mediawiki-extensions-OATHAuth/sql/tables.json
Taavi Väänänen 6ef3d2418a
Database-level support for multiple auth devices
This adds new database tables to support storing multiple authentication
factors for a single user. The current approach taken is to use a single
database row per 2fa method and key. The current module/key abstraction
will have to be updated to support having multiple module types for a
single user (for example for having a separate module for recovery
codes), but this patch does not address that and instead keeps the
existing limitations, however the needed updates for that should be
doable with this database schema.

I've decided to add a new table instead of modifying the existing
oathauth_users table. This is mainly because adding an auto_increment
column to the existing table would be difficult, but also allows us to
update the table definition to follow MW conventions (namely the column
name prefixes). I've also used the opportunity to normalize the device
types onto a separate table.

The migration stage variable is set to SCHEMA_COMPAT_NEW so that
third-party wikis can use update.php normally and don't have to adjust
anything. This means that it needs to be manually set to _OLD on
wmf-config before merging this patch.

Since we're already working with the database schema, this add a new,
currently unused column for the creation data, so that T242847 will not
require a new schema change.

Bug: T242031
Bug: T242847
Change-Id: I6aa69c089340434737b55201b80398708a70c355
2023-02-24 15:33:00 +02:00

79 lines
1.7 KiB
JSON

[
{
"name": "oathauth_types",
"comment": "Possible authentication device types",
"columns": [
{
"name": "oat_id",
"comment": "Unique ID of this device type",
"type": "integer",
"options": { "autoincrement": true, "notnull": false }
},
{
"name": "oat_name",
"comment": "Internal name of this device type, matching the keys of attributes.OATHAuth.Modules in extension.json",
"type": "binary",
"options": { "notnull": true, "length": 255 }
}
],
"indexes": [
{
"name": "oat_name",
"columns": [ "oat_name" ],
"unique": true
}
],
"pk": [ "oat_id" ]
},
{
"name": "oathauth_devices",
"comment": "Enrolled authentication devices",
"columns": [
{
"name": "oad_id",
"comment": "Unique ID of this authentication device",
"type": "integer",
"options": { "autoincrement": true, "notnull": false }
},
{
"name": "oad_user",
"comment": "User ID",
"type": "integer",
"options": { "notnull": true }
},
{
"name": "oad_type",
"comment": "Device type ID, references the oauthauth_types table",
"type": "integer",
"options": { "notnull": true }
},
{
"name": "oad_name",
"comment": "User-specified name of this device",
"type": "binary",
"options": { "notnull": false, "length": 255 }
},
{
"name": "oad_created",
"comment": "Timestamp when this authentication device was created",
"type": "mwtimestamp",
"options": { "notnull": false }
},
{
"name": "oad_data",
"comment": "Data",
"type": "blob",
"options": { "length": 65530, "notnull": false }
}
],
"indexes": [
{
"name": "oad_user",
"columns": [ "oad_user" ],
"unique": false
}
],
"pk": [ "oad_id" ]
}
]