def do_upgrade(): """Upgrade recipe. Adds two new columns (password_salt and password_scheme) and migrates emails to password salt. """ op.add_column('user', db.Column('password_salt', db.String(length=255), nullable=True)) op.add_column('user', db.Column('password_scheme', db.String(length=50), nullable=False)) # Temporary column needed for data migration op.add_column('user', db.Column('new_password', db.String(length=255))) # Migrate emails to password_salt m = db.MetaData(bind=db.engine) m.reflect() u = m.tables['user'] conn = db.engine.connect() conn.execute(u.update().values( password_salt=u.c.email, password_scheme='invenio_aes_encrypted_email' )) # Migrate password blob to password varchar. for row in conn.execute(select([u])): # NOTE: Empty string passwords were stored as empty strings # instead of a hashed version, hence they must be treated differently. legacy_pw = row[u.c.password] or mysql_aes_encrypt(row[u.c.email], "") stmt = u.update().where( u.c.id == row[u.c.id] ).values( new_password=hashlib.sha256(legacy_pw).hexdigest() ) conn.execute(stmt) # Create index op.create_index( op.f('ix_user_password_scheme'), 'user', ['password_scheme'], unique=False ) # Drop old database column and rename new. op.drop_column('user', 'password') op.alter_column( 'user', 'new_password', new_column_name='password', existing_type=mysql.VARCHAR(255), existing_nullable=True, )
def do_upgrade(): """Implement your upgrades here.""" try: op.drop_index('ix_usergroup_name', table_name='usergroup') except OperationalError: pass try: op.drop_index('name', table_name='usergroup') except OperationalError: pass op.create_index(op.f('ix_usergroup_name'), 'usergroup', ['name'], unique=True)
def do_upgrade(): """Upgrade recipe. Adds two new columns (password_salt and password_scheme) and migrates emails to password salt. """ op.add_column( 'user', db.Column('password_salt', db.String(length=255), nullable=True)) op.add_column( 'user', db.Column('password_scheme', db.String(length=50), nullable=False)) # Temporary column needed for data migration op.add_column('user', db.Column('new_password', db.String(length=255))) # Migrate emails to password_salt m = db.MetaData(bind=db.engine) m.reflect() u = m.tables['user'] conn = db.engine.connect() conn.execute( u.update().values(password_salt=u.c.email, password_scheme='invenio_aes_encrypted_email')) # Migrate password blob to password varchar. for row in conn.execute(select([u])): # NOTE: Empty string passwords were stored as empty strings # instead of a hashed version, hence they must be treated differently. legacy_pw = row[u.c.password] or mysql_aes_encrypt(row[u.c.email], "") stmt = u.update().where(u.c.id == row[u.c.id]).values( new_password=hashlib.sha256(legacy_pw).hexdigest()) conn.execute(stmt) # Create index op.create_index(op.f('ix_user_password_scheme'), 'user', ['password_scheme'], unique=False) # Drop old database column and rename new. op.drop_column('user', 'password') op.alter_column( 'user', 'new_password', new_column_name='password', existing_type=mysql.VARCHAR(255), existing_nullable=True, )