fix: OIDC finalization and refactoring

server/db/migrations/20230809022050_create_identity_provider_user.js

@@ -1,24 +0,0 @@
-module.exports.up = (knex) =>
-  knex.schema.createTable('identity_provider_user', (table) => {
-    /* Columns */
-
-    table.bigInteger('id').primary().defaultTo(knex.raw('next_id()'));
-    table.timestamp('created_at', true);
-    table.timestamp('updated_at', true);
-
-    table
-      .bigInteger('user_id')
-      .notNullable()
-      .references('id')
-      .inTable('user_account')
-      .onDelete('CASCADE');
-
-    table.text('issuer').notNullable();
-    table.text('sub').notNullable();
-
-    /* Indexes */
-
-    table.index('user_id');
-  });
-
-module.exports.down = (knex) => knex.schema.dropTable('identity_provider_user');

server/db/migrations/20230809022050_oidc_with_pkce_flow.js

@@ -0,0 +1,44 @@
+module.exports.up = async (knex) => {
+  await knex.schema.createTable('identity_provider_user', (table) => {
+    /* Columns */
+
+    table.bigInteger('id').primary().defaultTo(knex.raw('next_id()'));
+
+    table.bigInteger('user_id').notNullable();
+
+    table.text('issuer').notNullable();
+    table.text('sub').notNullable();
+
+    table.timestamp('created_at', true);
+    table.timestamp('updated_at', true);
+
+    /* Indexes */
+
+    table.unique(['issuer', 'sub']);
+    table.index('user_id');
+  });
+
+  await knex.schema.table('user_account', (table) => {
+    /* Columns */
+
+    table.boolean('is_sso').notNullable().default(false);
+
+    /* Modifications */
+
+    table.setNullable('password');
+  });
+
+  return knex.schema.alterTable('user_account', (table) => {
+    table.boolean('is_sso').notNullable().alter();
+  });
+};
+
+module.exports.down = async (knex) => {
+  await knex.schema.dropTable('identity_provider_user');
+
+  return knex.schema.table('user_account', (table) => {
+    table.dropColumn('is_sso');
+
+    table.dropNullable('password');
+  });
+};

server/db/migrations/20230809024146_all_null_password_field.js

@@ -1,11 +0,0 @@
-module.exports.up = async (knex) => {
-  return knex.schema.table('user_account', (table) => {
-    table.setNullable('password');
-  });
-};
-
-module.exports.down = async (knex) => {
-  return knex.schema.table('user_account', (table) => {
-    table.dropNullable('password');
-  });
-};

server/db/migrations/20230809025904_add_lock_to_user_account.js

@@ -1,11 +0,0 @@
-module.exports.up = async (knex) => {
-  return knex.schema.table('user_account', (table) => {
-    table.boolean('locked').default(false);
-  });
-};
-
-module.exports.down = async (knex) => {
-  return knex.schema.table('user_account', (table) => {
-    table.dropColumn('locked');
-  });
-};

server/db/seeds/default.js

@@ -3,6 +3,7 @@ const bcrypt = require('bcrypt');
 const buildData = () => {
   const data = {
     isAdmin: true,
+    isSso: false,
   };
 
   if (process.env.DEFAULT_ADMIN_PASSWORD) {