Fix token encrypted strategy when migrating data

fe4b5c98 · Grzegorz Bizon · 0f5073d9 · fe4b5c98 · fe4b5c98
Commit fe4b5c98 authored Dec 03, 2018 by Grzegorz Bizon
2 changed files
--- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb
+++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb
@@ -19,11 +19,17 @@ module TokenAuthenticatableStrategies
          .find_by(encrypted_field => encrypted_value)
      end

-      if migrating? || fallback?
+      if fallback? || migrating?
        token_authenticatable ||= fallback_strategy
          .find_token_authenticatable(token)
      end

+      if migrating?
+        encrypted_value = Gitlab::CryptoHelper.aes256_gcm_encrypt(token)
+        token_authenticatable ||= relation(unscoped)
+          .find_by(encrypted_field => encrypted_value)
+      end
+
      token_authenticatable
    end


--- a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
+++ b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
@@ -66,9 +66,26 @@ describe TokenAuthenticatableStrategies::Encrypted do
          .with('some_field' => 'my-value')
          .and_return(nil)

+        allow(model).to receive(:find_by)
+          .with('some_field_encrypted' => encrypted)
+          .and_return(nil)
+
        expect(subject.find_token_authenticatable('my-value'))
          .to be_nil
      end
+
+      it 'finds by encrypted value if cleartext is not present' do
+        allow(model).to receive(:find_by)
+          .with('some_field' => 'my-value')
+          .and_return(nil)
+
+        allow(model).to receive(:find_by)
+          .with('some_field_encrypted' => encrypted)
+          .and_return('encrypted resource')
+
+        expect(subject.find_token_authenticatable('my-value'))
+          .to eq 'encrypted resource'
+      end
    end
  end