Skip to content

G
gitlab-ce
Commit 239a4f72 authored by Grzegorz Bizon's avatar Grzegorz Bizon
Browse files
Options

Use plaintext token when migration is not complete

parent e9abaced
Hide whitespace changes
Inline Side-by-side
Showing with 21 additions and 26 deletions
app/models/concerns/token_authenticatable_strategies/encrypted.rb
View file @ 239a4f72
......@@ -12,16 +12,18 @@ module TokenAuthenticatableStrategies
def find_token_authenticatable(token, unscoped = false)
return if token.blank?
return find_by_encrypted_token(token, unscoped) if fully_encrypted?
if fully_encrypted?
return find_by_encrypted_token(token, unscoped)
end
if fallback?
find_by_encrypted_token(token, unscoped) ||
find_by_plaintext_token(token, unscoped)
elsif migrating?
find_by_plaintext_token(token, unscoped) ||
find_by_encrypted_token(token, unscoped)
find_by_plaintext_token(token, unscoped)
else
raise ArgumentError, 'Unknown encryption strategy!'
raise ArgumentError, 'Unknown encryption phase!'
end
end
......
lib/gitlab/background_migration/encrypt_columns.rb
View file @ 239a4f72
......@@ -38,6 +38,10 @@ module Gitlab
end
end
def clear_migrated_values?
true
end
private
# Build a hash of { attribute => encrypted column name }
......@@ -74,7 +78,9 @@ module Gitlab
if instance.changed?
instance.save!
instance.update_columns(to_clear)
if clear_migrated_values?
instance.update_columns(to_clear)
end
end
end
......
lib/gitlab/background_migration/encrypt_runners_tokens.rb
View file @ 239a4f72
......@@ -23,6 +23,10 @@ module Gitlab
super(model, attributes, from, to)
end
def clear_migrated_values?
false
end
end
end
end
spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb
View file @ 239a4f72
......@@ -18,7 +18,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
decrypted_token = ::Gitlab::CryptoHelper.aes256_gcm_decrypt(encrypted_token)
expect(decrypted_token).to eq 'plain-text-token1'
expect(settings.first.runners_registration_token).to be_nil
expect(settings.first.runners_registration_token).to eq 'plain-text-token1'
end
end
......@@ -33,7 +33,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
migrate!(:namespace, 11, 22)
expect(namespaces.all.reload).to all(
have_attributes(runners_token: nil, runners_token_encrypted: be_a(String))
have_attributes(runners_token: be_a(String), runners_token_encrypted: be_a(String))
)
end
end
......@@ -50,7 +50,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
migrate!(:project, 111, 116)
expect(projects.all.reload).to all(
have_attributes(runners_token: nil, runners_token_encrypted: be_a(String))
have_attributes(runners_token: be_a(String), runners_token_encrypted: be_a(String))
)
end
end
......@@ -66,7 +66,7 @@ describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema:
migrate!(:runner, 201, 203)
expect(runners.all.reload).to all(
have_attributes(token: nil, token_encrypted: be_a(String))
have_attributes(token: be_a(String), token_encrypted: be_a(String))
)
end
end
......
spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
View file @ 239a4f72
......@@ -66,26 +66,9 @@ describe TokenAuthenticatableStrategies::Encrypted do
.with('some_field' => 'my-value')
.and_return(nil)
allow(model).to receive(:find_by)
.with('some_field_encrypted' => encrypted)
.and_return(nil)
expect(subject.find_token_authenticatable('my-value'))
.to be_nil
end
it 'finds by encrypted value if cleartext is not present' do
allow(model).to receive(:find_by)
.with('some_field' => 'my-value')
.and_return(nil)
allow(model).to receive(:find_by)
.with('some_field_encrypted' => encrypted)
.and_return('encrypted resource')
expect(subject.find_token_authenticatable('my-value'))
.to eq 'encrypted resource'
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7