[fix] Personal access token name fix

bruntib · bruntib · commit 7d406cfc447d · 2025-07-10T19:04:14.000+02:00
Until now a random string was generated as a personal access token name
in the schema upgrade script that copies auth session tokens to the
personal_access_tokens table. In rare cases the random generator could
return the same random string twice. For this reason in PostgreSQL an
incremental integer is used instead of the random name.

Until now all auth session tokens became a personal access token. From
now only the "can_expire = false" tokens become personal access tokens.
diff --git a/web/server/codechecker_server/migrations/config/versions/7ed50f8b3fb8_new_table_for_personal_access_tokens.py b/web/server/codechecker_server/migrations/config/versions/7ed50f8b3fb8_new_table_for_personal_access_tokens.py
@@ -46,22 +46,30 @@ def upgrade():
 
     dialect = op.get_context().dialect.name
     if dialect == "sqlite":
-        random_string = "hex(randomblob(4))"
-        with op.batch_alter_table("auth_sessions", recreate="never") as ba:
-            ba.alter_column("can_expire", new_column_name="can_expire_UNUSED")
+        token_name = "hex(randomblob(4))"
     else:
-        random_string = "substr(md5(random()::text), 1, 8)"
-        op.drop_column('auth_sessions', 'can_expire')
+        token_name = "concat('token', row_number() over ())"
 
     one_year_later = datetime.now() + timedelta(days=365)
     op.execute(
         f"""
         INSERT INTO personal_access_tokens (user_name, token_name, token,
             description, last_access, expiration)
-        SELECT user_name, {random_string}, token, description, last_access,
+        SELECT user_name, {token_name}, token, description, last_access,
             '{one_year_later}'
         FROM auth_sessions
+        WHERE can_expire = false
         """)
+    op.execute("""
+        DELETE FROM auth_sessions
+        WHERE can_expire = false
+        """)
+
+    if dialect == "sqlite":
+        with op.batch_alter_table("auth_sessions", recreate="never") as ba:
+            ba.alter_column("can_expire", new_column_name="can_expire_UNUSED")
+    else:
+        op.drop_column('auth_sessions', 'can_expire')
     # ### end Alembic commands ###
 
 
