diff options
author | zeripath <art27@cantab.net> | 2020-09-15 23:02:41 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-15 18:02:41 -0400 |
commit | 772b5e0f548548d5633b99fb40f59e5075f1c6db (patch) | |
tree | e9071952fda509af176dab0da2d5e375d86aef68 | |
parent | 88823f3e29385922cffab697d8d9f5a9a2ad3e42 (diff) | |
download | gitea-772b5e0f548548d5633b99fb40f59e5075f1c6db.tar.gz gitea-772b5e0f548548d5633b99fb40f59e5075f1c6db.zip |
Add migration for password algorithm change (#12784)
* Add migration for password algorithm change
#12688 changed the default for the user table leading to sync2 warnings
Unfortunately changing defaults requires a complete table rewrite in general.
However, just dropping columns could be bad - so this PR leverages the
techniques used in recreate table to recreate from the inferred schema
and recreates the user table.
This is not necessarily the correct thing to do - but code sometimes speaks
louder than words.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* oops
Signed-off-by: Andrew Thornton <art27@cantab.net>
* ok lets use the shorter bits for other dbs
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update models/migrations/v150.go
* Update models/migrations/v150.go
* fix migration
Signed-off-by: Andrew Thornton <art27@cantab.net>
* mv v150 to v151.go
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | models/migrations/migrations.go | 2 | ||||
-rw-r--r-- | models/migrations/v151.go | 194 |
3 files changed, 197 insertions, 1 deletions
@@ -469,7 +469,7 @@ test-mssql\#%: integrations.mssql.test generate-ini-mssql .PHONY: test-mssql-migration test-mssql-migration: migrations.mssql.test generate-ini-mssql - GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test + GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast .PHONY: bench-sqlite bench-sqlite: integrations.sqlite.test generate-ini-sqlite diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index 565e583156..5317cc5743 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -235,6 +235,8 @@ var migrations = []Migration{ NewMigration("Add Created and Updated to Milestone table", addCreatedAndUpdatedToMilestones), // v150 -> v151 NewMigration("add primary key to repo_topic", addPrimaryKeyToRepoTopic), + // v151 -> v152 + NewMigration("set default password algorithm to Argon2", setDefaultPasswordToArgon2), } // GetCurrentDBVersion returns the current db version diff --git a/models/migrations/v151.go b/models/migrations/v151.go new file mode 100644 index 0000000000..ba6eee3440 --- /dev/null +++ b/models/migrations/v151.go @@ -0,0 +1,194 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "fmt" + "strings" + + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" + + "xorm.io/xorm" + "xorm.io/xorm/schemas" +) + +func setDefaultPasswordToArgon2(x *xorm.Engine) error { + switch { + case setting.Database.UseMySQL: + _, err := x.Exec("ALTER TABLE `user` ALTER passwd_hash_algo SET DEFAULT 'argon2';") + return err + case setting.Database.UsePostgreSQL: + _, err := x.Exec("ALTER TABLE `user` ALTER COLUMN passwd_hash_algo SET DEFAULT 'argon2';") + return err + case setting.Database.UseMSSQL: + // need to find the constraint and drop it, then recreate it. + sess := x.NewSession() + defer sess.Close() + if err := sess.Begin(); err != nil { + return err + } + res, err := sess.QueryString("SELECT [name] FROM sys.default_constraints WHERE parent_object_id=OBJECT_ID(?) AND COL_NAME(parent_object_id, parent_column_id)=?;", "user", "passwd_hash_algo") + if err != nil { + return err + } + if len(res) > 0 { + constraintName := res[0]["name"] + log.Error("Results of select constraint: %s", constraintName) + _, err := sess.Exec("ALTER TABLE [user] DROP CONSTRAINT " + constraintName) + if err != nil { + return err + } + _, err = sess.Exec("ALTER TABLE [user] ADD CONSTRAINT " + constraintName + " DEFAULT 'argon2' FOR passwd_hash_algo") + if err != nil { + return err + } + } else { + _, err := sess.Exec("ALTER TABLE [user] ADD DEFAULT('argon2') FOR passwd_hash_algo") + if err != nil { + return err + } + } + return sess.Commit() + + case setting.Database.UseSQLite3: + // drop through + default: + log.Fatal("Unrecognized DB") + } + + tables, err := x.DBMetas() + if err != nil { + return err + } + + // Now for SQLite we have to recreate the table + var table *schemas.Table + tableName := "user" + + for _, table = range tables { + if table.Name == tableName { + break + } + } + if table == nil || table.Name != tableName { + type User struct { + PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"` + } + return x.Sync2(new(User)) + } + column := table.GetColumn("passwd_hash_algo") + if column == nil { + type User struct { + PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"` + } + return x.Sync2(new(User)) + } + sess := x.NewSession() + defer sess.Close() + if err := sess.Begin(); err != nil { + return err + } + + tempTableName := "tmp_recreate__user" + column.Default = "'argon2'" + + createTableSQL, _ := x.Dialect().CreateTableSQL(table, tempTableName) + for _, sql := range createTableSQL { + if _, err := sess.Exec(sql); err != nil { + log.Error("Unable to create table %s. Error: %v\n", tempTableName, err, createTableSQL) + return err + } + } + for _, index := range table.Indexes { + if _, err := sess.Exec(x.Dialect().CreateIndexSQL(tempTableName, index)); err != nil { + log.Error("Unable to create indexes on temporary table %s. Error: %v", tempTableName, err) + return err + } + } + + newTableColumns := table.Columns() + if len(newTableColumns) == 0 { + return fmt.Errorf("no columns in new table") + } + hasID := false + for _, column := range newTableColumns { + hasID = hasID || (column.IsPrimaryKey && column.IsAutoIncrement) + } + + sqlStringBuilder := &strings.Builder{} + _, _ = sqlStringBuilder.WriteString("INSERT INTO `") + _, _ = sqlStringBuilder.WriteString(tempTableName) + _, _ = sqlStringBuilder.WriteString("` (`") + _, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name) + _, _ = sqlStringBuilder.WriteString("`") + for _, column := range newTableColumns[1:] { + _, _ = sqlStringBuilder.WriteString(", `") + _, _ = sqlStringBuilder.WriteString(column.Name) + _, _ = sqlStringBuilder.WriteString("`") + } + _, _ = sqlStringBuilder.WriteString(")") + _, _ = sqlStringBuilder.WriteString(" SELECT ") + if newTableColumns[0].Default != "" { + _, _ = sqlStringBuilder.WriteString("COALESCE(`") + _, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name) + _, _ = sqlStringBuilder.WriteString("`, ") + _, _ = sqlStringBuilder.WriteString(newTableColumns[0].Default) + _, _ = sqlStringBuilder.WriteString(")") + } else { + _, _ = sqlStringBuilder.WriteString("`") + _, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name) + _, _ = sqlStringBuilder.WriteString("`") + } + + for _, column := range newTableColumns[1:] { + if column.Default != "" { + _, _ = sqlStringBuilder.WriteString(", COALESCE(`") + _, _ = sqlStringBuilder.WriteString(column.Name) + _, _ = sqlStringBuilder.WriteString("`, ") + _, _ = sqlStringBuilder.WriteString(column.Default) + _, _ = sqlStringBuilder.WriteString(")") + } else { + _, _ = sqlStringBuilder.WriteString(", `") + _, _ = sqlStringBuilder.WriteString(column.Name) + _, _ = sqlStringBuilder.WriteString("`") + } + } + _, _ = sqlStringBuilder.WriteString(" FROM `") + _, _ = sqlStringBuilder.WriteString(tableName) + _, _ = sqlStringBuilder.WriteString("`") + + if _, err := sess.Exec(sqlStringBuilder.String()); err != nil { + log.Error("Unable to set copy data in to temp table %s. Error: %v", tempTableName, err) + return err + } + + // SQLite will drop all the constraints on the old table + if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil { + log.Error("Unable to drop old table %s. Error: %v", tableName, err) + return err + } + + for _, index := range table.Indexes { + if _, err := sess.Exec(x.Dialect().DropIndexSQL(tempTableName, index)); err != nil { + log.Error("Unable to drop indexes on temporary table %s. Error: %v", tempTableName, err) + return err + } + } + + if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` RENAME TO `%s`", tempTableName, tableName)); err != nil { + log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err) + return err + } + + for _, index := range table.Indexes { + if _, err := sess.Exec(x.Dialect().CreateIndexSQL(tableName, index)); err != nil { + log.Error("Unable to recreate indexes on table %s. Error: %v", tableName, err) + return err + } + } + + return sess.Commit() +} |