diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-12-03 14:29:51 +0100 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-12-03 14:29:51 +0100 |
commit | 239a4f72642b2df0cc057a17daadf1391332d118 (patch) | |
tree | d88b8cd131d056f38bad3188487ac0ef63d9044c | |
parent | e9abacedb01efdb127580dae54a6ffbe8c8c1399 (diff) | |
download | gitlab-ce-239a4f72642b2df0cc057a17daadf1391332d118.tar.gz |
Use plaintext token when migration is not complete
5 files changed, 21 insertions, 26 deletions
diff --git a/app/models/concerns/token_authenticatable_strategies/encrypted.rb b/app/models/concerns/token_authenticatable_strategies/encrypted.rb index 1f752850aad..2e65a2b6b22 100644 --- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb +++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb @@ -12,16 +12,18 @@ module TokenAuthenticatableStrategies def find_token_authenticatable(token, unscoped = false) return if token.blank? - return find_by_encrypted_token(token, unscoped) if fully_encrypted? + + if fully_encrypted? + return find_by_encrypted_token(token, unscoped) + end if fallback? find_by_encrypted_token(token, unscoped) || find_by_plaintext_token(token, unscoped) elsif migrating? - find_by_plaintext_token(token, unscoped) || - find_by_encrypted_token(token, unscoped) + find_by_plaintext_token(token, unscoped) else - raise ArgumentError, 'Unknown encryption strategy!' + raise ArgumentError, 'Unknown encryption phase!' end end diff --git a/lib/gitlab/background_migration/encrypt_columns.rb b/lib/gitlab/background_migration/encrypt_columns.rb index c7549da96a8..6ec021df6fb 100644 --- a/lib/gitlab/background_migration/encrypt_columns.rb +++ b/lib/gitlab/background_migration/encrypt_columns.rb @@ -38,6 +38,10 @@ module Gitlab end end + def clear_migrated_values? + true + end + private # Build a hash of { attribute => encrypted column name } @@ -74,7 +78,9 @@ module Gitlab if instance.changed? instance.save! - instance.update_columns(to_clear) + if clear_migrated_values? + instance.update_columns(to_clear) + end end end diff --git a/lib/gitlab/background_migration/encrypt_runners_tokens.rb b/lib/gitlab/background_migration/encrypt_runners_tokens.rb index cb7a4c4d52e..91e559a8765 100644 --- a/lib/gitlab/background_migration/encrypt_runners_tokens.rb +++ b/lib/gitlab/background_migration/encrypt_runners_tokens.rb @@ -23,6 +23,10 @@ module Gitlab super(model, attributes, from, to) end + + def clear_migrated_values? + false + end end end end diff --git a/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb b/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb index fc95f51a822..9d4921968b3 100644 --- a/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb +++ b/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb @@ -18,7 +18,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema: decrypted_token = ::Gitlab::CryptoHelper.aes256_gcm_decrypt(encrypted_token) expect(decrypted_token).to eq 'plain-text-token1' - expect(settings.first.runners_registration_token).to be_nil + expect(settings.first.runners_registration_token).to eq 'plain-text-token1' end end @@ -33,7 +33,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema: migrate!(:namespace, 11, 22) expect(namespaces.all.reload).to all( - have_attributes(runners_token: nil, runners_token_encrypted: be_a(String)) + have_attributes(runners_token: be_a(String), runners_token_encrypted: be_a(String)) ) end end @@ -50,7 +50,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema: migrate!(:project, 111, 116) expect(projects.all.reload).to all( - have_attributes(runners_token: nil, runners_token_encrypted: be_a(String)) + have_attributes(runners_token: be_a(String), runners_token_encrypted: be_a(String)) ) end end @@ -66,7 +66,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema: migrate!(:runner, 201, 203) expect(runners.all.reload).to all( - have_attributes(token: nil, token_encrypted: be_a(String)) + have_attributes(token: be_a(String), token_encrypted: be_a(String)) ) end end diff --git a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb index f1e5810fa6a..93cab80cb1f 100644 --- a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb +++ b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb @@ -66,26 +66,9 @@ describe TokenAuthenticatableStrategies::Encrypted do .with('some_field' => 'my-value') .and_return(nil) - allow(model).to receive(:find_by) - .with('some_field_encrypted' => encrypted) - .and_return(nil) - expect(subject.find_token_authenticatable('my-value')) .to be_nil end - - it 'finds by encrypted value if cleartext is not present' do - allow(model).to receive(:find_by) - .with('some_field' => 'my-value') - .and_return(nil) - - allow(model).to receive(:find_by) - .with('some_field_encrypted' => encrypted) - .and_return('encrypted resource') - - expect(subject.find_token_authenticatable('my-value')) - .to eq 'encrypted resource' - end end end |