Skip to content

fix(config): migrate legacy auth and subscription config keys #3895

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
cursor wants to merge 1 commit into
base: develop
Choose a base branch
from
+105 −0
Draft

fix(config): migrate legacy auth and subscription config keys #3895

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions util/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,8 @@ type ConfigType struct {
TLS *TLSConfig `json:"tls,omitempty"`

Mfa *MultifactorAuthConfig `json:"mfa,omitempty"`
// Auth is the legacy config key for MFA settings (pre-2.19). Prefer mfa.
Auth *MultifactorAuthConfig `json:"auth,omitempty"`

// Interface ip, put in front of the port.
// defaults to empty
Expand Down Expand Up @@ -408,6 +410,10 @@ type ConfigType struct {
HA *HAConfig `json:"ha,omitempty"`

Subscription *SubscriptionConfig `json:"subscription,omitempty"`
// Legacy flat subscription fields (pre-2.19). Prefer subscription.*.
SubscriptionKey string `json:"subscription_key,omitempty"`
SubscriptionKeyFile string `json:"subscription_key_file,omitempty"`
SubscriptionServerURL string `json:"subscription_server_url,omitempty"`

Dirs *ConfigDirs `json:"dirs,omitempty"`

Expand Down Expand Up @@ -493,6 +499,7 @@ func ConfigInit(configPath string, noConfigFile bool) (usedConfigPath *string) {

if !noConfigFile {
usedConfigPath = loadConfigFile(configPath)
migrateLegacyConfig()
}

loadConfigEnvironment()
Expand Down Expand Up @@ -541,6 +548,7 @@ func ConfigInit(configPath string, noConfigFile bool) (usedConfigPath *string) {
}
}

ensureSubscriptionConfig()
if Config.Subscription.KeyFile != "" {
subscriptionKeyBytes, err := os.ReadFile(Config.Subscription.KeyFile)
if err != nil {
Expand All @@ -553,6 +561,36 @@ func ConfigInit(configPath string, noConfigFile bool) (usedConfigPath *string) {
return
}

// migrateLegacyConfig maps pre-2.19 config keys to their current locations.
// Must run after loading the config file and before loadConfigEnvironment, which
// allocates empty nested structs that would otherwise mask unset legacy fields.
func migrateLegacyConfig() {
if Config.Mfa == nil && Config.Auth != nil {
Config.Mfa = Config.Auth
}

if Config.SubscriptionKey != "" || Config.SubscriptionKeyFile != "" || Config.SubscriptionServerURL != "" {
if Config.Subscription == nil {
Config.Subscription = &SubscriptionConfig{}
}
if Config.Subscription.Key == "" {
Config.Subscription.Key = Config.SubscriptionKey
}
if Config.Subscription.KeyFile == "" {
Config.Subscription.KeyFile = Config.SubscriptionKeyFile
}
if Config.Subscription.ServerURL == "" {
Config.Subscription.ServerURL = Config.SubscriptionServerURL
}
}
}

func ensureSubscriptionConfig() {
if Config.Subscription == nil {
Config.Subscription = &SubscriptionConfig{}
}
}

func loadConfigFile(configPath string) (usedConfigPath *string) {
if configPath == "" {
configPath = os.Getenv("SEMAPHORE_CONFIG_PATH")
Expand Down
67 changes: 67 additions & 0 deletions util/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -495,6 +495,73 @@ func TestLoadConfigFile_JSON(t *testing.T) {
assert.Equal(t, ":8888", Config.Port)
}

func TestMigrateLegacyConfig_AuthToMfa(t *testing.T) {
Config = &ConfigType{
Auth: &MultifactorAuthConfig{
Totp: &TotpConfig{Enabled: true, AllowRecovery: true},
},
}

migrateLegacyConfig()

require.NotNil(t, Config.Mfa)
require.NotNil(t, Config.Mfa.Totp)
assert.True(t, Config.Mfa.Totp.Enabled)
assert.True(t, Config.Mfa.Totp.AllowRecovery)
}

func TestMigrateLegacyConfig_MfaTakesPrecedenceOverAuth(t *testing.T) {
Config = &ConfigType{
Mfa: &MultifactorAuthConfig{
Totp: &TotpConfig{Enabled: true},
},
Auth: &MultifactorAuthConfig{
Totp: &TotpConfig{Enabled: false},
},
}

migrateLegacyConfig()

require.NotNil(t, Config.Mfa.Totp)
assert.True(t, Config.Mfa.Totp.Enabled)
}

func TestMigrateLegacyConfig_SubscriptionFields(t *testing.T) {
Config = &ConfigType{
SubscriptionKey: "legacy-key",
SubscriptionKeyFile: "/etc/semaphore/subscription.key",
SubscriptionServerURL: "https://billing.example.com",
}

migrateLegacyConfig()

require.NotNil(t, Config.Subscription)
assert.Equal(t, "legacy-key", Config.Subscription.Key)
assert.Equal(t, "/etc/semaphore/subscription.key", Config.Subscription.KeyFile)
assert.Equal(t, "https://billing.example.com", Config.Subscription.ServerURL)
}

func TestLegacyAuthSurvivesConfigFileLoadAndEnvAllocation(t *testing.T) {
Config = new(ConfigType)

decodeConfig(strings.NewReader(`{
"auth": {
"totp": {
"enabled": true,
"allow_recovery": true
}
}
}`), "config.json")

migrateLegacyConfig()
loadConfigEnvironment()

require.NotNil(t, Config.Mfa)
require.NotNil(t, Config.Mfa.Totp)
assert.True(t, Config.Mfa.Totp.Enabled)
assert.True(t, Config.Mfa.Totp.AllowRecovery)
}

func TestLoadConfigDefaults(t *testing.T) {
Config = new(ConfigType)
errMsg := "Failed to load config-default"
Expand Down
Loading