diff --git a/resources/sql/autopatches/20140218.passwords.4.vcs.php b/resources/sql/autopatches/20140218.passwords.4.vcs.php index 1030775326..c811844c27 100644 --- a/resources/sql/autopatches/20140218.passwords.4.vcs.php +++ b/resources/sql/autopatches/20140218.passwords.4.vcs.php @@ -1,27 +1,13 @@ establishConnection('w'); +// This migration once upgraded VCS password hashing, but the table was +// later removed in 2018 (see T13043). -echo pht('Upgrading password hashing for VCS passwords.')."\n"; +// Since almost four years have passed since this migration, the cost of +// losing this data is very small (users just need to reset their passwords), +// and a version of this migration against the modern schema isn't easy to +// implement or test, just skip the migration. -$best_hasher = PhabricatorPasswordHasher::getBestHasher(); -foreach (new LiskMigrationIterator($table) as $password) { - $id = $password->getID(); - - echo pht('Migrating VCS password %d...', $id)."\n"; - - $input_hash = $password->getPasswordHash(); - $input_envelope = new PhutilOpaqueEnvelope($input_hash); - - $storage_hash = $best_hasher->getPasswordHashForStorage($input_envelope); - - queryfx( - $conn_w, - 'UPDATE %T SET passwordHash = %s WHERE id = %d', - $table->getTableName(), - $storage_hash->openEnvelope(), - $id); -} - -echo pht('Done.')."\n"; +// This means that installs which upgrade from a version of Phabricator +// released prior to Feb 2014 to a version of Phabricator relased after +// Jan 2018 will need to have users reset VCS passwords. diff --git a/resources/sql/autopatches/20180121.auth.01.vcsnuke.sql b/resources/sql/autopatches/20180121.auth.01.vcsnuke.sql new file mode 100644 index 0000000000..b106a2ddd7 --- /dev/null +++ b/resources/sql/autopatches/20180121.auth.01.vcsnuke.sql @@ -0,0 +1 @@ +DROP TABLE {$NAMESPACE}_repository.repository_vcspassword; diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 38f97b4900..50f4abc475 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -3944,7 +3944,6 @@ phutil_register_library_map(array( 'PhabricatorRepositoryURITestCase' => 'applications/repository/storage/__tests__/PhabricatorRepositoryURITestCase.php', 'PhabricatorRepositoryURITransaction' => 'applications/repository/storage/PhabricatorRepositoryURITransaction.php', 'PhabricatorRepositoryURITransactionQuery' => 'applications/repository/query/PhabricatorRepositoryURITransactionQuery.php', - 'PhabricatorRepositoryVCSPassword' => 'applications/repository/storage/PhabricatorRepositoryVCSPassword.php', 'PhabricatorRepositoryWorkingCopyVersion' => 'applications/repository/storage/PhabricatorRepositoryWorkingCopyVersion.php', 'PhabricatorRequestExceptionHandler' => 'aphront/handler/PhabricatorRequestExceptionHandler.php', 'PhabricatorResourceSite' => 'aphront/site/PhabricatorResourceSite.php', @@ -9593,7 +9592,6 @@ phutil_register_library_map(array( 'PhabricatorRepositoryURITestCase' => 'PhabricatorTestCase', 'PhabricatorRepositoryURITransaction' => 'PhabricatorApplicationTransaction', 'PhabricatorRepositoryURITransactionQuery' => 'PhabricatorApplicationTransactionQuery', - 'PhabricatorRepositoryVCSPassword' => 'PhabricatorRepositoryDAO', 'PhabricatorRepositoryWorkingCopyVersion' => 'PhabricatorRepositoryDAO', 'PhabricatorRequestExceptionHandler' => 'AphrontRequestExceptionHandler', 'PhabricatorResourceSite' => 'PhabricatorSite', diff --git a/src/applications/repository/storage/PhabricatorRepositoryVCSPassword.php b/src/applications/repository/storage/PhabricatorRepositoryVCSPassword.php deleted file mode 100644 index 2f5c20cf7e..0000000000 --- a/src/applications/repository/storage/PhabricatorRepositoryVCSPassword.php +++ /dev/null @@ -1,60 +0,0 @@ - array( - 'passwordHash' => 'text128', - ), - self::CONFIG_KEY_SCHEMA => array( - 'key_phid' => array( - 'columns' => array('userPHID'), - 'unique' => true, - ), - ), - ) + parent::getConfiguration(); - } - - public function setPassword( - PhutilOpaqueEnvelope $password, - PhabricatorUser $user) { - $hash_envelope = $this->hashPassword($password, $user); - return $this->setPasswordHash($hash_envelope->openEnvelope()); - } - - public function comparePassword( - PhutilOpaqueEnvelope $password, - PhabricatorUser $user) { - - return PhabricatorPasswordHasher::comparePassword( - $this->getPasswordHashInput($password, $user), - new PhutilOpaqueEnvelope($this->getPasswordHash())); - } - - private function getPasswordHashInput( - PhutilOpaqueEnvelope $password, - PhabricatorUser $user) { - if ($user->getPHID() != $this->getUserPHID()) { - throw new Exception(pht('User does not match password user PHID!')); - } - - $raw_input = PhabricatorHash::digestPassword($password, $user->getPHID()); - return new PhutilOpaqueEnvelope($raw_input); - } - - private function hashPassword( - PhutilOpaqueEnvelope $password, - PhabricatorUser $user) { - - $input_envelope = $this->getPasswordHashInput($password, $user); - - $best_hasher = PhabricatorPasswordHasher::getBestHasher(); - return $best_hasher->getPasswordHashForStorage($input_envelope); - } - -}