fix(login): improve auth handlers (#7969)

# Which Problems Are Solved During the implementation of #7486 it was noticed, that projections in the `auth` database schema could be blocked. Investigations suggested, that this is due to the use of [GORM](https://gorm.io/index.html) and it's inability to use an existing (sql) transaction. With the improved / simplified handling (see below) there should also be a minimal improvement in performance, resp. reduced database update statements. # How the Problems Are Solved The handlers in `auth` are exchanged to proper (sql) statements and gorm usage is removed for any writing part. To further improve / simplify the handling of the users, a new `auth.users3` table is created, where only attributes are handled, which are not yet available from the `projections.users`, `projections.login_name` and `projections.user_auth_methods` do not provide. This reduces the events handled in that specific handler by a lot. # Additional Changes None # Additional Context relates to #7486
2025-08-11 18:17:35 +00:00 · 2024-05-22 17:26:02 +02:00
parent cca342187b
commit fb162a7d75
25 changed files with 987 additions and 1279 deletions
--- a/cmd/setup/26.go
+++ b/cmd/setup/26.go
@@ -0,0 +1,27 @@
+package setup
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+var (
+	//go:embed 26.sql
+	authUsers3 string
+)
+
+type AuthUsers3 struct {
+	dbClient *database.DB
+}
+
+func (mig *AuthUsers3) Execute(ctx context.Context, _ eventstore.Event) error {
+	_, err := mig.dbClient.ExecContext(ctx, authUsers3)
+	return err
+}
+
+func (mig *AuthUsers3) String() string {
+	return "26_auth_users3"
+}
--- a/cmd/setup/26.sql
+++ b/cmd/setup/26.sql
@@ -0,0 +1,16 @@
+CREATE TABLE IF NOT EXISTS auth.users3 (
+    instance_id TEXT NOT NULL,
+    id TEXT NOT NULL,
+    resource_owner TEXT NOT NULL,
+    change_date TIMESTAMPTZ NULL,
+    password_set BOOL NULL,
+    password_change TIMESTAMPTZ NULL,
+    last_login TIMESTAMPTZ NULL,
+    init_required BOOL NULL,
+    mfa_init_skipped TIMESTAMPTZ NULL,
+    username_change_required BOOL NULL,
+    passwordless_init_required BOOL NULL,
+    password_init_required BOOL NULL,
+
+    PRIMARY KEY (instance_id, id)
+)
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -108,6 +108,7 @@ type Steps struct {
 	s23CorrectGlobalUniqueConstraints      *CorrectGlobalUniqueConstraints
 	s24AddActorToAuthTokens                *AddActorToAuthTokens
 	s25User11AddLowerFieldsToVerifiedEmail *User11AddLowerFieldsToVerifiedEmail
+	s26AuthUsers3                          *AuthUsers3
 }

 func MustNewSteps(v *viper.Viper) *Steps {
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -138,6 +138,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	steps.s23CorrectGlobalUniqueConstraints = &CorrectGlobalUniqueConstraints{dbClient: esPusherDBClient}
 	steps.s24AddActorToAuthTokens = &AddActorToAuthTokens{dbClient: queryDBClient}
 	steps.s25User11AddLowerFieldsToVerifiedEmail = &User11AddLowerFieldsToVerifiedEmail{dbClient: esPusherDBClient}
+	steps.s26AuthUsers3 = &AuthUsers3{dbClient: esPusherDBClient}

 	err = projection.Create(ctx, projectionDBClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -175,6 +176,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 		steps.s22ActiveInstancesIndex,
 		steps.s23CorrectGlobalUniqueConstraints,
 		steps.s24AddActorToAuthTokens,
+		steps.s26AuthUsers3,
 	} {
 		mustExecuteMigration(ctx, eventstoreClient, step, "migration failed")
 	}