Resolve "Milestone 1: Add TokenAuthenticatable with feature flag control"
What does this MR do and why?
This MR:
- Removes the old encrypted_token and encrypted_token_iv fields for Ci::Trigger
- Adds a new token_encrypted field including a migration to fill the newly created token_encrypted field for Ci::Trigger
The problem: The old encrypted_token field is not searchable. This is, because it is encrypted for every single Ci::Trigger with a new iv.
We also have places inside the code, where we need to decrypt the token again to return it inside our api. Therefore, we cannot just use a digest, because this could not be 'decrypted' again.
We will be using add_authentication_token_field to encrypt and decrypt the token, when necessary.
We don't need a feature flag at this point since the method find_by_token uses the old token column during migration.
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #554239
Edited by Daniel Prause