No-op the old repository credential migration · recaptime.dev/phorge@3462216

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork atom

No-op the old repository credential migration

Summary:
Ref T8746. See discussion there. We could try harder to fix this but I suspect the number of affected installs is exceedingly small since it's ~18 months old. Requiring reconfiguration of credentials seems reasonable-ish.

Also fix a merge issue with Conpherence search.

Test Plan: N/A

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8746

Differential Revision: https://secure.phabricator.com/D13565

epriestley 10 years ago 34622164 1a001ca0

+5 -137

1 changed file

expand all

resources

sql

patches

20131121.repocredentials.2.mig.php

+5 -137

resources/sql/patches/20131121.repocredentials.2.mig.php

··· 1 1 <?php 2 2 3 - $table = new PhabricatorRepository(); 4 - $conn_w = $table->establishConnection('w'); 5 - $viewer = PhabricatorUser::getOmnipotentUser(); 6 - 7 - $map = array(); 8 - foreach (new LiskMigrationIterator($table) as $repository) { 9 - $callsign = $repository->getCallsign(); 10 - echo pht('Examining repository %s...', $callsign)."\n"; 11 - 12 - if ($repository->getCredentialPHID()) { 13 - echo pht('...already has a Credential.')."\n"; 14 - continue; 15 - } 16 - 17 - $raw_uri = $repository->getRemoteURI(); 18 - if (!$raw_uri) { 19 - echo pht('...no remote URI.')."\n"; 20 - continue; 21 - } 22 - 23 - $uri = new PhutilURI($raw_uri); 24 - 25 - $proto = strtolower($uri->getProtocol()); 26 - if ($proto == 'http' || $proto == 'https' || $proto == 'svn') { 27 - $username = $repository->getDetail('http-login'); 28 - $secret = $repository->getDetail('http-pass'); 29 - $type = PassphrasePasswordCredentialType::CREDENTIAL_TYPE; 30 - } else { 31 - $username = $repository->getDetail('ssh-login'); 32 - if (!$username) { 33 - // If there's no explicit username, check for one in the URI. This is 34 - // possible with older repositories. 35 - $username = $uri->getUser(); 36 - if (!$username) { 37 - // Also check for a Git/SCP-style URI. 38 - $git_uri = new PhutilGitURI($raw_uri); 39 - $username = $git_uri->getUser(); 40 - } 41 - } 42 - $file = $repository->getDetail('ssh-keyfile'); 43 - if ($file) { 44 - $secret = $file; 45 - $type = PassphraseSSHPrivateKeyFileCredentialType::CREDENTIAL_TYPE; 46 - } else { 47 - $secret = $repository->getDetail('ssh-key'); 48 - $type = PassphraseSSHPrivateKeyTextCredentialType::CREDENTIAL_TYPE; 49 - } 50 - } 51 - 52 - if (!$username || !$secret) { 53 - echo pht('...no credentials set.')."\n"; 54 - continue; 55 - } 56 - 57 - $map[$type][$username][$secret][] = $repository; 58 - echo pht('...will migrate.')."\n"; 59 - } 60 - 61 - $passphrase = new PassphraseSecret(); 62 - $passphrase->openTransaction(); 63 - $table->openTransaction(); 64 - 65 - foreach ($map as $credential_type => $credential_usernames) { 66 - $type = PassphraseCredentialType::getTypeByConstant($credential_type); 67 - foreach ($credential_usernames as $username => $credential_secrets) { 68 - foreach ($credential_secrets as $secret_plaintext => $repositories) { 69 - $callsigns = mpull($repositories, 'getCallsign'); 70 - 71 - $signs = implode(', ', $callsigns); 72 - 73 - $name = pht( 74 - 'Migrated Repository Credential (%s)', 75 - id(new PhutilUTF8StringTruncator()) 76 - ->setMaximumGlyphs(128) 77 - ->truncateString($signs)); 78 - 79 - echo pht('Creating: %s...', $name)."\n"; 80 - 81 - $secret = id(new PassphraseSecret()) 82 - ->setSecretData($secret_plaintext) 83 - ->save(); 84 - 85 - $secret_id = $secret->getID(); 86 - 87 - $credential = PassphraseCredential::initializeNewCredential($viewer) 88 - ->setCredentialType($type->getCredentialType()) 89 - ->setProvidesType($type->getProvidesType()) 90 - ->setViewPolicy(PhabricatorPolicies::POLICY_ADMIN) 91 - ->setEditPolicy(PhabricatorPolicies::POLICY_ADMIN) 92 - ->setName($name) 93 - ->setUsername($username) 94 - ->setSecretID($secret_id); 95 - 96 - $credential->setPHID($credential->generatePHID()); 97 - 98 - queryfx( 99 - $credential->establishConnection('w'), 100 - 'INSERT INTO %T (name, credentialType, providesType, viewPolicy, 101 - editPolicy, description, username, secretID, isDestroyed, 102 - phid, dateCreated, dateModified) 103 - VALUES (%s, %s, %s, %s, %s, %s, %s, %d, %d, %s, %d, %d)', 104 - $credential->getTableName(), 105 - $credential->getName(), 106 - $credential->getCredentialType(), 107 - $credential->getProvidesType(), 108 - $credential->getViewPolicy(), 109 - $credential->getEditPolicy(), 110 - $credential->getDescription(), 111 - $credential->getUsername(), 112 - $credential->getSecretID(), 113 - $credential->getIsDestroyed(), 114 - $credential->getPHID(), 115 - time(), 116 - time()); 117 - 118 - foreach ($repositories as $repository) { 119 - queryfx( 120 - $conn_w, 121 - 'UPDATE %T SET credentialPHID = %s WHERE id = %d', 122 - $table->getTableName(), 123 - $credential->getPHID(), 124 - $repository->getID()); 125 - 126 - $edge_type = PhabricatorObjectUsesCredentialsEdgeType::EDGECONST; 127 - 128 - id(new PhabricatorEdgeEditor()) 129 - ->addEdge($repository->getPHID(), $edge_type, $credential->getPHID()) 130 - ->save(); 131 - } 132 - } 133 - } 134 - } 135 - 136 - $table->saveTransaction(); 137 - $passphrase->saveTransaction(); 138 - 139 - echo pht('Done.')."\n"; 3 + // This migration originally imported repository credentials from the old 4 + // inline format into Passphrase after the application was introduced. After 5 + // about 18 months, following the introduction of Spaces, it stopped running 6 + // cleanly. Installs older than Nov 2013 will need to manually fix repository 7 + // credentials after updating. See T8746.