Forgejo/models/migrations/v1_14/v166.go

// Copyright 2021 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package v1_14 //nolint

import (
	"crypto/sha256"
	"encoding/hex"

	"golang.org/x/crypto/argon2"
	"golang.org/x/crypto/bcrypt"
	"golang.org/x/crypto/pbkdf2"
	"golang.org/x/crypto/scrypt"
	"xorm.io/builder"
	"xorm.io/xorm"
)

func RecalculateUserEmptyPWD(x *xorm.Engine) (err error) {
	const (
		algoBcrypt = "bcrypt"
		algoScrypt = "scrypt"
		algoArgon2 = "argon2"
		algoPbkdf2 = "pbkdf2"
	)

	type User struct {
		ID                 int64  `xorm:"pk autoincr"`
		Passwd             string `xorm:"NOT NULL"`
		PasswdHashAlgo     string `xorm:"NOT NULL DEFAULT 'argon2'"`
		MustChangePassword bool   `xorm:"NOT NULL DEFAULT false"`
		LoginType          int
		LoginName          string
		Type               int
		Salt               string `xorm:"VARCHAR(10)"`
	}

	// hashPassword hash password based on algo and salt
	// state 461406070c
	hashPassword := func(passwd, salt, algo string) string {
		var tempPasswd []byte

		switch algo {
		case algoBcrypt:
			tempPasswd, _ = bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.DefaultCost)
			return string(tempPasswd)
		case algoScrypt:
			tempPasswd, _ = scrypt.Key([]byte(passwd), []byte(salt), 65536, 16, 2, 50)
		case algoArgon2:
			tempPasswd = argon2.IDKey([]byte(passwd), []byte(salt), 2, 65536, 8, 50)
		case algoPbkdf2:
			fallthrough
		default:
			tempPasswd = pbkdf2.Key([]byte(passwd), []byte(salt), 10000, 50, sha256.New)
		}

		return hex.EncodeToString(tempPasswd)
	}

	// ValidatePassword checks if given password matches the one belongs to the user.
	// state 461406070c, changed since it's not necessary to be time constant
	ValidatePassword := func(u *User, passwd string) bool {
		tempHash := hashPassword(passwd, u.Salt, u.PasswdHashAlgo)

		if u.PasswdHashAlgo != algoBcrypt && u.Passwd == tempHash {
			return true
		}
		if u.PasswdHashAlgo == algoBcrypt && bcrypt.CompareHashAndPassword([]byte(u.Passwd), []byte(passwd)) == nil {
			return true
		}
		return false
	}

	sess := x.NewSession()
	defer sess.Close()

	const batchSize = 100

	for start := 0; ; start += batchSize {
		users := make([]*User, 0, batchSize)
		if err = sess.Limit(batchSize, start).Where(builder.Neq{"passwd": ""}, 0).Find(&users); err != nil {
			return err
		}
		if len(users) == 0 {
			break
		}

		if err = sess.Begin(); err != nil {
			return err
		}

		for _, user := range users {
			if ValidatePassword(user, "") {
				user.Passwd = ""
				user.Salt = ""
				user.PasswdHashAlgo = ""
				if _, err = sess.ID(user.ID).Cols("passwd", "salt", "passwd_hash_algo").Update(user); err != nil {
					return err
				}
			}
		}

		if err = sess.Commit(); err != nil {
			return err
		}
	}

	// delete salt and algo where password is empty
	_, err = sess.Where(builder.Eq{"passwd": ""}.And(builder.Neq{"salt": ""}.Or(builder.Neq{"passwd_hash_algo": ""}))).
		Cols("salt", "passwd_hash_algo").Update(&User{})

	return err
}
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00			`// Copyright 2021 The Gitea Authors. All rights reserved.`
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> 2022-11-27 19:20:29 +01:00			`// SPDX-License-Identifier: MIT`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00
Split migrations folder (#21549) There are too many files in `models/migrations` folder so that I split them into sub folders. 2022-11-02 09:54:36 +01:00			`package v1_14 //nolint`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00
			`import (`
[GITEA] Drop sha256-simd in favor of stdlib - In Go 1.21 the crypto/sha256 [got a massive improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the SHA instructions for AMD64 CPUs, which sha256-simd already was doing. The performance is now on par and I think it's preferable to use the standard library rather than a package when possible. ``` cpu: AMD Ryzen 5 3600X 6-Core Processor │ simd.txt │ go.txt │ │ sec/op │ sec/op vs base │ Hash/8Bytes-12 63.25n ± 1% 73.38n ± 1% +16.02% (p=0.002 n=6) Hash/64Bytes-12 98.73n ± 1% 105.30n ± 1% +6.65% (p=0.002 n=6) Hash/1K-12 567.2n ± 1% 572.8n ± 1% +0.99% (p=0.002 n=6) Hash/8K-12 4.062µ ± 1% 4.062µ ± 1% ~ (p=0.396 n=6) Hash/1M-12 512.1µ ± 0% 510.6µ ± 1% ~ (p=0.485 n=6) Hash/5M-12 2.556m ± 1% 2.564m ± 0% ~ (p=0.093 n=6) Hash/10M-12 5.112m ± 0% 5.127m ± 0% ~ (p=0.093 n=6) geomean 13.82µ 14.27µ +3.28% │ simd.txt │ go.txt │ │ B/s │ B/s vs base │ Hash/8Bytes-12 120.6Mi ± 1% 104.0Mi ± 1% -13.81% (p=0.002 n=6) Hash/64Bytes-12 618.2Mi ± 1% 579.8Mi ± 1% -6.22% (p=0.002 n=6) Hash/1K-12 1.682Gi ± 1% 1.665Gi ± 1% -0.98% (p=0.002 n=6) Hash/8K-12 1.878Gi ± 1% 1.878Gi ± 1% ~ (p=0.310 n=6) Hash/1M-12 1.907Gi ± 0% 1.913Gi ± 1% ~ (p=0.485 n=6) Hash/5M-12 1.911Gi ± 1% 1.904Gi ± 0% ~ (p=0.093 n=6) Hash/10M-12 1.910Gi ± 0% 1.905Gi ± 0% ~ (p=0.093 n=6) geomean 1.066Gi 1.032Gi -3.18% ``` (cherry picked from commit abd94ff5b59c86e793fd9bf12187ea6cfd1f3fa1) (cherry picked from commit 15e81637abf70576a564cf9eecaa9640228afb5b) Conflicts: go.mod https://codeberg.org/forgejo/forgejo/pulls/1581 (cherry picked from commit 5caea2d75aeac78fb306f58a3cf7809d5b70c7f2) (cherry picked from commit 08da542cce2c1571cedd4183268a903ab581d2e3) (cherry picked from commit d71a8cc9fb816a3b6562a661286f1d3961821b67) (cherry picked from commit 63c9fc2bee5b71e6ce3898bbf9b9bce827705acc) (cherry picked from commit e1db85d48a2de7cff0d438aac81023c4b50cdae4) (cherry picked from commit 5e86a5d2d13319c09199a35a4c0568389b03a2a2) 2023-09-30 00:45:31 +02:00			`"crypto/sha256"`
Replace fmt.Sprintf with hex.EncodeToString (#21960) `hex.EncodeToString` has better performance than `fmt.Sprintf("%x", []byte)`, we should use it as much as possible. I'm not an extreme fan of performance, so I think there are some exceptions: - `fmt.Sprintf("%x", func(...)[N]byte())` - We can't slice the function return value directly, and it's not worth adding lines. ```diff func A()[20]byte { ... } - a := fmt.Sprintf("%x", A()) - a := hex.EncodeToString(A()[:]) // invalid + tmp := A() + a := hex.EncodeToString(tmp[:]) ``` - `fmt.Sprintf("%X", []byte)` - `strings.ToUpper(hex.EncodeToString(bytes))` has even worse performance. 2022-11-28 12:19:18 +01:00			`"encoding/hex"`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00
			`"golang.org/x/crypto/argon2"`
			`"golang.org/x/crypto/bcrypt"`
			`"golang.org/x/crypto/pbkdf2"`
			`"golang.org/x/crypto/scrypt"`
			`"xorm.io/builder"`
			`"xorm.io/xorm"`
			`)`

Split migrations folder (#21549) There are too many files in `models/migrations` folder so that I split them into sub folders. 2022-11-02 09:54:36 +01:00			`func RecalculateUserEmptyPWD(x *xorm.Engine) (err error) {`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00			`const (`
			`algoBcrypt = "bcrypt"`
			`algoScrypt = "scrypt"`
			`algoArgon2 = "argon2"`
			`algoPbkdf2 = "pbkdf2"`
			`)`

			`type User struct {`
			ID int64 `xorm:"pk autoincr"`
			Passwd string `xorm:"NOT NULL"`
			PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"`
			MustChangePassword bool `xorm:"NOT NULL DEFAULT false"`
			`LoginType int`
			`LoginName string`
			`Type int`
			Salt string `xorm:"VARCHAR(10)"`
			`}`

			`// hashPassword hash password based on algo and salt`
			`// state 461406070c`
			`hashPassword := func(passwd, salt, algo string) string {`
			`var tempPasswd []byte`

			`switch algo {`
			`case algoBcrypt:`
			`tempPasswd, _ = bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.DefaultCost)`
			`return string(tempPasswd)`
			`case algoScrypt:`
			`tempPasswd, _ = scrypt.Key([]byte(passwd), []byte(salt), 65536, 16, 2, 50)`
			`case algoArgon2:`
			`tempPasswd = argon2.IDKey([]byte(passwd), []byte(salt), 2, 65536, 8, 50)`
			`case algoPbkdf2:`
			`fallthrough`
			`default:`
			`tempPasswd = pbkdf2.Key([]byte(passwd), []byte(salt), 10000, 50, sha256.New)`
			`}`

Replace fmt.Sprintf with hex.EncodeToString (#21960) `hex.EncodeToString` has better performance than `fmt.Sprintf("%x", []byte)`, we should use it as much as possible. I'm not an extreme fan of performance, so I think there are some exceptions: - `fmt.Sprintf("%x", func(...)[N]byte())` - We can't slice the function return value directly, and it's not worth adding lines. ```diff func A()[20]byte { ... } - a := fmt.Sprintf("%x", A()) - a := hex.EncodeToString(A()[:]) // invalid + tmp := A() + a := hex.EncodeToString(tmp[:]) ``` - `fmt.Sprintf("%X", []byte)` - `strings.ToUpper(hex.EncodeToString(bytes))` has even worse performance. 2022-11-28 12:19:18 +01:00			`return hex.EncodeToString(tempPasswd)`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00			`}`

			`// ValidatePassword checks if given password matches the one belongs to the user.`
			`// state 461406070c, changed since it's not necessary to be time constant`
			`ValidatePassword := func(u *User, passwd string) bool {`
			`tempHash := hashPassword(passwd, u.Salt, u.PasswdHashAlgo)`

			`if u.PasswdHashAlgo != algoBcrypt && u.Passwd == tempHash {`
			`return true`
			`}`
			`if u.PasswdHashAlgo == algoBcrypt && bcrypt.CompareHashAndPassword([]byte(u.Passwd), []byte(passwd)) == nil {`
			`return true`
			`}`
			`return false`
			`}`

			`sess := x.NewSession()`
			`defer sess.Close()`

			`const batchSize = 100`

			`for start := 0; ; start += batchSize {`
			`users := make([]*User, 0, batchSize)`
			`if err = sess.Limit(batchSize, start).Where(builder.Neq{"passwd": ""}, 0).Find(&users); err != nil {`
Update tool dependencies, lock govulncheck and actionlint (#25655) - Update all tool dependencies - Lock `govulncheck` and `actionlint` to their latest tags --------- Co-authored-by: 6543 <m.huber@kithara.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2023-07-09 13:58:06 +02:00			`return err`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00			`}`
			`if len(users) == 0 {`
			`break`
			`}`

			`if err = sess.Begin(); err != nil {`
Update tool dependencies, lock govulncheck and actionlint (#25655) - Update all tool dependencies - Lock `govulncheck` and `actionlint` to their latest tags --------- Co-authored-by: 6543 <m.huber@kithara.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2023-07-09 13:58:06 +02:00			`return err`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00			`}`

			`for _, user := range users {`
			`if ValidatePassword(user, "") {`
			`user.Passwd = ""`
			`user.Salt = ""`
			`user.PasswdHashAlgo = ""`
			`if _, err = sess.ID(user.ID).Cols("passwd", "salt", "passwd_hash_algo").Update(user); err != nil {`
			`return err`
			`}`
			`}`
			`}`

			`if err = sess.Commit(); err != nil {`
Update tool dependencies, lock govulncheck and actionlint (#25655) - Update all tool dependencies - Lock `govulncheck` and `actionlint` to their latest tags --------- Co-authored-by: 6543 <m.huber@kithara.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2023-07-09 13:58:06 +02:00			`return err`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00			`}`
			`}`

			`// delete salt and algo where password is empty`
Remove unused commit (#14741) * Remove unused commit * a small nit Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com> 2021-02-20 15:02:39 +01:00			`_, err = sess.Where(builder.Eq{"passwd": ""}.And(builder.Neq{"salt": ""}.Or(builder.Neq{"passwd_hash_algo": ""}))).`
			`Cols("salt", "passwd_hash_algo").Update(&User{})`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00
Remove unused commit (#14741) * Remove unused commit * a small nit Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com> 2021-02-20 15:02:39 +01:00			`return err`
[Refactor] Passwort Hash/Set (#14282) * move SaltGeneration into HashPasswort and rename it to what it does * Migration: Where Password is Valid with Empty String delete it * prohibit empty password hash * let SetPassword("") unset pwd stuff 2021-01-10 19:05:18 +01:00			`}`