Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
239a4f72
Commit
239a4f72
authored
6 years ago
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use plaintext token when migration is not complete
parent
e9abaced
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
21 additions
and
26 deletions
+21
-26
app/models/concerns/token_authenticatable_strategies/encrypted.rb
...ls/concerns/token_authenticatable_strategies/encrypted.rb
+6
-4
lib/gitlab/background_migration/encrypt_columns.rb
lib/gitlab/background_migration/encrypt_columns.rb
+7
-1
lib/gitlab/background_migration/encrypt_runners_tokens.rb
lib/gitlab/background_migration/encrypt_runners_tokens.rb
+4
-0
spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb
...itlab/background_migration/encrypt_runners_tokens_spec.rb
+4
-4
spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
...ncerns/token_authenticatable_strategies/encrypted_spec.rb
+0
-17
No files found.
app/models/concerns/token_authenticatable_strategies/encrypted.rb
View file @
239a4f72
...
...
@@ -12,16 +12,18 @@ module TokenAuthenticatableStrategies
def
find_token_authenticatable
(
token
,
unscoped
=
false
)
return
if
token
.
blank?
return
find_by_encrypted_token
(
token
,
unscoped
)
if
fully_encrypted?
if
fully_encrypted?
return
find_by_encrypted_token
(
token
,
unscoped
)
end
if
fallback?
find_by_encrypted_token
(
token
,
unscoped
)
||
find_by_plaintext_token
(
token
,
unscoped
)
elsif
migrating?
find_by_plaintext_token
(
token
,
unscoped
)
||
find_by_encrypted_token
(
token
,
unscoped
)
find_by_plaintext_token
(
token
,
unscoped
)
else
raise
ArgumentError
,
'Unknown encryption
strategy
!'
raise
ArgumentError
,
'Unknown encryption
phase
!'
end
end
...
...
This diff is collapsed.
Click to expand it.
lib/gitlab/background_migration/encrypt_columns.rb
View file @
239a4f72
...
...
@@ -38,6 +38,10 @@ module Gitlab
end
end
def
clear_migrated_values?
true
end
private
# Build a hash of { attribute => encrypted column name }
...
...
@@ -74,7 +78,9 @@ module Gitlab
if
instance
.
changed?
instance
.
save!
instance
.
update_columns
(
to_clear
)
if
clear_migrated_values?
instance
.
update_columns
(
to_clear
)
end
end
end
...
...
This diff is collapsed.
Click to expand it.
lib/gitlab/background_migration/encrypt_runners_tokens.rb
View file @
239a4f72
...
...
@@ -23,6 +23,10 @@ module Gitlab
super
(
model
,
attributes
,
from
,
to
)
end
def
clear_migrated_values?
false
end
end
end
end
This diff is collapsed.
Click to expand it.
spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb
View file @
239a4f72
...
...
@@ -18,7 +18,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
decrypted_token
=
::
Gitlab
::
CryptoHelper
.
aes256_gcm_decrypt
(
encrypted_token
)
expect
(
decrypted_token
).
to
eq
'plain-text-token1'
expect
(
settings
.
first
.
runners_registration_token
).
to
be_nil
expect
(
settings
.
first
.
runners_registration_token
).
to
eq
'plain-text-token1'
end
end
...
...
@@ -33,7 +33,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
migrate!
(
:namespace
,
11
,
22
)
expect
(
namespaces
.
all
.
reload
).
to
all
(
have_attributes
(
runners_token:
nil
,
runners_token_encrypted:
be_a
(
String
))
have_attributes
(
runners_token:
be_a
(
String
)
,
runners_token_encrypted:
be_a
(
String
))
)
end
end
...
...
@@ -50,7 +50,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
migrate!
(
:project
,
111
,
116
)
expect
(
projects
.
all
.
reload
).
to
all
(
have_attributes
(
runners_token:
nil
,
runners_token_encrypted:
be_a
(
String
))
have_attributes
(
runners_token:
be_a
(
String
)
,
runners_token_encrypted:
be_a
(
String
))
)
end
end
...
...
@@ -66,7 +66,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
migrate!
(
:runner
,
201
,
203
)
expect
(
runners
.
all
.
reload
).
to
all
(
have_attributes
(
token:
nil
,
token_encrypted:
be_a
(
String
))
have_attributes
(
token:
be_a
(
String
)
,
token_encrypted:
be_a
(
String
))
)
end
end
...
...
This diff is collapsed.
Click to expand it.
spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
View file @
239a4f72
...
...
@@ -66,26 +66,9 @@ describe TokenAuthenticatableStrategies::Encrypted do
.
with
(
'some_field'
=>
'my-value'
)
.
and_return
(
nil
)
allow
(
model
).
to
receive
(
:find_by
)
.
with
(
'some_field_encrypted'
=>
encrypted
)
.
and_return
(
nil
)
expect
(
subject
.
find_token_authenticatable
(
'my-value'
))
.
to
be_nil
end
it
'finds by encrypted value if cleartext is not present'
do
allow
(
model
).
to
receive
(
:find_by
)
.
with
(
'some_field'
=>
'my-value'
)
.
and_return
(
nil
)
allow
(
model
).
to
receive
(
:find_by
)
.
with
(
'some_field_encrypted'
=>
encrypted
)
.
and_return
(
'encrypted resource'
)
expect
(
subject
.
find_token_authenticatable
(
'my-value'
))
.
to
eq
'encrypted resource'
end
end
end
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment