Merge pull request #10722 from colinux/migrates-otp-secrets
Tech: task pour copier les secrets OTP vers les encrypted attributes
This commit is contained in:
Colin Darie
GitHub
commit
5d4cafc18f
2 changed files with 51 additions and 0 deletions
|
|
@ -0,0 +1,26 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module Maintenance
|
||||||
|
class CopySuperAdminOtpSecretToRails7EncryptedAttrTask < MaintenanceTasks::Task
|
||||||
|
# Cette tâche finalise la mise à niveau vers devies-two-factor 5
|
||||||
|
# qui utilise les encrypted attributes de Rails 7.
|
||||||
|
# Elle copie les secrets OTP des super admins vers la nouvelle colonne
|
||||||
|
# avant une suppression plus tard des anciennes colonnes.
|
||||||
|
# Plus d'informations : https://github.com/devise-two-factor/devise-two-factor/blob/main/UPGRADING.md
|
||||||
|
# Introduit 2024-08-29, https://github.com/demarches-simplifiees/demarches-simplifiees.fr/pull/10722
|
||||||
|
def collection
|
||||||
|
SuperAdmin.all
|
||||||
|
end
|
||||||
|
|
||||||
|
def process(super_admin)
|
||||||
|
# From https://github.com/devise-two-factor/devise-two-factor/blob/main/UPGRADING.md
|
||||||
|
otp_secret = super_admin.otp_secret # read from otp_secret column, fall back to legacy columns if new column is empty
|
||||||
|
# This is NOOP when otp_secret column has already the same value
|
||||||
|
super_admin.update!(otp_secret: otp_secret)
|
||||||
|
end
|
||||||
|
|
||||||
|
def count
|
||||||
|
SuperAdmin.count
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -0,0 +1,25 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require "rails_helper"
|
||||||
|
|
||||||
|
module Maintenance
|
||||||
|
RSpec.describe CopySuperAdminOtpSecretToRails7EncryptedAttrTask do
|
||||||
|
describe "#process" do
|
||||||
|
let(:super_admin) { create(:super_admin) }
|
||||||
|
subject(:process) { described_class.process(super_admin) }
|
||||||
|
|
||||||
|
context "when otp_secret is not set" do
|
||||||
|
let(:legacy_otp_secret) { "legacy_secret" }
|
||||||
|
|
||||||
|
before do
|
||||||
|
super_admin.update_column(:otp_secret, nil)
|
||||||
|
allow(super_admin).to receive(:otp_secret).and_return(legacy_otp_secret)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "copies the legacy otp_secret to the new column" do
|
||||||
|
expect { process }.to change { super_admin.reload.read_attribute(:otp_secret) }.from(nil).to(legacy_otp_secret)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
Loading…
Reference in a new issue