From 8c142c346a4f3402ec252cae354c8163c141ede0 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Mon, 14 Feb 2022 23:22:34 +0000 Subject: [PATCH 01/14] Attempt to fix the webauthn migration again - part 3 MariaDB now asserts that 408 characters is too long for a VARCHAR(410) I have no words. See #18756 Signed-off-by: Andrew Thornton --- models/auth/webauthn.go | 2 +- .../expected_webauthn_credential.yml | 0 .../u2f_registration.yml | 0 .../webauthn_credential.yml | 0 models/migrations/migrations.go | 4 +- models/migrations/v207.go | 2 +- models/migrations/v208.go | 2 +- models/migrations/v209.go | 133 +--------------- models/migrations/v210.go | 144 ++++++++++++++++++ .../migrations/{v209_test.go => v210_test.go} | 8 +- 10 files changed, 157 insertions(+), 138 deletions(-) rename models/migrations/fixtures/{Test_increaseCredentialIDTo410 => Test_increaseCredentialIDTo500}/expected_webauthn_credential.yml (100%) rename models/migrations/fixtures/{Test_increaseCredentialIDTo410 => Test_increaseCredentialIDTo500}/u2f_registration.yml (100%) rename models/migrations/fixtures/{Test_increaseCredentialIDTo410 => Test_increaseCredentialIDTo500}/webauthn_credential.yml (100%) create mode 100644 models/migrations/v210.go rename models/migrations/{v209_test.go => v210_test.go} (89%) diff --git a/models/auth/webauthn.go b/models/auth/webauthn.go index e6c446af94240..c009fb1561960 100644 --- a/models/auth/webauthn.go +++ b/models/auth/webauthn.go @@ -43,7 +43,7 @@ type WebAuthnCredential struct { Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX"` + CredentialID string `xorm:"INDEX VARCHAR(500)"` PublicKey []byte AttestationType string AAGUID []byte diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo410/expected_webauthn_credential.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo410/expected_webauthn_credential.yml rename to models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo410/u2f_registration.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo500/u2f_registration.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo410/u2f_registration.yml rename to models/migrations/fixtures/Test_increaseCredentialIDTo500/u2f_registration.yml diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo410/webauthn_credential.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo410/webauthn_credential.yml rename to models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index bf0008f8790d4..822a5a7392fef 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -371,7 +371,9 @@ var migrations = []Migration{ // v208 -> v209 NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential), // v209 -> v210 - NewMigration("Increase WebAuthentication CredentialID size to 410", increaseCredentialIDTo410), + NewMigration("Increase WebAuthentication CredentialID size to 410 - NOOPED", increaseCredentialIDTo410), + // v210 -> v211 + NewMigration("Increase WebAuthentication CredentialID size to 500", increaseCredentialIDTo500), } // GetCurrentDBVersion returns the current db version diff --git a/models/migrations/v207.go b/models/migrations/v207.go index dca2902cd89cf..1343124a2319b 100644 --- a/models/migrations/v207.go +++ b/models/migrations/v207.go @@ -22,7 +22,7 @@ func addWebAuthnCred(x *xorm.Engine) error { Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety PublicKey []byte AttestationType string AAGUID []byte diff --git a/models/migrations/v208.go b/models/migrations/v208.go index 724b174187aa5..b857d1eb7980a 100644 --- a/models/migrations/v208.go +++ b/models/migrations/v208.go @@ -15,7 +15,7 @@ func useBase32HexForCredIDInWebAuthnCredential(x *xorm.Engine) error { // Create webauthnCredential table type webauthnCredential struct { ID int64 `xorm:"pk autoincr"` - CredentialID string `xorm:"INDEX VARCHAR(410)"` + CredentialID string `xorm:"INDEX VARCHAR(500)"` } if err := x.Sync2(&webauthnCredential{}); err != nil { return err diff --git a/models/migrations/v209.go b/models/migrations/v209.go index b4295d62faa06..942143bda61c8 100644 --- a/models/migrations/v209.go +++ b/models/migrations/v209.go @@ -5,140 +5,13 @@ package migrations import ( - "encoding/base32" - "fmt" - "strings" - - "code.gitea.io/gitea/modules/timeutil" - - "github.com/tstranex/u2f" "xorm.io/xorm" - "xorm.io/xorm/schemas" ) func increaseCredentialIDTo410(x *xorm.Engine) error { - // Create webauthnCredential table - type webauthnCredential struct { - ID int64 `xorm:"pk autoincr"` - Name string - LowerName string `xorm:"unique(s)"` - UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety - PublicKey []byte - AttestationType string - AAGUID []byte - SignCount uint32 `xorm:"BIGINT"` - CloneWarning bool - CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` - UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` - } - if err := x.Sync2(&webauthnCredential{}); err != nil { - return err - } - - switch x.Dialect().URI().DBType { - case schemas.MYSQL: - _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(410)") - if err != nil { - return err - } - case schemas.ORACLE: - _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(410)") - if err != nil { - return err - } - case schemas.MSSQL: - // This column has an index on it. I could write all of the code to attempt to change the index OR - // I could just use recreate table. - sess := x.NewSession() - if err := sess.Begin(); err != nil { - _ = sess.Close() - return err - } - - if err := recreateTable(sess, new(webauthnCredential)); err != nil { - _ = sess.Close() - return err - } - if err := sess.Commit(); err != nil { - _ = sess.Close() - return err - } - if err := sess.Close(); err != nil { - return err - } - case schemas.POSTGRES: - _, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(410)") - if err != nil { - return err - } - default: - // SQLite doesn't support ALTER COLUMN, and it already makes String _TEXT_ by default so no migration needed - // nor is there any need to re-migrate - return nil - } - - exist, err := x.IsTableExist("u2f_registration") - if err != nil { - return err - } - if !exist { - return nil - } - - // Now migrate the old u2f registrations to the new format - type u2fRegistration struct { - ID int64 `xorm:"pk autoincr"` - Name string - UserID int64 `xorm:"INDEX"` - Raw []byte - Counter uint32 `xorm:"BIGINT"` - CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` - UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` - } - - var start int - regs := make([]*u2fRegistration, 0, 50) - for { - err := x.OrderBy("id").Limit(50, start).Find(®s) - if err != nil { - return err - } - - for _, reg := range regs { - parsed := new(u2f.Registration) - err = parsed.UnmarshalBinary(reg.Raw) - if err != nil { - continue - } - - cred := &webauthnCredential{} - has, err := x.ID(reg.ID).Where("id = ? AND user_id = ?", reg.ID, reg.UserID).Get(cred) - if err != nil { - return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) - } - if !has { - continue - } - remigratedCredID := base32.HexEncoding.EncodeToString(parsed.KeyHandle) - if cred.CredentialID == remigratedCredID || (!strings.HasPrefix(remigratedCredID, cred.CredentialID) && cred.CredentialID != "") { - continue - } - - cred.CredentialID = remigratedCredID - - _, err = x.ID(cred.ID).Update(cred) - if err != nil { - return err - } - } - - if len(regs) < 50 { - break - } - start += 50 - regs = regs[:0] - } + // no-op + // MariaDB asserts that 408 characters is too long for a VARCHAR(410) so this migration is clearly wrong. + // So now we have to no-op again. return nil } diff --git a/models/migrations/v210.go b/models/migrations/v210.go new file mode 100644 index 0000000000000..c7c42944ccf11 --- /dev/null +++ b/models/migrations/v210.go @@ -0,0 +1,144 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "encoding/base32" + "fmt" + "strings" + + "code.gitea.io/gitea/modules/timeutil" + "github.com/tstranex/u2f" + + "xorm.io/xorm" + "xorm.io/xorm/schemas" +) + +// MariaDB asserts that 408 is too long for a VARCHAR(410) so now we need 500 +func increaseCredentialIDTo500(x *xorm.Engine) error { + // Create webauthnCredential table + type webauthnCredential struct { + ID int64 `xorm:"pk autoincr"` + Name string + LowerName string `xorm:"unique(s)"` + UserID int64 `xorm:"INDEX unique(s)"` + CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + PublicKey []byte + AttestationType string + AAGUID []byte + SignCount uint32 `xorm:"BIGINT"` + CloneWarning bool + CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` + UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` + } + if err := x.Sync2(&webauthnCredential{}); err != nil { + return err + } + + switch x.Dialect().URI().DBType { + case schemas.MYSQL: + _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(500)") + if err != nil { + return err + } + case schemas.ORACLE: + _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(500)") + if err != nil { + return err + } + case schemas.MSSQL: + // This column has an index on it. I could write all of the code to attempt to change the index OR + // I could just use recreate table. + sess := x.NewSession() + if err := sess.Begin(); err != nil { + _ = sess.Close() + return err + } + + if err := recreateTable(sess, new(webauthnCredential)); err != nil { + _ = sess.Close() + return err + } + if err := sess.Commit(); err != nil { + _ = sess.Close() + return err + } + if err := sess.Close(); err != nil { + return err + } + case schemas.POSTGRES: + _, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(500)") + if err != nil { + return err + } + default: + // SQLite doesn't support ALTER COLUMN, and it already makes String _TEXT_ by default so no migration needed + // nor is there any need to re-migrate + } + + exist, err := x.IsTableExist("u2f_registration") + if err != nil { + return err + } + if !exist { + return nil + } + + // Now migrate the old u2f registrations to the new format + type u2fRegistration struct { + ID int64 `xorm:"pk autoincr"` + Name string + UserID int64 `xorm:"INDEX"` + Raw []byte + Counter uint32 `xorm:"BIGINT"` + CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` + UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` + } + + var start int + regs := make([]*u2fRegistration, 0, 50) + for { + err := x.OrderBy("id").Limit(50, start).Find(®s) + if err != nil { + return err + } + + for _, reg := range regs { + parsed := new(u2f.Registration) + err = parsed.UnmarshalBinary(reg.Raw) + if err != nil { + continue + } + + cred := &webauthnCredential{} + has, err := x.ID(reg.ID).Where("id = ? AND user_id = ?", reg.ID, reg.UserID).Get(cred) + if err != nil { + return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) + } + if !has { + continue + } + remigratedCredID := base32.HexEncoding.EncodeToString(parsed.KeyHandle) + if cred.CredentialID == remigratedCredID || (!strings.HasPrefix(remigratedCredID, cred.CredentialID) && cred.CredentialID != "") { + continue + } + + cred.CredentialID = remigratedCredID + + _, err = x.ID(cred.ID).Update(cred) + if err != nil { + return err + } + } + + if len(regs) < 50 { + break + } + start += 50 + regs = regs[:0] + } + + return nil +} diff --git a/models/migrations/v209_test.go b/models/migrations/v210_test.go similarity index 89% rename from models/migrations/v209_test.go rename to models/migrations/v210_test.go index a929f95adc9c1..09c9116e04086 100644 --- a/models/migrations/v209_test.go +++ b/models/migrations/v210_test.go @@ -12,14 +12,14 @@ import ( "xorm.io/xorm/schemas" ) -func Test_increaseCredentialIDTo410(t *testing.T) { +func Test_increaseCredentialIDTo500(t *testing.T) { // Create webauthnCredential table type WebauthnCredential struct { ID int64 `xorm:"pk autoincr"` Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety PublicKey []byte AttestationType string SignCount uint32 `xorm:"BIGINT"` @@ -39,7 +39,7 @@ func Test_increaseCredentialIDTo410(t *testing.T) { type ExpectedWebauthnCredential struct { ID int64 `xorm:"pk autoincr"` - CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety } // Prepare and load the testing database @@ -55,7 +55,7 @@ func Test_increaseCredentialIDTo410(t *testing.T) { } // Run the migration - if err := increaseCredentialIDTo410(x); err != nil { + if err := increaseCredentialIDTo500(x); err != nil { assert.NoError(t, err) return } From 12eb078900d4790679d25a1807d019760a557273 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Tue, 15 Feb 2022 00:26:13 +0000 Subject: [PATCH 02/14] 208 is totally broken Signed-off-by: Andrew Thornton --- models/migrations/v208.go | 38 +------------------------------------- models/migrations/v210.go | 21 ++++++++++++++------- 2 files changed, 15 insertions(+), 44 deletions(-) diff --git a/models/migrations/v208.go b/models/migrations/v208.go index b857d1eb7980a..28754061214fd 100644 --- a/models/migrations/v208.go +++ b/models/migrations/v208.go @@ -5,46 +5,10 @@ package migrations import ( - "encoding/base32" - "encoding/base64" - "xorm.io/xorm" ) func useBase32HexForCredIDInWebAuthnCredential(x *xorm.Engine) error { - // Create webauthnCredential table - type webauthnCredential struct { - ID int64 `xorm:"pk autoincr"` - CredentialID string `xorm:"INDEX VARCHAR(500)"` - } - if err := x.Sync2(&webauthnCredential{}); err != nil { - return err - } - - var start int - regs := make([]*webauthnCredential, 0, 50) - for { - err := x.OrderBy("id").Limit(50, start).Find(®s) - if err != nil { - return err - } - - for _, reg := range regs { - credID, _ := base64.RawStdEncoding.DecodeString(reg.CredentialID) - reg.CredentialID = base32.HexEncoding.EncodeToString(credID) - - _, err := x.Update(reg) - if err != nil { - return err - } - } - - if len(regs) < 50 { - break - } - start += 50 - regs = regs[:0] - } - + // noop return nil } diff --git a/models/migrations/v210.go b/models/migrations/v210.go index c7c42944ccf11..683b195e1e020 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -5,6 +5,7 @@ package migrations import ( + "crypto/elliptic" "encoding/base32" "fmt" "strings" @@ -113,21 +114,27 @@ func increaseCredentialIDTo500(x *xorm.Engine) error { } cred := &webauthnCredential{} - has, err := x.ID(reg.ID).Where("id = ? AND user_id = ?", reg.ID, reg.UserID).Get(cred) + has, err := x.ID(reg.ID).Where("id = ?", reg.ID).Get(cred) if err != nil { return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) } if !has { continue } - remigratedCredID := base32.HexEncoding.EncodeToString(parsed.KeyHandle) - if cred.CredentialID == remigratedCredID || (!strings.HasPrefix(remigratedCredID, cred.CredentialID) && cred.CredentialID != "") { - continue - } - cred.CredentialID = remigratedCredID + c := &webauthnCredential{ + ID: reg.ID, + Name: reg.Name, + LowerName: strings.ToLower(reg.Name), + UserID: reg.UserID, + CredentialID: base32.HexEncoding.EncodeToString(parsed.KeyHandle), + PublicKey: elliptic.Marshal(elliptic.P256(), parsed.PubKey.X, parsed.PubKey.Y), + AttestationType: "fido-u2f", + AAGUID: []byte{}, + SignCount: reg.Counter, + } - _, err = x.ID(cred.ID).Update(cred) + _, err = x.ID(c.ID).Update(c) if err != nil { return err } From ff8113bb98191beb27aa18144da5a582b75eaa9d Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 15 Feb 2022 00:58:15 +0000 Subject: [PATCH 03/14] Update expected_webauthn_credential.yml --- .../expected_webauthn_credential.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml index 36b011a9d3da5..6a60e0df07c83 100644 --- a/models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml +++ b/models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml @@ -6,4 +6,4 @@ credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" - id: 4 - credential_id: "THIS SHOULD NOT CHAGNGE" + credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" From a7e04c76a9efb0687963c5899f62ecebefd6272a Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 15 Feb 2022 00:58:41 +0000 Subject: [PATCH 04/14] Update webauthn_credential.yml --- .../Test_increaseCredentialIDTo500/webauthn_credential.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml index 0adf1bc8e2aa2..7f9f10f89a631 100644 --- a/models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml +++ b/models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml @@ -23,7 +23,7 @@ lower_name: "u2fkey-wrong-user-id" name: "u2fkey-wrong-user-id" user_id: 1 - credential_id: "THIS SHOULD NOT CHAGNGE" + credential_id: "THIS SHOULD CHANGE" public_key: 0x040d0967a2cad045011631187576492a0beb5b377954b4f694c5afc8bdf25270f87f09a9ab6ce9c282f447ba71b2f2bae2105b32b847e0704f310f48644e3eddf2 attestation_type: 'fido-u2f' sign_count: 1 From 0b2e6a3ec616998a8cf481d8205763dc8f24ec90 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 15 Feb 2022 00:59:32 +0000 Subject: [PATCH 05/14] Update models/migrations/v209.go --- models/migrations/v209.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/migrations/v209.go b/models/migrations/v209.go index 942143bda61c8..710684ef508dc 100644 --- a/models/migrations/v209.go +++ b/models/migrations/v209.go @@ -10,7 +10,7 @@ import ( func increaseCredentialIDTo410(x *xorm.Engine) error { // no-op - // MariaDB asserts that 408 characters is too long for a VARCHAR(410) so this migration is clearly wrong. + // v208 was completely wrong // So now we have to no-op again. return nil From 0d465f69417a5fccbc1ecc06ad40ca9c4e17506e Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Tue, 15 Feb 2022 10:22:08 +0000 Subject: [PATCH 06/14] Restructure - back to 410 but always reinsert Signed-off-by: Andrew Thornton --- models/auth/webauthn.go | 2 +- .../expected_webauthn_credential.yml | 0 .../u2f_registration.yml | 0 .../webauthn_credential.yml | 0 models/migrations/v207.go | 2 +- models/migrations/v210.go | 36 ++++++++++--------- models/migrations/v210_test.go | 6 ++-- 7 files changed, 25 insertions(+), 21 deletions(-) rename models/migrations/fixtures/{Test_increaseCredentialIDTo500 => Test_increaseCredentialIDTo410}/expected_webauthn_credential.yml (100%) rename models/migrations/fixtures/{Test_increaseCredentialIDTo500 => Test_increaseCredentialIDTo410}/u2f_registration.yml (100%) rename models/migrations/fixtures/{Test_increaseCredentialIDTo500 => Test_increaseCredentialIDTo410}/webauthn_credential.yml (100%) diff --git a/models/auth/webauthn.go b/models/auth/webauthn.go index c009fb1561960..2dc3043780101 100644 --- a/models/auth/webauthn.go +++ b/models/auth/webauthn.go @@ -43,7 +43,7 @@ type WebAuthnCredential struct { Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(500)"` + CredentialID string `xorm:"INDEX VARCHAR(410)"` PublicKey []byte AttestationType string AAGUID []byte diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo410/expected_webauthn_credential.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo500/expected_webauthn_credential.yml rename to models/migrations/fixtures/Test_increaseCredentialIDTo410/expected_webauthn_credential.yml diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo500/u2f_registration.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo410/u2f_registration.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo500/u2f_registration.yml rename to models/migrations/fixtures/Test_increaseCredentialIDTo410/u2f_registration.yml diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml b/models/migrations/fixtures/Test_increaseCredentialIDTo410/webauthn_credential.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo500/webauthn_credential.yml rename to models/migrations/fixtures/Test_increaseCredentialIDTo410/webauthn_credential.yml diff --git a/models/migrations/v207.go b/models/migrations/v207.go index 1343124a2319b..dca2902cd89cf 100644 --- a/models/migrations/v207.go +++ b/models/migrations/v207.go @@ -22,7 +22,7 @@ func addWebAuthnCred(x *xorm.Engine) error { Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety PublicKey []byte AttestationType string AAGUID []byte diff --git a/models/migrations/v210.go b/models/migrations/v210.go index 683b195e1e020..487d3ecaee0ef 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -25,7 +25,7 @@ func increaseCredentialIDTo500(x *xorm.Engine) error { Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety PublicKey []byte AttestationType string AAGUID []byte @@ -40,12 +40,12 @@ func increaseCredentialIDTo500(x *xorm.Engine) error { switch x.Dialect().URI().DBType { case schemas.MYSQL: - _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(500)") + _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(410)") if err != nil { return err } case schemas.ORACLE: - _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(500)") + _, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(410)") if err != nil { return err } @@ -70,7 +70,7 @@ func increaseCredentialIDTo500(x *xorm.Engine) error { return err } case schemas.POSTGRES: - _, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(500)") + _, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(410)") if err != nil { return err } @@ -112,17 +112,7 @@ func increaseCredentialIDTo500(x *xorm.Engine) error { if err != nil { continue } - - cred := &webauthnCredential{} - has, err := x.ID(reg.ID).Where("id = ?", reg.ID).Get(cred) - if err != nil { - return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) - } - if !has { - continue - } - - c := &webauthnCredential{ + remigrated := &webauthnCredential{ ID: reg.ID, Name: reg.Name, LowerName: strings.ToLower(reg.Name), @@ -132,9 +122,23 @@ func increaseCredentialIDTo500(x *xorm.Engine) error { AttestationType: "fido-u2f", AAGUID: []byte{}, SignCount: reg.Counter, + UpdatedUnix: reg.UpdatedUnix, + CreatedUnix: reg.CreatedUnix, + } + + has, err := x.ID(reg.ID).Where("id = ?", reg.ID).Get(new(webauthnCredential)) + if err != nil { + return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) + } + if has { + _, err = x.ID(remigrated.ID).AllCols().Insert(remigrated) + if err != nil { + return err + } + continue } - _, err = x.ID(c.ID).Update(c) + _, err = x.ID(remigrated.ID).AllCols().Update(remigrated) if err != nil { return err } diff --git a/models/migrations/v210_test.go b/models/migrations/v210_test.go index 09c9116e04086..d5c9f5851492e 100644 --- a/models/migrations/v210_test.go +++ b/models/migrations/v210_test.go @@ -12,14 +12,14 @@ import ( "xorm.io/xorm/schemas" ) -func Test_increaseCredentialIDTo500(t *testing.T) { +func Test_increaseCredentialIDTo410(t *testing.T) { // Create webauthnCredential table type WebauthnCredential struct { ID int64 `xorm:"pk autoincr"` Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety PublicKey []byte AttestationType string SignCount uint32 `xorm:"BIGINT"` @@ -39,7 +39,7 @@ func Test_increaseCredentialIDTo500(t *testing.T) { type ExpectedWebauthnCredential struct { ID int64 `xorm:"pk autoincr"` - CredentialID string `xorm:"INDEX VARCHAR(500)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety + CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety } // Prepare and load the testing database From f9707624273935a11e7cc77f1e753ebbb22acba9 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Tue, 15 Feb 2022 10:27:08 +0000 Subject: [PATCH 07/14] renames Signed-off-by: Andrew Thornton --- .../expected_webauthn_credential.yml | 0 .../u2f_registration.yml | 0 .../webauthn_credential.yml | 0 models/migrations/migrations.go | 4 ++-- models/migrations/v210.go | 4 ++-- models/migrations/v210_test.go | 4 ++-- 6 files changed, 6 insertions(+), 6 deletions(-) rename models/migrations/fixtures/{Test_increaseCredentialIDTo410 => Test_remigrateU2FCredentials}/expected_webauthn_credential.yml (100%) rename models/migrations/fixtures/{Test_increaseCredentialIDTo410 => Test_remigrateU2FCredentials}/u2f_registration.yml (100%) rename models/migrations/fixtures/{Test_increaseCredentialIDTo410 => Test_remigrateU2FCredentials}/webauthn_credential.yml (100%) diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo410/expected_webauthn_credential.yml b/models/migrations/fixtures/Test_remigrateU2FCredentials/expected_webauthn_credential.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo410/expected_webauthn_credential.yml rename to models/migrations/fixtures/Test_remigrateU2FCredentials/expected_webauthn_credential.yml diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo410/u2f_registration.yml b/models/migrations/fixtures/Test_remigrateU2FCredentials/u2f_registration.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo410/u2f_registration.yml rename to models/migrations/fixtures/Test_remigrateU2FCredentials/u2f_registration.yml diff --git a/models/migrations/fixtures/Test_increaseCredentialIDTo410/webauthn_credential.yml b/models/migrations/fixtures/Test_remigrateU2FCredentials/webauthn_credential.yml similarity index 100% rename from models/migrations/fixtures/Test_increaseCredentialIDTo410/webauthn_credential.yml rename to models/migrations/fixtures/Test_remigrateU2FCredentials/webauthn_credential.yml diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index 822a5a7392fef..22d06eac27f71 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -369,11 +369,11 @@ var migrations = []Migration{ // v207 -> v208 NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred), // v208 -> v209 - NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential), + NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive - NOOPED", useBase32HexForCredIDInWebAuthnCredential), // v209 -> v210 NewMigration("Increase WebAuthentication CredentialID size to 410 - NOOPED", increaseCredentialIDTo410), // v210 -> v211 - NewMigration("Increase WebAuthentication CredentialID size to 500", increaseCredentialIDTo500), + NewMigration("v208 was completely broken - remigrate", remigrateU2FCredentials), } // GetCurrentDBVersion returns the current db version diff --git a/models/migrations/v210.go b/models/migrations/v210.go index 487d3ecaee0ef..55db5cb9ed568 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -17,8 +17,8 @@ import ( "xorm.io/xorm/schemas" ) -// MariaDB asserts that 408 is too long for a VARCHAR(410) so now we need 500 -func increaseCredentialIDTo500(x *xorm.Engine) error { +// v208 migration was completely broken +func remigrateU2FCredentials(x *xorm.Engine) error { // Create webauthnCredential table type webauthnCredential struct { ID int64 `xorm:"pk autoincr"` diff --git a/models/migrations/v210_test.go b/models/migrations/v210_test.go index d5c9f5851492e..3e10b3ce80a25 100644 --- a/models/migrations/v210_test.go +++ b/models/migrations/v210_test.go @@ -12,7 +12,7 @@ import ( "xorm.io/xorm/schemas" ) -func Test_increaseCredentialIDTo410(t *testing.T) { +func Test_remigrateU2FCredentials(t *testing.T) { // Create webauthnCredential table type WebauthnCredential struct { ID int64 `xorm:"pk autoincr"` @@ -55,7 +55,7 @@ func Test_increaseCredentialIDTo410(t *testing.T) { } // Run the migration - if err := increaseCredentialIDTo500(x); err != nil { + if err := remigrateU2FCredentials(x); err != nil { assert.NoError(t, err) return } From acc2b1e4242877eb89628ee24cd8c03189f53a93 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Tue, 15 Feb 2022 10:37:55 +0000 Subject: [PATCH 08/14] Gah! Signed-off-by: Andrew Thornton --- models/migrations/v210.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/migrations/v210.go b/models/migrations/v210.go index 55db5cb9ed568..af68476e79fbe 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -130,7 +130,7 @@ func remigrateU2FCredentials(x *xorm.Engine) error { if err != nil { return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) } - if has { + if !has { _, err = x.ID(remigrated.ID).AllCols().Insert(remigrated) if err != nil { return err From 34112d825dceb15c93880c1d73ac2cfdf1137436 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 15 Feb 2022 11:49:02 +0000 Subject: [PATCH 09/14] Update models/migrations/v210.go Co-authored-by: Lunny Xiao --- models/migrations/v210.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/migrations/v210.go b/models/migrations/v210.go index af68476e79fbe..087e26ce2fc1f 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -131,7 +131,7 @@ func remigrateU2FCredentials(x *xorm.Engine) error { return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) } if !has { - _, err = x.ID(remigrated.ID).AllCols().Insert(remigrated) + _, err = x.Insert(remigrated) if err != nil { return err } From d5a85b4c5edbde7309c99a638e0c5d2e4e106a67 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Tue, 15 Feb 2022 12:57:58 +0000 Subject: [PATCH 10/14] fix test Signed-off-by: Andrew Thornton --- .../expected_webauthn_credential.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/models/migrations/fixtures/Test_remigrateU2FCredentials/expected_webauthn_credential.yml b/models/migrations/fixtures/Test_remigrateU2FCredentials/expected_webauthn_credential.yml index 6a60e0df07c83..0e68a5d012478 100644 --- a/models/migrations/fixtures/Test_remigrateU2FCredentials/expected_webauthn_credential.yml +++ b/models/migrations/fixtures/Test_remigrateU2FCredentials/expected_webauthn_credential.yml @@ -4,6 +4,9 @@ - id: 2 credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" +- + id: 3 + credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" - id: 4 credential_id: "TVHE44TOH7DF7V48SEAIT3EMMJ7TGBOQ289E5AQB34S98LFCUFJ7U2NAVI8RJG6K2F4TC8AQ8KBNO7AGEOQOL9NE43GR63HTEHJSLOG=" From 3c168c8240c55ca55ff4e099f2f45ab4b15cd022 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Tue, 15 Feb 2022 16:07:07 +0000 Subject: [PATCH 11/14] no-op v207 Signed-off-by: Andrew Thornton --- models/migrations/migrations.go | 6 +-- models/migrations/v207.go | 77 +-------------------------------- 2 files changed, 4 insertions(+), 79 deletions(-) diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index 22d06eac27f71..63d1c32259964 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -367,11 +367,11 @@ var migrations = []Migration{ // v206 -> v207 NewMigration("Add authorize column to team_unit table", addAuthorizeColForTeamUnit), // v207 -> v208 - NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred), + NewMigration("Add webauthn table and migrate u2f data to webauthn - NO-OPED", addWebAuthnCred), // v208 -> v209 - NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive - NOOPED", useBase32HexForCredIDInWebAuthnCredential), + NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive - NO-OPED", useBase32HexForCredIDInWebAuthnCredential), // v209 -> v210 - NewMigration("Increase WebAuthentication CredentialID size to 410 - NOOPED", increaseCredentialIDTo410), + NewMigration("Increase WebAuthentication CredentialID size to 410 - NO-OPED", increaseCredentialIDTo410), // v210 -> v211 NewMigration("v208 was completely broken - remigrate", remigrateU2FCredentials), } diff --git a/models/migrations/v207.go b/models/migrations/v207.go index dca2902cd89cf..f60dfc3dc359f 100644 --- a/models/migrations/v207.go +++ b/models/migrations/v207.go @@ -5,86 +5,11 @@ package migrations import ( - "crypto/elliptic" - "encoding/base64" - "strings" - - "code.gitea.io/gitea/modules/timeutil" - - "github.com/tstranex/u2f" "xorm.io/xorm" ) func addWebAuthnCred(x *xorm.Engine) error { - // Create webauthnCredential table - type webauthnCredential struct { - ID int64 `xorm:"pk autoincr"` - Name string - LowerName string `xorm:"unique(s)"` - UserID int64 `xorm:"INDEX unique(s)"` - CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety - PublicKey []byte - AttestationType string - AAGUID []byte - SignCount uint32 `xorm:"BIGINT"` - CloneWarning bool - CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` - UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` - } - if err := x.Sync2(&webauthnCredential{}); err != nil { - return err - } - - // Now migrate the old u2f registrations to the new format - type u2fRegistration struct { - ID int64 `xorm:"pk autoincr"` - Name string - UserID int64 `xorm:"INDEX"` - Raw []byte - Counter uint32 `xorm:"BIGINT"` - CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` - UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` - } - - var start int - regs := make([]*u2fRegistration, 0, 50) - for { - err := x.OrderBy("id").Limit(50, start).Find(®s) - if err != nil { - return err - } - - for _, reg := range regs { - parsed := new(u2f.Registration) - err = parsed.UnmarshalBinary(reg.Raw) - if err != nil { - continue - } - - c := &webauthnCredential{ - ID: reg.ID, - Name: reg.Name, - LowerName: strings.ToLower(reg.Name), - UserID: reg.UserID, - CredentialID: base64.RawStdEncoding.EncodeToString(parsed.KeyHandle), - PublicKey: elliptic.Marshal(elliptic.P256(), parsed.PubKey.X, parsed.PubKey.Y), - AttestationType: "fido-u2f", - AAGUID: []byte{}, - SignCount: reg.Counter, - } - - _, err := x.Insert(c) - if err != nil { - return err - } - } - - if len(regs) < 50 { - break - } - start += 50 - regs = regs[:0] - } + // NO-OP Don't migrate here - let v210 do this. return nil } From a7b1b65737ea49d711a5cb8873253f0c955516a6 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Wed, 16 Feb 2022 17:48:05 +0000 Subject: [PATCH 12/14] Set IDENTITY_INSERT for MSSQL Signed-off-by: Andrew Thornton --- models/migrations/v210.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/models/migrations/v210.go b/models/migrations/v210.go index 087e26ce2fc1f..2ed9e5a0cdca4 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -128,19 +128,29 @@ func remigrateU2FCredentials(x *xorm.Engine) error { has, err := x.ID(reg.ID).Where("id = ?", reg.ID).Get(new(webauthnCredential)) if err != nil { - return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %v", reg.ID, err) + return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %w", reg.ID, err) } if !has { + if x.Dialect().URI().DBType == schemas.MSSQL { + if _, err := x.Exec("SET IDENTITY_INSERT `%s` ON", "webauthn_credential"); err != nil { + return fmt.Errorf("unable to allow identity insert on webauthn_credential[%d]. Error: %w", reg.ID, err) + } + } _, err = x.Insert(remigrated) if err != nil { - return err + return fmt.Errorf("unable to (re)insert webauthn_credential[%d]. Error: %w", reg.ID, err) + } + if x.Dialect().URI().DBType == schemas.MSSQL { + if _, err := x.Exec("SET IDENTITY_INSERT `%s` OFF", "webauthn_credential"); err != nil { + return fmt.Errorf("unable to turn off identity insert on webauthn_credential[%d]. Error: %w", reg.ID, err) + } } continue } _, err = x.ID(remigrated.ID).AllCols().Update(remigrated) if err != nil { - return err + return fmt.Errorf("unable to update webauthn_credential[%d]. Error: %w", reg.ID, err) } } From 2c6007779a145137c0490544e07facff9b685b21 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Wed, 16 Feb 2022 18:07:04 +0000 Subject: [PATCH 13/14] try again Signed-off-by: Andrew Thornton --- models/migrations/v210.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/models/migrations/v210.go b/models/migrations/v210.go index 2ed9e5a0cdca4..b806363619c26 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -132,7 +132,7 @@ func remigrateU2FCredentials(x *xorm.Engine) error { } if !has { if x.Dialect().URI().DBType == schemas.MSSQL { - if _, err := x.Exec("SET IDENTITY_INSERT `%s` ON", "webauthn_credential"); err != nil { + if _, err := x.Exec("SET IDENTITY_INSERT `webauthn_credential` ON"); err != nil { return fmt.Errorf("unable to allow identity insert on webauthn_credential[%d]. Error: %w", reg.ID, err) } } @@ -141,7 +141,7 @@ func remigrateU2FCredentials(x *xorm.Engine) error { return fmt.Errorf("unable to (re)insert webauthn_credential[%d]. Error: %w", reg.ID, err) } if x.Dialect().URI().DBType == schemas.MSSQL { - if _, err := x.Exec("SET IDENTITY_INSERT `%s` OFF", "webauthn_credential"); err != nil { + if _, err := x.Exec("SET IDENTITY_INSERT `webauthn_credential` OFF"); err != nil { return fmt.Errorf("unable to turn off identity insert on webauthn_credential[%d]. Error: %w", reg.ID, err) } } From 6a17199b4b698fcccf0c4a6169f8f68f951f3aa9 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Wed, 16 Feb 2022 19:35:52 +0000 Subject: [PATCH 14/14] use session Signed-off-by: Andrew Thornton --- models/migrations/v210.go | 81 +++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 37 deletions(-) diff --git a/models/migrations/v210.go b/models/migrations/v210.go index b806363619c26..cf50760b92c33 100644 --- a/models/migrations/v210.go +++ b/models/migrations/v210.go @@ -106,52 +106,59 @@ func remigrateU2FCredentials(x *xorm.Engine) error { return err } - for _, reg := range regs { - parsed := new(u2f.Registration) - err = parsed.UnmarshalBinary(reg.Raw) - if err != nil { - continue + err = func() error { + sess := x.NewSession() + defer sess.Close() + if err := sess.Begin(); err != nil { + return fmt.Errorf("unable to allow start session. Error: %w", err) } - remigrated := &webauthnCredential{ - ID: reg.ID, - Name: reg.Name, - LowerName: strings.ToLower(reg.Name), - UserID: reg.UserID, - CredentialID: base32.HexEncoding.EncodeToString(parsed.KeyHandle), - PublicKey: elliptic.Marshal(elliptic.P256(), parsed.PubKey.X, parsed.PubKey.Y), - AttestationType: "fido-u2f", - AAGUID: []byte{}, - SignCount: reg.Counter, - UpdatedUnix: reg.UpdatedUnix, - CreatedUnix: reg.CreatedUnix, - } - - has, err := x.ID(reg.ID).Where("id = ?", reg.ID).Get(new(webauthnCredential)) - if err != nil { - return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %w", reg.ID, err) + if x.Dialect().URI().DBType == schemas.MSSQL { + if _, err := sess.Exec("SET IDENTITY_INSERT `webauthn_credential` ON"); err != nil { + return fmt.Errorf("unable to allow identity insert on webauthn_credential. Error: %w", err) + } } - if !has { - if x.Dialect().URI().DBType == schemas.MSSQL { - if _, err := x.Exec("SET IDENTITY_INSERT `webauthn_credential` ON"); err != nil { - return fmt.Errorf("unable to allow identity insert on webauthn_credential[%d]. Error: %w", reg.ID, err) - } + for _, reg := range regs { + parsed := new(u2f.Registration) + err = parsed.UnmarshalBinary(reg.Raw) + if err != nil { + continue + } + remigrated := &webauthnCredential{ + ID: reg.ID, + Name: reg.Name, + LowerName: strings.ToLower(reg.Name), + UserID: reg.UserID, + CredentialID: base32.HexEncoding.EncodeToString(parsed.KeyHandle), + PublicKey: elliptic.Marshal(elliptic.P256(), parsed.PubKey.X, parsed.PubKey.Y), + AttestationType: "fido-u2f", + AAGUID: []byte{}, + SignCount: reg.Counter, + UpdatedUnix: reg.UpdatedUnix, + CreatedUnix: reg.CreatedUnix, } - _, err = x.Insert(remigrated) + + has, err := sess.ID(reg.ID).Where("id = ?", reg.ID).Get(new(webauthnCredential)) if err != nil { - return fmt.Errorf("unable to (re)insert webauthn_credential[%d]. Error: %w", reg.ID, err) + return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %w", reg.ID, err) } - if x.Dialect().URI().DBType == schemas.MSSQL { - if _, err := x.Exec("SET IDENTITY_INSERT `webauthn_credential` OFF"); err != nil { - return fmt.Errorf("unable to turn off identity insert on webauthn_credential[%d]. Error: %w", reg.ID, err) + if !has { + _, err = sess.Insert(remigrated) + if err != nil { + return fmt.Errorf("unable to (re)insert webauthn_credential[%d]. Error: %w", reg.ID, err) } + + continue } - continue - } - _, err = x.ID(remigrated.ID).AllCols().Update(remigrated) - if err != nil { - return fmt.Errorf("unable to update webauthn_credential[%d]. Error: %w", reg.ID, err) + _, err = sess.ID(remigrated.ID).AllCols().Update(remigrated) + if err != nil { + return fmt.Errorf("unable to update webauthn_credential[%d]. Error: %w", reg.ID, err) + } } + return sess.Commit() + }() + if err != nil { + return err } if len(regs) < 50 {