DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

feat(maintenance): add task to copy super admin OTP secrets to Rails 7 encrypted attributes

Browse source
This commit is contained in:
Colin Darie 2024-08-29 13:11:36 +02:00
parent 845a4582d3
commit 1524f5ba16
No known key found for this signature in database
GPG key ID: 4FB865FDBCA4BCC4
2 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
app/tasks/maintenance/copy_super_admin_otp_secret_to_rails7_encrypted_attr_task.rb Normal file
View file

@ -0,0 +1,26 @@
# frozen_string_literal: true
module Maintenance
class CopySuperAdminOtpSecretToRails7EncryptedAttrTask < MaintenanceTasks::Task
# Cette tâche finalise la mise à niveau vers devies-two-factor 5
# qui utilise les encrypted attributes de Rails 7.
# Elle copie les secrets OTP des super admins vers la nouvelle colonne
# avant une suppression plus tard des anciennes colonnes.
# Plus d'informations : https://github.com/devise-two-factor/devise-two-factor/blob/main/UPGRADING.md
# Introduit 2024-08-29, https://github.com/demarches-simplifiees/demarches-simplifiees.fr/pull/10722
def collection
SuperAdmin.all
end
def process(super_admin)
# From https://github.com/devise-two-factor/devise-two-factor/blob/main/UPGRADING.md
otp_secret = super_admin.otp_secret # read from otp_secret column, fall back to legacy columns if new column is empty
# This is NOOP when otp_secret column has already the same value
super_admin.update!(otp_secret: otp_secret)
end
def count
SuperAdmin.count
end
end
end

25
spec/tasks/maintenance/copy_super_admin_otp_secret_to_rails7_encrypted_attr_task_spec.rb Normal file
View file

@ -0,0 +1,25 @@
# frozen_string_literal: true
require "rails_helper"
module Maintenance
RSpec.describe CopySuperAdminOtpSecretToRails7EncryptedAttrTask do
describe "#process" do
let(:super_admin) { create(:super_admin) }
subject(:process) { described_class.process(super_admin) }
context "when otp_secret is not set" do
let(:legacy_otp_secret) { "legacy_secret" }
before do
super_admin.update_column(:otp_secret, nil)
allow(super_admin).to receive(:otp_secret).and_return(legacy_otp_secret)
end
it "copies the legacy otp_secret to the new column" do
expect { process }.to change { super_admin.reload.read_attribute(:otp_secret) }.from(nil).to(legacy_otp_secret)
end
end
end
end
end