-garcia/vaultwarden/releases/tag/1.30.0)

[Compare
Source](https://togithub.com/dani-garcia/vaultwarden/compare/1.29.2...1.30.0)

⚠️ **Note:** The WebSockets service for live sync has been integrated in
the main HTTP server, which means simpler proxy setups that don't
require a separate rule to redirect WS traffic to port 3012. Please
check the updated examples in the
[wiki](https://togithub.com/dani-garcia/vaultwarden/wiki/Proxy-examples).
It's recommended to migrate to this new setup as using the old server on
port 3012 is deprecated, won't receive new features and will be removed
in a future release.

#### Major changes and New Features

- Added `passkey` support, allowing the browser extensions to store and
use your `passkeys`, make sure the extension is updated to version
`2023.10.0` or newer for passkey support.
-   Updated web vault to 2023.10.0.
-   Fixed crashes in ARMv6 devices
- Fixed crashes when trying to create/edit a cipher in the mobile
applications.

#### What's Changed

- Update Rust and Crates by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3808](https://togithub.com/dani-garcia/vaultwarden/pull/3808)
- update web-vault to v2023.8.2 by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3821](https://togithub.com/dani-garcia/vaultwarden/pull/3821)
- Fix Login With Device without MasterPassword by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3831](https://togithub.com/dani-garcia/vaultwarden/pull/3831)
- Update GitHub Workflow by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3910](https://togithub.com/dani-garcia/vaultwarden/pull/3910)
- Fix arm builds by [@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3911](https://togithub.com/dani-garcia/vaultwarden/pull/3911)
- Fix typos by [@&#8203;tuhanayim](https://togithub.com/tuhanayim) in
[https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959)
- csp: rename anonaddy.com to addy.io by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3950](https://togithub.com/dani-garcia/vaultwarden/pull/3950)
- filter handlebars logs by
[@&#8203;stefan0xC](https://togithub.com/stefan0xC) in
[https://github.com/dani-garcia/vaultwarden/pull/3859](https://togithub.com/dani-garcia/vaultwarden/pull/3859)
- Remove unnecessary variable clone by
[@&#8203;mvalois](https://togithub.com/mvalois) in
[https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981)
- README.md: Fix grammar nit by
[@&#8203;AndreasHGK](https://togithub.com/AndreasHGK) in
[https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965)
- Fix small issues by [@&#8203;BlackDex](https://togithub.com/BlackDex)
in
[https://github.com/dani-garcia/vaultwarden/pull/3964](https://togithub.com/dani-garcia/vaultwarden/pull/3964)
- Adds LastActive on /admin/users API route by
[@&#8203;mvalois](https://togithub.com/mvalois) in
[https://github.com/dani-garcia/vaultwarden/pull/3951](https://togithub.com/dani-garcia/vaultwarden/pull/3951)
- Reopen log file on SIGHUP by
[@&#8203;tobiasmboelz](https://togithub.com/tobiasmboelz) in
[https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909)
- Fix External ID not set during DC Sync by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3804](https://togithub.com/dani-garcia/vaultwarden/pull/3804)
- New config option disable email change by
[@&#8203;admav](https://togithub.com/admav) in
[https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986)
- 2FA Confirmation Code Email subject line change to fix triggering
Google spam blocker by
[@&#8203;aureateflux](https://togithub.com/aureateflux) in
[https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572)
- Implement cipher key encryption by
[@&#8203;dani-garcia](https://togithub.com/dani-garcia) in
[https://github.com/dani-garcia/vaultwarden/pull/3990](https://togithub.com/dani-garcia/vaultwarden/pull/3990)
- Container building changes by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3958](https://togithub.com/dani-garcia/vaultwarden/pull/3958)
- Fix issue with MariaDB/MySQL migrations by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/3994](https://togithub.com/dani-garcia/vaultwarden/pull/3994)
- feat: Working passkeys storage by
[@&#8203;GeekCornerGH](https://togithub.com/GeekCornerGH) in
[https://github.com/dani-garcia/vaultwarden/pull/4025](https://togithub.com/dani-garcia/vaultwarden/pull/4025)
- ci: add trivy workflow by
[@&#8203;mightyBroccoli](https://togithub.com/mightyBroccoli) in
[https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997)
- Fix importing Bitwarden exports by
[@&#8203;BlackDex](https://togithub.com/BlackDex) in
[https://github.com/dani-garcia/vaultwarden/pull/4030](https://togithub.com/dani-garcia/vaultwarden/pull/4030)

#### New Contributors

- [@&#8203;tuhanayim](https://togithub.com/tuhanayim) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959)
- [@&#8203;mvalois](https://togithub.com/mvalois) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981)
- [@&#8203;AndreasHGK](https://togithub.com/AndreasHGK) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965)
- [@&#8203;tobiasmboelz](https://togithub.com/tobiasmboelz) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909)
- [@&#8203;admav](https://togithub.com/admav) made their first
contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986)
- [@&#8203;aureateflux](https://togithub.com/aureateflux) made their
first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572)
- [@&#8203;mightyBroccoli](https://togithub.com/mightyBroccoli) made
their first contribution in
[https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997)

**Full Changelog**:
dani-garcia/vaultwarden@1.29.2...1.30.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on saturday" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/arthurgeek/vaultwarden-fly).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

No external user ID created when using bwdc and user already has an account
3 participants