From 2e2a36613180af93f985c434aefd0ffc1ea542ea Mon Sep 17 00:00:00 2001
From: Robert Paprocki <robert@cryptobells.com>
Date: Mon, 24 Apr 2017 10:58:43 -0700
Subject: [PATCH] fix(oauth2) remove unique constraint on client_secret

---
 kong/plugins/oauth2/daos.lua                |  2 +-
 kong/plugins/oauth2/migrations/postgres.lua |  9 ++++++
 spec/03-plugins/26-oauth2/02-api_spec.lua   | 31 +++++++++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/kong/plugins/oauth2/daos.lua b/kong/plugins/oauth2/daos.lua
index 1b738de4364..bcf115885c0 100644
--- a/kong/plugins/oauth2/daos.lua
+++ b/kong/plugins/oauth2/daos.lua
@@ -27,7 +27,7 @@ local OAUTH2_CREDENTIALS_SCHEMA = {
     consumer_id = { type = "id", required = true, foreign = "consumers:id" },
     name = { type = "string", required = true },
     client_id = { type = "string", required = false, unique = true, default = utils.random_string },
-    client_secret = { type = "string", required = false, unique = true, default = utils.random_string },
+    client_secret = { type = "string", required = false, default = utils.random_string },
     redirect_uri = { type = "array", required = true, func = validate_uris },
     created_at = { type = "timestamp", immutable = true, dao_insert_value = true }
   },
diff --git a/kong/plugins/oauth2/migrations/postgres.lua b/kong/plugins/oauth2/migrations/postgres.lua
index f0d49666d73..753557c8044 100644
--- a/kong/plugins/oauth2/migrations/postgres.lua
+++ b/kong/plugins/oauth2/migrations/postgres.lua
@@ -151,5 +151,14 @@ return {
         if err then return err end
       end
     end
+  },
+  {
+    name = "2017-04-24-oauth2_client_secret_not_unique",
+    up = [[
+      ALTER TABLE oauth2_credentials DROP CONSTRAINT IF EXISTS oauth2_credentials_client_secret_key;
+    ]],
+    down = [[
+      ALTER TABLE oauth2_credentials ADD CONSTRAINT oauth2_credentials_client_secret_key UNIQUE(client_secret);
+    ]],
   }
 }
diff --git a/spec/03-plugins/26-oauth2/02-api_spec.lua b/spec/03-plugins/26-oauth2/02-api_spec.lua
index 6f49280f142..ed1759d6449 100644
--- a/spec/03-plugins/26-oauth2/02-api_spec.lua
+++ b/spec/03-plugins/26-oauth2/02-api_spec.lua
@@ -25,6 +25,9 @@ describe("Plugin: oauth (API)", function()
       consumer = assert(helpers.dao.consumers:insert {
         username = "bob"
       })
+      assert(helpers.dao.consumers:insert {
+        username = "sally"
+      })
     end)
     after_each(function()
       helpers.dao:truncate_table("oauth2_credentials")
@@ -65,6 +68,34 @@ describe("Plugin: oauth (API)", function()
         assert.equal("Test APP", body.name)
         assert.equal(2, #body.redirect_uri)
       end)
+      it("creates multiple oauth2 credentials with the same client_secret", function()
+        local res = assert(admin_client:send {
+          method = "POST",
+          path = "/consumers/bob/oauth2",
+          body = {
+            name = "Test APP",
+            redirect_uri = "http://google.com/",
+            client_secret = "secret123",
+          },
+          headers = {
+            ["Content-Type"] = "application/json"
+          }
+        })
+        assert.res_status(201, res)
+        res = assert(admin_client:send {
+          method = "POST",
+          path = "/consumers/sally/oauth2",
+          body = {
+            name = "Test APP",
+            redirect_uri = "http://google.com/",
+            client_secret = "secret123",
+          },
+          headers = {
+            ["Content-Type"] = "application/json"
+          }
+        })
+        assert.res_status(201, res)
+      end)
       describe("errors", function()
         it("returns bad request", function()
           local res = assert(admin_client:send {