From a44c3a3fa7244bdf57189e7e28e64cc5a996169d Mon Sep 17 00:00:00 2001
From: Christopher Kolstad <chriswk@getunleash.ai>
Date: Tue, 5 Mar 2024 14:48:19 +0100
Subject: [PATCH] task: added scim id to user (#6439)

SCIM synchronizations requires a stable id no matter how many changes
are made to username and email (our other unique fields). In addition,
exposing internal incremented database ids to an external service (our
current id field) feels insecure. Our plan is to create either a uuidv7
or ulid when scim operations are performed against the user, so the
external scim provisioner has a stable globally unique id to use to
refer to the users they're modifying.
---
 .../20240305131822-add-scim-id-column-to-user.js    | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 src/migrations/20240305131822-add-scim-id-column-to-user.js

diff --git a/src/migrations/20240305131822-add-scim-id-column-to-user.js b/src/migrations/20240305131822-add-scim-id-column-to-user.js
new file mode 100644
index 0000000000..76e5229921
--- /dev/null
+++ b/src/migrations/20240305131822-add-scim-id-column-to-user.js
@@ -0,0 +1,13 @@
+exports.up = function(db, cb) {
+  db.runSql(`
+    ALTER TABLE users ADD COLUMN scim_id TEXT;
+    CREATE INDEX users_scim_id_uniq_idx ON users (scim_id) WHERE scim_id IS NOT NULL;
+  `, cb);
+};
+
+exports.down = function(db, cb) {
+  db.runSql(`
+    DROP INDEX users_scim_id_uniq_idx;
+    ALTER TABLE users DROP COLUMN scim_id;
+  `, cb);
+};