package storage const ( queryFmtSelectMigrations = ` SELECT id, applied, version_before, version_after, application_version FROM %s;` queryFmtSelectLatestMigration = ` SELECT id, applied, version_before, version_after, application_version FROM %s ORDER BY id DESC LIMIT 1;` queryFmtInsertMigration = ` INSERT INTO %s (applied, version_before, version_after, application_version) VALUES (?, ?, ?, ?);` ) const ( queryMySQLSelectExistingTables = ` SELECT table_name FROM information_schema.tables WHERE table_type = 'BASE TABLE' AND table_schema = database();` queryPostgreSelectExistingTables = ` SELECT table_name FROM information_schema.tables WHERE table_type = 'BASE TABLE' AND table_schema = $1;` querySQLiteSelectExistingTables = ` SELECT name FROM sqlite_master WHERE type = 'table';` ) const ( queryFmtSelectUserInfo = ` SELECT second_factor_method, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_totp, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_webauthn, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_duo FROM %s WHERE username = ?;` queryFmtSelectPreferred2FAMethod = ` SELECT second_factor_method FROM %s WHERE username = ?;` queryFmtUpsertPreferred2FAMethod = ` REPLACE INTO %s (username, second_factor_method) VALUES (?, ?);` queryFmtUpsertPreferred2FAMethodPostgreSQL = ` INSERT INTO %s (username, second_factor_method) VALUES ($1, $2) ON CONFLICT (username) DO UPDATE SET second_factor_method = $2;` ) const ( queryFmtSelectIdentityVerification = ` SELECT id, jti, iat, issued_ip, exp, username, action, consumed, consumed_ip FROM %s WHERE jti = ?;` queryFmtInsertIdentityVerification = ` INSERT INTO %s (jti, iat, issued_ip, exp, username, action) VALUES (?, ?, ?, ?, ?, ?);` queryFmtConsumeIdentityVerification = ` UPDATE %s SET consumed = CURRENT_TIMESTAMP, consumed_ip = ? WHERE jti = ?;` ) const ( queryFmtSelectTOTPConfiguration = ` SELECT id, username, issuer, algorithm, digits, period, secret FROM %s WHERE username = ?;` queryFmtSelectTOTPConfigurations = ` SELECT id, username, issuer, algorithm, digits, period, secret FROM %s LIMIT ? OFFSET ?;` queryFmtSelectTOTPConfigurationsEncryptedData = ` SELECT id, secret FROM %s;` //nolint:gosec // These are not hardcoded credentials it's a query to obtain credentials. queryFmtUpdateTOTPConfigurationSecret = ` UPDATE %s SET secret = ? WHERE id = ?;` queryFmtUpsertTOTPConfiguration = ` REPLACE INTO %s (created_at, last_used_at, username, issuer, algorithm, digits, period, secret) VALUES (?, ?, ?, ?, ?, ?, ?, ?);` queryFmtUpsertTOTPConfigurationPostgreSQL = ` INSERT INTO %s (created_at, last_used_at, username, issuer, algorithm, digits, period, secret) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) ON CONFLICT (username) DO UPDATE SET created_at = $1, last_used_at = $2, issuer = $4, algorithm = $5, digits = $6, period = $7, secret = $8;` queryFmtUpdateTOTPConfigRecordSignIn = ` UPDATE %s SET last_used_at = ? WHERE id = ?;` queryFmtUpdateTOTPConfigRecordSignInByUsername = ` UPDATE %s SET last_used_at = ? WHERE username = ?;` queryFmtDeleteTOTPConfiguration = ` DELETE FROM %s WHERE username = ?;` ) const ( queryFmtSelectWebAuthnDevices = ` SELECT id, created_at, last_used_at, rpid, username, description, kid, aaguid, attestation_type, attachment, transport, sign_count, clone_warning, discoverable, present, verified, backup_eligible, backup_state, public_key FROM %s LIMIT ? OFFSET ?;` queryFmtSelectWebAuthnDevicesByUsername = ` SELECT id, created_at, last_used_at, rpid, username, description, kid, aaguid, attestation_type, attachment, transport, sign_count, clone_warning, discoverable, present, verified, backup_eligible, backup_state, public_key FROM %s WHERE username = ?;` queryFmtSelectWebAuthnDevicesByRPIDByUsername = ` SELECT id, created_at, last_used_at, rpid, username, description, kid, aaguid, attestation_type, attachment, transport, sign_count, clone_warning, discoverable, present, verified, backup_eligible, backup_state, public_key FROM %s WHERE rpid = ? AND username = ?;` queryFmtSelectWebAuthnDeviceByID = ` SELECT id, created_at, last_used_at, rpid, username, description, kid, aaguid, attestation_type, attachment, transport, sign_count, clone_warning, discoverable, present, verified, backup_eligible, backup_state, public_key FROM %s WHERE id = ?;` queryFmtUpdateUpdateWebAuthnDeviceDescriptionByUsernameAndID = ` UPDATE %s SET description = ? WHERE username = ? AND id = ?;` queryFmtUpdateWebAuthnDeviceRecordSignIn = ` UPDATE %s SET rpid = ?, last_used_at = ?, sign_count = ?, discoverable = ?, present = ?, verified = ?, backup_eligible = ?, backup_state = ?, clone_warning = CASE clone_warning WHEN TRUE THEN TRUE ELSE ? END WHERE id = ?;` queryFmtInsertWebAuthnDevice = ` INSERT INTO %s (created_at, last_used_at, rpid, username, description, kid, aaguid, attestation_type, attachment, transport, sign_count, clone_warning, discoverable, present, verified, backup_eligible, backup_state, public_key) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);` queryFmtDeleteWebAuthnDevice = ` DELETE FROM %s WHERE kid = ?;` queryFmtDeleteWebAuthnDeviceByUsername = ` DELETE FROM %s WHERE username = ?;` queryFmtDeleteWebAuthnDeviceByUsernameAndDescription = ` DELETE FROM %s WHERE username = ? AND description = ?;` queryFmtSelectWebAuthnDevicesEncryptedData = ` SELECT id, public_key FROM %s;` queryFmtUpdateWebAuthnDevicesEncryptedData = ` UPDATE %s SET public_key = ? WHERE id = ?;` ) const ( queryFmtInsertWebAuthnUser = ` INSERT INTO %s (rpid, username, userid) VALUES (?, ?, ?);` queryFmtSelectWebAuthnUser = ` SELECT id, rpid, username, userid FROM %s WHERE rpid = ? AND username = ?;` ) const ( queryFmtUpsertDuoDevice = ` REPLACE INTO %s (username, device, method) VALUES (?, ?, ?);` queryFmtUpsertDuoDevicePostgreSQL = ` INSERT INTO %s (username, device, method) VALUES ($1, $2, $3) ON CONFLICT (username) DO UPDATE SET device = $2, method = $3;` queryFmtDeleteDuoDevice = ` DELETE FROM %s WHERE username = ?;` queryFmtSelectDuoDevice = ` SELECT id, username, device, method FROM %s WHERE username = ? ORDER BY id;` ) const ( queryFmtInsertAuthenticationLogEntry = ` INSERT INTO %s (time, successful, banned, username, auth_type, remote_ip, request_uri, request_method) VALUES (?, ?, ?, ?, ?, ?, ?, ?);` queryFmtSelect1FAAuthenticationLogEntryByUsername = ` SELECT time, successful, username FROM %s WHERE time > ? AND username = ? AND auth_type = '1FA' AND banned = FALSE ORDER BY time DESC LIMIT ? OFFSET ?;` ) const ( queryFmtSelectEncryptionValue = ` SELECT (value) FROM %s WHERE name = ?` queryFmtUpsertEncryptionValue = ` REPLACE INTO %s (name, value) VALUES (?, ?);` queryFmtUpsertEncryptionValuePostgreSQL = ` INSERT INTO %s (name, value) VALUES ($1, $2) ON CONFLICT (name) DO UPDATE SET value = $2;` ) const ( queryFmtSelectOAuth2ConsentPreConfigurations = ` SELECT id, client_id, subject, created_at, expires_at, revoked, scopes, audience FROM %s WHERE client_id = ? AND subject = ? AND revoked = FALSE AND (expires_at IS NULL OR expires_at >= CURRENT_TIMESTAMP);` queryFmtInsertOAuth2ConsentPreConfiguration = ` INSERT INTO %s (client_id, subject, created_at, expires_at, revoked, scopes, audience) VALUES(?, ?, ?, ?, ?, ?, ?);` queryFmtInsertOAuth2ConsentPreConfigurationPostgreSQL = ` INSERT INTO %s (client_id, subject, created_at, expires_at, revoked, scopes, audience) VALUES($1, $2, $3, $4, $5, $6, $7) RETURNING id;` queryFmtSelectOAuth2ConsentSessionByChallengeID = ` SELECT id, challenge_id, client_id, subject, authorized, granted, requested_at, responded_at, form_data, requested_scopes, granted_scopes, requested_audience, granted_audience, preconfiguration FROM %s WHERE challenge_id = ?;` queryFmtInsertOAuth2ConsentSession = ` INSERT INTO %s (challenge_id, client_id, subject, authorized, granted, requested_at, responded_at, form_data, requested_scopes, granted_scopes, requested_audience, granted_audience, preconfiguration) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);` queryFmtUpdateOAuth2ConsentSessionSubject = ` UPDATE %s SET subject = ? WHERE id = ?;` queryFmtUpdateOAuth2ConsentSessionSessionData = ` UPDATE %s SET session_data = ? WHERE id = ?;` queryFmtUpdateOAuth2ConsentSessionResponse = ` UPDATE %s SET authorized = ?, responded_at = CURRENT_TIMESTAMP, granted_scopes = ?, granted_audience = ?, preconfiguration = ? WHERE id = ? AND responded_at IS NULL;` queryFmtUpdateOAuth2ConsentSessionGranted = ` UPDATE %s SET granted = TRUE WHERE id = ? AND responded_at IS NOT NULL;` queryFmtSelectOAuth2Session = ` SELECT id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data FROM %s WHERE signature = ? AND revoked = FALSE;` queryFmtSelectOAuth2SessionEncryptedData = ` SELECT id, session_data FROM %s;` queryFmtInsertOAuth2Session = ` INSERT INTO %s (challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);` queryFmtRevokeOAuth2Session = ` UPDATE %s SET revoked = TRUE WHERE signature = ?;` queryFmtRevokeOAuth2SessionByRequestID = ` UPDATE %s SET revoked = TRUE WHERE request_id = ?;` queryFmtDeactivateOAuth2Session = ` UPDATE %s SET active = FALSE WHERE signature = ?;` queryFmtDeactivateOAuth2SessionByRequestID = ` UPDATE %s SET active = FALSE WHERE request_id = ?;` queryFmtSelectOAuth2PARContext = ` SELECT id, signature, request_id, client_id, requested_at, scopes, audience, handled_response_types, response_mode, response_mode_default, revoked, form_data, session_data FROM %s WHERE signature = ? AND revoked = FALSE;` queryFmtInsertOAuth2PARContext = ` INSERT INTO %s (signature, request_id, client_id, requested_at, scopes, audience, handled_response_types, response_mode, response_mode_default, revoked, form_data, session_data) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);` queryFmtSelectOAuth2BlacklistedJTI = ` SELECT id, signature, expires_at FROM %s WHERE signature = ?;` queryFmtUpsertOAuth2BlacklistedJTI = ` REPLACE INTO %s (signature, expires_at) VALUES(?, ?);` queryFmtUpsertOAuth2BlacklistedJTIPostgreSQL = ` INSERT INTO %s (signature, expires_at) VALUES ($1, $2) ON CONFLICT (signature) DO UPDATE SET expires_at = $2;` ) const ( queryFmtInsertUserOpaqueIdentifier = ` INSERT INTO %s (service, sector_id, username, identifier) VALUES(?, ?, ?, ?);` queryFmtSelectUserOpaqueIdentifier = ` SELECT id, service, sector_id, username, identifier FROM %s WHERE identifier = ?;` queryFmtSelectUserOpaqueIdentifierBySignature = ` SELECT id, service, sector_id, username, identifier FROM %s WHERE service = ? AND sector_id = ? AND username = ?;` queryFmtSelectUserOpaqueIdentifiers = ` SELECT id, service, sector_id, username, identifier FROM %s;` )