Commit cefefb2a authored by James Lopez's avatar James Lopez

WIP - refactored migration and updated project_import_data with encrypted att

parent 18411645
...@@ -91,7 +91,6 @@ class Project < ActiveRecord::Base ...@@ -91,7 +91,6 @@ class Project < ActiveRecord::Base
attr_accessor :new_default_branch attr_accessor :new_default_branch
attr_accessor :old_path_with_namespace attr_accessor :old_path_with_namespace
attr_encrypted :import_credentials, key: Gitlab::Application.secrets.db_key_base
# Relations # Relations
belongs_to :creator, foreign_key: 'creator_id', class_name: 'User' belongs_to :creator, foreign_key: 'creator_id', class_name: 'User'
......
...@@ -12,6 +12,7 @@ require 'file_size_validator' ...@@ -12,6 +12,7 @@ require 'file_size_validator'
class ProjectImportData < ActiveRecord::Base class ProjectImportData < ActiveRecord::Base
belongs_to :project belongs_to :project
attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base
serialize :data, JSON serialize :data, JSON
......
class AddImportCredentialsToProjectImportData < ActiveRecord::Migration
def change
add_column :project_import_data, :encrypted_credentials, :text
add_column :project_import_data, :encrypted_credentials_iv, :text
end
end
class AddImportCredentialsToProjects < ActiveRecord::Migration
def change
add_column :projects, :encrypted_import_credentials, :text
add_column :projects, :encrypted_import_credentials_iv, :text
end
end
class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration
def up
projects_with_wrong_import_url.each do |project| class ImportUrlSanitizer
project.update_columns(import_url: nil) # TODO Check really nil? def initialize(url)
# TODO: migrate current credentials to import_credentials? @url = url
# TODO: Notify user ?
end end
def sanitized_url
@sanitized_url ||= @url[regex_extractor, 1] + @url[regex_extractor, 3]
end
def credentials
@credentials ||= @url[regex_extractor, 2]
end end
private private
# Regex matches 1 <first part of URL>, 2 <token or to be encrypted stuff>,
# 3 <last part of URL>
def regex_extractor
/(.*\/\/)(.*)(\@.*)/
end
end
def up
projects_with_wrong_import_url.each do |project|
sanitizer = ImportUrlSanitizer.new(project.import_urls)
project.update_columns(import_url: sanitizer.sanitized_url)
if project.import_data
project.import_data.update_columns(credentials: sanitizer.credentials)
end
end
end
def projects_with_dot_atom def projects_with_wrong_import_url
# TODO Check live with #operations for possible false positives. Also, consider regex? But may have issues MySQL/PSQL # TODO Check live with #operations for possible false positives. Also, consider regex? But may have issues MySQL/PSQL
select_all("SELECT p.id from projects p WHERE p.import_url LIKE '%//%:%@%' or p.import_url like '#{"_"*40}@github.com%'") select_all("SELECT p.id from projects p WHERE p.import_url LIKE '%//%:%@%' or p.import_url like '#{"_"*40}@github.com%'")
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment