From 251d258b8f3bcb547c32c4686526c31768920170 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Thu, 18 Apr 2019 21:44:24 -0400 Subject: [PATCH 01/25] hashTokens --- models/fixtures/access_token.yml | 12 +++++++++--- models/token.go | 24 +++++++++++++++--------- models/token_test.go | 9 +++++---- modules/base/tool.go | 8 ++++++++ modules/base/tool_test.go | 7 +++++++ routers/api/v1/user/app.go | 5 +++-- 6 files changed, 47 insertions(+), 18 deletions(-) diff --git a/models/fixtures/access_token.yml b/models/fixtures/access_token.yml index 9572709dd9eb3..b4578ce9fd574 100644 --- a/models/fixtures/access_token.yml +++ b/models/fixtures/access_token.yml @@ -2,7 +2,9 @@ id: 1 uid: 1 name: Token A - sha1: hash1 + token: hashhash11111111 + hashed_token: 63d5eede00e1e8e7f8a60af96ffbce5fd039084ad2dcdee4696d436e4c5382c0 + token_last_eight: 11111111 created_unix: 946687980 updated_unix: 946687980 @@ -10,7 +12,9 @@ id: 2 uid: 1 name: Token B - sha1: hash2 + token: hashhash22222222 + hashed_token: 31eb2a689c5a8ee708c7880da1123fb462915a0e0344c54f46904a6fe597d758 + token_last_eight: 22222222 created_unix: 946687980 updated_unix: 946687980 @@ -18,6 +22,8 @@ id: 3 uid: 2 name: Token A - sha1: hash3 + token: hashhash33333333 + hashed_token: c9786f567ce95c8ab8ad2a24187338b35edb61fba01a02eacb8f70e157d1e385 + token_last_eight: 33333333 created_unix: 946687980 updated_unix: 946687980 diff --git a/models/token.go b/models/token.go index 8393a7cf11458..9dc3460ba06a8 100644 --- a/models/token.go +++ b/models/token.go @@ -15,10 +15,13 @@ import ( // AccessToken represents a personal access token. type AccessToken struct { - ID int64 `xorm:"pk autoincr"` - UID int64 `xorm:"INDEX"` - Name string - Sha1 string `xorm:"UNIQUE VARCHAR(40)"` + ID int64 `xorm:"pk autoincr"` + UID int64 `xorm:"INDEX"` + Name string + Sha1 string `xorm:"-"` + Token string `xorm:"-"` + HashedToken string `xorm:"UNIQUE"` // sha256 of token + TokenLastEight string `xorm:"token_last_eight"` CreatedUnix util.TimeStamp `xorm:"INDEX created"` UpdatedUnix util.TimeStamp `xorm:"INDEX updated"` @@ -34,22 +37,25 @@ func (t *AccessToken) AfterLoad() { // NewAccessToken creates new access token. func NewAccessToken(t *AccessToken) error { - t.Sha1 = base.EncodeSha1(gouuid.NewV4().String()) + t.Token = base.EncodeSha256(gouuid.NewV4().String()) + t.HashedToken = base.EncodeSha256(t.Token) + t.TokenLastEight = t.Token[len(t.Token)-8:] _, err := x.Insert(t) return err } // GetAccessTokenBySHA returns access token by given sha1. -func GetAccessTokenBySHA(sha string) (*AccessToken, error) { - if sha == "" { +func GetAccessTokenBySHA(token string) (*AccessToken, error) { + if token == "" { return nil, ErrAccessTokenEmpty{} } - t := &AccessToken{Sha1: sha} + hashedToken := base.EncodeSha256(token) + t := &AccessToken{HashedToken: hashedToken} has, err := x.Get(t) if err != nil { return nil, err } else if !has { - return nil, ErrAccessTokenNotExist{sha} + return nil, ErrAccessTokenNotExist{token} } return t, nil } diff --git a/models/token_test.go b/models/token_test.go index 540bd40deb7f6..3cf9d754381f2 100644 --- a/models/token_test.go +++ b/models/token_test.go @@ -29,11 +29,12 @@ func TestNewAccessToken(t *testing.T) { func TestGetAccessTokenBySHA(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) - token, err := GetAccessTokenBySHA("hash1") + token, err := GetAccessTokenBySHA("hashhash11111111") assert.NoError(t, err) assert.Equal(t, int64(1), token.UID) assert.Equal(t, "Token A", token.Name) - assert.Equal(t, "hash1", token.Sha1) + assert.Equal(t, "63d5eede00e1e8e7f8a60af96ffbce5fd039084ad2dcdee4696d436e4c5382c0", token.HashedToken) + assert.Equal(t, "11111111", token.TokenLastEight) token, err = GetAccessTokenBySHA("notahash") assert.Error(t, err) @@ -69,7 +70,7 @@ func TestListAccessTokens(t *testing.T) { func TestUpdateAccessToken(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) - token, err := GetAccessTokenBySHA("hash2") + token, err := GetAccessTokenBySHA("hashhash22222222") assert.NoError(t, err) token.Name = "Token Z" @@ -80,7 +81,7 @@ func TestUpdateAccessToken(t *testing.T) { func TestDeleteAccessTokenByID(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) - token, err := GetAccessTokenBySHA("hash2") + token, err := GetAccessTokenBySHA("hashhash22222222") assert.NoError(t, err) assert.Equal(t, int64(1), token.UID) diff --git a/modules/base/tool.go b/modules/base/tool.go index 97fd87e85c402..316f4b421d014 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -8,6 +8,7 @@ import ( "crypto/md5" "crypto/rand" "crypto/sha1" + "crypto/sha256" "encoding/base64" "encoding/hex" "fmt" @@ -50,6 +51,13 @@ func EncodeSha1(str string) string { return hex.EncodeToString(h.Sum(nil)) } +// EncodeSha1 string to sha1 hex value. +func EncodeSha256(str string) string { + h := sha256.New() + h.Write([]byte(str)) + return hex.EncodeToString(h.Sum(nil)) +} + // ShortSha is basically just truncating. // It is DEPRECATED and will be removed in the future. func ShortSha(sha1 string) string { diff --git a/modules/base/tool_test.go b/modules/base/tool_test.go index 04cd682907187..dcaf2fcbb01f3 100644 --- a/modules/base/tool_test.go +++ b/modules/base/tool_test.go @@ -53,6 +53,13 @@ func TestEncodeSha1(t *testing.T) { ) } +func TestEncodeSha256(t *testing.T) { + assert.Equal(t, + "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2", + EncodeSha256("foobar"), + ) +} + func TestShortSha(t *testing.T) { assert.Equal(t, "veryverylo", ShortSha("veryverylong")) } diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index ef53e95d8b797..7e755c4d170d0 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -39,7 +39,8 @@ func ListAccessTokens(ctx *context.APIContext) { apiTokens[i] = &api.AccessToken{ ID: tokens[i].ID, Name: tokens[i].Name, - Sha1: tokens[i].Sha1, + HashedToken: tokens[i].HashedToken, + TokenLastEight: tokens[i].TokenLastEight, } } ctx.JSON(200, &apiTokens) @@ -82,7 +83,7 @@ func CreateAccessToken(ctx *context.APIContext, form api.CreateAccessTokenOption } ctx.JSON(201, &api.AccessToken{ Name: t.Name, - Sha1: t.Sha1, + Token: t.Token, ID: t.ID, }) } From 0ef8631b3acd1e07e326ffb5c8129577e478e19b Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Thu, 18 Apr 2019 21:49:47 -0400 Subject: [PATCH 02/25] add to vendor --- vendor/code.gitea.io/sdk/gitea/user_app.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/vendor/code.gitea.io/sdk/gitea/user_app.go b/vendor/code.gitea.io/sdk/gitea/user_app.go index d3bfce971bad4..976073f7391d6 100644 --- a/vendor/code.gitea.io/sdk/gitea/user_app.go +++ b/vendor/code.gitea.io/sdk/gitea/user_app.go @@ -20,9 +20,11 @@ func BasicAuthEncode(user, pass string) string { // AccessToken represents a API access token. // swagger:response AccessToken type AccessToken struct { - ID int64 `json:"id"` - Name string `json:"name"` - Sha1 string `json:"sha1"` + ID int64 `json:"id"` + Name string `json:"name"` + Sha1 string `json:"sha1"` + HashedToken string `json:"hashed_token"` + TokenLastEight string `json:"token_last_eight"` } // AccessTokenList represents a list of API access token. From 743fdad23f5ba354d72cb222754bdcd2942b72a1 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Thu, 18 Apr 2019 21:52:34 -0400 Subject: [PATCH 03/25] sdk changes --- vendor/code.gitea.io/sdk/gitea/user_app.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/code.gitea.io/sdk/gitea/user_app.go b/vendor/code.gitea.io/sdk/gitea/user_app.go index 976073f7391d6..b8f363d5b4b2a 100644 --- a/vendor/code.gitea.io/sdk/gitea/user_app.go +++ b/vendor/code.gitea.io/sdk/gitea/user_app.go @@ -22,7 +22,7 @@ func BasicAuthEncode(user, pass string) string { type AccessToken struct { ID int64 `json:"id"` Name string `json:"name"` - Sha1 string `json:"sha1"` + Token string `json:"token"` HashedToken string `json:"hashed_token"` TokenLastEight string `json:"token_last_eight"` } From 892afcdbcad055ecbd21f053345da261ac662a8e Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Thu, 18 Apr 2019 21:58:41 -0400 Subject: [PATCH 04/25] make lint --- modules/base/tool.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/base/tool.go b/modules/base/tool.go index 316f4b421d014..43c0ff2181287 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -51,7 +51,7 @@ func EncodeSha1(str string) string { return hex.EncodeToString(h.Sum(nil)) } -// EncodeSha1 string to sha1 hex value. +// EncodeSha256 string to sha1 hex value. func EncodeSha256(str string) string { h := sha256.New() h.Write([]byte(str)) From 6e52eaa512b2ce79a5f1ee02c86c93f2100bd638 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 23 Apr 2019 12:50:40 -0400 Subject: [PATCH 05/25] Update token.go --- models/token.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/token.go b/models/token.go index 9dc3460ba06a8..4855ae74e7553 100644 --- a/models/token.go +++ b/models/token.go @@ -37,7 +37,7 @@ func (t *AccessToken) AfterLoad() { // NewAccessToken creates new access token. func NewAccessToken(t *AccessToken) error { - t.Token = base.EncodeSha256(gouuid.NewV4().String()) + t.Token = gouuid.NewV4().String() t.HashedToken = base.EncodeSha256(t.Token) t.TokenLastEight = t.Token[len(t.Token)-8:] _, err := x.Insert(t) From 563c24f4d37bc16668080ddc4319ff393b8383a5 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 23 Apr 2019 12:58:40 -0400 Subject: [PATCH 06/25] Update token.go --- models/token.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/models/token.go b/models/token.go index 4855ae74e7553..a144b93bec478 100644 --- a/models/token.go +++ b/models/token.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -37,7 +38,7 @@ func (t *AccessToken) AfterLoad() { // NewAccessToken creates new access token. func NewAccessToken(t *AccessToken) error { - t.Token = gouuid.NewV4().String() + t.Token = base.EncodeSha1(gouuid.NewV4().String()) t.HashedToken = base.EncodeSha256(t.Token) t.TokenLastEight = t.Token[len(t.Token)-8:] _, err := x.Insert(t) From 2eac502ced58501c7b2f4021c709c719f271ea15 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 12:59:26 -0400 Subject: [PATCH 07/25] update gomod --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 419a50014b69d..dd69639f4e885 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module code.gitea.io/gitea go 1.12 require ( - code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498 + code.gitea.io/sdk v0.0.0-20190419065346-2858b80da5f7 github.com/BurntSushi/toml v0.3.1 // indirect github.com/PuerkitoBio/goquery v0.0.0-20170324135448-ed7d758e9a34 github.com/RoaringBitmap/roaring v0.4.7 // indirect diff --git a/go.sum b/go.sum index c8dfef153e49a..ef31e5920d03b 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,8 @@ cloud.google.com/go v0.30.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498 h1:rcjwXMYIjYts88akPiyy/GB+imecpf159jojChciEEw= code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498/go.mod h1:5bZt0dRznpn2JysytQnV0yCru3FwDv9O5G91jo+lDAk= +code.gitea.io/sdk v0.0.0-20190419065346-2858b80da5f7 h1:YggbbCVgggcOjKYmcB2wVOsEtJHgHUNFFJZDB6QcYTg= +code.gitea.io/sdk v0.0.0-20190419065346-2858b80da5f7/go.mod h1:5bZt0dRznpn2JysytQnV0yCru3FwDv9O5G91jo+lDAk= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/PuerkitoBio/goquery v0.0.0-20170324135448-ed7d758e9a34 h1:UsHpWO0Elp6NaWVARdZHjiYwkhrspHVEGsyIKPb9OI8= From 11111399d16a41d201ed1f69ccba453a56b2da20 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 13:11:16 -0400 Subject: [PATCH 08/25] make fmt --- routers/api/v1/user/app.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index 7e755c4d170d0..b25f986495fd9 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -37,9 +37,9 @@ func ListAccessTokens(ctx *context.APIContext) { apiTokens := make([]*api.AccessToken, len(tokens)) for i := range tokens { apiTokens[i] = &api.AccessToken{ - ID: tokens[i].ID, - Name: tokens[i].Name, - HashedToken: tokens[i].HashedToken, + ID: tokens[i].ID, + Name: tokens[i].Name, + HashedToken: tokens[i].HashedToken, TokenLastEight: tokens[i].TokenLastEight, } } @@ -82,9 +82,9 @@ func CreateAccessToken(ctx *context.APIContext, form api.CreateAccessTokenOption return } ctx.JSON(201, &api.AccessToken{ - Name: t.Name, + Name: t.Name, Token: t.Token, - ID: t.ID, + ID: t.ID, }) } From 7156e8b511255ff351dd63e6a712fec73017df55 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 16:09:14 -0400 Subject: [PATCH 09/25] salt tokens --- models/migrations/migrations.go | 2 + models/migrations/v85.go | 117 +++++++++++++++++++++++++++ models/token.go | 25 +++--- models/token_test.go | 2 +- routers/api/v1/user/app.go | 2 +- routers/user/setting/applications.go | 2 +- 6 files changed, 138 insertions(+), 12 deletions(-) create mode 100644 models/migrations/v85.go diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index 62c41fb906e27..1d8cf65785cfe 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -223,6 +223,8 @@ var migrations = []Migration{ NewMigration("add uploader id for table attachment", addUploaderIDForAttachment), // v84 -> v85 NewMigration("add table to store original imported gpg keys", addGPGKeyImport), + // v85 -> v86 + NewMigration("hash application token", hashAppToken), } // Migrate database to current version diff --git a/models/migrations/v85.go b/models/migrations/v85.go new file mode 100644 index 0000000000000..6725008b74031 --- /dev/null +++ b/models/migrations/v85.go @@ -0,0 +1,117 @@ +// Copyright 2018 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "fmt" + + "github.com/go-xorm/xorm" + "github.com/go-xorm/core" + + "code.gitea.io/gitea/models" + "code.gitea.io/gitea/modules/generate" + "code.gitea.io/gitea/modules/util" +) + +func hashAppToken(x *xorm.Engine) error { + // AccessToken see models/token.go + type AccessToken struct { + ID int64 `xorm:"pk autoincr"` + UID int64 `xorm:"INDEX"` + Name string + Sha1 string + Token string `xorm:"-"` + TokenHash string `xorm:"UNIQUE"` // sha256 of token + TokenSalt string + TokenLastEight string `xorm:"token_last_eight"` + + CreatedUnix util.TimeStamp `xorm:"INDEX created"` + UpdatedUnix util.TimeStamp `xorm:"INDEX updated"` + HasRecentActivity bool `xorm:"-"` + HasUsed bool `xorm:"-"` + } + + // First remove the index + sess := x.NewSession() + defer sess.Close() + if err := sess.Begin(); err != nil { + return err + } + + var err error + if models.DbCfg.Type == core.POSTGRES || models.DbCfg.Type == core.SQLITE { + _, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1") + } else if models.DbCfg.Type == core.MSSQL { + _, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1 ON access_token") + } else { + _, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token") + } + if err != nil { + return fmt.Errorf("Drop index failed: %v", err) + } + + if err = sess.Commit(); err != nil { + return err + } + + if err := sess.Begin(); err != nil { + return err + } + + if err := x.Sync2(new(AccessToken)); err != nil { + return fmt.Errorf("Sync2: %v", err) + } + + if err = sess.Commit(); err != nil { + return err + } + + if err := sess.Begin(); err != nil { + return err + } + + // transform all tokens to hashes + const batchSize = 100 + for start := 0; ; start += batchSize { + tokens := make([]*AccessToken, 0, batchSize) + if err := sess.Limit(batchSize, start).Find(&tokens); err != nil { + return err + } + if len(tokens) == 0 { + break + } + + for _, token := range tokens { + // generate salt + salt, err := generate.GetRandomString(10) + if err != nil { + return err + } + token.TokenSalt = salt + token.TokenHash = hashToken(token.Sha1, salt) + token.TokenLastEight = token.Sha1[len(token.Sha1)-8:] + token.Sha1 = "" // ensure to blank out column in case drop column doesn't work + + if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil { + return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %v", err) + } + + } + } + + // Commit and begin new transaction for dropping columns + if err := sess.Commit(); err != nil { + return err + } + if err := sess.Begin(); err != nil { + return err + } + + if err := dropTableColumns(sess, "access_token", "sha1"); err != nil { + return err + } + return sess.Commit() + +} diff --git a/models/token.go b/models/token.go index a144b93bec478..06e048ac837d0 100644 --- a/models/token.go +++ b/models/token.go @@ -7,6 +7,7 @@ package models import ( "time" + "crypto/subtle" gouuid "github.com/satori/go.uuid" @@ -19,9 +20,9 @@ type AccessToken struct { ID int64 `xorm:"pk autoincr"` UID int64 `xorm:"INDEX"` Name string - Sha1 string `xorm:"-"` Token string `xorm:"-"` - HashedToken string `xorm:"UNIQUE"` // sha256 of token + TokenHash string `xorm:"UNIQUE"` // sha256 of token + TokenSalt string TokenLastEight string `xorm:"token_last_eight"` CreatedUnix util.TimeStamp `xorm:"INDEX created"` @@ -39,26 +40,32 @@ func (t *AccessToken) AfterLoad() { // NewAccessToken creates new access token. func NewAccessToken(t *AccessToken) error { t.Token = base.EncodeSha1(gouuid.NewV4().String()) - t.HashedToken = base.EncodeSha256(t.Token) + t.TokenHash = base.EncodeSha256(t.Token) t.TokenLastEight = t.Token[len(t.Token)-8:] _, err := x.Insert(t) return err } -// GetAccessTokenBySHA returns access token by given sha1. +// GetAccessTokenBySHA returns access token by given token value func GetAccessTokenBySHA(token string) (*AccessToken, error) { if token == "" { return nil, ErrAccessTokenEmpty{} } - hashedToken := base.EncodeSha256(token) - t := &AccessToken{HashedToken: hashedToken} - has, err := x.Get(t) + var tokens []AccessToken + lastEight := token[len(token)-8:] + err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens) if err != nil { return nil, err - } else if !has { + } else if len(tokens) == 0 { return nil, ErrAccessTokenNotExist{token} } - return t, nil + for _, t := range tokens { + tempHash := hashToken(token, t.TokenSalt) + if subtle.ConstantTimeCompare([]byte(t.TokenHash), []byte(tempHash)) == 1 { + return &t, nil + } + } + return nil, ErrAccessTokenNotExist{token} } // ListAccessTokens returns a list of access tokens belongs to given user. diff --git a/models/token_test.go b/models/token_test.go index 3cf9d754381f2..2a3e72390ee4d 100644 --- a/models/token_test.go +++ b/models/token_test.go @@ -33,7 +33,7 @@ func TestGetAccessTokenBySHA(t *testing.T) { assert.NoError(t, err) assert.Equal(t, int64(1), token.UID) assert.Equal(t, "Token A", token.Name) - assert.Equal(t, "63d5eede00e1e8e7f8a60af96ffbce5fd039084ad2dcdee4696d436e4c5382c0", token.HashedToken) + assert.Equal(t, "63d5eede00e1e8e7f8a60af96ffbce5fd039084ad2dcdee4696d436e4c5382c0", token.TokenHash) assert.Equal(t, "11111111", token.TokenLastEight) token, err = GetAccessTokenBySHA("notahash") diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index b25f986495fd9..9981061631e9a 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -39,7 +39,7 @@ func ListAccessTokens(ctx *context.APIContext) { apiTokens[i] = &api.AccessToken{ ID: tokens[i].ID, Name: tokens[i].Name, - HashedToken: tokens[i].HashedToken, + HashedToken: tokens[i].TokenHash, TokenLastEight: tokens[i].TokenLastEight, } } diff --git a/routers/user/setting/applications.go b/routers/user/setting/applications.go index 90e34d9e1a3ab..d93684bcc0322 100644 --- a/routers/user/setting/applications.go +++ b/routers/user/setting/applications.go @@ -49,7 +49,7 @@ func ApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) { } ctx.Flash.Success(ctx.Tr("settings.generate_token_success")) - ctx.Flash.Info(t.Sha1) + ctx.Flash.Info(t.Token) ctx.Redirect(setting.AppSubURL + "/user/settings/applications") } From ae2ef4767f65d6d864683785107cbc97e638719f Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 16:15:19 -0400 Subject: [PATCH 10/25] make fmt --- models/migrations/v85.go | 2 +- models/token.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/models/migrations/v85.go b/models/migrations/v85.go index 6725008b74031..b2f170c72f673 100644 --- a/models/migrations/v85.go +++ b/models/migrations/v85.go @@ -7,8 +7,8 @@ package migrations import ( "fmt" - "github.com/go-xorm/xorm" "github.com/go-xorm/core" + "github.com/go-xorm/xorm" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/generate" diff --git a/models/token.go b/models/token.go index 06e048ac837d0..047ee90ae6d91 100644 --- a/models/token.go +++ b/models/token.go @@ -6,8 +6,8 @@ package models import ( - "time" "crypto/subtle" + "time" gouuid "github.com/satori/go.uuid" From 6acf155aebf1d802fb0cb22c57a2b8f3e2f5ba41 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 16:23:33 -0400 Subject: [PATCH 11/25] generate swagger --- routers/api/v1/user/app.go | 1 - templates/swagger/v1_json.tmpl | 9 ++++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index 9981061631e9a..d9716f419aaf9 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -39,7 +39,6 @@ func ListAccessTokens(ctx *context.APIContext) { apiTokens[i] = &api.AccessToken{ ID: tokens[i].ID, Name: tokens[i].Name, - HashedToken: tokens[i].TokenHash, TokenLastEight: tokens[i].TokenLastEight, } } diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index b6160fc84dfe9..26952e66c5b2b 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -9460,6 +9460,9 @@ "AccessToken": { "description": "AccessToken represents a API access token.", "headers": { + "hashed_token": { + "type": "string" + }, "id": { "type": "integer", "format": "int64" @@ -9467,7 +9470,10 @@ "name": { "type": "string" }, - "sha1": { + "token": { + "type": "string" + }, + "token_last_eight": { "type": "string" } } @@ -9967,3 +9973,4 @@ } ] } + From a394b34f140c9ab96c5a8e8ce7970d911dcbcc9f Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 16:26:43 -0400 Subject: [PATCH 12/25] empty last line in swagger --- templates/swagger/v1_json.tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 26952e66c5b2b..8c89c06c7a36d 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -9973,4 +9973,3 @@ } ] } - From 883e6e6925f67a1df5592ddedc0623645de93fc1 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 16:32:47 -0400 Subject: [PATCH 13/25] make vendor --- go.sum | 4 ---- vendor/code.gitea.io/sdk/gitea/user_app.go | 3 ++- vendor/modules.txt | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/go.sum b/go.sum index ef31e5920d03b..e3ad157453672 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,4 @@ cloud.google.com/go v0.30.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498 h1:rcjwXMYIjYts88akPiyy/GB+imecpf159jojChciEEw= -code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498/go.mod h1:5bZt0dRznpn2JysytQnV0yCru3FwDv9O5G91jo+lDAk= code.gitea.io/sdk v0.0.0-20190419065346-2858b80da5f7 h1:YggbbCVgggcOjKYmcB2wVOsEtJHgHUNFFJZDB6QcYTg= code.gitea.io/sdk v0.0.0-20190419065346-2858b80da5f7/go.mod h1:5bZt0dRznpn2JysytQnV0yCru3FwDv9O5G91jo+lDAk= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= @@ -359,8 +357,6 @@ gopkg.in/src-d/go-billy.v4 v4.3.0 h1:KtlZ4c1OWbIs4jCv5ZXrTqG8EQocr0g/d4DjNg70aek gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/src-d/go-git-fixtures.v3 v3.1.1 h1:XWW/s5W18RaJpmo1l0IYGqXKuJITWRFuA45iOf1dKJs= gopkg.in/src-d/go-git-fixtures.v3 v3.1.1/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= -gopkg.in/src-d/go-git.v4 v4.8.0 h1:dDEbgvfNG9vUDM54uhCYPExiGa8uYgXpQ/MR8YvxcAM= -gopkg.in/src-d/go-git.v4 v4.8.0/go.mod h1:Vtut8izDyrM8BUVQnzJ+YvmNcem2J89EmfZYCkLokZk= gopkg.in/src-d/go-git.v4 v4.10.0 h1:NWjTJTQnk8UpIGlssuefyDZ6JruEjo5s88vm88uASbw= gopkg.in/src-d/go-git.v4 v4.10.0/go.mod h1:Vtut8izDyrM8BUVQnzJ+YvmNcem2J89EmfZYCkLokZk= gopkg.in/stretchr/testify.v1 v1.2.2 h1:yhQC6Uy5CqibAIlk1wlusa/MJ3iAN49/BsR/dCCKz3M= diff --git a/vendor/code.gitea.io/sdk/gitea/user_app.go b/vendor/code.gitea.io/sdk/gitea/user_app.go index b8f363d5b4b2a..023837f83bfe2 100644 --- a/vendor/code.gitea.io/sdk/gitea/user_app.go +++ b/vendor/code.gitea.io/sdk/gitea/user_app.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -17,7 +18,7 @@ func BasicAuthEncode(user, pass string) string { return base64.StdEncoding.EncodeToString([]byte(user + ":" + pass)) } -// AccessToken represents a API access token. +// AccessToken represents an API access token. // swagger:response AccessToken type AccessToken struct { ID int64 `json:"id"` diff --git a/vendor/modules.txt b/vendor/modules.txt index 08db5c7113b56..a209088f61ed3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498 +# code.gitea.io/sdk v0.0.0-20190419065346-2858b80da5f7 code.gitea.io/sdk/gitea # github.com/BurntSushi/toml v0.3.1 github.com/BurntSushi/toml From bddd6dfd388edfe9a45a7f37e6a38c3b0bf4c3ce Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 16:42:58 -0400 Subject: [PATCH 14/25] typo --- templates/swagger/v1_json.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 8c89c06c7a36d..134b9051b2a9d 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -9458,7 +9458,7 @@ }, "responses": { "AccessToken": { - "description": "AccessToken represents a API access token.", + "description": "AccessToken represents an API access token.", "headers": { "hashed_token": { "type": "string" From 42db74a93842ce99c81c161b8962e4ffa6be6654 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 17:27:18 -0400 Subject: [PATCH 15/25] update error message --- models/error.go | 4 ++-- models/token.go | 10 ++++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/models/error.go b/models/error.go index 6458594a03d19..bc9f93379ec7c 100644 --- a/models/error.go +++ b/models/error.go @@ -507,7 +507,7 @@ func (err ErrDeployKeyNameAlreadyUsed) Error() string { // ErrAccessTokenNotExist represents a "AccessTokenNotExist" kind of error. type ErrAccessTokenNotExist struct { - SHA string + Token string } // IsErrAccessTokenNotExist checks if an error is a ErrAccessTokenNotExist. @@ -517,7 +517,7 @@ func IsErrAccessTokenNotExist(err error) bool { } func (err ErrAccessTokenNotExist) Error() string { - return fmt.Sprintf("access token does not exist [sha: %s]", err.SHA) + return fmt.Sprintf("access token does not exist [sha: %s]", err.Token) } // ErrAccessTokenEmpty represents a "AccessTokenEmpty" kind of error. diff --git a/models/token.go b/models/token.go index 047ee90ae6d91..663815a7c578e 100644 --- a/models/token.go +++ b/models/token.go @@ -12,6 +12,7 @@ import ( gouuid "github.com/satori/go.uuid" "code.gitea.io/gitea/modules/base" + "code.gitea.io/gitea/modules/generate" "code.gitea.io/gitea/modules/util" ) @@ -39,10 +40,15 @@ func (t *AccessToken) AfterLoad() { // NewAccessToken creates new access token. func NewAccessToken(t *AccessToken) error { + salt, err := generate.GetRandomString(10) + if err != nil { + return err + } + t.TokenSalt = salt t.Token = base.EncodeSha1(gouuid.NewV4().String()) - t.TokenHash = base.EncodeSha256(t.Token) + t.TokenHash = hashToken(t.Token, t.TokenSalt) t.TokenLastEight = t.Token[len(t.Token)-8:] - _, err := x.Insert(t) + _, err = x.Insert(t) return err } From 8884d416412b08b5ae32b36e21ba3f19b2fec5f1 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 17:43:00 -0400 Subject: [PATCH 16/25] update tests --- models/fixtures/access_token.yml | 21 ++++++++++++--------- models/token_test.go | 10 +++++----- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/models/fixtures/access_token.yml b/models/fixtures/access_token.yml index b4578ce9fd574..7f8929b4f9016 100644 --- a/models/fixtures/access_token.yml +++ b/models/fixtures/access_token.yml @@ -2,9 +2,10 @@ id: 1 uid: 1 name: Token A - token: hashhash11111111 - hashed_token: 63d5eede00e1e8e7f8a60af96ffbce5fd039084ad2dcdee4696d436e4c5382c0 - token_last_eight: 11111111 + token: d2c6c1ba3890b309189a8e618c72a162e4efbf36 + token_hash: 2b3668e11cb82d3af8c6e4524fc7841297668f5008d1626f0ad3417e9fa39af84c268248b78c481daa7e5dc437784003494f + token_salt: QuSiZr1byZ + token_last_eight: e4efbf36 created_unix: 946687980 updated_unix: 946687980 @@ -12,9 +13,10 @@ id: 2 uid: 1 name: Token B - token: hashhash22222222 - hashed_token: 31eb2a689c5a8ee708c7880da1123fb462915a0e0344c54f46904a6fe597d758 - token_last_eight: 22222222 + token: 4c6f36e6cf498e2a448662f915d932c09c5a146c + token_hash: 1a0e32a231ebbd582dc626c1543a42d3c63d4fa76c07c72862721467c55e8f81c923d60700f0528b5f5f443f055559d3a279 + token_salt: Lfwopukrq5 + token_last_eight: 9c5a146c created_unix: 946687980 updated_unix: 946687980 @@ -22,8 +24,9 @@ id: 3 uid: 2 name: Token A - token: hashhash33333333 - hashed_token: c9786f567ce95c8ab8ad2a24187338b35edb61fba01a02eacb8f70e157d1e385 - token_last_eight: 33333333 + token: 90a18faa671dc43924b795806ffe4fd169d28c91 + token_hash: d6d404048048812d9e911d93aefbe94fc768d4876fdf75e3bef0bdc67828e0af422846d3056f2f25ec35c51dc92075685ec5 + token_salt: 99ArgXKlQQ + token_last_eight: 69d28c91 created_unix: 946687980 updated_unix: 946687980 diff --git a/models/token_test.go b/models/token_test.go index 2a3e72390ee4d..9f2699a16862f 100644 --- a/models/token_test.go +++ b/models/token_test.go @@ -29,12 +29,12 @@ func TestNewAccessToken(t *testing.T) { func TestGetAccessTokenBySHA(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) - token, err := GetAccessTokenBySHA("hashhash11111111") + token, err := GetAccessTokenBySHA("d2c6c1ba3890b309189a8e618c72a162e4efbf36") assert.NoError(t, err) assert.Equal(t, int64(1), token.UID) assert.Equal(t, "Token A", token.Name) - assert.Equal(t, "63d5eede00e1e8e7f8a60af96ffbce5fd039084ad2dcdee4696d436e4c5382c0", token.TokenHash) - assert.Equal(t, "11111111", token.TokenLastEight) + assert.Equal(t, "2b3668e11cb82d3af8c6e4524fc7841297668f5008d1626f0ad3417e9fa39af84c268248b78c481daa7e5dc437784003494f", token.TokenHash) + assert.Equal(t, "e4efbf36", token.TokenLastEight) token, err = GetAccessTokenBySHA("notahash") assert.Error(t, err) @@ -70,7 +70,7 @@ func TestListAccessTokens(t *testing.T) { func TestUpdateAccessToken(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) - token, err := GetAccessTokenBySHA("hashhash22222222") + token, err := GetAccessTokenBySHA("4c6f36e6cf498e2a448662f915d932c09c5a146c") assert.NoError(t, err) token.Name = "Token Z" @@ -81,7 +81,7 @@ func TestUpdateAccessToken(t *testing.T) { func TestDeleteAccessTokenByID(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) - token, err := GetAccessTokenBySHA("hashhash22222222") + token, err := GetAccessTokenBySHA("4c6f36e6cf498e2a448662f915d932c09c5a146c") assert.NoError(t, err) assert.Equal(t, int64(1), token.UID) From 3801b7903eb28b88df66fbe9011f8a5fb539d690 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 17:48:52 -0400 Subject: [PATCH 17/25] fix fixtures --- models/fixtures/access_token.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/models/fixtures/access_token.yml b/models/fixtures/access_token.yml index 7f8929b4f9016..5ff5d66f662ed 100644 --- a/models/fixtures/access_token.yml +++ b/models/fixtures/access_token.yml @@ -2,7 +2,7 @@ id: 1 uid: 1 name: Token A - token: d2c6c1ba3890b309189a8e618c72a162e4efbf36 + #token: d2c6c1ba3890b309189a8e618c72a162e4efbf36 token_hash: 2b3668e11cb82d3af8c6e4524fc7841297668f5008d1626f0ad3417e9fa39af84c268248b78c481daa7e5dc437784003494f token_salt: QuSiZr1byZ token_last_eight: e4efbf36 @@ -13,7 +13,7 @@ id: 2 uid: 1 name: Token B - token: 4c6f36e6cf498e2a448662f915d932c09c5a146c + #token: 4c6f36e6cf498e2a448662f915d932c09c5a146c token_hash: 1a0e32a231ebbd582dc626c1543a42d3c63d4fa76c07c72862721467c55e8f81c923d60700f0528b5f5f443f055559d3a279 token_salt: Lfwopukrq5 token_last_eight: 9c5a146c @@ -24,9 +24,10 @@ id: 3 uid: 2 name: Token A - token: 90a18faa671dc43924b795806ffe4fd169d28c91 + #token: 90a18faa671dc43924b795806ffe4fd169d28c91 token_hash: d6d404048048812d9e911d93aefbe94fc768d4876fdf75e3bef0bdc67828e0af422846d3056f2f25ec35c51dc92075685ec5 token_salt: 99ArgXKlQQ token_last_eight: 69d28c91 created_unix: 946687980 updated_unix: 946687980 +#commented out tokens so you can see what they are in plaintext \ No newline at end of file From 7856fbd5138bda7b8a2afebc19323715bd538694 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 18:28:27 -0400 Subject: [PATCH 18/25] add log to migration --- models/migrations/v85.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/models/migrations/v85.go b/models/migrations/v85.go index b2f170c72f673..c73e1457e1387 100644 --- a/models/migrations/v85.go +++ b/models/migrations/v85.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/generate" + "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/util" ) @@ -91,6 +92,10 @@ func hashAppToken(x *xorm.Engine) error { } token.TokenSalt = salt token.TokenHash = hashToken(token.Sha1, salt) + if len(token.Sha1) < 8 { + log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", t.Sha1, t.Name, t.UID) + continue + } token.TokenLastEight = token.Sha1[len(token.Sha1)-8:] token.Sha1 = "" // ensure to blank out column in case drop column doesn't work From 1c7d93c743d9e99b59c42ca65a9e50399c58d913 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 18:30:22 -0400 Subject: [PATCH 19/25] use appropriate variable name --- models/migrations/v85.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/migrations/v85.go b/models/migrations/v85.go index c73e1457e1387..395e5c4b62d4d 100644 --- a/models/migrations/v85.go +++ b/models/migrations/v85.go @@ -93,7 +93,7 @@ func hashAppToken(x *xorm.Engine) error { token.TokenSalt = salt token.TokenHash = hashToken(token.Sha1, salt) if len(token.Sha1) < 8 { - log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", t.Sha1, t.Name, t.UID) + log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", token.Sha1, token.Name, token.UID) continue } token.TokenLastEight = token.Sha1[len(token.Sha1)-8:] From 04109a1500f59a748ad3c05e501d67798e3bc74c Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 18:39:02 -0400 Subject: [PATCH 20/25] update test --- integrations/api_token_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/integrations/api_token_test.go b/integrations/api_token_test.go index 2520f356b7fa7..5768d3b48e1e6 100644 --- a/integrations/api_token_test.go +++ b/integrations/api_token_test.go @@ -26,10 +26,10 @@ func TestAPICreateAndDeleteToken(t *testing.T) { var newAccessToken api.AccessToken DecodeJSON(t, resp, &newAccessToken) models.AssertExistsAndLoadBean(t, &models.AccessToken{ - ID: newAccessToken.ID, - Name: newAccessToken.Name, - Sha1: newAccessToken.Sha1, - UID: user.ID, + ID: newAccessToken.ID, + Name: newAccessToken.Name, + Token: newAccessToken.Token, + UID: user.ID, }) req = NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", newAccessToken.ID) From 8632e57393eca7c934a7d5e4fa80932239162af2 Mon Sep 17 00:00:00 2001 From: Matti Ranta Date: Tue, 23 Apr 2019 18:49:57 -0400 Subject: [PATCH 21/25] add sliceError protections (slice bounds out of range) --- models/token.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/models/token.go b/models/token.go index 663815a7c578e..fdf81fdf427e0 100644 --- a/models/token.go +++ b/models/token.go @@ -57,6 +57,10 @@ func GetAccessTokenBySHA(token string) (*AccessToken, error) { if token == "" { return nil, ErrAccessTokenEmpty{} } + if len(token) < 8 { + // Unable to fetch token by last 8 characters + return nil, ErrAccessTokenNotExist{token} + } var tokens []AccessToken lastEight := token[len(token)-8:] err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens) From 9002fd66b81cbeded5af6880f0b635e6c6fd227f Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 23 Apr 2019 23:36:51 -0400 Subject: [PATCH 22/25] Update token.go --- models/token.go | 1 - 1 file changed, 1 deletion(-) diff --git a/models/token.go b/models/token.go index fdf81fdf427e0..030bff8e1bb53 100644 --- a/models/token.go +++ b/models/token.go @@ -58,7 +58,6 @@ func GetAccessTokenBySHA(token string) (*AccessToken, error) { return nil, ErrAccessTokenEmpty{} } if len(token) < 8 { - // Unable to fetch token by last 8 characters return nil, ErrAccessTokenNotExist{token} } var tokens []AccessToken From c4285443cca12d1c3b33f4ad9692454723d16285 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 26 Apr 2019 23:32:32 -0400 Subject: [PATCH 23/25] update year --- models/migrations/v85.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/migrations/v85.go b/models/migrations/v85.go index 395e5c4b62d4d..0ec42120e77ef 100644 --- a/models/migrations/v85.go +++ b/models/migrations/v85.go @@ -1,4 +1,4 @@ -// Copyright 2018 The Gitea Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. From a39f7d063e20cce77f2a1f7a4bec58c2ef7f92bf Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sat, 27 Apr 2019 01:21:05 -0400 Subject: [PATCH 24/25] update per changes to v78 --- models/migrations/v85.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/models/migrations/v85.go b/models/migrations/v85.go index 0ec42120e77ef..95a7505f5ba61 100644 --- a/models/migrations/v85.go +++ b/models/migrations/v85.go @@ -46,6 +46,15 @@ func hashAppToken(x *xorm.Engine) error { _, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1") } else if models.DbCfg.Type == core.MSSQL { _, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1 ON access_token") + } else if models.DbCfg.Type == core.MYSQL { + indexes, err := sess.QueryString(`SHOW INDEX FROM access_token WHERE KEY_NAME = 'UQE_access_token_sha1'`) + if err != nil { + return err + } + + if len(indexes) >= 1 { + _, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token") + } } else { _, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token") } From e1b765fcaa5085d5a967e7fde6db98c5ed1b44a8 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 2 May 2019 17:04:36 -0400 Subject: [PATCH 25/25] updpate per v78 migration changes --- models/migrations/v85.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/models/migrations/v85.go b/models/migrations/v85.go index 95a7505f5ba61..28f6ac146db6c 100644 --- a/models/migrations/v85.go +++ b/models/migrations/v85.go @@ -45,7 +45,11 @@ func hashAppToken(x *xorm.Engine) error { if models.DbCfg.Type == core.POSTGRES || models.DbCfg.Type == core.SQLITE { _, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1") } else if models.DbCfg.Type == core.MSSQL { - _, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1 ON access_token") + _, err = sess.Exec(`DECLARE @ConstraintName VARCHAR(256) + DECLARE @SQL NVARCHAR(256) + SELECT @ConstraintName = obj.name FROM sys.columns col LEFT OUTER JOIN sys.objects obj ON obj.object_id = col.default_object_id AND obj.type = 'D' WHERE col.object_id = OBJECT_ID('access_token') AND obj.name IS NOT NULL AND col.name = 'sha1' + SET @SQL = N'ALTER TABLE [access_token] DROP CONSTRAINT [' + @ConstraintName + N']' + EXEC sp_executesql @SQL`) } else if models.DbCfg.Type == core.MYSQL { indexes, err := sess.QueryString(`SHOW INDEX FROM access_token WHERE KEY_NAME = 'UQE_access_token_sha1'`) if err != nil {