server/oauth2: fix OAuth2Grant/OAuth2Token client_id length

polarsource · Jan 2, 2025 · 886e814 · 886e814
1 parent dfb2f14
commit 886e814
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 2 deletions.
diff --git a/server/migrations/versions/2025-01-02-1558_raise_oauth2grant_oauth2token_client_id_.py b/server/migrations/versions/2025-01-02-1558_raise_oauth2grant_oauth2token_client_id_.py
@@ -0,0 +1,56 @@
+"""Raise OAuth2Grant/OAuth2Token.client_id length limit
+
+Revision ID: 6a6e872cbea5
+Revises: 7cb32fb2fc26
+Create Date: 2025-01-02 15:58:59.376742
+
+"""
+
+import sqlalchemy as sa
+from alembic import op
+
+# Polar Custom Imports
+
+# revision identifiers, used by Alembic.
+revision = "6a6e872cbea5"
+down_revision = "7cb32fb2fc26"
+branch_labels: tuple[str] | None = None
+depends_on: tuple[str] | None = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column(
+        "oauth2_grants",
+        "client_id",
+        existing_type=sa.VARCHAR(length=48),
+        type_=sa.String(length=52),
+        existing_nullable=False,
+    )
+    op.alter_column(
+        "oauth2_tokens",
+        "client_id",
+        existing_type=sa.VARCHAR(length=48),
+        type_=sa.String(length=52),
+        nullable=False,
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column(
+        "oauth2_tokens",
+        "client_id",
+        existing_type=sa.String(length=52),
+        type_=sa.VARCHAR(length=48),
+        nullable=True,
+    )
+    op.alter_column(
+        "oauth2_grants",
+        "client_id",
+        existing_type=sa.String(length=52),
+        type_=sa.VARCHAR(length=48),
+        existing_nullable=False,
+    )
+    # ### end Alembic commands ###
diff --git a/server/polar/models/oauth2_grant.py b/server/polar/models/oauth2_grant.py
@@ -15,7 +15,7 @@ class OAuth2Grant(RecordModel):
         UniqueConstraint("client_id", "organization_id"),
     )
 
-    client_id: Mapped[str] = mapped_column(String(48), nullable=False, index=True)
+    client_id: Mapped[str] = mapped_column(String(52), nullable=False, index=True)
     scope: Mapped[str] = mapped_column(Text, default="", nullable=False)
     user_id: Mapped[UUID | None] = mapped_column(
         Uuid,

diff --git a/server/polar/models/oauth2_token.py b/server/polar/models/oauth2_token.py
@@ -12,6 +12,7 @@
 class OAuth2Token(RecordModel, OAuth2TokenMixin, SubTypeModelMixin):
     __tablename__ = "oauth2_tokens"
 
+    client_id: Mapped[str] = mapped_column(String(52), nullable=False)
     nonce: Mapped[str | None] = mapped_column(String, index=True, nullable=True)
 
     @property

diff --git a/server/polar/oauth2/service/oauth2_token.py b/server/polar/oauth2/service/oauth2_token.py
@@ -95,7 +95,7 @@ async def revoke_leaked(
             recipients = [member.user.email for member in members]
 
         oauth2_client = await oauth2_client_service.get_by_client_id(
-            session, cast(str, oauth2_token.client_id)
+            session, oauth2_token.client_id
         )
         # The `if` statement handles the case where we might detect a leaked token
         # of a deleted client