Merge pull request #281 from github/fix-argon

fixing multiuser conditional argon secret backup

Author: tonytrg

share/github-backup-utils/ghe-backup-settings

@@ -80,7 +80,7 @@ backup-secret "kredz.credz HMAC key" "kredz-credz-hmac" "secrets.kredz.credz-hma
 backup-secret "kredz.varz HMAC key" "kredz-varz-hmac" "secrets.kredz.varz-hmac-secret"
 
 # Backup argon secrets for multiuser from ghes version 3.8 onwards
-if [ "$(version $GHE_REMOTE_VERSION)" -gt "$(version 3.7.0)" ]; then
+if ! [ "$(version $GHE_REMOTE_VERSION)" -lt "$(version 3.8.0)" ]; then
   backup-secret "management console argon2 secret" "manage-argon-secret" "secrets.manage-auth.argon-secret"
 fi
 

test/test-ghe-backup.sh

@@ -133,19 +133,18 @@ begin_test "ghe-backup without password pepper"
 )
 end_test
 
-begin_test "ghe-backup without management console argon2 secret for ghes lower than 3.8"
+# before the introduction of multiuser auth
+begin_test "ghe-backup management console does not backup argon secret"
 (
   set -e
 
-  git config -f "$GHE_REMOTE_DATA_USER_DIR/common/secrets.conf" secrets.manage-auth.argon-secret "fake pw"
-  GHE_REMOTE_VERSION=3.7.0 ghe-backup
-
+  GHE_REMOTE_VERSION=3.7.0 ghe-backup -v | grep -q "management console argon2 secret not set" && exit 1
   [ ! -f "$GHE_DATA_DIR/current/manage-argon-secret" ]
 )
 end_test
 
 # multiuser auth introduced in ghes version 3.8
-begin_test "ghe-backup management console argon2 secret"
+begin_test "ghe-backup management console backs up argon secret"
 (
   set -e
 

test/testlib.sh

@@ -448,7 +448,7 @@ verify_all_backedup_data() {
   [ "$(cat "$GHE_DATA_DIR/current/manage-password")" = "fake password hash data" ]
 
   # verify manage-argon-secret file was backed up
-  if [ "$(version $GHE_REMOTE_VERSION)" -gt "$(version 3.7.0)" ]; then
+  if ! [ "$(version $GHE_REMOTE_VERSION)" -lt "$(version 3.8.0)" ]; then
     [ "$(cat "$GHE_DATA_DIR/current/manage-argon-secret")" = "fake argon2 secret" ]
   fi