diff options
| author | zeripath <art27@cantab.net> | 2022-02-16 21:03:58 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-16 21:03:58 +0000 |
| commit | 3a29a23cdc2823bbce30f5ab99ad01d72208de64 (patch) | |
| tree | 11f1a2e0e5e5c0f9617a7e29500940327e339800 /models/migrations/v207.go | |
| parent | f48771ae78b5e5b3caa60c55b3253229ea804ab5 (diff) | |
| download | gitea-3a29a23cdc2823bbce30f5ab99ad01d72208de64.tar.gz gitea-3a29a23cdc2823bbce30f5ab99ad01d72208de64.zip | |
Attempt to fix the webauthn migration again - part 3 (#18770)
v208.go is seriously broken as it misses an ID() check. We need to no-op and remigrate all of the u2f keys.
See #18756
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'models/migrations/v207.go')
| -rw-r--r-- | models/migrations/v207.go | 77 |
1 files changed, 1 insertions, 76 deletions
diff --git a/models/migrations/v207.go b/models/migrations/v207.go index dca2902cd8..f60dfc3dc3 100644 --- a/models/migrations/v207.go +++ b/models/migrations/v207.go @@ -5,86 +5,11 @@ package migrations import ( - "crypto/elliptic" - "encoding/base64" - "strings" - - "code.gitea.io/gitea/modules/timeutil" - - "github.com/tstranex/u2f" "xorm.io/xorm" ) func addWebAuthnCred(x *xorm.Engine) error { - // Create webauthnCredential table - type webauthnCredential struct { - ID int64 `xorm:"pk autoincr"` - Name string - LowerName string `xorm:"unique(s)"` - UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety - PublicKey []byte - AttestationType string - AAGUID []byte - SignCount uint32 `xorm:"BIGINT"` - CloneWarning bool - CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` - UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` - } - if err := x.Sync2(&webauthnCredential{}); err != nil { - return err - } - - // Now migrate the old u2f registrations to the new format - type u2fRegistration struct { - ID int64 `xorm:"pk autoincr"` - Name string - UserID int64 `xorm:"INDEX"` - Raw []byte - Counter uint32 `xorm:"BIGINT"` - CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` - UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` - } - - var start int - regs := make([]*u2fRegistration, 0, 50) - for { - err := x.OrderBy("id").Limit(50, start).Find(®s) - if err != nil { - return err - } - - for _, reg := range regs { - parsed := new(u2f.Registration) - err = parsed.UnmarshalBinary(reg.Raw) - if err != nil { - continue - } - - c := &webauthnCredential{ - ID: reg.ID, - Name: reg.Name, - LowerName: strings.ToLower(reg.Name), - UserID: reg.UserID, - CredentialID: base64.RawStdEncoding.EncodeToString(parsed.KeyHandle), - PublicKey: elliptic.Marshal(elliptic.P256(), parsed.PubKey.X, parsed.PubKey.Y), - AttestationType: "fido-u2f", - AAGUID: []byte{}, - SignCount: reg.Counter, - } - - _, err := x.Insert(c) - if err != nil { - return err - } - } - - if len(regs) < 50 { - break - } - start += 50 - regs = regs[:0] - } + // NO-OP Don't migrate here - let v210 do this. return nil } |