mirror of https://github.com/go-gitea/gitea.git
* Increase the size of the webauthn_credential credential_id field (#18739) Backport #18739 Unfortunately credentialIDs in u2f are 255 bytes long which with base32 encoding becomes 408 bytes. The default size of a xorm string field is only a VARCHAR(255) This problem is not apparent on SQLite because strings get mapped to TEXT there. Fix #18727 Signed-off-by: Andrew Thornton <art27@cantab.net> * Ignore the migrate if u2f_registration is not exist (#18760) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
parent
7ebc3da7cb
commit
3a78ac4b32
5
Makefile
5
Makefile
|
@ -399,6 +399,11 @@ test-sqlite-migration: migrations.sqlite.test migrations.individual.sqlite.test
|
||||||
GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
|
GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
|
||||||
GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test
|
GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test
|
||||||
|
|
||||||
|
.PHONY: test-sqlite-migration\#%
|
||||||
|
test-sqlite-migration\#%: migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
|
||||||
|
GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
|
||||||
|
|
||||||
|
|
||||||
generate-ini-mysql:
|
generate-ini-mysql:
|
||||||
sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
|
sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
|
||||||
-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \
|
-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
-
|
||||||
|
id: 1
|
||||||
|
credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG="
|
||||||
|
-
|
||||||
|
id: 2
|
||||||
|
credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG="
|
||||||
|
-
|
||||||
|
id: 4
|
||||||
|
credential_id: "THIS SHOULD NOT CHAGNGE"
|
|
@ -0,0 +1,21 @@
|
||||||
|
-
|
||||||
|
id: 1
|
||||||
|
name: "u2fkey-correctly-migrated"
|
||||||
|
user_id: 1
|
||||||
|
raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841
|
||||||
|
counter: 0
|
||||||
|
- id: 2
|
||||||
|
name: "u2fkey-incorrectly-migrated"
|
||||||
|
user_id: 1
|
||||||
|
raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841
|
||||||
|
counter: 0
|
||||||
|
- id: 3
|
||||||
|
name: "u2fkey-deleted"
|
||||||
|
user_id: 1
|
||||||
|
raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841
|
||||||
|
counter: 0
|
||||||
|
- id: 4
|
||||||
|
name: "u2fkey-wrong-user-id"
|
||||||
|
user_id: 2
|
||||||
|
raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841
|
||||||
|
counter: 0
|
|
@ -0,0 +1,30 @@
|
||||||
|
-
|
||||||
|
id: 1
|
||||||
|
lower_name: "u2fkey-correctly-migrated"
|
||||||
|
name: "u2fkey-correctly-migrated"
|
||||||
|
user_id: 1
|
||||||
|
credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG="
|
||||||
|
public_key: 0x040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf2
|
||||||
|
attestation_type: 'fido-u2f'
|
||||||
|
sign_count: 1
|
||||||
|
clone_warning: false
|
||||||
|
-
|
||||||
|
id: 2
|
||||||
|
lower_name: "u2fkey-incorrectly-migrated"
|
||||||
|
name: "u2fkey-incorrectly-migrated"
|
||||||
|
user_id: 1
|
||||||
|
credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8A"
|
||||||
|
public_key: 0x040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf2
|
||||||
|
attestation_type: 'fido-u2f'
|
||||||
|
sign_count: 1
|
||||||
|
clone_warning: false
|
||||||
|
-
|
||||||
|
id: 4
|
||||||
|
lower_name: "u2fkey-wrong-user-id"
|
||||||
|
name: "u2fkey-wrong-user-id"
|
||||||
|
user_id: 1
|
||||||
|
credential_id: "THIS SHOULD NOT CHAGNGE"
|
||||||
|
public_key: 0x040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf2
|
||||||
|
attestation_type: 'fido-u2f'
|
||||||
|
sign_count: 1
|
||||||
|
clone_warning: false
|
|
@ -370,6 +370,8 @@ var migrations = []Migration{
|
||||||
NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred),
|
NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred),
|
||||||
// v208 -> v209
|
// v208 -> v209
|
||||||
NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential),
|
NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential),
|
||||||
|
// v209 -> v210
|
||||||
|
NewMigration("Increase WebAuthentication CredentialID size to 410", increaseCredentialIDTo410),
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCurrentDBVersion returns the current db version
|
// GetCurrentDBVersion returns the current db version
|
||||||
|
|
|
@ -23,7 +23,7 @@ func addWebAuthnCred(x *xorm.Engine) error {
|
||||||
Name string
|
Name string
|
||||||
LowerName string `xorm:"unique(s)"`
|
LowerName string `xorm:"unique(s)"`
|
||||||
UserID int64 `xorm:"INDEX unique(s)"`
|
UserID int64 `xorm:"INDEX unique(s)"`
|
||||||
CredentialID string `xorm:"INDEX"`
|
CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety
|
||||||
PublicKey []byte
|
PublicKey []byte
|
||||||
AttestationType string
|
AttestationType string
|
||||||
AAGUID []byte
|
AAGUID []byte
|
||||||
|
|
|
@ -16,7 +16,7 @@ func useBase32HexForCredIDInWebAuthnCredential(x *xorm.Engine) error {
|
||||||
// Create webauthnCredential table
|
// Create webauthnCredential table
|
||||||
type webauthnCredential struct {
|
type webauthnCredential struct {
|
||||||
ID int64 `xorm:"pk autoincr"`
|
ID int64 `xorm:"pk autoincr"`
|
||||||
CredentialID string `xorm:"INDEX"`
|
CredentialID string `xorm:"INDEX VARCHAR(410)"`
|
||||||
}
|
}
|
||||||
if err := x.Sync2(&webauthnCredential{}); err != nil {
|
if err := x.Sync2(&webauthnCredential{}); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -0,0 +1,144 @@
|
||||||
|
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package migrations
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/base32"
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/timeutil"
|
||||||
|
|
||||||
|
"github.com/tstranex/u2f"
|
||||||
|
"xorm.io/xorm"
|
||||||
|
"xorm.io/xorm/schemas"
|
||||||
|
)
|
||||||
|
|
||||||
|
func increaseCredentialIDTo410(x *xorm.Engine) error {
|
||||||
|
// Create webauthnCredential table
|
||||||
|
type webauthnCredential struct {
|
||||||
|
ID int64 `xorm:"pk autoincr"`
|
||||||
|
Name string
|
||||||
|
LowerName string `xorm:"unique(s)"`
|
||||||
|
UserID int64 `xorm:"INDEX unique(s)"`
|
||||||
|
CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety
|
||||||
|
PublicKey []byte
|
||||||
|
AttestationType string
|
||||||
|
AAGUID []byte
|
||||||
|
SignCount uint32 `xorm:"BIGINT"`
|
||||||
|
CloneWarning bool
|
||||||
|
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
|
||||||
|
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
||||||
|
}
|
||||||
|
if err := x.Sync2(&webauthnCredential{}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
switch x.Dialect().URI().DBType {
|
||||||
|
case schemas.MYSQL:
|
||||||
|
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(410)")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
case schemas.ORACLE:
|
||||||
|
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(410)")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
case schemas.MSSQL:
|
||||||
|
// This column has an index on it. I could write all of the code to attempt to change the index OR
|
||||||
|
// I could just use recreate table.
|
||||||
|
sess := x.NewSession()
|
||||||
|
if err := sess.Begin(); err != nil {
|
||||||
|
_ = sess.Close()
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := recreateTable(sess, new(webauthnCredential)); err != nil {
|
||||||
|
_ = sess.Close()
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := sess.Commit(); err != nil {
|
||||||
|
_ = sess.Close()
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := sess.Close(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
case schemas.POSTGRES:
|
||||||
|
_, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(410)")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
// SQLite doesn't support ALTER COLUMN, and it already makes String _TEXT_ by default so no migration needed
|
||||||
|
// nor is there any need to re-migrate
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
exist, err := x.IsTableExist("u2f_registration")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !exist {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now migrate the old u2f registrations to the new format
|
||||||
|
type u2fRegistration struct {
|
||||||
|
ID int64 `xorm:"pk autoincr"`
|
||||||
|
Name string
|
||||||
|
UserID int64 `xorm:"INDEX"`
|
||||||
|
Raw []byte
|
||||||
|
Counter uint32 `xorm:"BIGINT"`
|
||||||
|
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
|
||||||
|
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
||||||
|
}
|
||||||
|
|
||||||
|
var start int
|
||||||
|
regs := make([]*u2fRegistration, 0, 50)
|
||||||
|
for {
|
||||||
|
err := x.OrderBy("id").Limit(50, start).Find(®s)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, reg := range regs {
|
||||||
|
parsed := new(u2f.Registration)
|
||||||
|
err = parsed.UnmarshalBinary(reg.Raw)
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
cred := &webauthnCredential{}
|
||||||
|
has, err := x.ID(reg.ID).Where("id = ? AND user_id = ?", reg.ID, reg.UserID).Get(cred)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err)
|
||||||
|
}
|
||||||
|
if !has {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
remigratedCredID := base32.HexEncoding.EncodeToString(parsed.KeyHandle)
|
||||||
|
if cred.CredentialID == remigratedCredID || (!strings.HasPrefix(remigratedCredID, cred.CredentialID) && cred.CredentialID != "") {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
cred.CredentialID = remigratedCredID
|
||||||
|
|
||||||
|
_, err = x.ID(cred.ID).Update(cred)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(regs) < 50 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
start += 50
|
||||||
|
regs = regs[:0]
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,74 @@
|
||||||
|
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package migrations
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/timeutil"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"xorm.io/xorm/schemas"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Test_increaseCredentialIDTo410(t *testing.T) {
|
||||||
|
// Create webauthnCredential table
|
||||||
|
type WebauthnCredential struct {
|
||||||
|
ID int64 `xorm:"pk autoincr"`
|
||||||
|
Name string
|
||||||
|
LowerName string `xorm:"unique(s)"`
|
||||||
|
UserID int64 `xorm:"INDEX unique(s)"`
|
||||||
|
CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety
|
||||||
|
PublicKey []byte
|
||||||
|
AttestationType string
|
||||||
|
SignCount uint32 `xorm:"BIGINT"`
|
||||||
|
CloneWarning bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now migrate the old u2f registrations to the new format
|
||||||
|
type U2fRegistration struct {
|
||||||
|
ID int64 `xorm:"pk autoincr"`
|
||||||
|
Name string
|
||||||
|
UserID int64 `xorm:"INDEX"`
|
||||||
|
Raw []byte
|
||||||
|
Counter uint32 `xorm:"BIGINT"`
|
||||||
|
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
|
||||||
|
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type ExpectedWebauthnCredential struct {
|
||||||
|
ID int64 `xorm:"pk autoincr"`
|
||||||
|
CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prepare and load the testing database
|
||||||
|
x, deferable := prepareTestEnv(t, 0, new(WebauthnCredential), new(U2fRegistration), new(ExpectedWebauthnCredential))
|
||||||
|
if x == nil || t.Failed() {
|
||||||
|
defer deferable()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer deferable()
|
||||||
|
|
||||||
|
if x.Dialect().URI().DBType == schemas.SQLITE {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run the migration
|
||||||
|
if err := increaseCredentialIDTo410(x); err != nil {
|
||||||
|
assert.NoError(t, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
expected := []ExpectedWebauthnCredential{}
|
||||||
|
if err := x.Table("expected_webauthn_credential").Asc("id").Find(&expected); !assert.NoError(t, err) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
got := []ExpectedWebauthnCredential{}
|
||||||
|
if err := x.Table("webauthn_credential").Select("id, credential_id").Asc("id").Find(&got); !assert.NoError(t, err) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
assert.EqualValues(t, expected, got)
|
||||||
|
}
|
Loading…
Reference in New Issue