From 0cf4ce11c85c419c849d6cac866e65636d2b9f0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Gaya?= <sebastien.gaya@gmail.com>
Date: Fri, 6 Jan 2023 16:16:49 +0100
Subject: [PATCH] rescue the other one

---
 ...2654_migrate_to_rails7_sha256_signature.rb | 25 ++++++++-----
 db/schema.rb                                  |  2 +-
 docs/_rd/digest_upgrade.md                    | 37 +++++++++++--------
 3 files changed, 38 insertions(+), 26 deletions(-)

diff --git a/db/migrate/20230106132654_migrate_to_rails7_sha256_signature.rb b/db/migrate/20230106132654_migrate_to_rails7_sha256_signature.rb
index e71709a48..be9ae9c9b 100644
--- a/db/migrate/20230106132654_migrate_to_rails7_sha256_signature.rb
+++ b/db/migrate/20230106132654_migrate_to_rails7_sha256_signature.rb
@@ -32,17 +32,22 @@ class MigrateToRails7Sha256Signature < ActiveRecord::Migration[7.0]
       blob = ActiveStorage::Blob.find_signed!(legacy_signed_id)
       legacy_signed_id
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      #
-      key_generator = ActiveSupport::KeyGenerator.new(
-        Rails.application.secrets.secret_key_base,
-        iterations: 1000,
-        hash_digest_class: OpenSSL::Digest::SHA1
-      )
-      key_generator = ActiveSupport::CachingKeyGenerator.new(key_generator)
-      secret = key_generator.generate_key("ActiveStorage")
-      verifier = ActiveSupport::MessageVerifier.new(secret)
+      begin
+        # Try to find blob with ID from SHA1-signed_id
+        key_generator = ActiveSupport::KeyGenerator.new(
+          Rails.application.secrets.secret_key_base,
+          iterations: 1000,
+          hash_digest_class: OpenSSL::Digest::SHA1
+        )
+        key_generator = ActiveSupport::CachingKeyGenerator.new(key_generator)
+        secret = key_generator.generate_key("ActiveStorage")
+        verifier = ActiveSupport::MessageVerifier.new(secret)
 
-      ActiveStorage::Blob.find_by_id(verifier.verify(legacy_signed_id, purpose: :blob_id)).try(:signed_id)
+        ActiveStorage::Blob.find_by_id(verifier.verify(legacy_signed_id, purpose: :blob_id)).try(:signed_id)
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        # Blob not found (SHA1 and SHA256), corrupted blob ID, ignore
+        legacy_signed_id
+      end
     end
   end
 end
diff --git a/db/schema.rb b/db/schema.rb
index 5e200f19f..0afdf7c29 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_01_06_094946) do
+ActiveRecord::Schema[7.0].define(version: 2023_01_06_132654) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
   enable_extension "plpgsql"
diff --git a/docs/_rd/digest_upgrade.md b/docs/_rd/digest_upgrade.md
index 5548cd873..d4bbad530 100644
--- a/docs/_rd/digest_upgrade.md
+++ b/docs/_rd/digest_upgrade.md
@@ -19,21 +19,28 @@ Pour les fichiers mÃ©dias, une mise Ã  jour des sites web va actualiser sans pro
 ```ruby
 class ActiveStorageKeyConverter
   def self.convert(legacy_signed_id)
-    # Try to find blob with the un-modified legacy_signed_id
-    blob = ActiveStorage::Blob.find_signed!(legacy_signed_id)
-    legacy_signed_id
-  rescue ActiveSupport::MessageVerifier::InvalidSignature
-    #
-    key_generator = ActiveSupport::KeyGenerator.new(
-      Rails.application.secrets.secret_key_base,
-      iterations: 1000,
-      hash_digest_class: OpenSSL::Digest::SHA1
-    )
-    key_generator = ActiveSupport::CachingKeyGenerator.new(key_generator)
-    secret = key_generator.generate_key("ActiveStorage")
-    verifier = ActiveSupport::MessageVerifier.new(secret)
-
-    ActiveStorage::Blob.find_by_id(verifier.verify(legacy_signed_id, purpose: :blob_id)).try(:signed_id)
+    begin
+      # Try to find blob with the un-modified legacy_signed_id
+      blob = ActiveStorage::Blob.find_signed!(legacy_signed_id)
+      legacy_signed_id
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      begin
+        # Try to find blob with ID from SHA1-signed_id
+        key_generator = ActiveSupport::KeyGenerator.new(
+          Rails.application.secrets.secret_key_base,
+          iterations: 1000,
+          hash_digest_class: OpenSSL::Digest::SHA1
+        )
+        key_generator = ActiveSupport::CachingKeyGenerator.new(key_generator)
+        secret = key_generator.generate_key("ActiveStorage")
+        verifier = ActiveSupport::MessageVerifier.new(secret)
+
+        ActiveStorage::Blob.find_by_id(verifier.verify(legacy_signed_id, purpose: :blob_id)).try(:signed_id)
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        # Blob not found (SHA1 and SHA256), corrupted blob ID, ignore
+        legacy_signed_id
+      end
+    end
   end
 end
 ```
-- 
GitLab