From a328e7ccc4f94e19cddfe5894636228663f5c7fa Mon Sep 17 00:00:00 2001
From: E99p1ant <i@github.red>
Date: Sun, 5 Jun 2022 13:34:21 +0800
Subject: access_token: encrypt access token with SHA256 (#7008)

* access_token: encrypt access token with SHA256

* revert list access token

* fix lint

* generate schemadoc

* add database migrations

* fix tests

* fix tests

* add test case for access token golden

* fix test in postgres

* `Sha256` -> `SHA256`

* Use GORM for migration

* task generate-schemadoc

* Use unique

* change migration name

* allow read

* task generate-schemadoc

* add changelog

* fix lint error

* update changelog

* remove Debug

* add comments

Co-authored-by: Joe Chen <jc@unknwon.io>
---
 internal/route/lfs/route.go      | 2 +-
 internal/route/lfs/route_test.go | 4 ++--
 internal/route/repo/http.go      | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'internal/route')

diff --git a/internal/route/lfs/route.go b/internal/route/lfs/route.go
index 0fd9617b..388dde0c 100644
--- a/internal/route/lfs/route.go
+++ b/internal/route/lfs/route.go
@@ -72,7 +72,7 @@ func authenticate() macaron.Handler {
 
 		// If username and password authentication failed, try again using username as an access token.
 		if auth.IsErrBadCredentials(err) {
-			token, err := db.AccessTokens.GetBySHA(username)
+			token, err := db.AccessTokens.GetBySHA1(username)
 			if err != nil {
 				if db.IsErrAccessTokenNotExist(err) {
 					askCredentials(c.Resp)
diff --git a/internal/route/lfs/route_test.go b/internal/route/lfs/route_test.go
index 9571c89d..119b925e 100644
--- a/internal/route/lfs/route_test.go
+++ b/internal/route/lfs/route_test.go
@@ -75,7 +75,7 @@ func Test_authenticate(t *testing.T) {
 				},
 			},
 			mockAccessTokensStore: &db.MockAccessTokensStore{
-				MockGetBySHA: func(sha string) (*db.AccessToken, error) {
+				MockGetBySHA1: func(sha string) (*db.AccessToken, error) {
 					return nil, db.ErrAccessTokenNotExist{}
 				},
 			},
@@ -120,7 +120,7 @@ func Test_authenticate(t *testing.T) {
 				},
 			},
 			mockAccessTokensStore: &db.MockAccessTokensStore{
-				MockGetBySHA: func(sha string) (*db.AccessToken, error) {
+				MockGetBySHA1: func(sha string) (*db.AccessToken, error) {
 					return &db.AccessToken{}, nil
 				},
 				MockSave: func(t *db.AccessToken) error {
diff --git a/internal/route/repo/http.go b/internal/route/repo/http.go
index e5a7570d..b5bbefc1 100644
--- a/internal/route/repo/http.go
+++ b/internal/route/repo/http.go
@@ -131,7 +131,7 @@ func HTTPContexter() macaron.Handler {
 
 		// If username and password combination failed, try again using username as a token.
 		if authUser == nil {
-			token, err := db.AccessTokens.GetBySHA(authUsername)
+			token, err := db.AccessTokens.GetBySHA1(authUsername)
 			if err != nil {
 				if db.IsErrAccessTokenNotExist(err) {
 					askCredentials(c, http.StatusUnauthorized, "")
-- 
cgit v1.2.3