From 49e216412ed7dc74046682efd74b6087c02f7f9f Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Tue, 4 Dec 2012 15:51:10 -0500
Subject: [PATCH] Added bootstrapped users set.

---
 .../resources/db/tables/database_tables.sql   |  4 ++
 .../db/tables/loading_temp_tables.sql         | 47 ++++++++++++
 .../resources/db/tables/security-schema.sql   |  6 +-
 .../src/main/resources/db/users.sql           | 72 +++++++++++--------
 .../src/main/webapp/WEB-INF/data-context.xml  |  1 +
 5 files changed, 98 insertions(+), 32 deletions(-)
 create mode 100644 openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql

diff --git a/openid-connect-server/src/main/resources/db/tables/database_tables.sql b/openid-connect-server/src/main/resources/db/tables/database_tables.sql
index 97ba71443..ce3a014d3 100644
--- a/openid-connect-server/src/main/resources/db/tables/database_tables.sql
+++ b/openid-connect-server/src/main/resources/db/tables/database_tables.sql
@@ -1,3 +1,7 @@
+--
+-- Tables for OIDC Server functionality.
+--
+
 CREATE TABLE IF NOT EXISTS access_token (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
 	token_value VARCHAR(4096),
diff --git a/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql b/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql
new file mode 100644
index 000000000..7cddadc2e
--- /dev/null
+++ b/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql
@@ -0,0 +1,47 @@
+--
+-- Temporary tables used during the bootstrapping process to safely load users and clients.
+-- These are not needed if you're not using the users.sql file to bootstrap the database.
+--
+
+CREATE TEMPORARY TABLE IF NOT EXISTS authorities_TEMP (
+      username varchar(50) not null,
+      authority varchar(50) not null,
+      constraint ix_authority_TEMP unique (username,authority));
+      
+CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP (
+      username varchar(50) not null primary key,
+      password varchar(50) not null,
+      enabled boolean not null);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP (
+	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
+	user_id VARCHAR(256),
+	preferred_username VARCHAR(256),
+	name VARCHAR(256),
+	given_name VARCHAR(256),
+	family_name VARCHAR(256),
+	middle_name VARCHAR(256),
+	nickname VARCHAR(256),
+	profile VARCHAR(256),
+	picture VARCHAR(256),
+	website VARCHAR(256),
+	email VARCHAR(256),
+	email_verified BOOLEAN,
+	gender VARCHAR(256),
+	zone_info VARCHAR(256),
+	locale VARCHAR(256),
+	phone_number VARCHAR(256),
+	address_id VARCHAR(256),
+	updated_time VARCHAR(256)
+);
+
+CREATE TEMPORARY TABLE IF NOT EXISTS address_TEMP (
+	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
+	formatted VARCHAR(256),
+	street_address VARCHAR(256),
+	locality VARCHAR(256),
+	region VARCHAR(256),
+	postal_code VARCHAR(256),
+	country VARCHAR(256)
+);
+
diff --git a/openid-connect-server/src/main/resources/db/tables/security-schema.sql b/openid-connect-server/src/main/resources/db/tables/security-schema.sql
index b9b2b3b22..bc5d70b88 100644
--- a/openid-connect-server/src/main/resources/db/tables/security-schema.sql
+++ b/openid-connect-server/src/main/resources/db/tables/security-schema.sql
@@ -1,4 +1,8 @@
-  create table IF NOT EXISTS users(
+-- 
+-- Tables for Spring Security's user details service
+--
+  
+create table IF NOT EXISTS users(
       username varchar(50) not null primary key,
       password varchar(50) not null,
       enabled boolean not null);
diff --git a/openid-connect-server/src/main/resources/db/users.sql b/openid-connect-server/src/main/resources/db/users.sql
index 8c687683e..69492dd36 100644
--- a/openid-connect-server/src/main/resources/db/users.sql
+++ b/openid-connect-server/src/main/resources/db/users.sql
@@ -1,54 +1,64 @@
+--
+-- Turn off autocommit and start a transaction so that we can use the temp tables
+--
+
 SET AUTOCOMMIT FALSE;
 
 START TRANSACTION;
 
+--
+-- Insert user information into the temporary tables. To add users to the HSQL database, edit things here.
+-- 
+
+INSERT INTO users_TEMP (username, password, enabled) VALUES
+ ('jricher', 'password', true),
+ ('aanganes','password',true),
+ ('mfranklin','password',true),
+ ('srmoore','password',true);
+
+INSERT INTO authorities_TEMP (username, authority) VALUES
+  ('jricher', 'ROLE_ADMIN'),
+  ('aanganes','ROLE_ADMIN'),
+  ('jricher', 'ROLE_USER'),
+  ('aanganes','ROLE_USER'),
+  ('mfranklin','ROLE_USER'),
+  ('srmoore','ROLE_USER');
+    
+INSERT INTO user_info_TEMP (user_id, preferred_username, name, email, email_verified) VALUES
+  ('user1-abc123', 'jricher', 'Justin Richer', 'jricher@mitre.org', false),
+  ('user2-xj2f51', 'aanganes', 'Amanda Anganes', 'aanganes@mitre.org', false),
+  ('user3-2je938', 'mfranklin', 'Matt Franklin', 'mfranklin@mitre.org', false),
+  ('user4-l2ww33', 'srmoore', 'Steve Moore', 'srmoore@mitre.org', false);
+    
+ 
+--
+-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
+--
+
 MERGE INTO users 
-  USING (VALUES ('jricher','password',true)) AS vals(username, password, enabled)
+  USING (SELECT username, password, enabled FROM users_TEMP) AS vals(username, password, enabled)
   ON vals.username = users.username
   WHEN NOT MATCHED THEN 
     INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled);
 
-CREATE TEMPORARY TABLE authorities_TEMP (
-      username varchar(50) not null,
-      authority varchar(50) not null,
-      constraint ix_authority_TEMP unique (username,authority));
-      
-INSERT INTO authorities_TEMP (username, authority) VALUES
-  ('jricher', 'ROLE_USER'),
-  ('jricher', 'ROLE_ADMIN'),
-  ('jricher', 'ROLE_AWESOME');
-    
 MERGE INTO authorities 
---  USING (VALUES ('jricher', CAST('ROLE_USER' AS varchar(50))), ('jricher', CAST('ROLE_ADMIN' AS varchar(50))), ('jricher', CAST('ROLE_AWESOME' AS varchar(50)))) AS vals(username, authority)
---  USING (VALUES ('jricher', 'ROLE_USER'), ('jricher', 'ROLE_ADMIN'), ('jricher', 'ROLE_AWESOME')) AS vals(username varchar(50), authority varchar(50))
   USING (SELECT username, authority FROM authorities_TEMP) AS vals(username, authority)
   ON vals.username = authorities.username AND vals.authority = authorities.authority
   WHEN NOT MATCHED THEN 
     INSERT (username,authority) values (vals.username, vals.authority);
 
-DROP TABLE authorities_TEMP;
-    
---INSERT INTO authorities (username, authority) VALUES ('jricher', 'ROLE_USER'), ('jricher', 'ROLE_ADMIN');    
-
 MERGE INTO user_info 
-  USING (VALUES('user1-abc123', 'jricher', 'Justin Richer', false)) AS vals(user_id, preferred_username, name, email_verified)
+  USING (SELECT user_id, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(user_id, preferred_username, name, email, email_verified)
   ON vals.preferred_username = user_info.preferred_username
   WHEN NOT MATCHED THEN 
-    INSERT (user_id, preferred_username, name, email_verified) VALUES (vals.user_id, vals.preferred_username, vals.name, vals.email_verified);
+    INSERT (user_id, preferred_username, name, email, email_verified) VALUES (vals.user_id, vals.preferred_username, vals.name, vals.email, vals.email_verified);
+
+    
+-- 
+-- Close the transaction and turn autocommit back on
+-- 
     
 COMMIT;
 
 SET AUTOCOMMIT TRUE;
 
---INSERT INTO users(username, password, enabled) values ('aanganes','password',true) where not exists (select * from user_info where username='aanganes');
---INSERT INTO authorities(username,authority) values ('aanganes','ROLE_USER') where not exists (select * from user_info where username='aanganes');
---INSERT INTO authorities(username,authority) values ('aanganes','ROLE_ADMIN') where not exists (select * from user_info where username='aanganes');
---INSERT INTO user_info(user_id, preferred_username, name, email_verified) values ('aanganes','aanganes','aanganes', 'FALSE') where not exists (select * from user_info where username='aanganes');
---
---INSERT INTO users(username, password, enabled) values ('mfranklin','password',true) where not exists (select * from user_info where username='mfranklin');
---INSERT INTO authorities(username,authority) values ('mfranklin','ROLE_USER') where not exists (select * from user_info where username='mfranklin');
---INSERT INTO user_info(user_id, preferred_username, name, email_verified) values ('mfranklin','mfranklin','mfranklin', 'FALSE') where not exists (select * from user_info where username='mfranklin');
---
---INSERT INTO users(username, password, enabled) values ('srmoore','password',true) where not exists (select * from user_info where username='srmoore');
---INSERT INTO authorities(username,authority) values ('srmoore','ROLE_USER') where not exists (select * from user_info where username='srmoore');
---INSERT INTO user_info(user_id, preferred_username, name, email_verified) values ('srmoore','srmoore','srmoore', 'FALSE') where not exists (select * from user_info where username='srmoore');
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/data-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/data-context.xml
index 8e3ab36f2..06a5aa24e 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/data-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/data-context.xml
@@ -19,6 +19,7 @@
 		<jdbc:script location="classpath:/db/tables/database_tables.sql"/>
 		<!-- The following are for the jdbc-user-service spring security implementation -->
 		<jdbc:script location="classpath:/db/tables/security-schema.sql"/>
+		<jdbc:script location="classpath:/db/tables/loading_temp_tables.sql"/>
 		<jdbc:script location="classpath:/db/users.sql"/>
 	</jdbc:initialize-database>