diff --git a/models/forgejo_migrations/v25.go b/models/forgejo_migrations/v25.go index e2316007cf..5e3dff80b3 100644 --- a/models/forgejo_migrations/v25.go +++ b/models/forgejo_migrations/v25.go @@ -7,9 +7,11 @@ import ( "context" "crypto/md5" "encoding/base64" + "fmt" "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" + "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/secret" "code.gitea.io/gitea/modules/setting" @@ -57,19 +59,38 @@ func MigrateTwoFactorToKeying(x *xorm.Engine) error { oldEncryptionKey := md5.Sum([]byte(setting.SecretKey)) - return db.Iterate(context.Background(), nil, func(ctx context.Context, bean *auth.TwoFactor) error { + messages := make([]string, 0, 100) + ids := make([]int64, 0, 100) + + err = db.Iterate(context.Background(), nil, func(ctx context.Context, bean *auth.TwoFactor) error { decodedStoredSecret, err := base64.StdEncoding.DecodeString(string(bean.Secret)) if err != nil { - return err + messages = append(messages, fmt.Sprintf("two_factor.id=%d, two_factor.uid=%d: base64.StdEncoding.DecodeString: %v", bean.ID, bean.UID, err)) + ids = append(ids, bean.ID) + return nil } secretBytes, err := secret.AesDecrypt(oldEncryptionKey[:], decodedStoredSecret) if err != nil { - return err + messages = append(messages, fmt.Sprintf("two_factor.id=%d, two_factor.uid=%d: secret.AesDecrypt: %v", bean.ID, bean.UID, err)) + ids = append(ids, bean.ID) + return nil } bean.SetSecret(string(secretBytes)) _, err = db.GetEngine(ctx).Cols("secret").ID(bean.ID).Update(bean) return err }) + if err == nil { + if len(ids) > 0 { + log.Error("Forgejo migration[25]: The following TOTP secrets were found to be corrupted and removed from the database. TOTP is no longer required to login with the associated users. They should be informed because they will need to visit their security settings and configure TOTP again. No other action is required. See https://codeberg.org/forgejo/forgejo/issues/6637 for more context on the various causes for such a corruption.") + for _, message := range messages { + log.Error("Forgejo migration[25]: %s", message) + } + + _, err = db.GetEngine(context.Background()).In("id", ids).NoAutoCondition().NoAutoTime().Delete(&auth.TwoFactor{}) + } + } + + return err } diff --git a/models/forgejo_migrations/v25_test.go b/models/forgejo_migrations/v25_test.go index 43c5885c39..73b97f7a35 100644 --- a/models/forgejo_migrations/v25_test.go +++ b/models/forgejo_migrations/v25_test.go @@ -36,10 +36,14 @@ func Test_MigrateTwoFactorToKeying(t *testing.T) { cnt, err := x.Table("two_factor").Count() require.NoError(t, err) - assert.EqualValues(t, 1, cnt) + assert.EqualValues(t, 2, cnt) require.NoError(t, MigrateTwoFactorToKeying(x)) + cnt, err = x.Table("two_factor").Count() + require.NoError(t, err) + assert.EqualValues(t, 1, cnt) + var twofactor auth.TwoFactor _, err = x.Table("two_factor").ID(1).Get(&twofactor) require.NoError(t, err) diff --git a/models/migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml b/models/migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml index ef6c158659..91aa420340 100644 --- a/models/migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml +++ b/models/migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml @@ -7,3 +7,12 @@ last_used_passcode: created_unix: 1564253724 updated_unix: 1564253724 +- + id: 2 + uid: 23 + secret: badbad + scratch_salt: badbad + scratch_hash: badbad + last_used_passcode: + created_unix: 1564253724 + updated_unix: 1564253724 diff --git a/release-notes/7251.md b/release-notes/7251.md new file mode 100644 index 0000000000..9c35603981 --- /dev/null +++ b/release-notes/7251.md @@ -0,0 +1 @@ +When migrating from a Forgejo version lower than v10, the TOTP secrets found to be corrupted are now transparently removed from the database instead of failing the migration. TOTP is no longer required to login with the associated users. They should be informed because they will need to visit their security settings and configure TOTP again. No other action is required.