From fa79c73ffe5d4cc18b8ebba6784c8d4ec4a7787f Mon Sep 17 00:00:00 2001 From: "Donald F. Coffin" Date: Mon, 25 May 2026 17:56:41 -0400 Subject: [PATCH] fix(authserver): sync profile defects discovered after PR #125 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR #125 patched defects discovered while booting dev-mysql, but two of those patches needed to be propagated to other profiles to prevent the same bugs from biting elsewhere. Audit summarized at https://github.com/GreenButtonAlliance/OpenESPI-GreenButton-Java/issues/122 Patch 1 — prod profile flyway.target=2.0.0 application-prod.yml uses MySQL vendor migrations, which means a first deploy against a clean prod DB would hit the same V3 schema drift that #125 patched on dev-mysql ("Unknown column 'client_description'"). Added the same target=2.0.0 workaround with a pointer to #123. Will be removed once #123 lands. Patch 2 — H2 V1 UNIQUE on oauth2_registered_client.client_id H2 V1 schema had only PRIMARY KEY (id) on oauth2_registered_client, no unique constraint on client_id. Not blocking H2 boot today (H2's espi_application_info table doesn't declare an FK referencing it), but client_id is unique by OAuth2 semantics and MySQL/PostgreSQL V1 both enforce uniqueness. Added UNIQUE constraint and removed the now-redundant non-unique CREATE INDEX, mirroring the MySQL cleanup from #125. Audited but no change needed - HikariCP auto-commit (patch #6 from #125): dev-postgresql, local, prod, and docker all rely on the HikariCP default (true). The dev-mysql auto-commit: false was an outlier bug, not a shared default. - PostgreSQL V3 INSERT: PostgreSQL V1 already has the columns V3 targets (client_description, contact_*, scope, grant_types, response_types). Different drift pattern from MySQL — no target=2.0.0 workaround needed on dev-postgresql at this time. (V4-V6 drift TBD as part of #123.) Refs: #122 #123 #125 Co-Authored-By: Claude Opus 4.7 --- openespi-authserver/src/main/resources/application-prod.yml | 4 ++++ .../resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/openespi-authserver/src/main/resources/application-prod.yml b/openespi-authserver/src/main/resources/application-prod.yml index e54e3af7..44c474f7 100644 --- a/openespi-authserver/src/main/resources/application-prod.yml +++ b/openespi-authserver/src/main/resources/application-prod.yml @@ -93,6 +93,10 @@ spring: schemas: oauth2_authserver validate-on-migrate: true clean-disabled: true + # Skip V3+ pending ESPI 4.0 XSD-aligned schema repair (see issue #123). + # V1+V2 provide enough for OAuth2 grant + introspection; V3 onwards is + # seed/demo data that references columns missing from MySQL V1. + target: "2.0.0" # Logging Configuration - Production Levels logging: diff --git a/openespi-authserver/src/main/resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql b/openespi-authserver/src/main/resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql index bf0a1cc1..93dcdabc 100644 --- a/openespi-authserver/src/main/resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql +++ b/openespi-authserver/src/main/resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql @@ -64,7 +64,8 @@ CREATE TABLE oauth2_registered_client ( scopes varchar(1000) NOT NULL, client_settings varchar(2000) NOT NULL, token_settings varchar(2000) NOT NULL, - PRIMARY KEY (id) + PRIMARY KEY (id), + CONSTRAINT uk_oauth2_registered_client_client_id UNIQUE (client_id) ); -- ESPI Application Information mapping @@ -105,7 +106,6 @@ CREATE TABLE espi_application_info ( -- Create indexes for performance CREATE INDEX idx_oauth2_authorization_client_principal ON oauth2_authorization (registered_client_id, principal_name); -CREATE INDEX idx_oauth2_registered_client_id ON oauth2_registered_client (client_id); CREATE INDEX idx_espi_application_client_id ON espi_application_info (client_id); -- Insert sample data for local development