diff --git a/authentik/providers/oauth2/migrations/0019_accesstoken_authentik_p_token_4bc870_idx_and_more.py b/authentik/providers/oauth2/migrations/0019_accesstoken_authentik_p_token_4bc870_idx_and_more.py index 5e877bfbb5ca..95dd79a45689 100644 --- a/authentik/providers/oauth2/migrations/0019_accesstoken_authentik_p_token_4bc870_idx_and_more.py +++ b/authentik/providers/oauth2/migrations/0019_accesstoken_authentik_p_token_4bc870_idx_and_more.py @@ -11,13 +11,16 @@ class Migration(migrations.Migration): migrations.swappable_dependency(settings.AUTH_USER_MODEL), ] - operations = [ - migrations.AddIndex( - model_name="accesstoken", - index=models.Index(fields=["token"], name="authentik_p_token_4bc870_idx"), - ), - migrations.AddIndex( - model_name="refreshtoken", - index=models.Index(fields=["token"], name="authentik_p_token_1a841f_idx"), - ), - ] + # Original preserved + # See https://github.com/goauthentik/authentik/issues/11874 + # operations = [ + # migrations.AddIndex( + # model_name="accesstoken", + # index=models.Index(fields=["token"], name="authentik_p_token_4bc870_idx"), + # ), + # migrations.AddIndex( + # model_name="refreshtoken", + # index=models.Index(fields=["token"], name="authentik_p_token_1a841f_idx"), + # ), + # ] + operations = [] diff --git a/authentik/providers/oauth2/migrations/0020_remove_accesstoken_authentik_p_token_4bc870_idx_and_more.py b/authentik/providers/oauth2/migrations/0020_remove_accesstoken_authentik_p_token_4bc870_idx_and_more.py index 8edbe908849b..b221f403a1d7 100644 --- a/authentik/providers/oauth2/migrations/0020_remove_accesstoken_authentik_p_token_4bc870_idx_and_more.py +++ b/authentik/providers/oauth2/migrations/0020_remove_accesstoken_authentik_p_token_4bc870_idx_and_more.py @@ -11,21 +11,24 @@ class Migration(migrations.Migration): migrations.swappable_dependency(settings.AUTH_USER_MODEL), ] - operations = [ - migrations.RemoveIndex( - model_name="accesstoken", - name="authentik_p_token_4bc870_idx", - ), - migrations.RemoveIndex( - model_name="refreshtoken", - name="authentik_p_token_1a841f_idx", - ), - migrations.AddIndex( - model_name="accesstoken", - index=models.Index(fields=["token", "provider"], name="authentik_p_token_f99422_idx"), - ), - migrations.AddIndex( - model_name="refreshtoken", - index=models.Index(fields=["token", "provider"], name="authentik_p_token_a1d921_idx"), - ), - ] + # Original preserved + # See https://github.com/goauthentik/authentik/issues/11874 + # operations = [ + # migrations.RemoveIndex( + # model_name="accesstoken", + # name="authentik_p_token_4bc870_idx", + # ), + # migrations.RemoveIndex( + # model_name="refreshtoken", + # name="authentik_p_token_1a841f_idx", + # ), + # migrations.AddIndex( + # model_name="accesstoken", + # index=models.Index(fields=["token", "provider"], name="authentik_p_token_f99422_idx"), + # ), + # migrations.AddIndex( + # model_name="refreshtoken", + # index=models.Index(fields=["token", "provider"], name="authentik_p_token_a1d921_idx"), + # ), + # ] + operations = [] diff --git a/authentik/providers/oauth2/migrations/0023_alter_accesstoken_refreshtoken_use_hash_index.py b/authentik/providers/oauth2/migrations/0023_alter_accesstoken_refreshtoken_use_hash_index.py new file mode 100644 index 000000000000..e17440bc3cdf --- /dev/null +++ b/authentik/providers/oauth2/migrations/0023_alter_accesstoken_refreshtoken_use_hash_index.py @@ -0,0 +1,31 @@ +# Generated by Django 5.0.9 on 2024-10-31 14:28 + +import django.contrib.postgres.indexes +from django.conf import settings +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0040_provider_invalidation_flow"), + ("authentik_providers_oauth2", "0022_remove_accesstoken_session_id_and_more"), + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ] + + operations = [ + migrations.RunSQL("DROP INDEX IF EXISTS authentik_p_token_f99422_idx;"), + migrations.RunSQL("DROP INDEX IF EXISTS authentik_p_token_a1d921_idx;"), + migrations.AddIndex( + model_name="accesstoken", + index=django.contrib.postgres.indexes.HashIndex( + fields=["token"], name="authentik_p_token_e00883_hash" + ), + ), + migrations.AddIndex( + model_name="refreshtoken", + index=django.contrib.postgres.indexes.HashIndex( + fields=["token"], name="authentik_p_token_32e2b7_hash" + ), + ), + ] diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py index 966d08514837..be2047e33da8 100644 --- a/authentik/providers/oauth2/models.py +++ b/authentik/providers/oauth2/models.py @@ -13,6 +13,7 @@ from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes from dacite.core import from_dict +from django.contrib.postgres.indexes import HashIndex from django.db import models from django.http import HttpRequest from django.templatetags.static import static @@ -418,7 +419,7 @@ class AccessToken(SerializerModel, ExpiringModel, BaseGrantModel): class Meta: indexes = [ - models.Index(fields=["token", "provider"]), + HashIndex(fields=["token"]), ] verbose_name = _("OAuth2 Access Token") verbose_name_plural = _("OAuth2 Access Tokens") @@ -464,7 +465,7 @@ class RefreshToken(SerializerModel, ExpiringModel, BaseGrantModel): class Meta: indexes = [ - models.Index(fields=["token", "provider"]), + HashIndex(fields=["token"]), ] verbose_name = _("OAuth2 Refresh Token") verbose_name_plural = _("OAuth2 Refresh Tokens")