Skip to content

Extend users table with "static_object_token_encrypted" field

What does this MR do and why?

Contributes to #348163 (closed)

Roadmap

  1. Add database fields for encrypted tokens <- This MR
  2. Migrate old tokens to encrypted version and start using them !76684 (merged)
  3. Drop plaintext token fields - #348426

Problem

We store "static_object_token" in plaintext format

Solution

Extend users table with a new field "static_object_token_encrypted" to store encrypted versions of the token.

Database

Migration
== 20211126142200 AddEncryptedStaticObjectToken: migrating ====================
-- add_column(:users, :static_object_token_encrypted, :text)
   -> 0.0036s
== 20211126142200 AddEncryptedStaticObjectToken: migrated (0.0037s) ===========

== 20211126142354 AddTextLimitToEncryptedStaticObjectToken: migrating =========
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0002s
-- transaction_open?()
   -> 0.0000s
-- execute("ALTER TABLE users\nADD CONSTRAINT check_7bde697e8e\nCHECK ( char_length(static_object_token_encrypted) <= 255 )\nNOT VALID;\n")
   -> 0.0021s
-- current_schema()
   -> 0.0002s
-- execute("SET statement_timeout TO 0")
   -> 0.0005s
-- execute("ALTER TABLE users VALIDATE CONSTRAINT check_7bde697e8e;")
   -> 0.0011s
-- execute("RESET statement_timeout")
   -> 0.0006s
== 20211126142354 AddTextLimitToEncryptedStaticObjectToken: migrated (0.0193s)
Rollback
== 20211126142354 AddTextLimitToEncryptedStaticObjectToken: reverting =========
-- transaction_open?()
   -> 0.0000s
-- transaction_open?()
   -> 0.0000s
-- execute("ALTER TABLE users\nDROP CONSTRAINT IF EXISTS check_7bde697e8e\n")
   -> 0.0024s
== 20211126142354 AddTextLimitToEncryptedStaticObjectToken: reverted (0.0151s)

== 20211126142200 AddEncryptedStaticObjectToken: reverting ====================
-- remove_column(:users, :static_object_token_encrypted)
   -> 0.0036s
== 20211126142200 AddEncryptedStaticObjectToken: reverted (0.0037s) ===========

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vasilii Iakliushin

Merge request reports

Loading