Commit 094d7408 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'if-53411-remove_personal_access_tokens_token' into 'master'

Remove undigested token column from personal_access_tokens table

See merge request gitlab-org/gitlab-ce!22743
parents 83a23297 6d92a3d4
......@@ -2,8 +2,11 @@
class PersonalAccessToken < ActiveRecord::Base
include Expirable
include IgnorableColumn
include TokenAuthenticatable
add_authentication_token_field :token, digest: true, fallback: true
add_authentication_token_field :token, digest: true
ignore_column :token
REDIS_EXPIRY_TIME = 3.minutes
......
---
title: Remove undigested token column from personal_access_tokens table from the database
merge_request: 22743
author:
type: changed
# frozen_string_literal: true
class StealDigestColumn < ActiveRecord::Migration[5.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
Gitlab::BackgroundMigration.steal('DigestColumn')
end
def down
# raise ActiveRecord::IrreversibleMigration
end
end
# frozen_string_literal: true
class RemoveTokenFromPersonalAccessTokens < ActiveRecord::Migration[5.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def change
remove_column :personal_access_tokens, :token, :string
end
end
......@@ -1515,7 +1515,6 @@ ActiveRecord::Schema.define(version: 20190204115450) do
create_table "personal_access_tokens", force: :cascade do |t|
t.integer "user_id", null: false
t.string "token"
t.string "name", null: false
t.boolean "revoked", default: false
t.date "expires_at"
......@@ -1524,7 +1523,6 @@ ActiveRecord::Schema.define(version: 20190204115450) do
t.string "scopes", default: "--- []\n", null: false
t.boolean "impersonation", default: false, null: false
t.string "token_digest"
t.index ["token"], name: "index_personal_access_tokens_on_token", unique: true, using: :btree
t.index ["token_digest"], name: "index_personal_access_tokens_on_token_digest", unique: true, using: :btree
t.index ["user_id"], name: "index_personal_access_tokens_on_user_id", using: :btree
end
......
FactoryBot.define do
factory :personal_access_token do
user
token { SecureRandom.hex(50) }
sequence(:name) { |n| "PAT #{n}" }
revoked false
expires_at { 5.days.from_now }
scopes ['api']
impersonation false
after(:build) { |personal_access_token| personal_access_token.ensure_token }
trait :impersonation do
impersonation true
end
......@@ -21,7 +22,7 @@ FactoryBot.define do
end
trait :invalid do
token nil
token_digest nil
end
end
end
......@@ -22,7 +22,7 @@ describe Gitlab::BackgroundMigration::DigestColumn, :migration, schema: 20180913
it 'erases token' do
expect { subject.perform(PersonalAccessToken, :token, :token_digest, 1, 2) }.to(
change { PersonalAccessToken.find(1).token }.from('token-01').to(nil))
change { PersonalAccessToken.find(1).read_attribute(:token) }.from('token-01').to(nil))
end
end
......@@ -39,7 +39,7 @@ describe Gitlab::BackgroundMigration::DigestColumn, :migration, schema: 20180913
it 'leaves token empty' do
expect { subject.perform(PersonalAccessToken, :token, :token_digest, 1, 2) }.not_to(
change { PersonalAccessToken.find(1).token }.from(nil))
change { PersonalAccessToken.find(1).read_attribute(:token) }.from(nil))
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment