1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-18 21:02:41 +01:00
phorge-phorge/resources/sql/autopatches/20141107.ssh.4.keymig.php
epriestley bf17b12daf Standardize SSH key storage
Summary:
Ref T5833. This fixes a few weird things with this table:

  - A bunch of columns were nullable for no reason.
  - We stored an MD5 hash of the key (unusual) but never used it and callers were responsible for manually populating it.
  - We didn't perform known-key-text lookups by using an index.

Test Plan:
  - Ran migrations.
  - Faked duplicate keys, saw them clean up correctly.
  - Added new keys.
  - Generated new keys.
  - Used `bin/auth-ssh` and `bin/auth-ssh-key`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10805
2014-11-07 15:34:44 -08:00

50 lines
1,021 B
PHP

<?php
$table = new PhabricatorAuthSSHKey();
$conn_w = $table->establishConnection('w');
echo "Updating SSH public key indexes...\n";
$keys = new LiskMigrationIterator($table);
foreach ($keys as $key) {
$id = $key->getID();
echo "Updating key {$id}...\n";
try {
$hash = $key->toPublicKey()->getHash();
} catch (Exception $ex) {
echo "Key has bad format! Removing key.\n";
queryfx(
$conn_w,
'DELETE FROM %T WHERE id = %d',
$table->getTableName(),
$id);
continue;
}
$collision = queryfx_all(
$conn_w,
'SELECT * FROM %T WHERE keyIndex = %s AND id < %d',
$table->getTableName(),
$hash,
$key->getID());
if ($collision) {
echo "Key is a duplicate! Removing key.\n";
queryfx(
$conn_w,
'DELETE FROM %T WHERE id = %d',
$table->getTableName(),
$id);
continue;
}
queryfx(
$conn_w,
'UPDATE %T SET keyIndex = %s WHERE id = %d',
$table->getTableName(),
$hash,
$key->getID());
}
echo "Done.\n";