Add Migrations for WebAuthn

In preparation of !26692

app/models/webauthn_registration.rb

+# frozen_string_literal: true
+
+# Registration information for WebAuthn credentials
+
+class WebauthnRegistration < ApplicationRecord
+  belongs_to :user
+
+  validates :credential_xid, :public_key, :name, :counter, presence: true
+  validates :counter,
+            numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: 2**32 - 1 }
+end

changelogs/unreleased/22506-webauthn-step-1-migrations.yml

+---
+title: Prepare database for WebAuthn
+merge_request: 35797
+author: Jan Beckmann
+type: other

db/migrate/20191112212815_create_web_authn_table.rb

+# frozen_string_literal: true
+
+class CreateWebAuthnTable < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  # disable_ddl_transaction!
+
+  # rubocop:disable Migration/AddLimitToTextColumns
+  # limits are added in subsequent migration
+  def change
+    create_table :webauthn_registrations do |t|
+      t.bigint :user_id, null: false, index: true
+
+      t.bigint :counter, default: 0, null: false
+      t.timestamps_with_timezone
+      t.text :credential_xid, null: false, index: { unique: true }
+      t.text :name, null: false
+      # The length of the public key is determined by the device
+      # and not specified. Thus we can't set a limit
+      t.text :public_key, null: false # rubocop:disable Migration/AddLimitToTextColumns
+    end
+  end
+  # rubocop:enable Migration/AddLimitToTextColumns
+end

db/migrate/20200510181937_add_web_authn_xid_to_user_details.rb

+# frozen_string_literal: true
+
+class AddWebAuthnXidToUserDetails < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  # rubocop:disable Migration/AddLimitToTextColumns
+  # limit is added in subsequent migration
+  def change
+    add_column :user_details, :webauthn_xid, :text
+  end
+  # rubocop:enable Migration/AddLimitToTextColumns
+end

db/migrate/20200510182218_add_text_limit_to_user_details_webauthn_xid.rb

+# frozen_string_literal: true
+
+class AddTextLimitToUserDetailsWebauthnXid < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :user_details, :webauthn_xid, 100
+  end
+
+  def down
+    remove_text_limit :user_details, :webauthn_xid
+  end
+end

db/migrate/20200510182556_add_text_limit_to_webauthn_registrations_name.rb

+# frozen_string_literal: true
+
+class AddTextLimitToWebauthnRegistrationsName < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :webauthn_registrations, :name, 255
+  end
+
+  def down
+    remove_text_limit :webauthn_registrations, :name
+  end
+end

db/migrate/20200510182824_add_text_limit_to_webauthn_registrations_credential_xid.rb

+# frozen_string_literal: true
+
+class AddTextLimitToWebauthnRegistrationsCredentialXid < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :webauthn_registrations, :credential_xid, 255
+  end
+
+  def down
+    remove_text_limit :webauthn_registrations, :credential_xid
+  end
+end

db/migrate/20200510183128_add_foreign_key_from_webauthn_registrations_to_users.rb

+# frozen_string_literal: true
+
+class AddForeignKeyFromWebauthnRegistrationsToUsers < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  # disable_ddl_transaction!
+
+  def up
+    with_lock_retries do
+      add_foreign_key :webauthn_registrations, :users, column: :user_id, on_delete: :cascade # rubocop:disable Migration/AddConcurrentForeignKey
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_foreign_key :webauthn_registrations, column: :user_id
+    end
+  end
+end

db/structure.sql

@@ -15642,7 +15642,9 @@ CREATE TABLE public.user_details (
     job_title character varying(200) DEFAULT ''::character varying NOT NULL,
     bio character varying(255) DEFAULT ''::character varying NOT NULL,
     bio_html text,
-    cached_markdown_version integer
+    cached_markdown_version integer,
+    webauthn_xid text,
+    CONSTRAINT check_245664af82 CHECK ((char_length(webauthn_xid) <= 100))
 );
 
 CREATE SEQUENCE public.user_details_user_id_seq
@@ -16209,6 +16211,28 @@ CREATE SEQUENCE public.web_hooks_id_seq
 
 ALTER SEQUENCE public.web_hooks_id_seq OWNED BY public.web_hooks.id;
 
+CREATE TABLE public.webauthn_registrations (
+    id bigint NOT NULL,
+    user_id bigint NOT NULL,
+    counter bigint DEFAULT 0 NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    credential_xid text NOT NULL,
+    name text NOT NULL,
+    public_key text NOT NULL,
+    CONSTRAINT check_242f0cc65c CHECK ((char_length(credential_xid) <= 255)),
+    CONSTRAINT check_2f02e74321 CHECK ((char_length(name) <= 255))
+);
+
+CREATE SEQUENCE public.webauthn_registrations_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE public.webauthn_registrations_id_seq OWNED BY public.webauthn_registrations.id;
+
 CREATE TABLE public.wiki_page_meta (
     id integer NOT NULL,
     project_id bigint NOT NULL,
@@ -16969,6 +16993,8 @@ ALTER TABLE ONLY public.web_hook_logs ALTER COLUMN id SET DEFAULT nextval('publi
 
 ALTER TABLE ONLY public.web_hooks ALTER COLUMN id SET DEFAULT nextval('public.web_hooks_id_seq'::regclass);
 
+ALTER TABLE ONLY public.webauthn_registrations ALTER COLUMN id SET DEFAULT nextval('public.webauthn_registrations_id_seq'::regclass);
+
 ALTER TABLE ONLY public.wiki_page_meta ALTER COLUMN id SET DEFAULT nextval('public.wiki_page_meta_id_seq'::regclass);
 
 ALTER TABLE ONLY public.wiki_page_slugs ALTER COLUMN id SET DEFAULT nextval('public.wiki_page_slugs_id_seq'::regclass);
@@ -18229,6 +18255,9 @@ ALTER TABLE ONLY public.web_hook_logs
 ALTER TABLE ONLY public.web_hooks
     ADD CONSTRAINT web_hooks_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.webauthn_registrations
+    ADD CONSTRAINT webauthn_registrations_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.wiki_page_meta
     ADD CONSTRAINT wiki_page_meta_pkey PRIMARY KEY (id);
 
@@ -20455,6 +20484,10 @@ CREATE INDEX index_web_hooks_on_project_id ON public.web_hooks USING btree (proj
 
 CREATE INDEX index_web_hooks_on_type ON public.web_hooks USING btree (type);
 
+CREATE UNIQUE INDEX index_webauthn_registrations_on_credential_xid ON public.webauthn_registrations USING btree (credential_xid);
+
+CREATE INDEX index_webauthn_registrations_on_user_id ON public.webauthn_registrations USING btree (user_id);
+
 CREATE INDEX index_wiki_page_meta_on_project_id ON public.wiki_page_meta USING btree (project_id);
 
 CREATE UNIQUE INDEX index_wiki_page_slugs_on_slug_and_wiki_page_meta_id ON public.wiki_page_slugs USING btree (slug, wiki_page_meta_id);
@@ -22196,6 +22229,9 @@ ALTER TABLE ONLY public.vulnerability_statistics
 ALTER TABLE ONLY public.resource_label_events
     ADD CONSTRAINT fk_rails_b126799f57 FOREIGN KEY (label_id) REFERENCES public.labels(id) ON DELETE SET NULL;
 
+ALTER TABLE ONLY public.webauthn_registrations
+    ADD CONSTRAINT fk_rails_b15c016782 FOREIGN KEY (user_id) REFERENCES public.users(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY public.packages_build_infos
     ADD CONSTRAINT fk_rails_b18868292d FOREIGN KEY (package_id) REFERENCES public.packages_packages(id) ON DELETE CASCADE;
 
@@ -22950,6 +22986,7 @@ COPY "schema_migrations" (version) FROM STDIN;
 20191112105448
 20191112115247
 20191112115317
+20191112212815
 20191112214305
 20191112221821
 20191112232338
@@ -23483,6 +23520,11 @@ COPY "schema_migrations" (version) FROM STDIN;
 20200508140959
 20200508203901
 20200509203901
+20200510181937
+20200510182218
+20200510182556
+20200510182824
+20200510183128
 20200511080113
 20200511083541
 20200511092246