Migrate user private tokens to personal access tokens
This commit is contained in:
parent
3f24f9ed18
commit
3111c2f58c
|
@ -0,0 +1,78 @@
|
|||
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
|
||||
# for more information on how to write migrations for GitLab.
|
||||
|
||||
class MigrateUserAuthenticationTokenToPersonalAccessToken < ActiveRecord::Migration
|
||||
include Gitlab::Database::MigrationHelpers
|
||||
|
||||
# Set this constant to true if this migration requires downtime.
|
||||
DOWNTIME = false
|
||||
|
||||
# disable_ddl_transaction!
|
||||
|
||||
TOKEN_NAME = 'Private Token'.freeze
|
||||
|
||||
def up
|
||||
execute <<~SQL
|
||||
INSERT INTO personal_access_tokens (user_id, token, name, created_at, updated_at, scopes)
|
||||
SELECT id, authentication_token, '#{TOKEN_NAME}', NOW(), NOW(), '#{%w[api].to_yaml}'
|
||||
FROM users
|
||||
WHERE authentication_token IS NOT NULL
|
||||
AND admin = FALSE
|
||||
AND NOT EXISTS (
|
||||
SELECT true
|
||||
FROM personal_access_tokens
|
||||
WHERE user_id = users.id
|
||||
AND token = users.authentication_token
|
||||
)
|
||||
SQL
|
||||
|
||||
# Admins also need the `sudo` scope
|
||||
execute <<~SQL
|
||||
INSERT INTO personal_access_tokens (user_id, token, name, created_at, updated_at, scopes)
|
||||
SELECT id, authentication_token, '#{TOKEN_NAME}', NOW(), NOW(), '#{%w[api sudo].to_yaml}'
|
||||
FROM users
|
||||
WHERE authentication_token IS NOT NULL
|
||||
AND admin = TRUE
|
||||
AND NOT EXISTS (
|
||||
SELECT true
|
||||
FROM personal_access_tokens
|
||||
WHERE user_id = users.id
|
||||
AND token = users.authentication_token
|
||||
)
|
||||
SQL
|
||||
end
|
||||
|
||||
def down
|
||||
if Gitlab::Database.postgresql?
|
||||
execute <<~SQL
|
||||
UPDATE users
|
||||
SET authentication_token = pats.token
|
||||
FROM (
|
||||
SELECT user_id, token
|
||||
FROM personal_access_tokens
|
||||
WHERE name = '#{TOKEN_NAME}'
|
||||
) AS pats
|
||||
WHERE id = pats.user_id
|
||||
SQL
|
||||
else
|
||||
execute <<~SQL
|
||||
UPDATE users
|
||||
INNER JOIN personal_access_tokens AS pats
|
||||
ON users.id = pats.user_id
|
||||
SET authentication_token = pats.token
|
||||
WHERE pats.name = '#{TOKEN_NAME}'
|
||||
SQL
|
||||
end
|
||||
|
||||
execute <<~SQL
|
||||
DELETE FROM personal_access_tokens
|
||||
WHERE name = '#{TOKEN_NAME}'
|
||||
AND EXISTS (
|
||||
SELECT true
|
||||
FROM users
|
||||
WHERE id = personal_access_tokens.user_id
|
||||
AND authentication_token = personal_access_tokens.token
|
||||
)
|
||||
SQL
|
||||
end
|
||||
end
|
|
@ -0,0 +1,25 @@
|
|||
require 'spec_helper'
|
||||
require Rails.root.join('db', 'migrate', '20171012125712_migrate_user_authentication_token_to_personal_access_token.rb')
|
||||
|
||||
describe MigrateUserAuthenticationTokenToPersonalAccessToken, :migration do
|
||||
let(:users) { table(:users) }
|
||||
let(:personal_access_tokens) { table(:personal_access_tokens) }
|
||||
|
||||
let!(:user) { users.create!(id: 1, email: 'user@example.com', authentication_token: 'user-token', admin: false) }
|
||||
let!(:admin) { users.create!(id: 2, email: 'admin@example.com', authentication_token: 'admin-token', admin: true) }
|
||||
|
||||
it 'migrates private tokens to Personal Access Tokens' do
|
||||
migrate!
|
||||
|
||||
expect(personal_access_tokens.count).to eq(2)
|
||||
|
||||
user_token = personal_access_tokens.find_by(user_id: user.id)
|
||||
admin_token = personal_access_tokens.find_by(user_id: admin.id)
|
||||
|
||||
expect(user_token.token).to eq('user-token')
|
||||
expect(admin_token.token).to eq('admin-token')
|
||||
|
||||
expect(user_token.scopes).to eq(%w[api].to_yaml)
|
||||
expect(admin_token.scopes).to eq(%w[api sudo].to_yaml)
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue