-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add migration for password algorithm change (#12784)
* Add migration for password algorithm change #12688 changed the default for the user table leading to sync2 warnings Unfortunately changing defaults requires a complete table rewrite in general. However, just dropping columns could be bad - so this PR leverages the techniques used in recreate table to recreate from the inferred schema and recreates the user table. This is not necessarily the correct thing to do - but code sometimes speaks louder than words. Signed-off-by: Andrew Thornton <art27@cantab.net> * oops Signed-off-by: Andrew Thornton <art27@cantab.net> * ok lets use the shorter bits for other dbs Signed-off-by: Andrew Thornton <art27@cantab.net> * Update models/migrations/v150.go * Update models/migrations/v150.go * fix migration Signed-off-by: Andrew Thornton <art27@cantab.net> * mv v150 to v151.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
- Loading branch information
1 parent
88823f3
commit 772b5e0
Showing
3 changed files
with
197 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,194 @@ | ||
// Copyright 2020 The Gitea Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package migrations | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
|
||
"code.gitea.io/gitea/modules/log" | ||
"code.gitea.io/gitea/modules/setting" | ||
|
||
"xorm.io/xorm" | ||
"xorm.io/xorm/schemas" | ||
) | ||
|
||
func setDefaultPasswordToArgon2(x *xorm.Engine) error { | ||
switch { | ||
case setting.Database.UseMySQL: | ||
_, err := x.Exec("ALTER TABLE `user` ALTER passwd_hash_algo SET DEFAULT 'argon2';") | ||
return err | ||
case setting.Database.UsePostgreSQL: | ||
_, err := x.Exec("ALTER TABLE `user` ALTER COLUMN passwd_hash_algo SET DEFAULT 'argon2';") | ||
return err | ||
case setting.Database.UseMSSQL: | ||
// need to find the constraint and drop it, then recreate it. | ||
sess := x.NewSession() | ||
defer sess.Close() | ||
if err := sess.Begin(); err != nil { | ||
return err | ||
} | ||
res, err := sess.QueryString("SELECT [name] FROM sys.default_constraints WHERE parent_object_id=OBJECT_ID(?) AND COL_NAME(parent_object_id, parent_column_id)=?;", "user", "passwd_hash_algo") | ||
if err != nil { | ||
return err | ||
} | ||
if len(res) > 0 { | ||
constraintName := res[0]["name"] | ||
log.Error("Results of select constraint: %s", constraintName) | ||
_, err := sess.Exec("ALTER TABLE [user] DROP CONSTRAINT " + constraintName) | ||
if err != nil { | ||
return err | ||
} | ||
_, err = sess.Exec("ALTER TABLE [user] ADD CONSTRAINT " + constraintName + " DEFAULT 'argon2' FOR passwd_hash_algo") | ||
if err != nil { | ||
return err | ||
} | ||
} else { | ||
_, err := sess.Exec("ALTER TABLE [user] ADD DEFAULT('argon2') FOR passwd_hash_algo") | ||
if err != nil { | ||
return err | ||
} | ||
} | ||
return sess.Commit() | ||
|
||
case setting.Database.UseSQLite3: | ||
// drop through | ||
default: | ||
log.Fatal("Unrecognized DB") | ||
} | ||
|
||
tables, err := x.DBMetas() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
// Now for SQLite we have to recreate the table | ||
var table *schemas.Table | ||
tableName := "user" | ||
|
||
for _, table = range tables { | ||
if table.Name == tableName { | ||
break | ||
} | ||
} | ||
if table == nil || table.Name != tableName { | ||
type User struct { | ||
PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"` | ||
} | ||
return x.Sync2(new(User)) | ||
} | ||
column := table.GetColumn("passwd_hash_algo") | ||
if column == nil { | ||
type User struct { | ||
PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"` | ||
} | ||
return x.Sync2(new(User)) | ||
} | ||
sess := x.NewSession() | ||
defer sess.Close() | ||
if err := sess.Begin(); err != nil { | ||
return err | ||
} | ||
|
||
tempTableName := "tmp_recreate__user" | ||
column.Default = "'argon2'" | ||
|
||
createTableSQL, _ := x.Dialect().CreateTableSQL(table, tempTableName) | ||
for _, sql := range createTableSQL { | ||
if _, err := sess.Exec(sql); err != nil { | ||
log.Error("Unable to create table %s. Error: %v\n", tempTableName, err, createTableSQL) | ||
return err | ||
} | ||
} | ||
for _, index := range table.Indexes { | ||
if _, err := sess.Exec(x.Dialect().CreateIndexSQL(tempTableName, index)); err != nil { | ||
log.Error("Unable to create indexes on temporary table %s. Error: %v", tempTableName, err) | ||
return err | ||
} | ||
} | ||
|
||
newTableColumns := table.Columns() | ||
if len(newTableColumns) == 0 { | ||
return fmt.Errorf("no columns in new table") | ||
} | ||
hasID := false | ||
for _, column := range newTableColumns { | ||
hasID = hasID || (column.IsPrimaryKey && column.IsAutoIncrement) | ||
} | ||
|
||
sqlStringBuilder := &strings.Builder{} | ||
_, _ = sqlStringBuilder.WriteString("INSERT INTO `") | ||
_, _ = sqlStringBuilder.WriteString(tempTableName) | ||
_, _ = sqlStringBuilder.WriteString("` (`") | ||
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name) | ||
_, _ = sqlStringBuilder.WriteString("`") | ||
for _, column := range newTableColumns[1:] { | ||
_, _ = sqlStringBuilder.WriteString(", `") | ||
_, _ = sqlStringBuilder.WriteString(column.Name) | ||
_, _ = sqlStringBuilder.WriteString("`") | ||
} | ||
_, _ = sqlStringBuilder.WriteString(")") | ||
_, _ = sqlStringBuilder.WriteString(" SELECT ") | ||
if newTableColumns[0].Default != "" { | ||
_, _ = sqlStringBuilder.WriteString("COALESCE(`") | ||
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name) | ||
_, _ = sqlStringBuilder.WriteString("`, ") | ||
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Default) | ||
_, _ = sqlStringBuilder.WriteString(")") | ||
} else { | ||
_, _ = sqlStringBuilder.WriteString("`") | ||
_, _ = sqlStringBuilder.WriteString(newTableColumns[0].Name) | ||
_, _ = sqlStringBuilder.WriteString("`") | ||
} | ||
|
||
for _, column := range newTableColumns[1:] { | ||
if column.Default != "" { | ||
_, _ = sqlStringBuilder.WriteString(", COALESCE(`") | ||
_, _ = sqlStringBuilder.WriteString(column.Name) | ||
_, _ = sqlStringBuilder.WriteString("`, ") | ||
_, _ = sqlStringBuilder.WriteString(column.Default) | ||
_, _ = sqlStringBuilder.WriteString(")") | ||
} else { | ||
_, _ = sqlStringBuilder.WriteString(", `") | ||
_, _ = sqlStringBuilder.WriteString(column.Name) | ||
_, _ = sqlStringBuilder.WriteString("`") | ||
} | ||
} | ||
_, _ = sqlStringBuilder.WriteString(" FROM `") | ||
_, _ = sqlStringBuilder.WriteString(tableName) | ||
_, _ = sqlStringBuilder.WriteString("`") | ||
|
||
if _, err := sess.Exec(sqlStringBuilder.String()); err != nil { | ||
log.Error("Unable to set copy data in to temp table %s. Error: %v", tempTableName, err) | ||
return err | ||
} | ||
|
||
// SQLite will drop all the constraints on the old table | ||
if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil { | ||
log.Error("Unable to drop old table %s. Error: %v", tableName, err) | ||
return err | ||
} | ||
|
||
for _, index := range table.Indexes { | ||
if _, err := sess.Exec(x.Dialect().DropIndexSQL(tempTableName, index)); err != nil { | ||
log.Error("Unable to drop indexes on temporary table %s. Error: %v", tempTableName, err) | ||
return err | ||
} | ||
} | ||
|
||
if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` RENAME TO `%s`", tempTableName, tableName)); err != nil { | ||
log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err) | ||
return err | ||
} | ||
|
||
for _, index := range table.Indexes { | ||
if _, err := sess.Exec(x.Dialect().CreateIndexSQL(tableName, index)); err != nil { | ||
log.Error("Unable to recreate indexes on table %s. Error: %v", tableName, err) | ||
return err | ||
} | ||
} | ||
|
||
return sess.Commit() | ||
} |