diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-20 17:25:45 +0300 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-20 17:25:45 +0300 |
| commit | 56e5a2a3abe6be7307a87125abe70f2775dcaee2 (patch) | |
| tree | 8342ec4b3338024c3dc051048c145ed5bf128272 /app/models/concerns/token_authenticatable_strategies | |
| parent | b32a99474b3c9e4e5a7f93116491c259418ff3bf (diff) | |
Reset insecure token when setting an encrypted one
Diffstat (limited to 'app/models/concerns/token_authenticatable_strategies')
| -rw-r--r-- | app/models/concerns/token_authenticatable_strategies/encrypted.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/models/concerns/token_authenticatable_strategies/encrypted.rb b/app/models/concerns/token_authenticatable_strategies/encrypted.rb index 9c28530fbb6..3d23eed164e 100644 --- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb +++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb @@ -24,13 +24,16 @@ module TokenAuthenticatableStrategies # using factory bot to create resources, it might happen that a database # schema does not have "#{token_name}_encrypted" field yet, however a bunch # of models call `ensure_#{token_name}` in `before_save`. + # + # In that case we are using insecure strategy, but this should only happen + # in tests, because otherwise `encrypted_field` is going to exist. return super if instance.has_attribute?(encrypted_field) if fallback? fallback_strategy.ensure_token(instance) else - raise ArgumentError, 'Encrypted field does not exist without fallback' + raise ArgumentError, 'No fallback defined when encrypted field is missing!' end end @@ -45,6 +48,7 @@ module TokenAuthenticatableStrategies raise ArgumentError unless token.present? instance[encrypted_field] = Gitlab::CryptoHelper.aes256_gcm_encrypt(token) + instance[token_field] = nil token end |