Add migration for password algorithm change (#12784)

* Add migration for password algorithm change

#12688 changed the default for the user table leading to sync2 warnings

Unfortunately changing defaults requires a complete table rewrite in general.

However, just dropping columns could be bad - so this PR leverages the
techniques used in recreate table to recreate from the inferred schema
and recreates the user table.

This is not necessarily the correct thing to do - but code sometimes speaks
louder than words.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops

Signed-off-by: Andrew Thornton <art27@cantab.net>

* ok lets use the shorter bits for other dbs

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update models/migrations/v150.go

* Update models/migrations/v150.go

* fix migration

Signed-off-by: Andrew Thornton <art27@cantab.net>

* mv v150 to v151.go

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
zeripath 2020-09-15 23:02:41 +01:00 committed by GitHub
parent 88823f3e29
commit 772b5e0f54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 197 additions and 1 deletions

View File

@ -469,7 +469,7 @@ test-mssql\#%: integrations.mssql.test generate-ini-mssql
.PHONY: test-mssql-migration
test-mssql-migration: migrations.mssql.test generate-ini-mssql
GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test
GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast
.PHONY: bench-sqlite
bench-sqlite: integrations.sqlite.test generate-ini-sqlite

View File

@ -235,6 +235,8 @@ var migrations = []Migration{
NewMigration("Add Created and Updated to Milestone table", addCreatedAndUpdatedToMilestones),
// v150 -> v151
NewMigration("add primary key to repo_topic", addPrimaryKeyToRepoTopic),
// v151 -> v152
NewMigration("set default password algorithm to Argon2", setDefaultPasswordToArgon2),
}
// GetCurrentDBVersion returns the current db version

194
models/migrations/v151.go Normal file
View File

@ -0,0 +1,194 @@
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package migrations
import (
"fmt"
"strings"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"xorm.io/xorm"
"xorm.io/xorm/schemas"
)
func setDefaultPasswordToArgon2(x *xorm.Engine) error {
switch {
case setting.Database.UseMySQL:
_, err := x.Exec("ALTER TABLE `user` ALTER passwd_hash_algo SET DEFAULT 'argon2';")
return err
case setting.Database.UsePostgreSQL:
_, err := x.Exec("ALTER TABLE `user` ALTER COLUMN passwd_hash_algo SET DEFAULT 'argon2';")
return err
case setting.Database.UseMSSQL:
// need to find the constraint and drop it, then recreate it.
sess := x.NewSession()
defer sess.Close()
if err := sess.Begin(); err != nil {
return err
}
res, err := sess.QueryString("SELECT [name] FROM sys.default_constraints WHERE parent_object_id=OBJECT_ID(?) AND COL_NAME(parent_object_id, parent_column_id)=?;", "user", "passwd_hash_algo")
if err != nil {
return err
}
if len(res) > 0 {
constraintName := res[0]["name"]
log.Error("Results of select constraint: %s", constraintName)
_, err := sess.Exec("ALTER TABLE [user] DROP CONSTRAINT " + constraintName)
if err != nil {
return err
}
_, err = sess.Exec("ALTER TABLE [user] ADD CONSTRAINT " + constraintName + " DEFAULT 'argon2' FOR passwd_hash_algo")
if err != nil {
return err
}
} else {
_, err := sess.Exec("ALTER TABLE [user] ADD DEFAULT('argon2') FOR passwd_hash_algo")
if err != nil {
return err
}
}
return sess.Commit()
case setting.Database.UseSQLite3:
// drop through
default:
log.Fatal("Unrecognized DB")
}
tables, err := x.DBMetas()
if err != nil {
return err
}
// Now for SQLite we have to recreate the table
var table *schemas.Table
tableName := "user"
for _, table = range tables {
if table.Name == tableName {
break
}
}
if table == nil || table.Name != tableName {
type User struct {
PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"`
}
return x.Sync2(new(User))
}
column := table.GetColumn("passwd_hash_algo")
if column == nil {
type User struct {
PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"`
}
return x.Sync2(new(User))
}
sess := x.NewSession()
defer sess.Close()
if err := sess.Begin(); err != nil {
return err
}
tempTableName := "tmp_recreate__user"
column.Default = "'argon2'"
createTableSQL, _ := x.Dialect().CreateTableSQL(table, tempTableName)
for _, sql := range createTableSQL {
if _, err := sess.Exec(sql); err != nil {
log.Error("Unable to create table %s. Error: %v\n", tempTableName, err, createTableSQL)
return err
}
}
for _, index := range table.Indexes {
if _, err := sess.Exec(x.Dialect().CreateIndexSQL(tempTableName, index)); err != nil {
log.Error("Unable to create indexes on temporary table %s. Error: %v", tempTableName, err)
return err
}
}
newTableColumns := table.Columns()
if len(newTableColumns) == 0 {
return fmt.Errorf("no columns in new table")
}
hasID := false
for _, column := range newTableColumns {
hasID = hasID || (column.IsPrimaryKey && column.IsAutoIncrement)
}
sqlStringBuilder := &strings.Builder{}
_, _ = sqlStringBuilder.WriteString("INSERT INTO `")
_, _ = sqlStringBuilder.WriteString(tempTableName)
_, _ = sqlStringBuilder.WriteString("` (`")
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name)
_, _ = sqlStringBuilder.WriteString("`")
for _, column := range newTableColumns[1:] {
_, _ = sqlStringBuilder.WriteString(", `")
_, _ = sqlStringBuilder.WriteString(column.Name)
_, _ = sqlStringBuilder.WriteString("`")
}
_, _ = sqlStringBuilder.WriteString(")")
_, _ = sqlStringBuilder.WriteString(" SELECT ")
if newTableColumns[0].Default != "" {
_, _ = sqlStringBuilder.WriteString("COALESCE(`")
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name)
_, _ = sqlStringBuilder.WriteString("`, ")
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Default)
_, _ = sqlStringBuilder.WriteString(")")
} else {
_, _ = sqlStringBuilder.WriteString("`")
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name)
_, _ = sqlStringBuilder.WriteString("`")
}
for _, column := range newTableColumns[1:] {
if column.Default != "" {
_, _ = sqlStringBuilder.WriteString(", COALESCE(`")
_, _ = sqlStringBuilder.WriteString(column.Name)
_, _ = sqlStringBuilder.WriteString("`, ")
_, _ = sqlStringBuilder.WriteString(column.Default)
_, _ = sqlStringBuilder.WriteString(")")
} else {
_, _ = sqlStringBuilder.WriteString(", `")
_, _ = sqlStringBuilder.WriteString(column.Name)
_, _ = sqlStringBuilder.WriteString("`")
}
}
_, _ = sqlStringBuilder.WriteString(" FROM `")
_, _ = sqlStringBuilder.WriteString(tableName)
_, _ = sqlStringBuilder.WriteString("`")
if _, err := sess.Exec(sqlStringBuilder.String()); err != nil {
log.Error("Unable to set copy data in to temp table %s. Error: %v", tempTableName, err)
return err
}
// SQLite will drop all the constraints on the old table
if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
log.Error("Unable to drop old table %s. Error: %v", tableName, err)
return err
}
for _, index := range table.Indexes {
if _, err := sess.Exec(x.Dialect().DropIndexSQL(tempTableName, index)); err != nil {
log.Error("Unable to drop indexes on temporary table %s. Error: %v", tempTableName, err)
return err
}
}
if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` RENAME TO `%s`", tempTableName, tableName)); err != nil {
log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err)
return err
}
for _, index := range table.Indexes {
if _, err := sess.Exec(x.Dialect().CreateIndexSQL(tableName, index)); err != nil {
log.Error("Unable to recreate indexes on table %s. Error: %v", tableName, err)
return err
}
}
return sess.Commit()
}