Remove referencing TokenWithIv model in the codebase

f8835703 · Małgorzata Ksionek · e864e807 · f8835703 · f8835703 · f8835703
Commit f8835703 authored Feb 25, 2021 by Małgorzata Ksionek
3 changed files
--- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb
+++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb
@@ -85,18 +85,12 @@ module TokenAuthenticatableStrategies
    end

    def find_by_encrypted_token(token, unscoped)
-      nonce = Feature.enabled?(:dynamic_nonce_creation) ? find_hashed_iv(token) : Gitlab::CryptoHelper::AES256_GCM_IV_STATIC
+      nonce = Gitlab::CryptoHelper::AES256_GCM_IV_STATIC
      encrypted_value = Gitlab::CryptoHelper.aes256_gcm_encrypt(token, nonce: nonce)

      relation(unscoped).find_by(encrypted_field => encrypted_value)
    end

-    def find_hashed_iv(token)
-      token_record = TokenWithIv.find_by_plaintext_token(token)
-
-      token_record&.iv || Gitlab::CryptoHelper::AES256_GCM_IV_STATIC
-    end
-
    def insecure_strategy
      @insecure_strategy ||= TokenAuthenticatableStrategies::Insecure
        .new(klass, token_field, options)

--- a/lib/gitlab/crypto_helper.rb
+++ b/lib/gitlab/crypto_helper.rb
@@ -23,16 +23,12 @@ module Gitlab
    def aes256_gcm_decrypt(value)
      return unless value

-      nonce = Feature.enabled?(:dynamic_nonce_creation) ? dynamic_nonce(value) : AES256_GCM_IV_STATIC
+      nonce = AES256_GCM_IV_STATIC
      encrypted_token = Base64.decode64(value)
      decrypted_token = Encryptor.decrypt(AES256_GCM_OPTIONS.merge(value: encrypted_token, iv: nonce))
      decrypted_token
    end

-    def dynamic_nonce(value)
-      TokenWithIv.find_nonce_by_hashed_token(value) || AES256_GCM_IV_STATIC
-    end
-
    def aes256_gcm_encrypt_using_static_nonce(value)
      create_encrypted_token(value, AES256_GCM_IV_STATIC)
    end

--- a/spec/lib/gitlab/crypto_helper_spec.rb
+++ b/spec/lib/gitlab/crypto_helper_spec.rb
@@ -67,37 +67,5 @@ RSpec.describe Gitlab::CryptoHelper do
        end
      end
    end
-
-    context 'when token was encrypted using random nonce' do
-      let(:value) { 'random-value' }
-
-      # for compatibility with tokens encrypted using dynamic nonce
-      let!(:encrypted) do
-        iv = create_nonce
-        encrypted_token = described_class.create_encrypted_token(value, iv)
-        TokenWithIv.create!(hashed_token: Digest::SHA256.digest(encrypted_token), hashed_plaintext_token: Digest::SHA256.digest(encrypted_token), iv: iv)
-        encrypted_token
-      end
-
-      before do
-        stub_feature_flags(dynamic_nonce_creation: true)
-      end
-
-      it 'correctly decrypts encrypted string' do
-        decrypted = described_class.aes256_gcm_decrypt(encrypted)
-
-        expect(decrypted).to eq value
-      end
-
-      it 'does not save hashed token with iv value in database' do
-        expect { described_class.aes256_gcm_decrypt(encrypted) }.not_to change { TokenWithIv.count }
-      end
-    end
-  end
-
-  def create_nonce
-    cipher = OpenSSL::Cipher.new('aes-256-gcm')
-    cipher.encrypt # Required before '#random_iv' can be called
-    cipher.random_iv # Ensures that the IV is the correct length respective to the algorithm used.
  end
 end