Skip to content

Commit ee9234c

Browse files
committed
create schema on first use. fixes #9
1 parent 37e2498 commit ee9234c

File tree

2 files changed

+20
-17
lines changed

2 files changed

+20
-17
lines changed

README.md

Lines changed: 4 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -48,29 +48,16 @@ Then you need to copy config-templates/module_webauthn.php to your config direct
4848
Using storage
4949
-------------
5050

51-
You first need to setup the database.
51+
The database schema sets itself up on first use automatically. The schema can be
52+
found in the sources at src/WebAuthN/Store/Database.php (__construct).
5253

53-
Here is the initialization SQL script:
54+
If you want to trim down permissions for the database user, here is the minimal
55+
set of required permissions:
5456

5557
```sql
56-
CREATE TABLE credentials (
57-
creation_date TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
58-
user_id VARCHAR(80) NOT NULL,
59-
credentialId VARCHAR(500) NOT NULL,
60-
credential MEDIUMBLOB NOT NULL,
61-
algo INT DEFAULT NULL,
62-
signCounter INT NOT NULL,
63-
friendlyName VARCHAR(100) DEFAULT "Unnamed Token",
64-
UNIQUE (user_id,credentialId)
65-
);
6658

6759
GRANT SELECT,INSERT,UPDATE,DELETE ON ...credentials TO '...dbuser'@'1.2.3.4' IDENTIFIED BY '...dbpass';
6860

69-
CREATE TABLE userstatus (
70-
user_id VARCHAR(80) NOT NULL,
71-
fido2Status ENUM("FIDO2Disabled","FIDO2Enabled") NOT NULL DEFAULT "FIDO2Disabled",
72-
UNIQUE (user_id)
73-
);
7461

7562
GRANT SELECT ON ...userstatus TO '...dbuser'@'1.2.3.4' IDENTIFIED BY '...dbpass';
7663
```

src/WebAuthn/Store/Database.php

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,22 @@ public function __construct(array $config)
5454
parent::__construct($config);
5555
$this->config = $config;
5656
$this->db = \SimpleSAML\Database::getInstance(Configuration::loadFromArray($config));
57+
$this->db->write("SET sql_notes = 0"); // ignore the warning "already exists"
58+
$this->db->write("CREATE TABLE IF NOT EXISTS credentials (
59+
creation_date TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
60+
user_id VARCHAR(80) NOT NULL,
61+
credentialId VARCHAR(500) NOT NULL,
62+
credential MEDIUMBLOB NOT NULL,
63+
algo INT DEFAULT NULL,
64+
signCounter INT NOT NULL,
65+
friendlyName VARCHAR(100) DEFAULT 'Unnamed Token',
66+
UNIQUE (user_id,credentialId)
67+
);");
68+
$this->db->write("CREATE TABLE IF NOT EXISTS userstatus (
69+
user_id VARCHAR(80) NOT NULL,
70+
fido2Status ENUM('FIDO2Disabled','FIDO2Enabled') NOT NULL DEFAULT 'FIDO2Disabled',
71+
UNIQUE (user_id)
72+
);");
5773
}
5874

5975
/**

0 commit comments

Comments
 (0)