a54fb1b23a
This change ensures there is better messaging around the encrypted token migration, including a new phase to use for new installations, and fixes an issue encountered when running database migrations for new installations
84 lines
3.4 KiB
Python
84 lines
3.4 KiB
Python
"""Remove unencrypted fields and data
|
|
|
|
Revision ID: c059b952ed76
|
|
Revises: 703298a825c2
|
|
Create Date: 2019-08-19 16:31:00.952773
|
|
|
|
"""
|
|
|
|
# revision identifiers, used by Alembic.
|
|
revision = 'c059b952ed76'
|
|
down_revision = '703298a825c2'
|
|
|
|
import uuid
|
|
|
|
from alembic import op as original_op
|
|
from data.migrations.progress import ProgressWrapper
|
|
import sqlalchemy as sa
|
|
|
|
from data.database import FederatedLogin, User, RobotAccountToken
|
|
|
|
|
|
def upgrade(tables, tester, progress_reporter):
|
|
op = ProgressWrapper(original_op, progress_reporter)
|
|
# ### commands auto generated by Alembic - please adjust! ###
|
|
op.drop_index('oauthaccesstoken_refresh_token', table_name='oauthaccesstoken')
|
|
op.drop_column(u'oauthaccesstoken', 'refresh_token')
|
|
|
|
op.drop_column('accesstoken', 'code')
|
|
|
|
op.drop_column('appspecificauthtoken', 'token_code')
|
|
|
|
op.drop_column('oauthaccesstoken', 'access_token')
|
|
op.drop_column('oauthapplication', 'client_secret')
|
|
|
|
op.drop_column('oauthauthorizationcode', 'code')
|
|
|
|
op.drop_column('repositorybuildtrigger', 'private_key')
|
|
op.drop_column('repositorybuildtrigger', 'auth_token')
|
|
# ### end Alembic commands ###
|
|
|
|
# Overwrite all plaintext robot credentials.
|
|
from app import app
|
|
if app.config.get('SETUP_COMPLETE', False) or tester.is_testing:
|
|
while True:
|
|
try:
|
|
robot_account_token = RobotAccountToken.get(fully_migrated=False)
|
|
robot_account = robot_account_token.robot_account
|
|
|
|
robot_account.email = str(uuid.uuid4())
|
|
robot_account.save()
|
|
|
|
federated_login = FederatedLogin.get(user=robot_account)
|
|
federated_login.service_ident = 'robot:%s' % robot_account.id
|
|
federated_login.save()
|
|
|
|
robot_account_token.fully_migrated = True
|
|
robot_account_token.save()
|
|
except RobotAccountToken.DoesNotExist:
|
|
break
|
|
|
|
|
|
def downgrade(tables, tester, progress_reporter):
|
|
op = ProgressWrapper(original_op, progress_reporter)
|
|
# ### commands auto generated by Alembic - please adjust! ###
|
|
op.add_column(u'oauthaccesstoken', sa.Column('refresh_token', sa.String(length=255), nullable=True))
|
|
op.create_index('oauthaccesstoken_refresh_token', 'oauthaccesstoken', ['refresh_token'], unique=False)
|
|
|
|
op.add_column('repositorybuildtrigger', sa.Column('auth_token', sa.String(length=255), nullable=True))
|
|
op.add_column('repositorybuildtrigger', sa.Column('private_key', sa.Text(), nullable=True))
|
|
|
|
op.add_column('oauthauthorizationcode', sa.Column('code', sa.String(length=255), nullable=True))
|
|
op.create_index('oauthauthorizationcode_code', 'oauthauthorizationcode', ['code'], unique=True)
|
|
|
|
op.add_column('oauthapplication', sa.Column('client_secret', sa.String(length=255), nullable=True))
|
|
op.add_column('oauthaccesstoken', sa.Column('access_token', sa.String(length=255), nullable=True))
|
|
|
|
op.create_index('oauthaccesstoken_access_token', 'oauthaccesstoken', ['access_token'], unique=False)
|
|
|
|
op.add_column('appspecificauthtoken', sa.Column('token_code', sa.String(length=255), nullable=True))
|
|
op.create_index('appspecificauthtoken_token_code', 'appspecificauthtoken', ['token_code'], unique=True)
|
|
|
|
op.add_column('accesstoken', sa.Column('code', sa.String(length=255), nullable=True))
|
|
op.create_index('accesstoken_code', 'accesstoken', ['code'], unique=True)
|
|
# ### end Alembic commands ###
|