Skip to content

WebAuthn CredentialID field needs to be increased in size #20530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Jul 30, 2022
Merged

WebAuthn CredentialID field needs to be increased in size #20530

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
835cf4c
WebAuthn CredentialID field needs to be increased in size
zeripath Jul 28, 2022
8b0716b
Merge remote-tracking branch 'origin/main' into fix-20457-increase-we…
zeripath Jul 29, 2022
46fced8
Move to use webauthnCredential CredentialID as bytes
zeripath Jul 29, 2022
919d517
fix test
zeripath Jul 29, 2022
248b5ce
i hate our linter
zeripath Jul 29, 2022
72cd759
of course MSSQL has to be difficult
zeripath Jul 29, 2022
25388aa
i hate our linter
zeripath Jul 29, 2022
3eb1d13
and change the lookup function
zeripath Jul 29, 2022
da04731
and change the lookup function
zeripath Jul 29, 2022
9f15fed
separate the out the droptablecolumns into another migration
zeripath Jul 29, 2022
0e675c9
Update models/migrations/v223.go
zeripath Jul 29, 2022
7926dac
Update webauthn.go
zeripath Jul 29, 2022
197c197
nit
6543 Jul 30, 2022
ebfa23a
Merge branch 'main' into fix-20457-increase-webauthn-credential-field
6543 Jul 30, 2022
550160c
Merge branch 'main' into fix-20457-increase-webauthn-credential-field
6543 Jul 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion models/auth/webauthn.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ type WebAuthnCredential struct {
Name string
LowerName string `xorm:"unique(s)"`
UserID int64 `xorm:"INDEX unique(s)"`
CredentialID string `xorm:"INDEX VARCHAR(410)"`
CredentialID string `xorm:"INDEX VARCHAR(1640)"`
PublicKey []byte
AttestationType string
AAGUID []byte
Expand Down
2 changes: 2 additions & 0 deletions models/migrations/migrations.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,8 @@ var migrations = []Migration{
NewMigration("Add sync_on_commit column to push_mirror table", addSyncOnCommitColForPushMirror),
// v220 -> v221
NewMigration("Add container repository property", addContainerRepositoryProperty),
// v221 -> v222
NewMigration("Increase WebAuthentication CredentialID size to 1640", increaseCredentialIDTo1640),
}

// GetCurrentDBVersion returns the current db version
Expand Down
8 changes: 4 additions & 4 deletions models/migrations/v210.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func remigrateU2FCredentials(x *xorm.Engine) error {
Name string
LowerName string `xorm:"unique(s)"`
UserID int64 `xorm:"INDEX unique(s)"`
CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety
CredentialID string `xorm:"INDEX VARCHAR(1640)"` // CredentialID is at most 1023 bytes as per spec released 20 July 2022 -> 1640 base32 encoding
PublicKey []byte
AttestationType string
AAGUID []byte
Expand All @@ -40,12 +40,12 @@ func remigrateU2FCredentials(x *xorm.Engine) error {

switch x.Dialect().URI().DBType {
case schemas.MYSQL:
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(410)")
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(1640)")
if err != nil {
return err
}
case schemas.ORACLE:
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(410)")
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(1640)")
if err != nil {
return err
}
Expand All @@ -70,7 +70,7 @@ func remigrateU2FCredentials(x *xorm.Engine) error {
return err
}
case schemas.POSTGRES:
_, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(410)")
_, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(1640)")
if err != nil {
return err
}
Expand Down
4 changes: 2 additions & 2 deletions models/migrations/v210_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ func Test_remigrateU2FCredentials(t *testing.T) {
Name string
LowerName string `xorm:"unique(s)"`
UserID int64 `xorm:"INDEX unique(s)"`
CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety
CredentialID string `xorm:"INDEX VARCHAR(1640)"` // CredentialID is at most 1023 bytes as per spec released 20 July 2022 -> 1640 base32 encoding
PublicKey []byte
AttestationType string
SignCount uint32 `xorm:"BIGINT"`
Expand All @@ -40,7 +40,7 @@ func Test_remigrateU2FCredentials(t *testing.T) {

type ExpectedWebauthnCredential struct {
ID int64 `xorm:"pk autoincr"`
CredentialID string `xorm:"INDEX VARCHAR(410)"` // CredentalID in U2F is at most 255bytes / 5 * 8 = 408 - add a few extra characters for safety
CredentialID string `xorm:"INDEX VARCHAR(1640)"` // CredentialID is at most 1023 bytes as per spec released 20 July 2022 -> 1640 base32 encoding
}

// Prepare and load the testing database
Expand Down
75 changes: 75 additions & 0 deletions models/migrations/v221.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
// Copyright 2022 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package migrations

import (
"code.gitea.io/gitea/modules/timeutil"

"xorm.io/xorm"
"xorm.io/xorm/schemas"
)

func increaseCredentialIDTo1640(x *xorm.Engine) error {
// Create webauthnCredential table
type webauthnCredential struct {
ID int64 `xorm:"pk autoincr"`
Name string
LowerName string `xorm:"unique(s)"`
UserID int64 `xorm:"INDEX unique(s)"`
CredentialID string `xorm:"INDEX VARCHAR(1640)"` // CredentialID is at most 1023 bytes as per spec released 20 July 2022 -> 1640 base32 encoding
PublicKey []byte
AttestationType string
AAGUID []byte
SignCount uint32 `xorm:"BIGINT"`
CloneWarning bool
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
}
if err := x.Sync2(&webauthnCredential{}); err != nil {
return err
}

switch x.Dialect().URI().DBType {
case schemas.MYSQL:
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY COLUMN credential_id VARCHAR(1640)")
if err != nil {
return err
}
case schemas.ORACLE:
_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(1640)")
if err != nil {
return err
}
case schemas.MSSQL:
// This column has an index on it. I could write all of the code to attempt to change the index OR
// I could just use recreate table.
sess := x.NewSession()
if err := sess.Begin(); err != nil {
_ = sess.Close()
return err
}

if err := recreateTable(sess, new(webauthnCredential)); err != nil {
_ = sess.Close()
return err
}
if err := sess.Commit(); err != nil {
_ = sess.Close()
return err
}
if err := sess.Close(); err != nil {
return err
}
case schemas.POSTGRES:
_, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(1640)")
if err != nil {
return err
}
default:
// SQLite doesn't support ALTER COLUMN, and it already makes String _TEXT_ by default so no migration needed
// nor is there any need to re-migrate
}
return nil
}