diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-23 13:51:00 +0300 |
---|---|---|
committer | Thiago Presa <tpresa@gitlab.com> | 2018-10-25 04:00:04 +0300 |
commit | 2e04a93a2195ae179a933ce120d8ab00a9e0188a (patch) | |
tree | 6ed840e0eceaffa8e14610510cb1c4426ec89ab2 /lib/tasks | |
parent | bf097697f543bc2551f88895ca08084420e45068 (diff) |
Merge branch 'security-if-51113-hash_tokens-11-2' into 'security-11-2'
[11.2] Persist only SHA digest of PersonalAccessToken#token
See merge request gitlab/gitlabhq!2553
Diffstat (limited to 'lib/tasks')
-rw-r--r-- | lib/tasks/tokens.rake | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/lib/tasks/tokens.rake b/lib/tasks/tokens.rake index 81829668de8..eec024f9bbb 100644 --- a/lib/tasks/tokens.rake +++ b/lib/tasks/tokens.rake @@ -1,4 +1,7 @@ require_relative '../../app/models/concerns/token_authenticatable.rb' +require_relative '../../app/models/concerns/token_authenticatable_strategies/base.rb' +require_relative '../../app/models/concerns/token_authenticatable_strategies/insecure.rb' +require_relative '../../app/models/concerns/token_authenticatable_strategies/digest.rb' namespace :tokens do desc "Reset all GitLab incoming email tokens" @@ -26,13 +29,6 @@ class TmpUser < ActiveRecord::Base self.table_name = 'users' - def reset_incoming_email_token! - write_new_token(:incoming_email_token) - save!(validate: false) - end - - def reset_feed_token! - write_new_token(:feed_token) - save!(validate: false) - end + add_authentication_token_field :incoming_email_token, token_generator: -> { SecureRandom.hex.to_i(16).to_s(36) } + add_authentication_token_field :feed_token end |