mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-02-11 02:34:02 +02:00
0c11e9a43a
- Follow up of forgejo/forgejo!5041, forgejo/forgejo!6074, forgejo/forgejo!8692 - The `task` table contains three secrets: clone address (with credentials), auth password and auth token. These secrets are stored for migrating repositories (also the only usage of this table, although it allows for more usages). - Use `keying` to safely store these secrets and bound them to the table, column, row id and JSON field name. - The migration isn't spectacular but does closely follow what we learned in the previous two migrations: use a transaction and delete records when you can't decrypt them. We also learned about `db.Iterate` not being happy when updating records but it has since been fixed. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9923 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
53 lines
1.4 KiB
Go
53 lines
1.4 KiB
Go
package task
|
|
|
|
import (
|
|
"testing"
|
|
|
|
admin_model "forgejo.org/models/admin"
|
|
"forgejo.org/models/unittest"
|
|
user_model "forgejo.org/models/user"
|
|
"forgejo.org/modules/migration"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestCreateMigrateTask(t *testing.T) {
|
|
require.NoError(t, unittest.PrepareTestDatabase())
|
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
|
|
|
t.Run("Transaction failure", func(t *testing.T) {
|
|
defer unittest.SetFaultInjector(2)()
|
|
|
|
task, err := CreateMigrateTask(t.Context(), user, user, migration.MigrateOptions{
|
|
CloneAddr: "https://admin:password2@example.com",
|
|
AuthPassword: "password",
|
|
AuthToken: "token",
|
|
RepoName: "migrate-test-2",
|
|
})
|
|
require.ErrorIs(t, err, unittest.ErrFaultInjected)
|
|
require.Nil(t, task)
|
|
|
|
unittest.AssertExistsIf(t, false, &admin_model.Task{})
|
|
})
|
|
|
|
t.Run("Normal", func(t *testing.T) {
|
|
task, err := CreateMigrateTask(t.Context(), user, user, migration.MigrateOptions{
|
|
CloneAddr: "https://admin:password@example.com",
|
|
AuthPassword: "password",
|
|
AuthToken: "token",
|
|
RepoName: "migrate-test",
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, task)
|
|
|
|
config, err := task.MigrateConfig()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, config)
|
|
|
|
assert.Equal(t, "token", config.AuthToken)
|
|
assert.Equal(t, "password", config.AuthPassword)
|
|
assert.Equal(t, "https://admin:password@example.com", config.CloneAddr)
|
|
})
|
|
}
|