mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-25 20:35:50 +08:00 
			
		
		
		
	Increase the size of the webauthn_credential credential_id field (#18739)
Unfortunately credentialIDs in u2f are 255 bytes long which with base32 encoding becomes 408 bytes. The default size of a xorm string field is only a VARCHAR(255) This problem is not apparent on SQLite because strings get mapped to TEXT there. Fix #18727 Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
		
							
								
								
									
										5
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										5
									
								
								Makefile
									
									
									
									
									
								
							| @ -405,6 +405,11 @@ test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test | |||||||
| 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test | 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test | ||||||
| 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test | 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test | ||||||
|  |  | ||||||
|  | .PHONY: test-sqlite-migration\#% | ||||||
|  | test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite | ||||||
|  | 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*) | ||||||
|  |  | ||||||
|  |  | ||||||
| generate-ini-mysql: | generate-ini-mysql: | ||||||
| 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \ | 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \ | ||||||
| 		-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \ | 		-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \ | ||||||
|  | |||||||
| @ -0,0 +1,9 @@ | |||||||
|  | - | ||||||
|  |   id: 1 | ||||||
|  |   credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" | ||||||
|  | - | ||||||
|  |   id: 2 | ||||||
|  |   credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" | ||||||
|  | - | ||||||
|  |   id: 4 | ||||||
|  |   credential_id: "THIS SHOULD NOT CHAGNGE" | ||||||
| @ -0,0 +1,21 @@ | |||||||
|  | - | ||||||
|  |   id: 1 | ||||||
|  |   name: "u2fkey-correctly-migrated" | ||||||
|  |   user_id: 1 | ||||||
|  |   raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841 | ||||||
|  |   counter: 0 | ||||||
|  | - id: 2 | ||||||
|  |   name: "u2fkey-incorrectly-migrated" | ||||||
|  |   user_id: 1 | ||||||
|  |   raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841 | ||||||
|  |   counter: 0 | ||||||
|  | - id: 3 | ||||||
|  |   name: "u2fkey-deleted" | ||||||
|  |   user_id: 1 | ||||||
|  |   raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841 | ||||||
|  |   counter: 0 | ||||||
|  | - id: 4 | ||||||
|  |   name: "u2fkey-wrong-user-id" | ||||||
|  |   user_id: 2 | ||||||
|  |   raw: 0x05040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf240efe2e213b889daf3fc88e3952e8dd6b4cfd82f1a1212e2ab4b19389455ecf3e67f0aeafc91b9c0d413c9d6215a45177c1d5076358aa6ee20e1b30e3d7467cae2308202bd308201a5a00302010202041e8f8734300d06092a864886f70d01010b0500302e312c302a0603550403132359756269636f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030303030305a306e310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e3127302506035504030c1e59756269636f205532462045452053657269616c203531323732323734303059301306072a8648ce3d020106082a8648ce3d03010703420004a879f82338ed1494bac0704bcc7fc663d1b271715976243101c7605115d7c1529e281c1c67322d384b5cd55dd3e9818d5fd85c22af326e0c64fc20afe33f2366a36c306a302206092b0601040182c40a020415312e332e362e312e342e312e34313438322e312e373013060b2b0601040182e51c0201010404030204303021060b2b0601040182e51c010104041204102fc0579f811347eab116bb5a8db9202a300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008693ff62df0d5779d4748d7fc8d10227318a8e580e6a3a57c108e94e03c38568b366894fce5624be4a3efd7f34118b3d993743f792a1989160c8fc9ae0b04e3df9ee15e3e88c04fc82a8dcbf5818e108dcc2968577ae79ff662b94734e3dec4597305d73e6e55ee2beb9cd9678ca0935e533eb638f8e26fabb817cda441fbe9831832ae5f6e2ad992f9ebbdb4c62238b8f8d7ab481d6d3263bcdbf9e4a57550370988ad5813440fa032cadb6723cadd8f8d7ba809f75b43cffa0a5b9add14232ef9d9e14812638233c4ca4a873b9f8ac98e32ba19167606e15909fcddb4a2dffbdae4620249f9a6646ac81e4832d1119febfaa731a882da25a77827d46d190173046022100b579338a44c236d3f214b2e150011a08cf251193ecfae2244edb0a5794e9b301022100fab468862c47d98204d437cf2be8c54a5a4ecd1ebb1c61a6c23da7b9c75f6841 | ||||||
|  |   counter: 0 | ||||||
| @ -0,0 +1,30 @@ | |||||||
|  | - | ||||||
|  |   id: 1 | ||||||
|  |   lower_name: "u2fkey-correctly-migrated" | ||||||
|  |   name: "u2fkey-correctly-migrated" | ||||||
|  |   user_id: 1 | ||||||
|  |   credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" | ||||||
|  |   public_key: 0x040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf2 | ||||||
|  |   attestation_type: 'fido-u2f' | ||||||
|  |   sign_count: 1 | ||||||
|  |   clone_warning: false | ||||||
|  | - | ||||||
|  |   id: 2 | ||||||
|  |   lower_name: "u2fkey-incorrectly-migrated" | ||||||
|  |   name: "u2fkey-incorrectly-migrated" | ||||||
|  |   user_id: 1 | ||||||
|  |   credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8A" | ||||||
|  |   public_key: 0x040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf2 | ||||||
|  |   attestation_type: 'fido-u2f' | ||||||
|  |   sign_count: 1 | ||||||
|  |   clone_warning: false | ||||||
|  | - | ||||||
|  |   id: 4 | ||||||
|  |   lower_name: "u2fkey-wrong-user-id" | ||||||
|  |   name: "u2fkey-wrong-user-id" | ||||||
|  |   user_id: 1 | ||||||
|  |   credential_id: "THIS SHOULD NOT CHAGNGE" | ||||||
|  |   public_key: 0x040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf2 | ||||||
|  |   attestation_type: 'fido-u2f' | ||||||
|  |   sign_count: 1 | ||||||
|  |   clone_warning: false | ||||||
| @ -370,6 +370,8 @@ var migrations = []Migration{ | |||||||
| 	NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred), | 	NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred), | ||||||
| 	// v208 -> v209 | 	// v208 -> v209 | ||||||
| 	NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential), | 	NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential), | ||||||
|  | 	// v209 -> v210 | ||||||
|  | 	NewMigration("Increase WebAuthentication CredentialID size to 410", increaseCredentialIDTo410), | ||||||
| } | } | ||||||
|  |  | ||||||
| // GetCurrentDBVersion returns the current db version | // GetCurrentDBVersion returns the current db version | ||||||
|  | |||||||
| @ -22,7 +22,7 @@ func addWebAuthnCred(x *xorm.Engine) error { | |||||||
| 		Name            string | 		Name            string | ||||||
| 		LowerName       string `xorm:"unique(s)"` | 		LowerName       string `xorm:"unique(s)"` | ||||||
| 		UserID          int64  `xorm:"INDEX unique(s)"` | 		UserID          int64  `xorm:"INDEX unique(s)"` | ||||||
| 		CredentialID    string `xorm:"INDEX"` | 		CredentialID    string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety | ||||||
| 		PublicKey       []byte | 		PublicKey       []byte | ||||||
| 		AttestationType string | 		AttestationType string | ||||||
| 		AAGUID          []byte | 		AAGUID          []byte | ||||||
|  | |||||||
| @ -15,7 +15,7 @@ func useBase32HexForCredIDInWebAuthnCredential(x *xorm.Engine) error { | |||||||
| 	// Create webauthnCredential table | 	// Create webauthnCredential table | ||||||
| 	type webauthnCredential struct { | 	type webauthnCredential struct { | ||||||
| 		ID           int64  `xorm:"pk autoincr"` | 		ID           int64  `xorm:"pk autoincr"` | ||||||
| 		CredentialID string `xorm:"INDEX"` | 		CredentialID string `xorm:"INDEX VARCHAR(410)"` | ||||||
| 	} | 	} | ||||||
| 	if err := x.Sync2(&webauthnCredential{}); err != nil { | 	if err := x.Sync2(&webauthnCredential{}); err != nil { | ||||||
| 		return err | 		return err | ||||||
|  | |||||||
							
								
								
									
										136
									
								
								models/migrations/v209.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										136
									
								
								models/migrations/v209.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,136 @@ | |||||||
|  | // Copyright 2022 The Gitea Authors. All rights reserved. | ||||||
|  | // Use of this source code is governed by a MIT-style | ||||||
|  | // license that can be found in the LICENSE file. | ||||||
|  |  | ||||||
|  | package migrations | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"encoding/base32" | ||||||
|  | 	"fmt" | ||||||
|  | 	"strings" | ||||||
|  |  | ||||||
|  | 	"code.gitea.io/gitea/modules/timeutil" | ||||||
|  |  | ||||||
|  | 	"github.com/tstranex/u2f" | ||||||
|  | 	"xorm.io/xorm" | ||||||
|  | 	"xorm.io/xorm/schemas" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | func increaseCredentialIDTo410(x *xorm.Engine) error { | ||||||
|  | 	// Create webauthnCredential table | ||||||
|  | 	type webauthnCredential struct { | ||||||
|  | 		ID              int64 `xorm:"pk autoincr"` | ||||||
|  | 		Name            string | ||||||
|  | 		LowerName       string `xorm:"unique(s)"` | ||||||
|  | 		UserID          int64  `xorm:"INDEX unique(s)"` | ||||||
|  | 		CredentialID    string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety | ||||||
|  | 		PublicKey       []byte | ||||||
|  | 		AttestationType string | ||||||
|  | 		AAGUID          []byte | ||||||
|  | 		SignCount       uint32 `xorm:"BIGINT"` | ||||||
|  | 		CloneWarning    bool | ||||||
|  | 		CreatedUnix     timeutil.TimeStamp `xorm:"INDEX created"` | ||||||
|  | 		UpdatedUnix     timeutil.TimeStamp `xorm:"INDEX updated"` | ||||||
|  | 	} | ||||||
|  | 	if err := x.Sync2(&webauthnCredential{}); err != nil { | ||||||
|  | 		return err | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	switch x.Dialect().URI().DBType { | ||||||
|  | 	case schemas.MYSQL: | ||||||
|  | 		_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(410)") | ||||||
|  | 		if err != nil { | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  | 	case schemas.ORACLE: | ||||||
|  | 		_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(410)") | ||||||
|  | 		if err != nil { | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  | 	case schemas.MSSQL: | ||||||
|  | 		// This column has an index on it. I could write all of the code to attempt to change the index OR | ||||||
|  | 		// I could just use recreate table. | ||||||
|  | 		sess := x.NewSession() | ||||||
|  | 		if err := sess.Begin(); err != nil { | ||||||
|  | 			_ = sess.Close() | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		if err := recreateTable(sess, new(webauthnCredential)); err != nil { | ||||||
|  | 			_ = sess.Close() | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  | 		if err := sess.Commit(); err != nil { | ||||||
|  | 			_ = sess.Close() | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  | 		if err := sess.Close(); err != nil { | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  | 	case schemas.POSTGRES: | ||||||
|  | 		_, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(410)") | ||||||
|  | 		if err != nil { | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  | 	default: | ||||||
|  | 		// SQLite doesn't support ALTER COLUMN, and it already makes String _TEXT_ by default so no migration needed | ||||||
|  | 		// nor is there any need to re-migrate | ||||||
|  | 		return nil | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// Now migrate the old u2f registrations to the new format | ||||||
|  | 	type u2fRegistration struct { | ||||||
|  | 		ID          int64 `xorm:"pk autoincr"` | ||||||
|  | 		Name        string | ||||||
|  | 		UserID      int64 `xorm:"INDEX"` | ||||||
|  | 		Raw         []byte | ||||||
|  | 		Counter     uint32             `xorm:"BIGINT"` | ||||||
|  | 		CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` | ||||||
|  | 		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	var start int | ||||||
|  | 	regs := make([]*u2fRegistration, 0, 50) | ||||||
|  | 	for { | ||||||
|  | 		err := x.OrderBy("id").Limit(50, start).Find(®s) | ||||||
|  | 		if err != nil { | ||||||
|  | 			return err | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		for _, reg := range regs { | ||||||
|  | 			parsed := new(u2f.Registration) | ||||||
|  | 			err = parsed.UnmarshalBinary(reg.Raw) | ||||||
|  | 			if err != nil { | ||||||
|  | 				continue | ||||||
|  | 			} | ||||||
|  |  | ||||||
|  | 			cred := &webauthnCredential{} | ||||||
|  | 			has, err := x.ID(reg.ID).Where("id = ? AND user_id = ?", reg.ID, reg.UserID).Get(cred) | ||||||
|  | 			if err != nil { | ||||||
|  | 				return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) | ||||||
|  | 			} | ||||||
|  | 			if !has { | ||||||
|  | 				continue | ||||||
|  | 			} | ||||||
|  | 			remigratedCredID := base32.HexEncoding.EncodeToString(parsed.KeyHandle) | ||||||
|  | 			if cred.CredentialID == remigratedCredID || (!strings.HasPrefix(remigratedCredID, cred.CredentialID) && cred.CredentialID != "") { | ||||||
|  | 				continue | ||||||
|  | 			} | ||||||
|  |  | ||||||
|  | 			cred.CredentialID = remigratedCredID | ||||||
|  |  | ||||||
|  | 			_, err = x.ID(cred.ID).Update(cred) | ||||||
|  | 			if err != nil { | ||||||
|  | 				return err | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		if len(regs) < 50 { | ||||||
|  | 			break | ||||||
|  | 		} | ||||||
|  | 		start += 50 | ||||||
|  | 		regs = regs[:0] | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return nil | ||||||
|  | } | ||||||
							
								
								
									
										74
									
								
								models/migrations/v209_test.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										74
									
								
								models/migrations/v209_test.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,74 @@ | |||||||
|  | // Copyright 2021 The Gitea Authors. All rights reserved. | ||||||
|  | // Use of this source code is governed by a MIT-style | ||||||
|  | // license that can be found in the LICENSE file. | ||||||
|  |  | ||||||
|  | package migrations | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"testing" | ||||||
|  |  | ||||||
|  | 	"code.gitea.io/gitea/modules/timeutil" | ||||||
|  | 	"github.com/stretchr/testify/assert" | ||||||
|  | 	"xorm.io/xorm/schemas" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | func Test_increaseCredentialIDTo410(t *testing.T) { | ||||||
|  | 	// Create webauthnCredential table | ||||||
|  | 	type WebauthnCredential struct { | ||||||
|  | 		ID              int64 `xorm:"pk autoincr"` | ||||||
|  | 		Name            string | ||||||
|  | 		LowerName       string `xorm:"unique(s)"` | ||||||
|  | 		UserID          int64  `xorm:"INDEX unique(s)"` | ||||||
|  | 		CredentialID    string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety | ||||||
|  | 		PublicKey       []byte | ||||||
|  | 		AttestationType string | ||||||
|  | 		SignCount       uint32 `xorm:"BIGINT"` | ||||||
|  | 		CloneWarning    bool | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// Now migrate the old u2f registrations to the new format | ||||||
|  | 	type U2fRegistration struct { | ||||||
|  | 		ID          int64 `xorm:"pk autoincr"` | ||||||
|  | 		Name        string | ||||||
|  | 		UserID      int64 `xorm:"INDEX"` | ||||||
|  | 		Raw         []byte | ||||||
|  | 		Counter     uint32             `xorm:"BIGINT"` | ||||||
|  | 		CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` | ||||||
|  | 		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	type ExpectedWebauthnCredential struct { | ||||||
|  | 		ID           int64  `xorm:"pk autoincr"` | ||||||
|  | 		CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// Prepare and load the testing database | ||||||
|  | 	x, deferable := prepareTestEnv(t, 0, new(WebauthnCredential), new(U2fRegistration), new(ExpectedWebauthnCredential)) | ||||||
|  | 	if x == nil || t.Failed() { | ||||||
|  | 		defer deferable() | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  | 	defer deferable() | ||||||
|  |  | ||||||
|  | 	if x.Dialect().URI().DBType == schemas.SQLITE { | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// Run the migration | ||||||
|  | 	if err := increaseCredentialIDTo410(x); err != nil { | ||||||
|  | 		assert.NoError(t, err) | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	expected := []ExpectedWebauthnCredential{} | ||||||
|  | 	if err := x.Table("expected_webauthn_credential").Asc("id").Find(&expected); !assert.NoError(t, err) { | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	got := []ExpectedWebauthnCredential{} | ||||||
|  | 	if err := x.Table("webauthn_credential").Select("id, credential_id").Asc("id").Find(&got); !assert.NoError(t, err) { | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	assert.EqualValues(t, expected, got) | ||||||
|  | } | ||||||
		Reference in New Issue
	
	Block a user
	 zeripath
					zeripath