Skip to content

fix: add missing orgId column to issued_oid4vc_credentials table #1615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sagarkhole4 wants to merge 1 commit into
base: main
Choose a base branch
from
+26 −3
Open

fix: add missing orgId column to issued_oid4vc_credentials table #1615

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions ...ice/prisma/migrations/20260504110536_add_orgid_and_isprimary_in_oidc_issuer/migration.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
-- AlterTable
ALTER TABLE "oidc_issuer" ADD COLUMN "isPrimary" BOOLEAN NOT NULL DEFAULT false,
ADD COLUMN "orgId" UUID;
ALTER TABLE "oidc_issuer" ADD COLUMN IF NOT EXISTS "isPrimary" BOOLEAN NOT NULL DEFAULT false;
ALTER TABLE "oidc_issuer" ADD COLUMN IF NOT EXISTS "orgId" UUID;

-- AddForeignKey
ALTER TABLE "oidc_issuer" ADD CONSTRAINT "oidc_issuer_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "organisation"("id") ON DELETE SET NULL ON UPDATE CASCADE;
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'oidc_issuer_orgId_fkey') THEN
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Same pg_constraint schema-filter gap as the companion migration.

SELECT 1 FROM pg_constraint WHERE conname = 'oidc_issuer_orgId_fkey' does not filter by schema. An identically-named constraint in any other schema will cause the guard to skip creating the FK in the intended schema. Apply the same schema-scoped fix suggested in the companion file.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@libs/prisma-service/prisma/migrations/20260504110536_add_orgid_and_isprimary_in_oidc_issuer/migration.sql`
at line 8, The IF guard that checks for the FK named 'oidc_issuer_orgId_fkey' is
not schema-scoped and can be fooled by identical constraint names in other
schemas; update the EXISTS query in migration.sql to restrict pg_constraint by
connamespace to the intended schema (e.g. add "AND connamespace = (SELECT oid
FROM pg_namespace WHERE nspname = 'public')" or use the actual target schema
name or current_schema() if appropriate) so the guard only detects the
constraint in the correct schema before creating the FK.

ALTER TABLE "oidc_issuer" ADD CONSTRAINT "oidc_issuer_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "organisation"("id") ON DELETE SET NULL ON UPDATE CASCADE;
END IF;
END $$;
18 changes: 18 additions & 0 deletions ...ma-service/prisma/migrations/20260507140000_add_orgId_to_issued_credentials/migration.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-- AlterTable
ALTER TABLE "issued_oid4vc_credentials" ADD COLUMN IF NOT EXISTS "orgId" UUID;

-- AddForeignKey
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'issued_oid4vc_credentials_orgId_fkey') THEN
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

pg_constraint / pg_class lookups missing schema filter — can produce false positives in multi-schema databases.

Both guards search by name only:

SELECT 1 FROM pg_constraint WHERE conname = '...'
SELECT 1 FROM pg_class c JOIN pg_namespace n ON n.oid = c.relnamespace WHERE c.relname = '...'

In a database with multiple schemas, if an identically-named constraint or index exists in any schema (e.g., a test schema), the IF NOT EXISTS guard will evaluate to true and silently skip creating the constraint/index in the intended schema.

🔧 Proposed fix — scope checks to the target schema 
-    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'issued_oid4vc_credentials_orgId_fkey') THEN
+    IF NOT EXISTS (
+        SELECT 1 FROM pg_constraint con
+        JOIN pg_class cls ON cls.oid = con.conrelid
+        JOIN pg_namespace nsp ON nsp.oid = cls.relnamespace
+        WHERE con.conname = 'issued_oid4vc_credentials_orgId_fkey'
+          AND nsp.nspname = current_schema()
+    ) THEN
-    IF NOT EXISTS (SELECT 1 FROM pg_class c JOIN pg_namespace n ON n.oid = c.relnamespace WHERE c.relname = 'issued_oid4vc_credentials_orgId_issuanceSessionId_idx') THEN
+    IF NOT EXISTS (SELECT 1 FROM pg_class c JOIN pg_namespace n ON n.oid = c.relnamespace WHERE c.relname = 'issued_oid4vc_credentials_orgId_issuanceSessionId_idx' AND n.nspname = current_schema()) THEN

Also applies to: 15-15

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@libs/prisma-service/prisma/migrations/20260507140000_add_orgId_to_issued_credentials/migration.sql`
at line 7, The IF NOT EXISTS guards query pg_constraint and pg_class by name
only, which can return false positives across schemas; modify both checks to
join pg_namespace and filter on the intended schema (e.g., JOIN pg_namespace n
ON n.oid = pg_constraint.connamespace WHERE pg_constraint.conname =
'issued_oid4vc_credentials_orgId_fkey' AND n.nspname = '<target_schema>' and
similarly for pg_class: JOIN pg_namespace n ON n.oid = c.relnamespace WHERE
c.relname = 'idx_issued_oid4vc_credentials_signingAid' AND n.nspname =
'<target_schema>'); replace '<target_schema>' with the actual schema used in
this migration so the constraint/index creation only skips when the object
exists in the same schema.

ALTER TABLE "issued_oid4vc_credentials" ADD CONSTRAINT "issued_oid4vc_credentials_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "organisation"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

ON DELETE RESTRICT blocks org deletion — consider ON DELETE SET NULL for consistency and operability.

orgId is nullable in this table, yet the FK uses ON DELETE RESTRICT. This means any org with at least one linked issued credential can never be deleted — the DELETE will be rejected with a FK violation. The companion migration for oidc_issuer uses ON DELETE SET NULL, which is the natural choice for a nullable FK.

If org deletion should remain blocked while credentials exist, this is intentional; otherwise:

🔧 Proposed fix — change to `ON DELETE SET NULL` 
-        ALTER TABLE "issued_oid4vc_credentials" ADD CONSTRAINT "issued_oid4vc_credentials_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "organisation"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+        ALTER TABLE "issued_oid4vc_credentials" ADD CONSTRAINT "issued_oid4vc_credentials_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "organisation"("id") ON DELETE SET NULL ON UPDATE CASCADE;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
ALTER TABLE "issued_oid4vc_credentials" ADD CONSTRAINT "issued_oid4vc_credentials_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "organisation"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "issued_oid4vc_credentials" ADD CONSTRAINT "issued_oid4vc_credentials_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "organisation"("id") ON DELETE SET NULL ON UPDATE CASCADE;
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@libs/prisma-service/prisma/migrations/20260507140000_add_orgId_to_issued_credentials/migration.sql`
at line 8, Migration uses ON DELETE RESTRICT for the nullable orgId FK which
prevents deleting organisations; update the foreign key constraint in the
migration that defines issued_oid4vc_credentials_orgId_fkey on table
issued_oid4vc_credentials so it uses ON DELETE SET NULL (matching the
oidc_issuer companion migration) instead of ON DELETE RESTRICT, ensuring the
orgId column is set to NULL when the referenced organisation.id is deleted.

END IF;
END $$;

-- CreateIndex
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_class c JOIN pg_namespace n ON n.oid = c.relnamespace WHERE c.relname = 'issued_oid4vc_credentials_orgId_issuanceSessionId_idx') THEN
CREATE INDEX "issued_oid4vc_credentials_orgId_issuanceSessionId_idx" ON "issued_oid4vc_credentials"("orgId", "issuanceSessionId");
END IF;
END $$;