aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormrsdizzie <info@mrsdizzie.com>2019-12-19 04:49:48 -0500
committerLunny Xiao <xiaolunwen@gmail.com>2019-12-19 17:49:48 +0800
commite57f7639379c8561a8109b35d171a1540d75577e (patch)
treeb2cd63ec4a4d1625a1e5a485d3177a995c515437
parent4147cc91ed07666613fa84cd8caffde9b1a8b916 (diff)
downloadgitea-e57f7639379c8561a8109b35d171a1540d75577e.tar.gz
gitea-e57f7639379c8561a8109b35d171a1540d75577e.zip
Add migration to sanitize repository original_url (#9423)
* Add migration to sanitize repository original_url During a large code move in #6200 the OriginalURL field was accidentially changed to be populated with the CloneAddr field which will contain the username and/or password provided during a migration. This behavior was fixed in previous PR #9097 and this migration will remove any authentication details that were stored in the database between those two. * use net/url to rebuild URL instead of strings.Replace * Update models/migrations/migrations.go * changes per lunny * make fmt
-rw-r--r--models/migrations/migrations.go2
-rw-r--r--models/migrations/v114.go52
2 files changed, 54 insertions, 0 deletions
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index cbea5a95dd..923b5f5759 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -282,6 +282,8 @@ var migrations = []Migration{
NewMigration("remove release attachments which repository deleted", removeAttachmentMissedRepo),
// v113 -> v114
NewMigration("new feature: change target branch of pull requests", featureChangeTargetBranch),
+ // v114 -> v115
+ NewMigration("Remove authentication credentials from stored URL", sanitizeOriginalURL),
}
// Migrate database to current version
diff --git a/models/migrations/v114.go b/models/migrations/v114.go
new file mode 100644
index 0000000000..25a187f6e8
--- /dev/null
+++ b/models/migrations/v114.go
@@ -0,0 +1,52 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+ "net/url"
+
+ "xorm.io/xorm"
+)
+
+func sanitizeOriginalURL(x *xorm.Engine) error {
+
+ type Repository struct {
+ ID int64
+ OriginalURL string `xorm:"VARCHAR(2048)"`
+ }
+
+ var last int
+ const batchSize = 50
+ for {
+ var results = make([]Repository, 0, batchSize)
+ err := x.Where("original_url <> '' AND original_url IS NOT NULL").
+ And("original_service_type = 0 OR original_service_type IS NULL").
+ OrderBy("id").
+ Limit(batchSize, last).
+ Find(&results)
+ if err != nil {
+ return err
+ }
+ if len(results) == 0 {
+ break
+ }
+ last += len(results)
+
+ for _, res := range results {
+ u, err := url.Parse(res.OriginalURL)
+ if err != nil {
+ // it is ok to continue here, we only care about fixing URLs that we can read
+ continue
+ }
+ u.User = nil
+ originalURL := u.String()
+ _, err = x.Exec("UPDATE repository SET original_url = ? WHERE id = ?", originalURL, res.ID)
+ if err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}