Migrate remaining U2fRegistrations to WebauthnRegistrations

This MR introduces a post deploy migration that migrates remaining U2fRegistrations to WebauthnRegistrations records. Changelog: added

Migrate remaining U2fRegistrations to WebauthnRegistrations
This MR introduces a post deploy migration that migrates remaining U2fRegistrations to WebauthnRegistrations records. Changelog: added
453758b6 · Manoj M J · c836dd98 · 453758b6 · 453758b6 · 453758b6
Commit 453758b6 authored Nov 17, 2021 by Manoj M J
3 changed files
--- a/db/post_migrate/20211117084814_migrate_remaining_u2f_registrations.rb
+++ b/db/post_migrate/20211117084814_migrate_remaining_u2f_registrations.rb
+# frozen_string_literal: true
+
+class MigrateRemainingU2fRegistrations < Gitlab::Database::Migration[1.0]
+  BATCH_SIZE = 100
+
+  disable_ddl_transaction!
+
+  def up
+    # We expect only a few number of records satisfying these conditions.
+    # on gitlab.com database, this number is 70 as on 17th Nov, 2021.
+    define_batchable_model('u2f_registrations')
+        .joins("LEFT JOIN webauthn_registrations ON webauthn_registrations.u2f_registration_id = u2f_registrations.id")
+        .where(webauthn_registrations: { u2f_registration_id: nil })
+        .each_batch(of: BATCH_SIZE) do |batch, index|
+      batch.each do |record|
+        Gitlab::BackgroundMigration::MigrateU2fWebauthn.new.perform(record.id, record.id)
+      rescue StandardError => e
+        Gitlab::ErrorTracking.track_exception(e, u2f_registration_id: record.id)
+      end
+    end
+  end
+
+  def down
+    # no-op
+  end
+end
--- a/db/schema_migrations/20211117084814
+++ b/db/schema_migrations/20211117084814
+d6b0ca9d1e88e9e531ee0da5c82723309d746b6d83ea5dfb8326d3cc718a31b6
\ No newline at end of file
--- a/spec/migrations/20211117084814_migrate_remaining_u2f_registrations_spec.rb
+++ b/spec/migrations/20211117084814_migrate_remaining_u2f_registrations_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe MigrateRemainingU2fRegistrations, :migration do
+  let(:u2f_registrations) { table(:u2f_registrations) }
+  let(:webauthn_registrations) { table(:webauthn_registrations) }
+  let(:users) { table(:users) }
+
+  let(:user) { users.create!(email: 'email@email.com', name: 'foo', username: 'foo', projects_limit: 0) }
+
+  before do
+    create_u2f_registration(1, 'reg1')
+    create_u2f_registration(2, 'reg2')
+    create_u2f_registration(3, '')
+    create_u2f_registration(4, nil)
+    webauthn_registrations.create!({ name: 'reg1', u2f_registration_id: 1, credential_xid: '', public_key: '', user_id: user.id })
+  end
+
+  it 'correctly migrates u2f registrations previously not migrated' do
+    expect { migrate! }.to change { webauthn_registrations.count }.from(1).to(4)
+  end
+
+  it 'migrates all valid u2f registrations depite errors' do
+    create_u2f_registration(5, 'reg3', 'invalid!')
+    create_u2f_registration(6, 'reg4')
+
+    expect { migrate! }.to change { webauthn_registrations.count }.from(1).to(5)
+  end
+
+  def create_u2f_registration(id, name, public_key = nil)
+    device = U2F::FakeU2F.new(FFaker::BaconIpsum.characters(5), { key_handle: SecureRandom.random_bytes(255) })
+    public_key ||= Base64.strict_encode64(device.origin_public_key_raw)
+    u2f_registrations.create!({ id: id,
+                               certificate: Base64.strict_encode64(device.cert_raw),
+                               key_handle: U2F.urlsafe_encode64(device.key_handle_raw),
+                               public_key: public_key,
+                               counter: 5,
+                               name: name,
+                               user_id: user.id })
+  end
+end